Research claims CCLeaner attack carried out by Chinese-linked group

Security researchers increasingly believe that an elite Chinese hacking group broke into British software maker Piriform to booby trap popular file cleaning program CCleaner, according to research and private analysis provided to CyberScoop. New research published Monday by Israeli cybersecurity startup Intezer Labs, authored by senior security researcher Jay Rosenberg, adds support to the conclusion that Chinese hackers tried to gain access to a small number of multinational telecommunications and technology companies. Check out my latest blog post on the stage 2 payload of the #ccleaner attack! Special thanks to @TalosSecurity and @kaspersky https://t.co/YgYjfE3Jo3 — Jay Rosenberg (@jaytezer) October 2, 2017 Although attributing a data breach to a specific hacker group remains an imperfect science, recently uncovered evidence contains technical indicators that overlap with those used by an advanced persistent threat (APT) group codenamed Axiom Group, security researchers at multiple cybersecurity firms told CyberScoop. In addition to Intezer Labs’ analysis, […]

The post Research claims CCLeaner attack carried out by Chinese-linked group appeared first on Cyberscoop.

Continue reading Research claims CCLeaner attack carried out by Chinese-linked group

Newly uncovered Iranian hacking group targeted energy, aerospace firms to steal secrets

A Iranian hacking group has been targeting aerospace and energy companies in Saudi Arabia, South Korea and the U.S. since at least 2013 as part of an expansive cyber espionage operation to both gather intelligence and steal trade secrets, according to new research published Wednesday by U.S. cybersecurity firm FireEye. This advanced persistent threat group (APT) is labeled APT33 by FireEye. Wednesday’s report by FireEye offers a distinct view of the group’s activity. APT33 is likely related to hacking campaign dubbed StoneDrill by Kaspersky Lab, researchers say. Based on information that appears to have been accidentally left behind in past attacks, analysts believe APT33 is linked to the Iranian government. Most of the group’s operations to date have largely focused on sending targeted phishing emails with malware-laden HTML links to infect specific computers with a custom backdoor implant known as “TURNEDUP.” But there’s also some evidence to suggest they’re capable of launching data […]

The post Newly uncovered Iranian hacking group targeted energy, aerospace firms to steal secrets appeared first on Cyberscoop.

Continue reading Newly uncovered Iranian hacking group targeted energy, aerospace firms to steal secrets

Former officials buck White House adviser’s comments about government hacking

A top White House official says the U.S. government cannot rely on offensive cyber operations to deter foreign hackers from attacking American computer networks. Thomas Bossert, an assistant to the president for homeland security and counterterrorism, told an audience of former intelligence and defense officials Wednesday in Washington, D.C., that hacking into foreign computer networks should not be considered a means to deterring enemies from breaching American organizations. “There’s very little reason to believe that an offensive cyberattack is going to have any deterrent effect on a cyber adversary,” Bossert said. “In fact, it will likely encourage them to hurry up and become better hackers and develop better defenses. So I don’t just think this is a misnomer, but it’s something that we need to move past and say out loud.” Bossert suggested the U.S. government should instead leverage “national power” to stop future cyberattacks. “I think what we will […]

The post Former officials buck White House adviser’s comments about government hacking appeared first on Cyberscoop.

Continue reading Former officials buck White House adviser’s comments about government hacking

Canadian allegedly paid by FSB officers to breach Yahoo will be extradited to U.S.

A Canadian man charged with hacking into Yahoo! under the order of Russian intelligence officers waived his right to an extradition hearing and will now be transported to U.S. custody. Karim Baratov, 22, was arrested in March by Toronto police for allegedly breaching personal accounts tied to Yahoo! and other email providers between 2014 and 2016. Authorities said Beratov served as a contractor for Russia’s Federal Security Services (FSB). He faces 10 counts, including wire fraud and computer hacking. Baratov’s lawyer has said he may consider a plea deal in return for less chargers. The Justice Department has said that Baratov conducted cyber-espionage under the order of two FSB officers, Dmitry Dokuchaev and Igor Sushchin. Federal prosecutors estimate that the scheme led to upwards 500 million compromised Yahoo! accounts. CBC first reported the extradition agreement. When “a target of interest had accounts at webmail providers other than Yahoo, including through […]

The post Canadian allegedly paid by FSB officers to breach Yahoo will be extradited to U.S. appeared first on Cyberscoop.

Continue reading Canadian allegedly paid by FSB officers to breach Yahoo will be extradited to U.S.

North Korean hackers came close to hacking Hillary Clinton’s presidential campaign

As part of a cyber-espionage operation against Hillary Clinton’s 2016 presidential campaign, North Korean hackers compromised email accounts belonging to individuals involved with an East Asia-focused foreign policy advisory group, multiple people familiar with the incident told CyberScoop.  The North Koreans sought to acquire policy documents and other relevant information that may have affected the regime if Clinton were to become president, the sources said. The advisory group’s job was to craft such policies. The hackers were able to break into the email accounts of employees of at least one prominent D.C.-based think tank; some of which were involved with the East Asia foreign policy advisory group. These individuals occasionally communicated with staff of the Democratic candidate’s official Hillary for America (HFA) campaign, based on an incident response report obtained by CyberScoop and authored by security experts who worked for the presidential campaign. The attackers used their access to apparently draft convincing […]

The post North Korean hackers came close to hacking Hillary Clinton’s presidential campaign appeared first on Cyberscoop.

