Category Archives: equation group

Chinese hackers stole another NSA-linked hacking tool, research finds

Posted on by

The U.S. intelligence community was rocked in 2017 when a group of mysterious hackers known as the Shadow Brokers leaked a trove of National Security Agency hacking tools for public consumption. The exact identity of the leakers remains unknown to this day. According to a growing body of security research, though, hackers with suspected links to the Chinese government may have had access to some of the same tools before they were published, and the Shadow Brokers may not be the only thieves the U.S. intelligence community has to worry about. According to new research from Israeli security firm Check Point published Monday, a group of Chinese hackers known as APT31 appear to have copied an exploit developed by Equation Group, a hacking group broadly believed to be associated with the NSA, more than two years before the Shadow Brokers leaked the trove of NSA tools. The exploit, which Check […]

The post Chinese hackers stole another NSA-linked hacking tool, research finds appeared first on CyberScoop.

Continue reading Chinese hackers stole another NSA-linked hacking tool, research finds

Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts

Posted on by

A stealthy hacking technique that could make it possible for attackers to access different components inside PCs made by the likes of Dell, HP and Lenovo still exists, five years after researchers first warned of it. Security researchers from Eclypsium, in findings published Tuesday, demonstrated how much of the firmware inside modern computers, such as webcams, USB hubs, trackpads and other internal hardware could be updated with “unsigned” code that’s not designed by the device vendor. That firmware, left unprotected, could provide outsiders with a gateway into more sensitive computer networks, all while PC customers implicitly trust their machine to safeguard their data. (The company only pointed to theoretical attacks, rather than an active, ongoing campaign against these devices.) “Firmware is meant to be invisible to the user, and so it’s not surprising that most people don’t pay attention to it,” said Eclypsium CEO Yuriy Bulgin. “However, these components make up […]

The post Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts appeared first on CyberScoop.

Continue reading Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts

Zero Day Survival Guide | Everything You Need to Know Before Day One

Posted on by

0-days may be more common than you think, but you’re not defenseless against the unknown. Read all about 0-day attacks and how to protect against them.
The post Zero Day Survival Guide | Everything You Need to Know Before Day One appeared first on Secu… Continue reading Zero Day Survival Guide | Everything You Need to Know Before Day One

Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

Posted on by

Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017. Continue reading Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

Chinese hackers found and repurposed elite NSA-linked tools

Posted on by

A hacking group with ties to Chinese intelligence has been using tools linked to the National Security Agency as far back as March 2016, according to research from security firm Symantec. The tools include some released by the Shadow Brokers, a mysterious group that dumped computer exploits once used by the NSA on the open internet in April 2017. Symantec’s research suggests that the Chinese-linked group, which the company calls “Buckeye,” was using the same NSA-linked tools at least a year before they were publicly leaked. According to Symantec, one of the tools used by Buckeye was DoublePulsar, a backdoor implant that allows attackers to stealthily collect information and run malicious code on a target’s machine. DoublePulsar was used in conjunction with another tool, which Symantec calls Trojan.Bemstour, that took advantage of various Microsoft Windows vulnerabilities in order to secretly siphon information off targeted computers. The Trojan.Bemstour exploit allowed attackers […]

The post Chinese hackers found and repurposed elite NSA-linked tools appeared first on CyberScoop.

Continue reading Chinese hackers found and repurposed elite NSA-linked tools

In the opaque world of government hacking, private firms grapple with allegiances

Posted on by

Private sector cybersecurity companies are increasingly stuck with difficult decisions when it comes to publicizing research into malware. Over the past few years, nation-states have increasingly devoted time, money and man-hours to creating sophisticated weapons that wreak havoc once they are unleashed on the internet. When private companies find these nation-state tools and break them apart for examination, the dynamic gets complicated very quickly: No longer are they just trying to figure out who is responsible — they have to tiptoe around the ramifications of how a public report could impact relationships with governments around the world. Beyond merely attributing sophisticated malware, large-scale cybersecurity firms are often left with tough questions: Should those based in the United States avoid publicly releasing research on cyber-espionage campaigns if they look to be conducted by allied governments? What does a company owe its clients when handling homegrown digital threats? Do these companies have a plan of action for […]

The post In the opaque world of government hacking, private firms grapple with allegiances appeared first on Cyberscoop.

