Saturday, March 19, 2022
CYBER OPERATIONS....Articles of Interest | Bleeping Computer
Google: Chinese state hackers target Ukraine’s government
- March 18, 2022
- 09:58 AM
- 0
Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine.
Google TAG Security Engineer Billy Leonard says Google notified Ukrainian government organizations targeted by a Chinese-sponsored hacking group.
"Over the last few weeks Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties," Leonard said.
"While our priority is providing notifications to impacted parties, we've provided related IOCs to community partners, and we will publish more details for the security community in the near future."
The group's head, Shane Huntley, also confirmed Leonard's assessment, saying that "the Ukraine war isn't only attracting interest from European threat actors. China is working hard here too."
This aligns with claims made by the Intrusion Truth, a secretive group known for its work on exposing suspected Chinese hacking operations, on Tuesday saying that it's aware of Chinese threat actors targeting Ukraine, likely at the behest of the Chinese government.
> Intrusion Truth also asked infosec experts to share any indicators or samples linked to Chinese malicious activity in Ukraine via public or anonymous channels.
I would assume this is cyber espionage, which would be expected, though still not good. https://t.co/SeJWEYrWRv
— John Hultquist (@JohnHultquist) March 15, 2022
Chinese state hackers also targeting Europe
Google TAG's report of ongoing Chinese cyber operations in Ukraine follows another warning issued one week ago regarding a Chinese-backed hacking group tracked as APT31 targeting Gmail users affiliated with the US government.
One day earlier, Google security analysts revealed that Russian and Belarusian targeted Ukrainian and European government and military orgs in widespread phishing and DDoS attacks.
"In the last 12 months, TAG has issued hundreds of government-backed attack warnings to Ukrainian users alerting them that they have been the target of government-backed hacking, largely emanating from Russia," said Shane Huntley, Google's TAG lead.
Google added that the Chinese-backed hacking group Mustang Panda (aka Temp.Hex and TA416) has also switched to phishing attacks against European organizations using lures related to the invasion of Ukraine.
The same day, Proofpoint revealed it detected Mustang Panda phishing "European diplomatic entities, including an individual involved in refugee and migrant services."
Telegram banned by Brazilian Supreme Court over missed emails
Brazilian Supreme Federal Court Justice Alexandre de Moraes banned Telegram on Friday from operating in the country and asked the National Telecommunications Agency to notify internet providers to block the messaging app within five days.
- March 18, 2022
- 07:05 PM
1
Windows 11 adds a BitLocker exclusion policy for USB drives
Microsoft has released a new Windows 11 build with a long list of changes, improvements, fixes for known issues, available for all Windows Insiders that will install the Windows 11 Insider Preview Build 22579 pushed to the Dev Channel.
- March 18, 2022
- 04:36 PM
- 0
The Week in Ransomware - March 18th 2022 - Targeting the auto industry
This week, the automotive industry has been under attack, with numerous companies exhibiting signs of breaches or ransomware activity.
- March 18, 2022
- 04:11 PM
- 0
Free decryptor released for TrickBot gang's Diavol ransomware
Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom.
- March 18, 2022
- 03:35 PM
- 0
Hackers claim to breach TransUnion South Africa with 'Password' password
TransUnion South Africa has disclosed that hackers breached one of their servers using stolen credentials and demanded a extortion demand not to release stolen data.
- March 18, 2022
- 11:32 AM
- 1
DarkHotel hacking campaign targets luxury Macao resorts
The South Korean DarkHotel hacking group has been spotted in a new campaign spanning December 2021 through January 2022, targeting luxury hotels in Macao, China.
- March 18, 2022
- 10:51 AM
- 0
CISA, FBI warn US critical orgs of threats to SATCOM networks
CISA and the FBI warned US critical infrastructure organizations of potential threats targeting satellite communication (SATCOM) networks in the US and worldwide.
- March 17, 2022
- 06:57 PM
- 1
New Unix rootkit used to steal ATM banking data
Threat analysts following the activity of LightBasin, a financially motivated group of hackers, report the discovery of a previously unknown Unix rootkit that is used to steal ATM banking data and conduct fraudulent transactions.
- March 17, 2022
- 06:23 PM
- 0
Microsoft reminds of Internet Explorer's looming demise in June
Microsoft has reminded Windows customers today that they'll finally retire the Internet Explorer 11 web browser from some Windows 10 versions in June and replace it with the new Chromium-based Microsoft Edge.
- March 17, 2022
- 02:13 PM
- 1
ASUS warns of Cyclops Blink malware attacks targeting routers
Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk.
- March 17, 2022
- 01:12 PM
- 0
Europe warns of aircraft GPS outages tied to Russian invasion
The European Union Aviation Safety Agency (EASA), EU's air transport safety and environmental protection regulator, warned today of intermittent outages affecting Global Navigation Satellite Systems (GNSS) linked to the Russian invasion of Ukraine.
