Category Archives: intelligence

Japanese businesses are the latest victims of attacks disguised as ransomware

Posted on by

A sustained ransomware campaign aimed at extorting Japanese companies now appears to have been part of an elaborate cyber espionage operation that included destroying data to conceal evidence, according to Israeli cybersecurity firm Cybereason. Based on malware analysis and other technical indicators discovered on victims’ networks, Cybereason concluded the two-part virus, dubbed “MBR-ONI,” was specially designed to target specific Japanese organizations in order to steal data during a certain timeframe. While the infections first appeared to be limited to conventional, cybercrime-related ransomware, further inspection by Cybereason revealed hidden commands were taking place behind the scenes, including a script that wiped Windows event logs. “We suspect that the ONI ransomware was used as a wiper to cover up an elaborate hacking operation,” a blog post published Tuesday by the company reads. “These targeted attacks lasted between three to nine months and all ended with an attempt to encrypt hundreds of machines at […]

The post Japanese businesses are the latest victims of attacks disguised as ransomware appeared first on Cyberscoop.

Continue reading Japanese businesses are the latest victims of attacks disguised as ransomware

Meet the French researcher the Shadow Brokers keep calling out

Posted on by

The Shadow Brokers appear to be obsessed with Matthieu Suiche. A bevy of security researchers have spent time studying the mysterious group of hackers best known for leaking a cache of National Security Agency hacking tools. But Suiche is one of few analysts to have been called out by the Shadow Brokers multiple times, with the acknowledgement straddling the line between begrudging respect and reverent admiration. No one, even Suiche, understands why. A 29-year-old French security researcher and entrepreneur, Suiche is one of the foremost experts when it comes to the peculiar group.  In an effort to understand why and who The Shadow Brokers — an entity still at the center of an expansive federal counterintelligence investigation — are so enamored by his work, it’s important to understand how Suiche’s background led to this point in time.  In late July, Suiche spoke at the large Vegas-based cybersecurity conference known as BlackHat about […]

The post Meet the French researcher the Shadow Brokers keep calling out appeared first on Cyberscoop.

Continue reading Meet the French researcher the Shadow Brokers keep calling out

U.S. allies refuse to say whether they will support Washington’s war on Kaspersky

Posted on by

U.S. allies do not appear to be following D.C.’s lead as the federal government continuously distances itself from Kaspersky Lab, a Russian cybersecurity company. Based on public statements and actions, in addition to interviews conducted by CyberScoop, multiple foreign governments seem to be paying little heed to the U.S. government’s suspicions concerning the Moscow-based anti-virus maker. Kaspersky has been repeatedly accused of enabling Russian hackers to spy on U.S. authorities through its software. Hackers reportedly stole sensitive National Security Agency tools from a private computer by leveraging their access to Kaspersky’s platform. The company denies the existence of an improper relationship with the Russian government. The U.S. Department of Homeland Security ordered on Sept. 13 that all federal agencies begin removing Kaspersky software from their computers within 90 days. Of nine U.S. allies CyberScoop contacted with repeated requests for comment, four responded and only one directly answered whether its government agencies have any Kaspersky products installed. CyberScoop […]

The post U.S. allies refuse to say whether they will support Washington’s war on Kaspersky appeared first on Cyberscoop.

Continue reading U.S. allies refuse to say whether they will support Washington’s war on Kaspersky

Kaspersky Lab was blocked from joining this U.S.-based cyberthreat information sharing group

Posted on by

A former senior U.S. official blocked Moscow-based cybersecurity firm Kaspersky Lab from joining a prominent trade group made up of U.S.-based cybersecurity companies earlier this year, multiple people with knowledge of the proposed deal tell CyberScoop. When Kaspersky representatives approached the Cyber Threat Alliance (CTA) — a U.S.-based not-for-profit membership organization largely made up of American technology firms who voluntarily share threat intelligence with one another — in early 2017, the group’s leader and former White House Cybersecurity Coordinator Michael Daniel quietly turned the company away, the sources said. “It didn’t really go anywhere because they got Heisman-ed from the get go,” one source described, referencing the college football trophy that represents a player forcefully pushing someone out of their way. Daniel spoke with CyberScoop and acknowledged that Kaspersky had shown interest in joining the CTA. Kaspersky is not currently a member. The choice to exclude Kaspersky alludes to knowledge of […]

The post Kaspersky Lab was blocked from joining this U.S.-based cyberthreat information sharing group appeared first on Cyberscoop.

