nation-state hackers – Page 3

Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes

Posted on May 27, 2020 by Shannon Vavra

Hack-for-hire firms in India have been impersonating the World Health Organization in credential-stealing spearphishing email campaigns, Google’s Threat Analysis Group said Wednesday. The hack-for-hire campaign, which has targeted healthcare companies, consulting firms, and financial services entities primarily in the U.S., Slovenia, Canada, Iran, Bahrain, and Cyprus, uses Gmail accounts imitating the WHO to direct victims to lookalike WHO websites. From there, victims are urged to sign up for healthcare alerts related to the coronavirus pandemic, according to Google. When signing up, however, users are prompted to reveal their Google account credentials or other personal information such as their cell phone numbers. It’s just the latest example of criminals and nation-state actors seizing upon the uncertainty during the COVID-19 pandemic to send spam emails purporting to have information from health authorities about the coronavirus, but are actually seeking to steal credentials or are laced with malware. Other spearphishing email campaigns have imitated the U.S. Centers […]

The post Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes appeared first on CyberScoop.

Continue reading Google finds Indian hack-for-hire firms exploiting coronavirus fears via spearphishing schemes→

Vietnamese hackers exploited Google Play Store for espionage campaign

Posted on April 28, 2020 by Shannon Vavra

Hackers with suspected links to the Vietnamese government have been using the Google Play Store to distribute malicious software for the last four years, according to Kaspersky research published Tuesday. The targeted Android campaign, which Kaspersky dubbed “PhantomLance,” affected roughly 300 devices in nearly a dozen countries including Vietnam, India, Bangladesh, Indonesia, Iran, Algeria, South Africa, Nepal, Myanmar, and Malaysia, the company said. Researchers say with “medium confidence” the espionage campaign is connected to a known hacking group, OceanLotus or APT32, previously linked to the Vietnamese government. While attackers are targeting users in several countries, they appear to be especially focused on users in Vietnam. The effort suggests hackers are running domestic as well as foreign espionage operations, according to Kaspersky. They have been distributing their campaign through applications which promise to help users locate the nearest pub in Vietnam, or providing information on nearby churches. In addition to sharing APT32’s interest in victims located in Vietnam, the PhantomLance campaign’s malware, […]

The post Vietnamese hackers exploited Google Play Store for espionage campaign appeared first on CyberScoop.

Continue reading Vietnamese hackers exploited Google Play Store for espionage campaign→

Australian government says it is hacking criminals who are exploiting the pandemic

Posted on April 7, 2020 by Sean Lyngaas

As governments around the world consider their options for cracking down on scammers exploiting the coronavirus pandemic, Australia is touting a muscular approach in cyberspace. The Australian Signals Directorate (ASD) “has mobilized its offensive cyber capabilities to disrupt foreign cyber criminals responsible for a spate of malicious activities during COVID-19,” the Australian defense ministry said in a statement Tuesday. The ASD, the country’s lead agency for hacking operations, has “already successfully disrupted activities from foreign criminals by disabling their infrastructure and blocking their access to stolen information,” Australian Minister of Defense Linda Reynolds said. “Some of these cybercriminals have even posed as health officials in an attempt to exploit vulnerable Australians, by infecting their computers with malware and stealing their private information.” COVID-19-related scams and phishing attempts targeting people around the world have surged in recent weeks as criminals and spies prey on people’s health fears. In Australia, a consumer […]

The post Australian government says it is hacking criminals who are exploiting the pandemic appeared first on CyberScoop.

Continue reading Australian government says it is hacking criminals who are exploiting the pandemic→

Secret Service to launch private-sector cybercrime council

Posted on January 22, 2020 by Shannon Vavra

The Secret Service has recently hand-picked a small group of private-sector cybersecurity experts to advise the agency’s investigations team on how it can better take down cybercriminals, CyberScoop has learned. The council, which will be known as the “Cyber Investigations Advisory Board” (CIAB), will aim to “provide Secret Service’s Office of Investigations with outside strategic input for the agency’s investigative mission, including insights on the latest trends in cybercrime, financial crime, technology, and investigative techniques,” according to an internal Secret Service Electronic Crimes Task Force Bulletin. The 16-member federal advisory committee (FAC) will be the first one ever for the investigative unit, which focuses on financial crimes such as counterfeiting, card-skimming and other forms of fraud. Previous FACs all have been established for the Secret Service’s more widely known protection mission, which provides security for U.S. presidents and other dignitaries. Invitations for the FAC were sent earlier this month. Jonah Hill, a senior cyber policy advisor […]

The post Secret Service to launch private-sector cybercrime council appeared first on CyberScoop.

Continue reading Secret Service to launch private-sector cybercrime council→

How the Marine Corps thinks about beating adversaries in cyberspace

Posted on December 3, 2019 by Shannon Vavra

There are a whole host of products on the market purporting to be the best way to run defense against nation-state adversaries’ email spearphishing attempts — but there’s one part of defending against spearphishing in particular the U.S. Marine Corps Forces Cyberspace Command’s Chief Technology Officer endorses: context. For Renata Spinks, the goal is not to just make sure employees understand they should avoid clicking on what appear to be malicious links, but to make sure they understand the bigger picture of what they’re protecting, she said Tuesday. “Instead of just [test] phishing attempts, teach your employees why phishing attempts are so important and make it relatable,” Spinks said at the Fortinet Security Summit, produced by FedScoop and StateScoop. “Data is your most critical commodity, but people [are] the best asset you can have.” Spearphishing emails often seek to pilfer off passwords and credentials from victims who click on links or attachments that purport […]

The post How the Marine Corps thinks about beating adversaries in cyberspace appeared first on CyberScoop.

