Category Archives: Dell SecureWorks

China-linked hackers exploited SolarWinds software in 2020 breach, researchers say

Posted on by

Suspected Chinese spies exploited popular enterprise software built by SolarWinds in a hacking operation last year, Dell-owned Secureworks said Monday, a conclusion that follows news that Russian hackers also leveraged SolarWinds technology. The suspected Chinese attackers had access to an unnamed private sector organization as early as 2018. Upon being evicted by incident responders, the hackers broke back into the organization in November 2020 by exploiting SolarWinds software, according to Secureworks. The findings underscore the premium that multiple sets of foreign operatives have apparently put on accessing valuable organizational data held by the SolarWinds Orion network monitoring software. The disclosure comes as U.S. organizations are also coping with another suspected Chinese spying operation that exploits Microsoft Exchange Server software to steal organizations’ emails. In both the suspected Russian and Chinese schemes involving SolarWinds, the attackers wrote malicious code tailored to exploit the Orion platform and sift through data stored on […]

The post China-linked hackers exploited SolarWinds software in 2020 breach, researchers say appeared first on CyberScoop.

Continue reading China-linked hackers exploited SolarWinds software in 2020 breach, researchers say

Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killing

Posted on by

Iran-linked hackers have been running spearphishing email campaigns against governmental organizations in Turkey, Jordan and Iraq in recent months in a likely effort to gather intelligence, according to research published Wednesday by Dell Secureworks. Most of the targeting, which Secureworks assesses to be focused on espionage, began before the U.S. military killed Qassem Soleimani, the leader of the Iran’s Quds Force, in Baghdad early January. But Alex Tilley, a senior researcher for Secureworks, told CyberScoop the spearphishing activity has increased since the killing. The research appears to align with information the FBI shared with industry in January, when it warned of an increase in Iranian “cyber reconnaissance activity.” The alert highlighted that Iranian hackers could be zeroing in on the defense industrial base, government agencies, academia and nongovernmental organizations. The campaign Secureworks’ Counter Threat Unit (CTU) has observed, with activity from mid-2019 to mid-January of 2020, has also targeted intergovernmental organizations and unknown entities in […]

The post Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killing appeared first on CyberScoop.

Continue reading Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killing

‘Cobalt Dickens’ group is phishing universities at scale again, researchers say

Posted on by

An Iran-linked hacking group whose operatives the U.S. government indicted last year has launched a phishing operation to steal login credentials against computer users at over 60 universities in the United States, the United Kingdom, and elsewhere, researchers said Wednesday. The campaign, whose aim is likely intellectual property theft, sees victims redirected to spoofed login pages, where their passwords are stolen, said Secureworks, a Dell-owned cybersecurity company that discovered the activity. “The threat actors have not changed their operations despite law enforcement activity, multiple public disclosures, and takedown activity,” Secureworks said in a blog post. The most high-profile attempt to disrupt the hackers was the charges the U.S. Department of Justice announced in March 2018 against nine Iranian nationals for breaching the networks of multiple U.S. universities, federal government agencies and U.S. companies. And yet the hacking group, which Secureworks dubs Cobalt Dickens, has used some of the same domains in their new […]

The post ‘Cobalt Dickens’ group is phishing universities at scale again, researchers say appeared first on CyberScoop.

Continue reading ‘Cobalt Dickens’ group is phishing universities at scale again, researchers say

‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries

Posted on by

Malicious code first discovered nine years ago that has historically been used by groups associated with Chinese state-backed hacks has made a comeback, according to new research from Cisco’s Security and Intelligence Research Group, Talos. The hacking tool is web shell known as China Chopper. A web shell is a script that allows attackers to remotely access servers running web applications. This particular web shell has long been known to be an exploit that’s often impervious to being outed and detected. “China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth,” FireEye researchers wrote in 2013 in their blog on the matter. China Chopper’s code as historically been small, according to security researcher Keith Tyler, who wrote on the tool in 2012. That much appears to be the same now — Talos researchers note the most recent campaign has been “extremely simple,” containing just one […]

The post ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries appeared first on CyberScoop.

Continue reading ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries

Inside a Chinese APT’s very flexible playbook

Posted on by

A maxim of cybersecurity holds that hackers will exert just enough resources to compromise a network or avoid detection. Why deploy new, top-shelf tools when you can just refashion old ones? The strategy on full display in research on a Chinese government-linked hacking group that Dell Technologies’ SecureWorks published Wednesday. The hackers — categorized as an advanced persistent threat by researchers and usually labeled APT27 or Bronze Union — dusted off and upgraded a couple of long-available digital weapons to carry out intrusions in 2018, the report said. “The threat actors have access to a wide range of tools, so they can operate flexibly and select tools appropriate for intrusion challenges,” the research says. One remote access trojan (RAT) was developed over a decade ago, but Bronze Union added a packet redirection tool and digital certificates signed by two Chinese technology companies before deploying it last year, according to the research. The […]

The post Inside a Chinese APT’s very flexible playbook appeared first on CyberScoop.

Continue reading Inside a Chinese APT’s very flexible playbook

North Korea hasn’t stopped launching cyberattacks amid peace talks

Posted on by

As Kim Jong-un speaks publicly about nuclear disarmament, North Korea’s hacker army continues to launch cyberattacks against different businesses across Asia, Europe and the U.S., according to private sector analysts and former U.S. officials. Experts from several cybersecurity firms — Dell SecureWorks, McAfee, Symantec, FireEye and Recorded Future — all told CyberScoop that activity from North Korea has stayed steady or grown in volume since peace talks gained steam earlier this year. The activities of these Pyongyang-linked hacking groups largely focuses on financial theft and covertly stealing digital secrets. While affected companies have quietly dealt with the onslaught in recent months, their contracted cybersecurity firms confidentially collected and studied recent malware samples that show the North Koreans are still actively developing new iterations of their toolsets. “Similar to operations conducted prior to that date [circa January], North Korean actors have engaged in broad cyber espionage using a Destover-variant tool, developed and […]

The post North Korea hasn’t stopped launching cyberattacks amid peace talks appeared first on Cyberscoop.

Continue reading North Korea hasn’t stopped launching cyberattacks amid peace talks