Collaborate Disseminate
Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia. Continue reading PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict
More than 200 people have died in clashes between ethnic Armenian separatists and Azerbaijani government forces over the breakaway region of Nagorno-Karabakh in the last 10 days. It’s the worst outbreak of violence related to Nagorno-Karabakh since Armenia and Azerbaijan, two former Soviet republics, fought a war over the enclave in the 1990s. And this time, hacking has come with the fighting. Unidentified spies have in recent weeks been quietly breaching Azerbaijani government IT networks and accessing the diplomatic passports of certain officials, according to new research from Talos, Cisco’s threat intelligence unit. The Talos data shows how digital espionage often coincides with bursts of violence in modern war. Days after Azerbaijan’s president made a call to mobilize reserve soldiers, the hackers used a fake Azerbaijani government document on the same subject as bait. The malicious code embedded in the document can exfiltrate data from a compromised computer and gives the […]
The post Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated appeared first on CyberScoop.
Continue reading Spies hacked Azerbaijan government officials as Nagorno-Karabakh conflict escalated
The attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active exploits of CVE-2020-1472 were first flagged. Continue reading Zerologon Attacks Against Microsoft DCs Snowball in a Week
A mysterious set of hackers has in recent months launched data-stealing attacks against Azerbaijan government officials and companies in the country’s wind industry, researchers from Cisco Talos said Thursday. The attackers are using a new hacking tool, whose code is littered with references to English playwright William Shakespeare, to try to gain remote access to target computers and exfiltrate data automatically. The allusion to Shakespeare is an enigma, as is the culprit. What is clear is that Azerbaijan faced a concerted effort to steal data from sensitive assets in and out of government. The hackers mimicked the Azerbaijani government’s email infrastructure in a likely attempt to pluck login credentials from officials. “The actor monitored specific directories, signaling they wanted to exfiltrate certain information on the victims,” Talos researchers said in a blog post. The hackers have also shown an “interest” in the control systems, known as Supervisory Control and Data Acquisition (SCADA) systems, used in […]
The post What fools these mortals be: ‘Shakespearean’ hackers hit Azerbaijani government and energy sectors appeared first on CyberScoop.
New research used 3D printing technology to bypass fingerprint scanners, and tested it against Apple, Samsung and Microsoft mobile products. Continue reading ‘Fake Fingerprints’ Bypass Scanners with 3D Printing
At a given moment, countless people around the world are using their fingerprint to unlock their smartphones. For some, it grants instant access to family photos or grocery lists. For others, like diplomats or corporate executives, more sensitive information is at stake. Now, findings released Wednesday provide the latest reminder that, even as mobile security tightens, outsiders are finding new ways to access user devices. Researchers at Talos, Cisco’s threat intelligence arm, demonstrated how to use 3D printing and other methods to forge fingerprints and unlock eight models of devices ranging from the iPhone 8 and Samsung S10 smartphones to laptops and padlocks. The research project was inspired by real-world breaches of fingerprint data. The results proved that, while biometric authentication is an effective way for most technology users to secure their data, determined attackers are capable of using the same security mechanism as an entry point, if they have the time, access and resources. (Talos did not point to any […]
The post Researchers use 3D-printed fingerprints to unlock an iPhone8, laptops appeared first on CyberScoop.
Continue reading Researchers use 3D-printed fingerprints to unlock an iPhone8, laptops
U.S. military assistance to Ukraine sparked an impeachment inquiry, but U.S. cybersecurity aid to the Eastern European country continues to flow, unimpeded and under the radar. The State Department on Tuesday announced an additional $8 million in cybersecurity funding for Ukraine, whose electric utilities sector has twice been struck by Russia-linked hackers in recent years. One of those cyberattacks, in 2015, plunged a a quarter of a million Ukrainians into darkness. Ever since then, Washington has tried to ramp up Ukraine’s cyberdefenses with funding and strategic advice, including through a project to help Ukraine develop a national cybersecurity strategy. Some of the new funding will be used for building out Kyiv’s legal and regulatory framework for improving cyberdefenses, the State Department said. The new money is on top of the $10 million in cybersecurity aid the U.S. previously pledged to Ukraine. MITRE Corp., a federally funded not-for-profit, has been contracted […]
The post State Department pledges $8 million more in cybersecurity aid to Ukraine appeared first on CyberScoop.
Continue reading State Department pledges $8 million more in cybersecurity aid to Ukraine
In the second half of 2019, a U.S. government agency was targeted by repeated spearphishing attempts that could be from a mysterious group that has evaded attribution for years, according to new research issued Thursday by security firm Palo Alto Networks. The campaign, waged between July and October of 2019, targeted one U.S. government agency, which researchers at Palo Alto Networks’ Unit 42 do not identify, as well as two unnamed foreign nationals who are “professionally affiliated with” North Korea. The contents of the emails, which were sent with malicious files attached, touched on North Korean geopolitical topics, such as the possibility of a dialogue between Washington and Pyongyang or Russian-North Korean trade issues. Unit 42’s report does not say whether the spearphishing campaign was successful. The suspected hacking group — which Unit 42 and researchers from Cisco Talos have detailed in previous research — is known to target entities and individuals “who have interest in, are […]
The post Hackers spearphished U.S. government agency with North Korea-related content last year appeared first on CyberScoop.
A threat campaign active since January customizes long-used droppers to infect victim machines and lift credentials and other data from browsers, according to Cisco Talos. Continue reading Stealthy Malware Flies Under AV Radar with Advanced Obfuscation
Donald Trump can add ransomware to the list of things named after him, thanks to scammers who again have demonstrated how current events create opportunities to steal data. Security researchers from Cisco’s Talos threat intelligence team on Tuesday published findings explaining how hackers are using the likeness of the president, his predecessor and other political figures to dupe victims into paying up. Numerous ransomware attacks, screenlockers and remote access trojans are named after Trump, Barack Obama, Hillary Clinton and Vladimir Putin. It’s the latest evidence that digital miscreants will use any trending topics to woo potential victims. “One of the unexpected aspects of the investigation was the presence of lures that dropped malware associated with multiple nation-state attacks in the past, showing how even advanced, sophisticated adversaries will use any means to achieve their nefarious goals,” researchers wrote. The scammers’ emails mention the world leaders to catch victims’ attention, or […]
The post Fake ransomware named after Donald Trump tries to trick victims out of a buck appeared first on CyberScoop.
Continue reading Fake ransomware named after Donald Trump tries to trick victims out of a buck