Collaborate Disseminate
10,000 high-risk users are being provided with free hardware security keys by Google, with the aim of better protecting their accounts from hackers.
Read more in my article on the Hot for Security blog. Continue reading Google gives away 10,000 free security keys to high-risk users
For two years, Russian military hackers have been bombarding hundreds of targets worldwide with passwords to gain access to their networks, making use of a popular open-source tool for managing application workloads, U.S. and U.K. agencies warned in an advisory Thursday. The Russian agency deploys a Kubernetes cluster — a set of worker machines — to conduct their brute force “password spray” attacks that guess commonly-used passwords to get into target networks, according to the advisory from the National Security Agency, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the U.K.’s National Cyber Security Centre. It’s the alleged handiwork of Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165. The hackers, often described as Fancy Bear or APT28, have beeen blamed for a number of high profile intrustions, most prominently for interference in the 2016 U.S. presidential election. The […]
The post US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets appeared first on CyberScoop.
While the cybersecurity industry marvels at the sophistication of the suspected Russian hackers who breached contractor SolarWinds and multiple federal agencies, another set of alleged Russian operatives continues to succeed with far less advanced techniques in their espionage campaigns. Fancy Bear, the hacking group linked with Russia’s GRU military intelligence agency, is showing a penchant for using blunt digital instruments to break into computers and try to steal data, according to analysts. It’s an example of how so-called advanced persistent threats don’t actually need advanced tools to accomplish their goals. Instead, they often rely on defensive weaknesses that plague the internet. “It looks like this is all part of a strategy: commit crude and aggressive attacks on infrastructure worldwide,” said Feike Hacquebord, a researcher a security firm Trend Micro. The hacking campaign involving tampered SolarWinds software, which the Washington Post has linked to another Russian intelligence service, the SVR, used […]
The post When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work appeared first on CyberScoop.
Continue reading When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work
Norwegian authorities on Tuesday got more specific in their accusation of Russian involvement in an August cyberattack on Norwegian parliament, implicating the same notorious group of suspected Russian military intelligence hackers accused of interfering in the 2016 U.S. election. Fancy Bear or APT28 — a group of hackers linked with Russia’s GRU military agency — was likely behind the breach, which resulted in the theft of “sensitive content” from some Norwegian lawmakers’ email accounts, Norway’s national police agency said in a statement. The attackers used a common technique called “brute forcing,” which bombards accounts with passwords until one works, to access the Norwegian parliament’s email system, according to the statement signed by Norwegian police attorney Anne Karoline Bakken Staff. The Fancy Bear operatives then tried to move further into parliament’s IT systems, according to the statement, but were unsuccessful. The intrusions were part of a broader suspected Fancy Bear campaign […]
The post Norwegian police implicate Fancy Bear in parliament hack, describe ‘brute forcing’ of email accounts appeared first on CyberScoop.
Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says. Continue reading Nation-State Attackers Actively Target COVID-19 Vaccine-Makers
Three hacking groups connected to the Russian and North Korean governments targeted COVID-19 vaccine and treatment researchers across five nations in recent months, and some of their attacks were successful, Microsoft said Friday. The hackers went after seven prominent companies in Canada, France, India, South Korea and the United States, according to Microsoft. The hacking groups are the Russia-linked Fancy Bear, which Microsoft refers to as Strontium; the North Korea-connected organization Lazarus Group, which Microsoft calls Zinc; and a third North Korean group that Microsoft has not previously mentioned publicly, which it calls Cerium. Microsoft’s alert deepens the breadth of warnings from government agencies and cybersecurity companies: Hackers affiliated with some of the U.S.’s biggest adversaries in cyberspace are hard at work to hack others’ vaccine research. “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,” Tom Burt, Microsoft’s corporate vice president for customer security and […]
The post Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says appeared first on CyberScoop.
The European Union on Thursday sanctioned the head of a Russian military intelligence unit, an alleged hacker wanted by the FBI and a Russian government-linked hacking group over a 2015 cyberattack against Germany’s parliament. It’s only the second time the EU has issued cyber-related sanctions, following July sanctions against Russia, China and North Korea in connection with a string of unrelated cyberattacks. Now, as then, the General Staff Main Intelligence Directorate, commonly known as the GRU, is among the targets of the EU’s ire. Igor Kostyukov, head of the GRU, was hit with sanctions in Thursday’s action over the Bundestag hack. So, too, was alleged intelligence officer Dmitry Badin, previously indicted in the U.S. for his role in 2016 election interference. The EU also sanctioned the GRU-connected hacking group known as Fancy Bear, among other names, which the U.S. has likewise connected to 2016 election meddling. “The cyber-attack against the German federal parliament targeted the parliament’s information […]
The post EU slaps sanctions on GRU leader, Fancy Bear, FBI-wanted hacker over Bundestag attack appeared first on CyberScoop.
Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid. Continue reading Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On
Foreign espionage groups, including those bent on undermining the U.S. political process, have targeted non-government organizations and think tanks more than any other sector in a bid to gather intelligence, according to new data from Microsoft. Of the thousands of notifications Microsoft made to customers about state-linked hacking activity from mid-2019 to mid-2020, NGOs accounted for 32% of those alerts, the company said in a report released Tuesday. And over 90% of those notifications have been outside of critical infrastructure sectors. The focus on targets outside Washington suggests hacking groups could be in search of softer targets during an election season when Democratic and Republican campaigns have enlisted more people and technology to protect their networks. Those changes came after suspected Russian military hackers breached the Democratic National Committee in 2016 and leaked emails aimed at damaging Hillary Clinton’s campaign. “At the national level and the leading campaigns, there’s a much higher degree of vigilance,” Microsoft’s Tom Burt told CyberScoop, comparing the state of […]
The post Microsoft looks to expose espionage groups taking aim at NGOs, US politics appeared first on CyberScoop.
Continue reading Microsoft looks to expose espionage groups taking aim at NGOs, US politics
The Russia-linked threat group is harvesting credentials for Microsoft’s cloud offering, and targeting mainly election-related organizations. Continue reading APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins