North Korean hacker used hospital ransomware attacks to fund espionage

Federal prosecutors announced the indictment Thursday of a North Korean hacker accused of carrying out ransomware operations that targeted American health care facilities and used the proceeds of those operations to fund espionage efforts against the U.S. military and defense contractors.  Rim Jong Hyok is accused of using malware developed by North Korea’s military intelligence […]

The post North Korean hacker used hospital ransomware attacks to fund espionage appeared first on CyberScoop.

Continue reading North Korean hacker used hospital ransomware attacks to fund espionage

‘Almost every nation’ now has cyber vulnerability exploitation program, NSA official says

Nearly every country on the planet now has a program to exploit digital vulnerabilities, a top National Security Agency cyber official said Wednesday, and while most are focused on espionage, more are beginning to experiment with more aggressive techniques. Rob Joyce, director of cybersecurity at the NSA, said there’s a lot of focus on China, Iran, North Korea and Russia, but those countries, which he described as the “big four,” are not the only nations weaponizing technology. “Almost every nation in the world now has a cyber exploitation program. The vast majority of those are used for espionage and intelligence purposes,” Joyce said at the Aspen Cyber Summit. “There is interest in dabbling in offensive cyber and outcomes.” Even some smaller nations have proven to be advanced, Joyce said. It’s just that they’re usually more confined in how they pursue their national interests, by things like the amount of money […]

The post ‘Almost every nation’ now has cyber vulnerability exploitation program, NSA official says appeared first on CyberScoop.

Continue reading ‘Almost every nation’ now has cyber vulnerability exploitation program, NSA official says

For North Korea, phishing with fake job-recruitment emails never gets old

Give someone an undetected software exploit and they’ll have access to a system for a day, the security researcher The Grugq once said, but teach them to phish and they’ll have “access for life.” North Korean hackers have been following that bit of social-engineering wisdom to a T. In recent years, they have consistently posed as job recruiters to try to phish their way into the networks of aerospace and defense firms on multiple continents. The latest activity— a months-long spying campaign against aerospace and defense firms — was revealed this week by researchers from McAfee. Malware from the campaign has been detected in the U.S. and Europe. The suspected North Korean hackers appear to be spearphishing their targets using Microsoft Word documents with job descriptions involving active defense contracts, according to McAfee. Their goal is to use that foothold to plant additional code to gather data on their targets, the researchers said. […]

The post For North Korea, phishing with fake job-recruitment emails never gets old appeared first on CyberScoop.

Continue reading For North Korea, phishing with fake job-recruitment emails never gets old

How spies used LinkedIn to hack European defense companies

For LinkedIn users, receiving unsolicited messages from pushy job recruiters comes with the territory. It’s an annoyance for some, a welcome path toward a new gig for others. What the experience isn’t supposed to entail is the theft of sensitive data from the defense company that employs you. That’s what happened to employees at two European aerospace and defense firms from September to December 2019, according to research published Wednesday. The culprit was an as-yet-unidentified advanced persistent threat (APT) group — hackers that are usually associated with governments. Their methods were relentless, even clumsy at times. The operatives “targeted a large array of employees at both organizations, across different divisions, relentlessly trying to get a foothold in their target’s network,” said Jean-Ian Boutin, head of threat research at ESET, the anti-virus firm that exposed the hacking campaign. At the end of the operation, the hackers tried to bilk one of the European […]

The post How spies used LinkedIn to hack European defense companies appeared first on CyberScoop.

Continue reading How spies used LinkedIn to hack European defense companies

GAO: Cyber Command is overspending on data tools

One of the major initiatives that U.S. Cyber Command has been working on for two years is going to cost five times more than what military officials originally estimated, according to a Government Accountability Office report. The program, a software platform called Unified Platform (UP), is meant to help forces and military services working with Cyber Command to reduce the amount of data silos, and to streamline data processing, storage, queries, and information-sharing to enhance overall mission effectiveness. One of the main contributing factors to the miscalculation is that the overall cost of UP was not based on any independent analysis, GAO found. “UP did not have several key elements of its business case approved at the time of program initiation, such as approved requirements, a cost estimate informed by independent analysis, or a formal schedule risk assessment,” the GAO said. “Our prior work has shown that this type of […]

The post GAO: Cyber Command is overspending on data tools appeared first on CyberScoop.

