Russian hacking unit Cozy Bear adds Google Drive to its arsenal, researchers say

APT29, one of the SVR’s most active and successful hacking groups, has been using the cloud service to help deliver malware, the researchers said.

The post Russian hacking unit Cozy Bear adds Google Drive to its arsenal, researchers say appeared first on CyberScoop.

Continue reading Russian hacking unit Cozy Bear adds Google Drive to its arsenal, researchers say

Hacking group accidentally infects itself with Remote Access Trojan horse

Patchwork, an Indian hacking group also known by such bizarre names as Hangover Group, Dropping Elephant, Chinastrats, and Monsoon, has proven the old adage that to err is human, but to really cock things up you need to be a cybercriminal. Continue reading Hacking group accidentally infects itself with Remote Access Trojan horse

Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery

It looks like the Russian government-linked hacking group Cozy Bear is back in the election trickery business. The security firm Volexity publicized a spearphishing campaign on Thursday that it identified only days ago, a scheme that uses an election fraud document as a lure. The emails purport to be from the the United States Agency for International Development, with targets including government agencies, research institutions and nongovernmental organizations in the U.S. and Europe. Volexity said it had concluded, with moderate confidence, that Cozy Bear — the group also known as APT29 or the Dukes — was behind the emails. If true, it would be a return to an old favorite subject for Cozy Bear, which the U.S. government and others implicated in the 2016 hacks of the Democratic National Committee and Hillary Clinton’s presidential campaign, among other election interference efforts. More recently, Cozy Bear has garnered attention from the Biden […]

The post Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery appeared first on CyberScoop.

Continue reading Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery

Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find

Hackers are using a new, malleable malicious document builder to run their criminal schemes, according to Intel 471 research published Tuesday. The document builder, known as EtterSilent, has been advertised in a Russian cybercrime forum and comes in two versions, according to the research. One exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro. One version of EtterSilent imitates the digital signature product DocuSign, thought when targets click through to electronically sign documents, they are prompted to enable macros. This allows the attackers to target victims with malware. EtterSilent also offers another benefit for criminals looking for the latest tools to run their schemes — the malicious document builder has been crafted to conceal the activities of its operators, and has been constantly updated in recent months to avoid detection, according to Intel 471. “The widespread use of EtterSilent shows how commoditization is a big part of […]

The post Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find appeared first on CyberScoop.

Continue reading Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find

Hackers target German lawmakers in an election year

Hackers have attempted to breach the private email accounts of certain German parliamentarians, a spokesperson for the legislative body confirmed Friday, in the latest example of cyber campaigns aimed at German politicians. German national security officials have briefed the parliament, known as the Bundestag, on the incident, and all the affected lawmakers have been informed, said Frank Bergmann, a Bundestag spokesperson. It was not immediately clear whether the phishing attempts were successful, who was responsible or what their goal was. Spokespeople for the BSI, Germany’s federal cybersecurity agency, and the BfV, the country’s domestic intelligence agency, declined to comment. The attempted intrusions comes six months ahead of Germany’s national elections. The German parliament has been a recurring target for foreign hackers, including a 2015 breach that the European Union blamed on Russia’s military intelligence agency. Since the Russian hack-and-leak operation aimed at the 2016 U.S. election, governments around Europe have […]

The post Hackers target German lawmakers in an election year appeared first on CyberScoop.

Continue reading Hackers target German lawmakers in an election year

COVID-19 vaccine scammers are still lurking

Scams looking to take advantage of people attempting to get vaccinated against the coronavirus are alive and well. In the approximately two months since the first COVID-19 vaccines became available in the U.S., vaccine-related phishing campaigns aimed at stealing victims’ credentials increased by 530%, according to Palo Alto Networks’ Unit 42 research published Wednesday. In one campaign, hackers created a website that imitated a page for the Pfizer and BioNTech vaccine, requesting users’ Office 365 credentials to purportedly register for a vaccine. Phishing campaigns targeting employees of hospitals and pharmacies rose 189% during the same time period, the researchers found. In some attacks, the hackers attempted to steal credentials from employees at Walgreens, Canada-based Pharmascience, India-based Glenmark Pharmaceuticals and China-based Junshi Biosciences. Unit 42’s findings cover scams researchers tracked through the end of last month. The pandemic has spurred on a flurry of new cyberthreats over the course of the […]

The post COVID-19 vaccine scammers are still lurking appeared first on CyberScoop.