Continue reading In the opaque world of government hacking, private firms grapple with allegiances

Kaspersky’s ‘Slingshot’ report burned an ISIS-focused intelligence operation

Posted on by

The U.S. government and Russian cybersecurity giant Kaspersky Lab are currently in the throes of a nasty legal fight that comes on top of a long-running feud over how the company has conducted itself with regard to U.S. intelligence-gathering operations. A recent Kaspersky discovery may keep the feud alive for years to come. CyberScoop has learned that Kaspersky research recently exposed an active, U.S.-led counterterrorism cyber-espionage operation. According to current and former U.S. intelligence officials, the operation was used to target ISIS and al-Qaeda members. On March 9, Kaspersky publicly announced a malware campaign dubbed “Slingshot.” According to the company’s researchers, the campaign compromised thousands of devices through breached routers in various African and Middle Eastern countries, including Afghanistan, Iraq, Kenya, Sudan, Somalia, Turkey and Yemen. Kaspersky did not attribute Slingshot to any single country or government in its public report, describing it only as an advanced persistent threat (APT). But current and […]

The post Kaspersky’s ‘Slingshot’ report burned an ISIS-focused intelligence operation appeared first on Cyberscoop.

Continue reading Kaspersky’s ‘Slingshot’ report burned an ISIS-focused intelligence operation

Kaspersky uncovers sophisticated cyber-espionage operation across Africa and Middle East

Posted on by

Researchers have uncovered new malware that has apparently been used to spy on victims in the Middle East and Africa for six years undetected. A Friday report from Moscow-based Kaspersky Lab details how a threat it’s calling “Slingshot” has been infecting victims, collecting a wide variety of data and exfiltrating it in a covert fashion. The company says the threat is likely the work of a resource-rich government. “Slingshot is very complex and the developers behind it have clearly spent a great deal of time and money on its creation. Its infection vector is remarkable – and, to the best of our knowledge, unique,” the researchers write. Kaspersky says the APT has been active as far back as 2012 and was still active as of their analysis in February this year. Slingshot is apparently so sophisticated that Kaspersky has labeled it an advanced persistent threat (APT). The researchers say that Slingshot’s infection vector […]

The post Kaspersky uncovers sophisticated cyber-espionage operation across Africa and Middle East appeared first on Cyberscoop.

Continue reading Kaspersky uncovers sophisticated cyber-espionage operation across Africa and Middle East

Why Eugene Kaspersky keeps talking about ‘Project Sauron’

Posted on by

Kaspersky Lab founder and CEO Eugene Kaspersky says he’s figured out why the U.S. government hates his company. According to Kaspersky, his company’s research into a sophisticated, international cyber espionage operation that targeted government entities in Russia, Iran and Rwanda represents why the Russian anti-virus maker has become a bogeyman for the U.S. government. This reasoning came during public comments Kaspersky made Tuesday during a small event in London. His comments are the most detailed effort among Kaspersky’s multiple attempts to defend his company from allegations the Moscow-based company acts as an intelligence collection tool for Russian spies. Kaspersky talked about his company’s discovery of U.S. intelligence related hacking operations, including those of the NSA-linked “Equation Group” and CIA-linked “Lamberts,” being the reason for the recent firestorm. He specifically emphasized the unveiling of one particular campaign — known as ProjectSauron or Strider — as a driving factor while also implying U.S. involvement with […]

The post Why Eugene Kaspersky keeps talking about ‘Project Sauron’ appeared first on Cyberscoop.

Continue reading Why Eugene Kaspersky keeps talking about ‘Project Sauron’