nation-state hackers – Page 5

DOJ unseals charges against 10 Chinese nationals for hacking aerospace companies

Posted on October 30, 2018 by Sean Lyngaas

The Department of Justice on Tuesday unsealed charges against 10 Chinese nationals, including intelligence officers and hackers, for a multi-year campaign to steal aerospace technology and other proprietary information from U.S. companies. Partly relying on a “team of hackers,” intelligence officers at a provincial arm of China’s Ministry of State Security (MSS) focused on stealing turbofan-engine technology used in European and U.S. commercial airliners, DOJ said in a statement. The alleged operation lasted from at least January 2010 to May 2015, the department said. The turbofan engine was a joint project between unnamed French aerospace manufacturer and a U.S.-based company, according to DOJ. The Chinese intelligence operation breached the networks of the French manufacturer, as well as those of companies based in Arizona, Massachusetts and Oregon, the department said. The indictment returned by a grand jury in the Southern District of California lays out the hackers’ alleged tradecraft in detail. “The hackers used a […]

The post DOJ unseals charges against 10 Chinese nationals for hacking aerospace companies appeared first on Cyberscoop.

Continue reading DOJ unseals charges against 10 Chinese nationals for hacking aerospace companies→

FireEye links Russia-owned lab to Trisis developers

Posted on October 23, 2018 by Sean Lyngaas

A Russian-owned research institute very likely helped build tools used by an infamous hacking group that caused a petrochemical plant in Saudi Arabia to shut down last year, cybersecurity company FireEye said Tuesday. A series of clues implicates the Central Scientific Research Institute of Chemistry and Mechanics (CNIIHM), a Moscow-based lab, in developing tools used by the group known as Xenotime or TEMP.Veles, according to FireEye. The group is known for malware, dubbed Triton or Trisis, designed to disrupt control-system software that allows industrial plants to safely shut down. FireEye has tied the testing of malware used by TEMP.Veles to CNIIHM, specifically someone who has been identified as a professor at the institute. Further, an IP address registered to CNIIHM has been employed by Triton’s operators for multiple purposes, “including monitoring open-source coverage of Triton, network reconnaissance, and malicious activity in support of the Triton intrusion,” FireEye said in a blog post. […]

The post FireEye links Russia-owned lab to Trisis developers appeared first on Cyberscoop.

Continue reading FireEye links Russia-owned lab to Trisis developers→

Ex-DHS official on PPD-20 repeal: Consider potential blowback to private sector

Posted on October 18, 2018 by Sean Lyngaas

The U.S. government’s new and reportedly more muscular approach to conducting offensive cyber-operations must carefully consider the potential blowback of such actions to the private sector, a former senior Department of Homeland Security official has warned. “DHS needs to be part of the discussion around the cost-benefit analysis to bring the private sector point of view because we know the private sector often bears the brunt of the retaliation that comes in the wake of more aggressive activity,” Suzanne Spaulding said Wednesday at the Atlantic Council. Asked what public indication there would that those concerns are being addressed, Spaulding, who served as a DHS undersecretary under President Barack Obama, said the answer lies in the private sector. Private companies will have a sense of “whether their equities were adequately considered” before a U.S. government decision to conduct offensive operations, Spaulding said during a panel discussion. “And my guess is they’ll […]

The post Ex-DHS official on PPD-20 repeal: Consider potential blowback to private sector appeared first on Cyberscoop.

Continue reading Ex-DHS official on PPD-20 repeal: Consider potential blowback to private sector→

New research highlights Vietnamese group’s custom hacking tools

Posted on October 17, 2018 by Sean Lyngaas

Cybersecurity researchers have uncovered remote access tools, or backdoors, linked to an infamous Vietnamese hacking group with a history of targeting government organizations and intellectual-property-rich companies. Analysts with cybersecurity company Cylance say that while investigating a security incident last year, they found multiple custom backdoors used by the cyber-espionage outfit known as APT32 or OceanLotus Group. The hackers used command and control protocols that were tailored to their targets and that supported multiple network communication methods. “The overall design and development of these threats indicate they come from a well-funded development team,” research from Cylance published Wednesday states. “The OceanLotus Group uses an expansive amount of custom library code that can easily be repurposed for maximum effectiveness against their next target.” Tom Bonner, Cylance’s director of threat research, told CyberScoop that the “underlying code for the APT32 backdoors is highly modular,” meaning it can be repurposed by tweaking command and control protocols. APT32, […]

The post New research highlights Vietnamese group’s custom hacking tools appeared first on Cyberscoop.

Continue reading New research highlights Vietnamese group’s custom hacking tools→

Symantec reveals state-sponsored group that doesn’t care for malware

Posted on October 10, 2018 by Sean Lyngaas

A newly revealed hacking group has been going after diplomatic and military targets in a malware-less campaign that researchers say makes it difficult to detect. Over the last 10 months, the so-called Gallmaker group has conducted what appear to be cyber-espionage operations against several embassies belonging to an Eastern European country, according to research from cybersecurity company Symantec published Wednesday. The group, which researchers say is likely state-sponsored, has also targeted military and defense organizations in the Middle East. “The type of targets seen in the attacks really fit that of what an espionage group would be interested in,” Jon DiMaggio, senior threat intelligence analyst at Symantec, told CyberScoop. “If simply for financial gain, it would be odd to restrict targets to diplomatic, military and defense personnel.” Gallmaker’s end goal appears to collecting intelligence on its targets in the form of documents and communications, according to DiMaggio. Gallmaker’s hackers use […]

The post Symantec reveals state-sponsored group that doesn’t care for malware appeared first on Cyberscoop.

