Category Archives: foreign policy

What we know (and don’t know) about a rash of Middle East mystery hacks

Posted on by

A spate of apparent security breaches has intensified what was already a tense geopolitical situation among the Persian Gulf states. Over the last two weeks, the following incidents have allegedly occurred: a Qatari government media outlet was supposedly hacked to plant bogus quotes attributed to current Qatari Emir Sheikh Tamim; damaging emails belonging to UAE’s ambassador to the U.S. Yousef Al-Otaiba were leaked, and someone hacked the Twitter account of Bahrain’s Foreign Minister Khalid Al Khalifa to post propaganda associated with a Shiite militant group. Evidence is lacking for some of those claims, and the degree to which the events are related is not clear, but hackers are taking the blame, and the allegations alone have been enough to amplify tensions. All three storylines have been prominent in regional press outlets and are now being used as supporting evidence for the breakdown of relations between Qatar and the other Gulf Cooperation Council (GCC) nations. […]

The post What we know (and don’t know) about a rash of Middle East mystery hacks appeared first on Cyberscoop.

Continue reading What we know (and don’t know) about a rash of Middle East mystery hacks

Russia-linked hackers impersonate NATO in attempt to hack Romanian government

Posted on by

An elite hacking group linked to the Russian government masqueraded as a NATO representative to send a barrage of phishing emails to diplomatic organizations in Europe, including Romania’s Foreign Ministry of Affairs, documents show. CyberScoop obtained a copy of one such phishing email that researchers have attributed to the hacking group, which is known as APT28 or Fancy Bear. The email, which carries a booby-trapped attachment that leverages two recently disclosed Microsoft Word vulnerabilities, shows that the government-backed hacking group effectively spoofed a NATO email address to make the message appear authentic. The hq.nato.intl domain is currently used by NATO employees. The file has already been submitted to Virus Total, a publicly maintained library of computer viruses. Typically files don’t appear on the site unless they have been found in the wild. An analyst from cybersecurity firm FireEye confirmed the phishing email pictured above is in fact authentic and related to APT28 activity. […]

The post Russia-linked hackers impersonate NATO in attempt to hack Romanian government appeared first on Cyberscoop.

Continue reading Russia-linked hackers impersonate NATO in attempt to hack Romanian government

Russia is ‘ready to discuss’ election hacking and cybercrime with U.S.

Posted on by

The Russian government is open to discussions with the United States on a wide range of cybersecurity issues including election hacking and cybercrime, Deputy Foreign Minister Sergey Ryabkov told the daily Russian political newspaper Kommersant. Even the question of election hacking “is not a taboo for us, although it had been made extremely tense by the efforts of the Obama team,” Ryabkov said Wednesday. “We are ready to discuss with the Americans the whole range of these questions.” Attempts at dialogues with the Obama administration were met with silence, he said. Having renewed those attempts now with the Trump administration, Ryabkov “expects the response will be more positive.” “Classical” cybercrime including bank fraud and intellectual property theft is also on the table for discussions and possible cooperation, the foreign minister said. The prospect of greater Russian government cooperation with the West on issues of cybercrime looms large because the Russian-speaking sphere is a widely seen as […]

The post Russia is ‘ready to discuss’ election hacking and cybercrime with U.S. appeared first on Cyberscoop.

Continue reading Russia is ‘ready to discuss’ election hacking and cybercrime with U.S.

Shamoon 2.0 and StoneDrill are separate campaigns, but target the same country

Posted on by

The complex, destructive cyberattacks launched against Saudi Arabian businesses and government organizations in recent months are likely coming from at least two separate groups with aligned interests, according to a group of cybersecurity intelligence and research professionals. Based on newly released forensic evidence unearthed by Kaspersky Lab’s Global Research and Analysis Team, data destroying malware known respectively as Shamoon 2.0 and StoneDrill has been located in computers stationed in Saudi Arabia. Beginning in Nov. 2016, researchers say there’s been three different “waves” of Shamoon 2.0 hitting computers in Saudi Arabia — executed twice in November and most recently on Jan. 23. According to the Saudi National Cyber Security Center, Shamoon 2.0 has so far infected 11 organizations. Multiple reports attribute Shamoon 2.0 to Iranian government hackers, though Kaspersky Lab does not provide attribution. “The Iranian attacks are probably a consequence of their incredibly strained relations,” said John Hultquist, iSight’s director of espionage analysis. “Tensions rose from a stampede which […]

The post Shamoon 2.0 and StoneDrill are separate campaigns, but target the same country appeared first on Cyberscoop.

Continue reading Shamoon 2.0 and StoneDrill are separate campaigns, but target the same country

China looks to unseat U.S. as leader on global internet policy

Posted on by

Chinese cyberspace affairs and foreign ministry officials drew a red line in the sand around the country’s internet during a speech from Beijing Thursday. A recently published, government-authored public policy paper — intended for an international audience — outlines the country’s position on internet sovereignty and cyber defenses, including an opinion that hacks into Chinese […]

The post China looks to unseat U.S. as leader on global internet policy appeared first on Cyberscoop.

Continue reading China looks to unseat U.S. as leader on global internet policy