- March 17, 2022
- 12:28 PM
- 0
Microsoft creates tool to scan MikroTik routers for TrickBot infections
The TrickBot trojan has just added one more trick up its sleeve, now using vulnerable IoT (internet of things) devices like modem routers as proxies for its C2 (command and control) server communication.
- March 17, 2022
- 08:22 AM
- 0
Thursday, March 17, 2022
FORMER U.S. INTELLIGENCE OFFICIALS SELLING THEIR SERVICES
Intro: "No boots on-the-ground" is a convenient nuanced phrase used to disguise private contractors
Former Spies No Longer Legally Allowed to Become ‘Mercenaries’
'NATIONAL INTEREST'
"Former United States spies are now barred from providing their services to foreign governments for 30 months after they retire. President Joe Biden signed the bill into law on Tuesday, part of a larger spending bill that will “prohibit U.S. intelligence officials with knowledge of spycraft and national security secrets from selling their services to other countries for 30 months after retiring,” Reuters reports.
The new law, first proposed by Rep. Joaquin Castro (D-TX), found its legs after a Reuters investigation revealed how ex-National Security Agency personnel leveraged their knowledge to the United Arab Emirates, which allowed for the surveillance of Americans, according to the news wire.
“We don’t want our best-trained intel officers going straight into the hands of foreign governments for the sake of money,” the congressman said of the new law. “This discourages intelligence mercenaries and protects our national interest.”
RELATED CONTENT
Ex-U.S. Intelligence Officers Admit to Hacking Crimes in Work for Emiratis
They were among a trend of Americans working for foreign governments trying to build their cyberoperation abilities.
WASHINGTON — Three former American intelligence officers hired by the United Arab Emirates to carry out sophisticated cyberoperations admitted to hacking crimes and to violating U.S. export laws that restrict the transfer of military technology to foreign governments, according to court documents made public on Tuesday.
The documents detail a conspiracy by the three men to furnish the Emirates with advanced technology and to assist Emirati intelligence operatives in breaches aimed at damaging the perceived enemies of the small but powerful Persian Gulf nation.
The men helped the Emirates, a close American ally, gain unauthorized access to “acquire data from computers, electronic devices and servers around the world, including on computers and servers in the United States,” prosecutors said.
The three men worked for DarkMatter, a company that is effectively an arm of the Emirati government. They are part of a trend of former American intelligence officers accepting lucrative jobs from foreign governments hoping to bolster their abilities to mount cyberoperations.
Legal experts have said the rules governing this new age of digital mercenaries are murky, and the charges made public on Tuesday could be something of an opening salvo by the government in a battle to deter former American spies from becoming guns for hire overseas.
The three men, Marc Baier, Ryan Adams and Daniel Gericke, admitted violating U.S. laws as part of a three-year deferred prosecution agreement. If the men comply with the agreement, the Justice Department will drop the criminal prosecution. Each man will also pay hundreds of thousands of dollars in fines. The men will also never be able to receive a U.S. government security clearance. . .(The court documents said that the three men and others worked in DarkMatter’s “Cyber Intelligence Operations,” which gained access to “information and data from thousands of targets around the world.”)
DarkMatter employed several other former N.S.A. and C.I.A. officers, according to a roster of employees obtained by The New York Times, some making salaries of hundreds of thousands of dollars a year.
The investigation into the American employees of DarkMatter has continued for years, and it had been unclear whether prosecutors would bring charges. Experts cited potential diplomatic concerns about jeopardizing the United States’ relationship with the Emirates — a country that has cultivated close ties to the past several American administrations — as well as worries about whether pursuing the case might expose embarrassing details about the extent of the cooperation between DarkMatter and American intelligence agencies.
There is also the reality that American laws have been slow to adapt to the technological changes that have provided lucrative work for former spies once trained to conduct offensive cyberoperations against America’s adversaries.
Specifically, the rules that govern what American intelligence and military personnel can and cannot provide to foreign governments were devised for 20th-century warfare — for instance, training foreign armies on American military tactics or selling defense equipment like guns or missiles.
This year, the C.I.A. sent a blunt letter to former officers warning them against going to work for foreign governments. The letter, written by the spy agency’s head of counterintelligence, said it was seeing a “detrimental trend” of “foreign governments, either directly or indirectly, hiring former intelligence officials to build up their spying capabilities.”
Read more >> https://www.nytimes.com/2021/09/14/us/politics/darkmatter-uae-hacks.html
-
Flash News: Ukraine Intercepts Russian Kh-59 Cruise Missile Using US VAMPIRE Air Defense System Mounted on Boat. Ukrainian forces have made ...