Continue reading COVID-19 vaccine scammers are still lurking

Scammers exploit COVID-19 vaccine confusion for fraud efforts

A confusing, chaotic rush to deliver COVID-19 vaccinations is making cyberspace a more fertile place for pandemic-related scams. Researchers at Barracuda Networks said on Thursday that vaccine-related spearphishing emails rose 26% from October to the end of January. That roughly coincides with the time Pfizer and Moderna announced vaccine availability, and represents a 12% uptick from up from the one-month period of October to November. “We hope it’s the last phase of the lifecycle of this pandemic” for vaccine-related spearphishing attacks, said Fleming Shi, chief technology officer at Barracuda. ” These are just as potent as the ones earlier in the pandemic, probably even more so, because there’s an urgency for people. They’re racing for the openings.” Also Wednesday, Check Point Research said that vaccine-related domain registrations rose by 300% over the past eight months, with a large spike beginning in November and continuing through January. Of those Check Point […]

The post Scammers exploit COVID-19 vaccine confusion for fraud efforts appeared first on CyberScoop.

Continue reading Scammers exploit COVID-19 vaccine confusion for fraud efforts

Spear Phishing: How It Happens & Why You May Be at Risk

When phishing gets hyper-focused, it becomes more convincing. Learn how to spot a spear phishing attack before you “click here.” No matter what technology is available, deception is a critical…
The post Spear Phishing: How It Happens & Why You M… Continue reading Spear Phishing: How It Happens & Why You May Be at Risk

Nigerian man sentenced 10 years for $11 million phishing scam

A Nigerian national, Obinwanne Okeke, has been sentenced to 10 years in prison for allegedly coordinating an international spearphishing campaign that has cost victims approximately $11 million in losses. The scheme, which lasted from 2015 to 2019, targeted Unatrac Holding Limited, a British firm that acted as the export sales office for Caterpillar, with fake invoices and wire transfer requests. The FBI opened an investigation into the alleged scam in 2018 after Unatrac raised alarm about an email compromise operation that had targeted the firm, according to court documents. The scheme collected the credentials of hundreds of victims over the course of the operation, according to the FBI press release on the matter. It’s the kind of business email compromise scam that plagues businesses around the world. There were $1.7 billion worth of losses caused by BEC scams in 2019 alone, the most recent year the FBI has published data […]

The post Nigerian man sentenced 10 years for $11 million phishing scam appeared first on CyberScoop.

Continue reading Nigerian man sentenced 10 years for $11 million phishing scam

Iran-linked spies used Christmas as cover for spearphishing, researchers say

A cyber-espionage group linked to the Iranian government timed a mobile phishing campaign with the Christmas holidays, using email and text messages to target individuals at think tanks, universities and elsewhere, according to new research. Known as Charming Kitten, APT35 or Phosphorous, the group sent fake text messages from “Google Account Recovery” and fake emails with Christmas content, reports the cybersecurity organization CERFTA, which specializes in Iran-related research. The goal was to use malicious web pages to capture login credentials and “steal sensitive data from their victims,” CERTFA said. “The group started the new round of attacks at a time when most companies, offices, organizations, etc. were either closed or half-closed during Christmas holidays and, as a result, their technical support and IT departments were not able to immediately review, identify, and neutralize these cyber incidents,” CERTFA says. “Charming Kitten has taken full advantage of this timing to execute its […]

The post Iran-linked spies used Christmas as cover for spearphishing, researchers say appeared first on CyberScoop.

Continue reading Iran-linked spies used Christmas as cover for spearphishing, researchers say