Continue reading Symantec reveals state-sponsored group that doesn’t care for malware→

FireEye unmasks a new North Korean threat group

Posted on October 3, 2018 by Sean Lyngaas

There is a distinct and aggressive group of hackers bent on financing the North Korean regime and responsible for millions of dollars in bank heists in recent years, according to research from cybersecurity company FireEye. The group, dubbed APT38, is distinct from other Pyongyang-linked hackers because of its overriding financial motivation — as opposed to pure espionage — and persistent targeting of banks worldwide, FireEye researchers said. “This is an active … threat against financial institutions all around the world,” Sandra Joyce, FireEye’s vice president of global intelligence, said at a press briefing. The group was responsible for some of the more high-profile attacks on financial institutions in the last few years, the researchers said, including the $81 million heist of the Bangladesh’s central bank in February 2016, and an attack on a Taiwanese bank in October 2017. North Korean hackers had already been publicly linked with these attacks, but the […]

The post FireEye unmasks a new North Korean threat group appeared first on Cyberscoop.

Continue reading FireEye unmasks a new North Korean threat group→

White House announces federal cyber strategy, vows to go on offensive

Posted on September 20, 2018 by Sean Lyngaas

The White House announced a new national cybersecurity strategy Thursday in an effort raise federal network defenses and more aggressively deter foreign adversaries from threatening U.S. interests. “We’re going to do a lot of things offensively and I think our adversaries need to know that,” White House national security adviser John Bolton told reporters. Defensive measures are central to the document, but Bolton’s call with reporters emphasized offense. “We will identify, counter, disrupt, degrade, and deter behavior in cyberspace that is destabilizing and contrary to national interests, while preserving the United States’ overmatch in and through cyberspace,” Bolton said. The strategy is a template through which federal agencies can carry out their own cybersecurity mandates, according to Bolton. “I’m satisfied that this allows us the comprehensive look at strategy across the entire government,” he said. “Each agency knows its lane and is pursuing it vigorously. That’s true in the unclassified world; it’s […]

The post White House announces federal cyber strategy, vows to go on offensive appeared first on Cyberscoop.

Continue reading White House announces federal cyber strategy, vows to go on offensive→

House passes deterrence bill that would call out nation-state hackers

Posted on September 5, 2018 by Sean Lyngaas

The House of Representatives on Wednesday passed a bipartisan bill aimed at deterring foreign governments from conducting operations against U.S. critical infrastructure. The Cyber Deterrence and Response Act put forth by Rep. Ted Yoho, R-Fla., calls on the president to identify individuals and organizations engaged in state-sponsored hacking that significantly threatens U.S. interests., and then to impose one or more of a slew of sanctions on them. That “naming and shaming” approach is an effort to ward off future cyberattacks from China, Russia, Iran, and North Korea — four countries that U.S. officials routinely label as top adversaries in cyberspace. The bill, which passed the House by voice vote, also calls for a uniform list of foreign hacking groups to be published on the Federal Register. Sen. Cory Gardner, R-Colo., last month introduced companion legislation in the Senate. “Our foreign adversaries have developed sophisticated cyber capabilities that disrupt our networks, […]

The post House passes deterrence bill that would call out nation-state hackers appeared first on Cyberscoop.

Continue reading House passes deterrence bill that would call out nation-state hackers→

DHS chief warns of ‘pandemic’ cyber vulnerabilities

Posted on September 5, 2018 by Sean Lyngaas

Homeland Security Secretary Kirstjen Nielsen painted a daunting picture of the global digital landscape in a speech Wednesday, describing “a worldwide outbreak of cyberattacks and cyber vulnerabilities” that had moved from the “epidemic” to the “pandemic” stage. “Cyberattacks, in terms of their breadth and scope and possible consequences, now exceed the risk of physical attacks,” Nielsen said at The George Washington University in Washington, D.C. “[C]yberspace is now the most active battlefield, and the attack surface extends into every single American home.” The Department of Homeland Security “was founded 15 years ago to prevent another 9/11,” Nielsen added, “but I believe an attack of that magnitude is much more likely to reach us online than on an airplane.” The department “wasn’t built for a digital pandemic” at its founding, she said, urging Congress to pass legislation to turn DHS’s cyber and physical infrastructure agency into an “full-fledged operational agency.” Nielsen also […]

The post DHS chief warns of ‘pandemic’ cyber vulnerabilities appeared first on Cyberscoop.

Continue reading DHS chief warns of ‘pandemic’ cyber vulnerabilities→

Cisco Talos’ Craig Williams on the hunt for bugs and abnormal behavior

Posted on August 27, 2018 by Sean Lyngaas

Look at some of the biggest cybersecurity incidents in the last year and one threat intelligence organization tends to pop up: Talos. Researchers from Talos, a division of networking giant Cisco, have helped expose VPNFilter, the massive botnet that loomed over Ukraine and tracked cybercriminals who have used mobile device management servers to distribute malware. On the sidelines of the Black Hat and DEF CON conference in Las Vegas this month, CyberScoop sat down with Craig Williams, Talos’s director of outreach, to get his take on some of these high-profile threats and how he approaches the craft of investigating malware campaigns. Like most other threat intelligence units, Talos has to manage a critical relationship with law enforcement, deciding when to loop-in the public sector as it comes across all different kinds of attacks. Williams provides some insight into how Talos handles these interactions, which can often be as complex as the malware he pores over daily. This conversation […]

The post Cisco Talos’ Craig Williams on the hunt for bugs and abnormal behavior appeared first on Cyberscoop.

Continue reading Cisco Talos’ Craig Williams on the hunt for bugs and abnormal behavior→