Continue reading North Korean hackers came close to hacking Hillary Clinton’s presidential campaign

Lawmakers soundly reject the idea of a U.S.-Russia cybersecurity unit

Capitol Hill wants no part of President Donald Trump’s plan to create a cybersecurity working group with the Russian government; an idea that was first revealed following a private meeting with Russian President Vladimir Putin at the 2017 G20 Summit. The backlash comes following Trump’s participation in the G20 summit last week, where he met with Putin on a number of issues. Sunday morning, Trump tweeted that the two countries discussed forming an “impenetrable Cyber Security unit.” Putin & I discussed forming an impenetrable Cyber Security unit so that election hacking, & many other negative things, will be guarded.. — Donald J. Trump (@realDonaldTrump) July 9, 2017 Rep. Don Beyer, D-Va., filed an amendment to the National Defense Authorization Act Monday that would block Trump from creating such a diplomatic unit. Separately, Rep. Brendan Boyle, D-Pa., introduced a standalone bill Monday that “prohibit[s] the United States from participating in any type […]

The post Lawmakers soundly reject the idea of a U.S.-Russia cybersecurity unit appeared first on Cyberscoop.

Continue reading Lawmakers soundly reject the idea of a U.S.-Russia cybersecurity unit

For now, many conversations about global ‘cyber norms’ start with Beijing

China’s government is taking steps to become an international leader in discussions concerning “cyber norms,” a formal but still vague understanding about the appropriate behavior between states regarding offensive cyber operations. Chinese leaders signed one such agreement Friday with Canada, marking Beijing’s sixth deal in two years. The first was with the Obama administration in late 2015. It curbed some cyber-enabled economic espionage by the Chinese against American companies. China is promising to end state-sponsored cyberattacks aimed at Canada’s high-tech private sector, curtailing the practice of stealing Canadian trade secrets. Beijing has now come to similar terms with the U.S., Canada, the United Kingdom and Australia — four of the Five Eye nations — in addition to Russia and Brazil. In similar fashion to China’s other international cybersecurity agreements, this deal is non-binding, unenforceable in nature and only covers economic espionage. It outlines no punishment mechanism in case either China or Canada were to break the agreement. The accord […]

The post For now, many conversations about global ‘cyber norms’ start with Beijing appeared first on Cyberscoop.

Continue reading For now, many conversations about global ‘cyber norms’ start with Beijing

How China’s cyber command is being built to supersede its U.S. military counterpart

As U.S. leaders contemplate a proper definition for “cyberwar,” their counterparts in China have been building a unit capable of fighting such a large-scale conflict. China’s rival to U.S. Cyber Command, the ambiguously named Strategic Support Force (SSF), is quietly growing at a time when the country’s sizable military is striving to excel in the digital domain. Though the American government is widely considered to be one of the premier hacking powers — alongside Israel, Germany, Russia and the United Kingdom — China is rapidly catching up by following a drastically different model. The SSF uniquely conducts several different missions simultaneously that in the U.S. would be happening at the National Security Agency, Army, Air Force, Department of Homeland Security, NASA, State Department and Cyber Command, among others. If you combined all of those government entities and added companies like Intel, Boeing and Google to the mix, then you would come close to how the […]

The post How China’s cyber command is being built to supersede its U.S. military counterpart appeared first on Cyberscoop.

Continue reading How China’s cyber command is being built to supersede its U.S. military counterpart

EU countries agree to collectively punish attacker when a member is hacked

The European Union’s 28-nation bloc is in agreement concerning how to punish hackers. On Monday, the European Council announced a joint framework, dubbed the “cyber diplomacy toolbox,” to guide how member countries should uniformly respond to malicious cyber activity, which includes steps to cooperatively impose economic sanctions, travel bans, asset freezes and blanket bans against responsible parties. “The key principle here is proportionality,” an EU official told CyberScoop. “It is EU member states who would decide what measure should be used depending on the case they would face … This work aims to promote enhanced shared situational awareness, information sharing and efficient decision-making, and should see the development of a procedure for the attribution of cyber attacks in the context of the cyber diplomacy toolbox.” Use of the “toolbox” is voluntary in nature and any collective response would require unanimous EU member support. In short, the framework represents an ambitious […]

The post EU countries agree to collectively punish attacker when a member is hacked appeared first on Cyberscoop.

Continue reading EU countries agree to collectively punish attacker when a member is hacked

APT28 targeted Montenegro’s government before it joined NATO, researchers say

As Montenegro preprepared to join NATO amid growing tensions in the region driven by Russia’s incursion into Ukraine, a hacking group linked to Russian intelligence was actively engaged in a cyber-espionage campaign against Montenegrin government officials, according to U.S. cybersecurity firm FireEye. The findings underscore Russia’s ongoing efforts to impact the political process in foreign countries through the use of a hacking group better known as APT28 or Fancy Bear. The Office of the Director of National Intelligence produced an unclassified report in January linking APT28 to the Russian government. Analyst Ben Read told CyberScoop that FireEye had found two different malicious Microsoft Word document attachments between January and February that carried signs of APT28 authorship and were specifically designed to be combined with phishing emails sent to the Montenegro government. The titles of the weaponized documents described a “schedule for a european military transfer program” and the “schedule for […]

The post APT28 targeted Montenegro’s government before it joined NATO, researchers say appeared first on Cyberscoop.

Continue reading APT28 targeted Montenegro’s government before it joined NATO, researchers say