Continue reading Kaspersky Lab was blocked from joining this U.S.-based cyberthreat information sharing group

Early evidence suggests ties between Russian hackers and ‘BadRabbit’ attack

Posted on by

A software toolkit used in an expansive cyberattack that affected hundreds of organizations across Eastern Europe Tuesday has been linked to a hacking group known as BlackEnergy APT or Telebots, security researchers tell CyberScoop. This threat actor was also responsible for a similar attack dubbed “NotPetya” which largely affected Ukraine and was designed to wipe data from computers rather than collect ransoms when it was executed in June. Experts say BlackEnergy APT acts in the interests of the Kremlin. In the past, the group has repeatedly attacked Ukrainian organizations, including the country’s critical infrastructure sector. The latest variant of ransomware flooding across Europe is named “BadRabbit.” It requires that victims infected with the malware send bitcoin to an anonymous digital wallet in order to unlock their systems — until payment is received, affected computers remain largely unusable. “It appears that the two [ransomware] attacks are connected,” said Costin Raiu, director of the Global Research […]

The post Early evidence suggests ties between Russian hackers and ‘BadRabbit’ attack appeared first on Cyberscoop.

Continue reading Early evidence suggests ties between Russian hackers and ‘BadRabbit’ attack

Senator questions DHS’s handling of Kaspersky software ban in federal agencies

Posted on by

A senior U.S. official pushed back against a Democratic senator’s criticism Thursday concerning the 90-day timeframe provided by the Department of Homeland Security for federal agencies to uninstall Kaspersky Lab products after the technology was linked to Russian intelligence efforts. In an open congressional hearing Thursday, Missouri Sen. Claire McCaskill questioned why the Homeland Security Department would offer such a grace period when the threat of foreign espionage is apparently evident. She implied that the Kremlin, if found in a similar situation, would be handling the situation much more rapidly. “You’re giving them a long time,” said McCaskill. “Do you think if this happened in Russia, if they found a system of ours was looking at all their stuff, that they would give their government 90 days to remove it? Seriously? The point I am making I mean is that why don’t you just say you have to remove it […]

The post Senator questions DHS’s handling of Kaspersky software ban in federal agencies appeared first on Cyberscoop.

Continue reading Senator questions DHS’s handling of Kaspersky software ban in federal agencies

Former U.S. spies say anti-virus software makes for a perfect espionage platform

Posted on by

Popular anti-virus software companies are a prime target for intelligence agencies because they have direct, continuous access into their clients’ networks and collect large quantities of data about them, former U.S. intelligence officials and cybersecurity experts say. Although the targeting of anti-virus (AV) companies by government-backed hackers only recently became well-known, experts say sophisticated intelligence agencies have long understood the inherent value of infiltrating these firms to gather information and in some cases, spread malware. “As cybersecurity companies centralize information and maintain access to their customers, securing the cloud-based infrastructure of those cyber companies becomes paramount,” said Ben Johnson, a former NSA computer scientist. “These organizations have become prime targets for intelligence agencies, militaries, and sophisticated cyber organizations looking for ways into corporate and government institutions.” Because most anti-virus vendors have designed their products to autonomously search for computer viruses on users’ systems by directly scanning files and then sending that data back […]

The post Former U.S. spies say anti-virus software makes for a perfect espionage platform appeared first on Cyberscoop.

Continue reading Former U.S. spies say anti-virus software makes for a perfect espionage platform

Hackers linked to North Korea targeted U.S. ICS companies, breached energy firm

Posted on by

Hackers possibly linked to North Korea were able to successfully gain access to the corporate network of at least one U.S.-based energy company in recent months, according to multiple sources with knowledge of a recent intelligence report on the matter. Six sources tell CyberScoop the report notes that hackers were found actively targeting a handful of U.S. companies that rely on industrial control systems. Less than 10 companies were targeted with phishing emails as part of this apparent information gathering campaign — including one known breach — leading analysts to believe the effort is targeted and well-organized, a person with knowledge of the malicious cyber activity said. The activity was originally identified by at least two different private cybersecurity companies. The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is aware of the activity and in recent weeks shared information with some partners. NBC News obtained […]

The post Hackers linked to North Korea targeted U.S. ICS companies, breached energy firm appeared first on Cyberscoop.

Continue reading Hackers linked to North Korea targeted U.S. ICS companies, breached energy firm

The confrontation that fueled the fallout between Kaspersky and the U.S. government

Posted on by

The United States’ hostile relationship with Moscow-based cybersecurity firm Kaspersky Lab may have been partially shaped by an incident two years ago in which an eyebrow-raising Kaspersky sales pitch eventually led to a secret and previously undisclosed confrontation between Russian intelligence and the CIA. The confrontation, which ended in Russia’s domestic intelligence agency issuing a diplomatic démarche, was the result of the U.S. government’s intrusive treatment of the Russian company and helped set off a chain of events that is still unfolding today, according to multiple people with knowledge of the matter. These officials spoke to CyberScoop anonymously in order to freely discuss the sensitive nature of the ongoing saga. In the first half of 2015, Kaspersky was making aggressive sales pitches to numerous U.S. intelligence and law enforcement agencies, including the FBI and NSA, multiple U.S. officials told CyberScoop. The sales pitch caught officials’ attention inside the FBI’s Counterterrorism Division […]

The post The confrontation that fueled the fallout between Kaspersky and the U.S. government appeared first on Cyberscoop.

Continue reading The confrontation that fueled the fallout between Kaspersky and the U.S. government