Continue reading GAO: Cyber Command is overspending on data tools

Japan investigates Mitsubishi Electric breach amid national security concerns

Japan is investigating a possible breach of sensitive defense contracting data following a cyberattack last year on electronics giant Mitsubishi Electric, officials said Wednesday. Data likely stolen in the hack, which Mitsubishi disclosed earlier this year, included specifications of hypersonic missile prototypes that Japan is developing, according to a report in Asahi Shimbun, a Japanese newspaper. The Ministry of Defense had sent the specifications to multiple companies, including Mitsubishi, interested in bidding on the missile contract, the report said. Japanese officials have said the high-velocity missile could be used to protect islands in the East China Sea that are the subject of an ongoing territorial dispute between Japan and China. At a press conference Wednesday, government spokesperson Yoshihide Suga confirmed that Japan’s Ministry of Defense was examining the incident’s impact on national security, but declined to give further details. Mitsubishi said in a statement that it reported the breach to the […]

The post Japan investigates Mitsubishi Electric breach amid national security concerns appeared first on CyberScoop.

Continue reading Japan investigates Mitsubishi Electric breach amid national security concerns

A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts

In mid-April, an obscure agency housed under the Department of Defense issued a bulletin that a little-known, Chinese-linked hacking group is likely responsible for some suspicious activity aimed at defense contractors in the U.S. But how the Defense Counterintelligence and Security Agency (DCSA) came to that conclusion is complicated. The alert, sent to 38 contractors, says DCSA detected the group was making “inbound and outbound connections” with contractors’ facilities as of Feb. 1. The targeting, which appeared to have stopped by March 25, was directed at several critical infrastructure sectors, including aerospace, health care and maritime, according to a copy of the bulletin obtained by CyberScoop. A DCSA official tells CyberScoop the document was meant to raise awareness among the contractors, but numerous sources tell CyberScoop that it is more confusing than clarifying. The bulletin, which was first reported by Politico, has raised questions about the attributed hacking group and if the actions described […]

The post A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts appeared first on CyberScoop.

Continue reading A Department of Defense bulletin on a ‘leaking’ sinkhole has baffled cybersecurity experts

Hackers are using coronavirus-themed phishing lures to go after DOD networks

Cybercriminals have been targeting U.S. military organizations with coronavirus-related spearphishing schemes, the Department of Defense Cyber Crime Center (DC3) said Monday in a release. “Even though many supplies, services and leisure activities have slowed down or come to a screeching halt, the one thing that has remained the same — or even gained momentum — is cyber-espionage,” the DC3 said in the announcement. According to DC3’s assessment, those behind the campaign aren’t just targeting defense industrial base companies and their networks — the goal is to break into systems run by the DOD. While cybercriminals and nation-state hackers have been targeting businesses and individuals around the world for months with coronavirus-themed spearphishing and spyware operations, it’s the first time the Pentagon has publicly said its own networks are coming under fire from hackers seeking to exploit the fears surrounding the pandemic. The memo comes via DC3’s information sharing outreach, which offers […]

The post Hackers are using coronavirus-themed phishing lures to go after DOD networks appeared first on CyberScoop.

Continue reading Hackers are using coronavirus-themed phishing lures to go after DOD networks

Cozy Bear kept moving after 2016 election, ESET says

One of the Kremlin-linked hacking groups that breached the Democratic National Committee in 2016 has remained active in the years that followed, even if it’s been less visible. Cozy Bear, also known as APT29 and the Dukes, began using different malicious software and new hacking techniques after 2016, according to findings published Thursday by the Slovakian security firm ESET. There wasn’t much public evidence of the group’s activity, but researchers say it did not go quiet after interfering in the U.S. presidential election. The hackers targeted U.S. think tanks in 2017, defense contractors in 2018 and three European countries’ ministries of foreign affairs. (The U.S. security firm FireEye suggested in November that Cozy Bear was showing signs of activity.) “Our new research shows that even if an espionage group disappears from public reports for many years, it may not have stopped spying,” ESET said in its report. “The Dukes were able […]

The post Cozy Bear kept moving after 2016 election, ESET says appeared first on CyberScoop.

Continue reading Cozy Bear kept moving after 2016 election, ESET says

‘It’s going to be painful’: Pentagon official urges contractors to improve cybersecurity

A politician-turned-defense official who is trying to shake up the acquisition bureaucracy in the U.S. Department of Defense told contractors they need to better prioritize security in order to do business with the Pentagon, and stifle foreign theft of defense secrets. “This is a change of culture,” Katie Arrington, chief information security officer of the Pentagon’s acquisition policy office, said Wednesday. “It’s going to take time, it’s going to be painful, and it’s going to cost money.” Arrington, who joined the Office of the Undersecretary of Defense for Acquisition and Sustainment in January, is spearheading the development of new cybersecurity standards for contractors. Last month, defense officials unveiled a draft of the guidelines, known as the Cybersecurity Maturity Model Certification. The standards will require contractors of all sizes to have a baseline level of cybersecurity practices in order to, for example, prevent adversaries from exfiltrating their intellectual property. Companies holding more sensitive defense data will need to […]

The post ‘It’s going to be painful’: Pentagon official urges contractors to improve cybersecurity appeared first on CyberScoop.

Continue reading ‘It’s going to be painful’: Pentagon official urges contractors to improve cybersecurity