Category Archives: espionage

Arrests made after North Koreans hired for remote tech jobs at US companies

Posted on by

US businesses are believed to have recruited thousands of North Korean IT workers, sending earnings (and potentially data) to North Korea.

Read more in my article on the Hot for Security blog. Continue reading Arrests made after North Koreans hired for remote tech jobs at US companies

MITRE Hack: China-Linked Group Breached Systems in December 2023

Posted on by

MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.
Continue reading MITRE Hack: China-Linked Group Breached Systems in December 2023

Whale Song Code

Posted on by

During the Cold War, the US Navy tried to make a secret code out of whale song.

The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end. In theory, this idea was relatively simple. As work progressed, the Navy found a number of complicated problems to overcome, the bulk of which centered on the authenticity of the code itself.

The message structure couldn’t just substitute the moaning of a whale or a crying seal for As and Bs or even whole words. In addition, the sounds Navy technicians recorded between 1959 and 1965 all had natural background noise. With the technology available, it would have been hard to scrub that out. Repeated blasts of the same sounds with identical extra noise would stand out to even untrained sonar operators…

Continue reading Whale Song Code

Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations 

Posted on by

Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.
The post Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations  appeared first on SecurityWeek.
Continue reading Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations 

Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks

Posted on by

Chinese APT Evasive Panda compromises a software developer’s supply chain to target Tibetans with malicious downloaders.
The post Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks appeared first on SecurityWeek.
Continue reading Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks

Microsoft Is Spying on Users of Its AI Tools

Posted on by

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools—presumably coding tools—to improve their hacking abilities.

From their report:

In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries—tracked as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon—using LLMs to augment cyberoperations.

The only way Microsoft or OpenAI would know this would be to spy on chatbot sessions. I’m sure the terms of service—if I bothered to read them—gives them that permission. And of course it’s no surprise that Microsoft and OpenAI (and, presumably, everyone else) are spying on our usage of AI, but this confirms it…

Continue reading Microsoft Is Spying on Users of Its AI Tools