U.S. Cyber Command – Page 5

DOD, FBI, DHS warn of active North Korean government-linked hacking operation

Posted on October 27, 2020 by Shannon Vavra

The FBI and departments of Defense and Homeland Security issued a joint alert Tuesday warning the private sector about what they say is a global hacking operation run by North Korean government-linked hackers. The hacking group, known as Kimsuky, tends to run intelligence-gathering intrusions against targets in South Korea, Japan and the U.S., according to the alert by the FBI, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and Cyber Command, DOD’s offensive hacking arm. Kimsuky commonly runs cyber-espionage campaign against South Korean think tanks, as well as targets related to sanctions, nuclear topics, and other issues affecting the Korean Peninsula, according to the U.S. government. To obtain initial access to victims, the hackers typically use spearphishing emails and watering holes to trick victims to give up information, the U.S. government alert says. Kimsuky’s operations, which have been active since at least 2012, are “most likely tasked by the North Korean regime,” according to the report. Researchers have previously linked […]

The post DOD, FBI, DHS warn of active North Korean government-linked hacking operation appeared first on CyberScoop.

Continue reading DOD, FBI, DHS warn of active North Korean government-linked hacking operation→

TrickBot really is on the run after Microsoft, Cyber Command disruption

Posted on October 20, 2020 by Tim Starks

After some initial doubts, Tuesday brought encouraging signs that a multi-front attempt to dismantle the massive TrickBot botnet in advance of Election Day has taken root, perhaps thanks to an extra push. In recent weeks, a Pentagon hacking division and a coalition of organizations led by Microsoft took aim at TrickBot, one of of the world’s largest armies of zombie computers. Fears that attackers could use the botnet to deploy ransomware and disrupt the 2020 election motivated the takedown bids. Microsoft said on Tuesday that, as of the start of this week, it had disabled 120 out of 128 command-and-control servers the company identified as part of TrickBot’s infrastructure, good for a 94% takedown rate. Nearly 60 of the 128 sprung up as cybercriminals sought to fortify its infrastructure, after which Microsoft said it shut down all but one. “To be clear, these numbers will change regularly as we expect action we’ve already […]

The post TrickBot really is on the run after Microsoft, Cyber Command disruption appeared first on CyberScoop.

Continue reading TrickBot really is on the run after Microsoft, Cyber Command disruption→

After blows from Cyber Command and Microsoft, TrickBot lives on

Posted on October 14, 2020 by Sean Lyngaas

Disrupting a well-oiled botnet, or network of compromised computers used to launch attacks, isn’t easy. It’s little surprise, then, that in the days after U.S. Cyber Command and Microsoft took aim at TrickBot, one of the world’s largest botnets, parts of the zombie computer army still appear to be active. The goal of the distinct operations carried out in recent weeks was to wound a vast, malicious network that Russian-speaking criminals had used to infect victims with ransomware. Cyber Command, the offensive hacking unit within the U.S. Department of Defense, attacked the botnet’s infrastructure. In a separate action, Microsoft carried out a court order to disable some of TrickBot’s U.S.-based computer activity. The latter move appears to have taken large chunks of the botnet’s U.S.-based servers offline, forcing TrickBot’s puppet masters to reconfigure some of their operations, and seemed to give some organizations a reprieve to shore up digital defenses. The dual actions sought to curb the ability of a criminal network to deploy ransomware on state […]

The post After blows from Cyber Command and Microsoft, TrickBot lives on appeared first on CyberScoop.

Continue reading After blows from Cyber Command and Microsoft, TrickBot lives on→

Cyber Command, Microsoft take action against TrickBot botnet before Election Day

Posted on October 12, 2020 by Shannon Vavra

TrickBot’s margin for success just got a lot smaller. The Pentagon’s offensive hacking arm, Cyber Command, has carried out an operation to hinder the ability of TrickBot, one of the world’s largest botnets, from attacking American targets, according to one U.S. government official who spoke to CyberScoop on the condition of anonymity because they were not authorized to discuss the matter. Microsoft also has sought to disrupt the TrickBot botnet, according to Tom Burt, the company’s corporate vice president of customer security and trust. The two operations represented distinct efforts to interrupt a pernicious threat that U.S. government officials say could be used to launch ransomware attacks against IT systems that support the voting process ahead of Election Day. Such an attack against voter registration systems, for instance, could result in confusion, delays or other uncertainties when Americans cast their ballots. As a result of the Microsoft operation, the people behind the TrickBot botnet — […]

The post Cyber Command, Microsoft take action against TrickBot botnet before Election Day appeared first on CyberScoop.

Continue reading Cyber Command, Microsoft take action against TrickBot botnet before Election Day→

Report: U.S. Cyber Command Behind Trickbot Tricks

Posted on October 10, 2020 by BrianKrebs

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command. Continue reading Report: U.S. Cyber Command Behind Trickbot Tricks→

NSA director is in quarantine after potential coronavirus exposure

Posted on October 6, 2020 by Shannon Vavra

The director of the U.S. National Security Agency, Gen. Paul Nakasone, has entered quarantine out of an abundance of caution after a potential exposure to the coronavirus. The news was first reported by CBS News. Nakasone has tested negative for the virus, according to CNBC. It was unclear when Nakasone’s last negative coronavirus test occurred. Nakasone’s status could raise questions about how he will be able to complete his duties as the director of the Defense Department’s foreign signals intelligence agency. Nakasone also leads Cyber Command, an offensive hacking outfit, which runs cyber-operations to disrupt and deter adversaries, including Russia, in cyberspace. The NSA and Cyber Command declined to comment on Nakasone’s health status. “As has been our policy since the start of the pandemic we don’t comment on the heath status or testing of our personnel, to include leadership,” an NSA spokesperson said. “Cyber Command and NSA maintain strict safety protocols in order to achieve our […]

The post NSA director is in quarantine after potential coronavirus exposure appeared first on CyberScoop.