Continue reading How the Marine Corps thinks about beating adversaries in cyberspace→

Pentagon’s next cyber policy guru predicts more collective responses in cyberspace

Posted on November 21, 2019 by Shannon Vavra

State-sponsored cyberattacks against just one victim nation at a time could soon provoke a global response, if a growing number of officials around the world have their way. As the Pentagon has experimented with new authorities allowing U.S. Cyber Command to be more offensive in cyberspace, key officials have suggested there is a groundswell of support for multi-nation countermeasures in the digital age. Thomas Wingfield, the incoming deputy assistant secretary of Defense for cyber policy, told CyberScoop that alliances could be a more successful way to deter hackers and strike back when they infiltrate sensitive networks. “I think that’s a more effective way to solve the problem, and I think that is the general [direction] of international law,” said Wingfield, who is still employed at National Defense University. “But I would also say we’re not there yet and states are in the process of moving international law in that direction.” For months now, the U.S. […]

The post Pentagon’s next cyber policy guru predicts more collective responses in cyberspace appeared first on CyberScoop.

Continue reading Pentagon’s next cyber policy guru predicts more collective responses in cyberspace→

Amid NSA warning, attacks on Confluence have risen in recent weeks

Posted on November 6, 2019 by Shannon Vavra

The National Security Agency’s recent warning about nation-state actors exploiting a vulnerability affecting Confluence wasn’t merely a delayed confirmation of information that the cybersecurity community already had on its radar. It also appears to tip off new exploitation of the vulnerability — hackers have been dramatically stepping up the pace and persistence of their attacks on the popular workplace collaboration software in recent weeks, according to new private sector research obtained by CyberScoop. The attackers are using a vulnerability that Confluence warned about this spring, according to data from Trend Micro’s TippingPoint technology. And while the NSA issued an advisory last week about the bug, it only says nation-state hackers “have exploited” and “could” exploit the vulnerability, not going so far as to say there has been a recent uptick in attacks. New information suggests now that the agency had specific reasons to share the guidance this fall: Starting in late September, just weeks before the NSA made its announcement, hackers began exploiting the vulnerability […]

The post Amid NSA warning, attacks on Confluence have risen in recent weeks appeared first on CyberScoop.

Continue reading Amid NSA warning, attacks on Confluence have risen in recent weeks→

Republican congressman warns of mobile threats following SCIF storming

Posted on October 24, 2019 by Sean Lyngaas

After Republican lawmakers stormed a closed-door impeachment inquiry hearing Wednesday, one of their colleagues warned against bringing mobile devices anywhere near secure briefing rooms on Capitol Hill. In general, “if anybody brings a phone in, that’s a problem,” Rep. Mike Rogers, R-Ala., told reporters Thursday, adding that such an action would “absolutely” be a security concern. Several House Republicans barged into a Sensitive Compartmented Sensitive Compartmented Information Facility (SCIF) on Wednesday, reportedly with their cell phones, disrupting an impeachment inquiry hearing on the Trump administration’s handling of aide to Ukraine. SCIFs allow lawmakers to review classified material in a secure setting, and any introduction of outside devices could leave the rooms susceptible to eavesdropping. In this case, one lawmaker said on Twitter that he was inside the secure facility, where outside phones are prohibited, though his staff later said it posted the tweet. Another congressman later made a phone call from the SCIF. The facility had to be […]

The post Republican congressman warns of mobile threats following SCIF storming appeared first on CyberScoop.

Continue reading Republican congressman warns of mobile threats following SCIF storming→

How Uzbekistan’s security service (allegedly) began developing its own malware

Posted on October 3, 2019 by Sean Lyngaas

For years, Uzbekistan’s feared intelligence service, the National Security Service, has been accused of aggressively spying on citizens and abusing human rights in the Central Asian country under the guise of its counterterrorism and security operations. Now, the NSS’s reported use of hacking tools in that activity is coming into clearer view, thanks to new research. The ex-Soviet state’s security service appears to be shedding its hacking training wheels and making a lot of noise in the process. After burning multiple zero-day exploits acquired from vendors, an NSS-linked group dubbed SandCat has over the last year been testing malware it developed on its own, according to Brian Bartholomew, security researcher at cybersecurity company Kaspersky. The evolution shows how a proliferation of surveillance vendors has made it easier for relatively obscure governments to acquire and develop their own hacking tools. Before this project, Bartholomew hadn’t tracked any cyber activity out of Uzbekistan. “I […]

The post How Uzbekistan’s security service (allegedly) began developing its own malware appeared first on CyberScoop.

Continue reading How Uzbekistan’s security service (allegedly) began developing its own malware→

NATO cyber-operations center will be leaning on its members for offensive hacks

Posted on August 30, 2019 by Shannon Vavra

The North Atlantic Treaty Organization’s cyber-operations command center in Belgium still has a ways to go before its offensive playbook is set in stone, a NATO cyber official involved in the matter told CyberScoop. The Cyberspace Operations Centre was established almost exactly one year ago, in Mons, Belgium to help member nations’ obtain real-time intelligence on and respond to cyberthreats from criminal or nation-state backed hackers. The alliance is still working on pooling member nations’ offensive cyber capabilities for those responses, Deputy Director of the Cyberspace Operations Centre Group Captain Neal Dewar told CyberScoop in an interview. The cyber operations center was created in part to fulfill the alliance’s 2016 decision that under NATO’s Article V, a cyberattack on one member nation may result in a group of members coming to its defense, just as if a physical attack had occurred. But because the alliance does not have its own […]

The post NATO cyber-operations center will be leaning on its members for offensive hacks appeared first on CyberScoop.

Continue reading NATO cyber-operations center will be leaning on its members for offensive hacks→