Continue reading NSA director is in quarantine after potential coronavirus exposure→

DOD, DHS expose hacking campaign in Russia, Ukraine, India, Malaysia

Posted on October 1, 2020 by Shannon Vavra

The Department of Defense and the Department of Homeland Security are calling out an unspecified “sophisticated cyber actor” Thursday for using malware to launch cyberattacks against targets in India, Kazakhstan, Kyrgyzstan, Malaysia, Russia and Ukraine. The malware, which the military’s Cyber Command has dubbed “SlothfulMedia,” is an information-stealer capable of logging keystrokes of victims and modifying files, according to an analysis shared early with CyberScoop. The agencies shared the malware sample on the malware-sharing repository on VirusTotal Thursday afternoon. The malware “is in use in successful ongoing campaigns,” a Cyber Command spokesperson told CyberScoop. The DOD and DHS did not say what threat group or nation-state might be running the malware campaign. The report does not mention specific targets, either. It’s the latest Pentagon effort to expose malware used by well-resourced hackers around the world. Cyber Command, which first began exposing state-backed hacking campaigns by sharing malware samples with the public in 2018, has previously exposed foreign […]

The post DOD, DHS expose hacking campaign in Russia, Ukraine, India, Malaysia appeared first on CyberScoop.

Continue reading DOD, DHS expose hacking campaign in Russia, Ukraine, India, Malaysia→

Secret Service looks to outsiders to boost financial cybercrime probes

Posted on September 23, 2020 by Shannon Vavra

The U.S. Secret Service is pulling in outside expertise from the private sector and U.S. Cyber Command as it weighs changes to its investigative methods in an attempt to keep pace with international hackers. The engagement with Cyber Command, the Pentagon’s offensive cyber unit, is focused on learning from the military’s experience with transnational cybercriminals, a Secret Service official told CyberScoop. The Secret Service’s efforts to consult with private sector experts, meanwhile, is focused on specifically overhauling the agency’s investigative practices. The effort to consult with outside expertise comes as part of a recognition that the Secret Service lacks the latest techniques needed to root out financially motivated hackers. To formalize its interest in tapping into the private sector’s understanding of scammers’ latest tactics, the agency earlier this year established an advisory group composed of cybersecurity practitioners from the private sector, academia, and U.S. government, as CyberScoop first reported. Known as the Cyber Investigations Advisory Board (CIAB), the group met last week […]

The post Secret Service looks to outsiders to boost financial cybercrime probes appeared first on CyberScoop.

Continue reading Secret Service looks to outsiders to boost financial cybercrime probes→

DOJ and Cyber Command partner up in civil forfeiture claim targeting North Korea’s financial hacks

Posted on August 27, 2020 by Shannon Vavra

The U.S. Department of Justice has filed a civil forfeiture complaint targeting the North Korean government’s hacking of two cryptocurrency exchanges last year. The hacks, which allegedly took place in July 2019 and September 2019, resulted in the theft of millions of dollars’ worth of cryptocurrency and financial instruments, according to the DOJ’s complaint, which was filed in a Washington, D.C. federal court on Thursday. The filing comes amid a broad effort in the U.S. government to hold North Korea accountable for its hacking operations, particularly those that seek to fund the regime amid international sanctions. It comes just one day after the U.S. government exposed details of other, more recent North Korean government financial hacking operations — aimed at stealing cash from ATMs around the globe. But the complaint filed Thursday reveals a new wrinkle in the U.S. military’s efforts to target North Korean hacking: The DOJ said it […]

The post DOJ and Cyber Command partner up in civil forfeiture claim targeting North Korea’s financial hacks appeared first on CyberScoop.

Continue reading DOJ and Cyber Command partner up in civil forfeiture claim targeting North Korea’s financial hacks→

US government exposes North Korean government ATM cashout hacking campaign

Posted on August 26, 2020 by Shannon Vavra

The U.S. government called out North Korea on Wednesday over a government-led hacking campaign that has been focused on stealing cash from ATMs around the world. The operation, run out of the North Korean government’s Reconnaissance General Bureau — through a hacking group the U.S. government refers to as Hidden Cobra — poses a “significant threat to financial institutions,” the Department of Defense, Department of Homeland Security, FBI, and U.S. Treasury said in a joint release. The scheme comes as North Korea is under the crush of harsh international sanctions, which is forcing the country to find money through any means necessary. In exposing the campaign, the U.S. government says it aims to throttle those efforts. “We know that North Korea uses cyber-enabled tactics and techniques to steal currency, which it would otherwise be denied under international sanctions,” the Pentagon’s Cyber Command Cyber National Mission Force Commander, Brig. Gen. Joe Hartman, […]

The post US government exposes North Korean government ATM cashout hacking campaign appeared first on CyberScoop.

Continue reading US government exposes North Korean government ATM cashout hacking campaign→