CyberCrime - W/E - 071318
Charming Kitten Threat Entity Impersonates ClearSky's Web Site (07/06/2018)
ClearSky Cyber Security, which has reported on a threat group known as Charming Kitten in the past, warned that the threat entity created a phishing site and impersonated the company. Charming Kitten, which is comprised of Iranian hackers, created the clearskysecurity\.net site and copied pages from the actual ClearSky Web site and included a sign-in option for visitors. In a separate post, ClearSky said, "These sign-in options are all phishing pages that would send the victim's credentials to the attackers. Our legitimate Web site does not have any sign in option."
ClearSky Cyber Security, which has reported on a threat group known as Charming Kitten in the past, warned that the threat entity created a phishing site and impersonated the company. Charming Kitten, which is comprised of Iranian hackers, created the clearskysecurity\.net site and copied pages from the actual ClearSky Web site and included a sign-in option for visitors. In a separate post, ClearSky said, "These sign-in options are all phishing pages that would send the victim's credentials to the attackers. Our legitimate Web site does not have any sign in option."
Cyber Thieves Selling RDP Access to Companies for Fun and Profit (07/11/2018)
McAfee uncovered evidence that access connected to building automation and security systems for major international airport can be purchased for as little as $10 USD on the dark underground. While assessing several shops that sell Remote Desktop Protocol (RDP) access to infected machines, McAfee found a Russian business selling administrator access to a Windows Server 2008 R2 Standard machine which belonged to a US city. The going price was $10. Further scrutiny found IP addresses that belonged to a major airport's accessible login screens. Cybercriminals can gain RDP access to critical systems as a result of lax security practices.
McAfee uncovered evidence that access connected to building automation and security systems for major international airport can be purchased for as little as $10 USD on the dark underground. While assessing several shops that sell Remote Desktop Protocol (RDP) access to infected machines, McAfee found a Russian business selling administrator access to a Windows Server 2008 R2 Standard machine which belonged to a US city. The going price was $10. Further scrutiny found IP addresses that belonged to a major airport's accessible login screens. Cybercriminals can gain RDP access to critical systems as a result of lax security practices.
Gentoo Admits to Cyber Attack on GitHub (07/06/2018)
An unknown entity gained control of an admin account for the Gentoo GitHub Organization and removed all access to the organization (and its repositories) from Gentoo developers. The entity then proceeded to make various changes to content. Gentoo Developers & Infrastructure escalated to GitHub support and the Gentoo Organization was frozen by GitHub staff. Gentoo has regained control of the Gentoo GitHub Organization and has reverted the bad commits and defaced content. The attack took place on June 28. In a post regarding the incident, Gentoo said that a password appeared to be to blame. "Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated Web pages," the report stated.
An unknown entity gained control of an admin account for the Gentoo GitHub Organization and removed all access to the organization (and its repositories) from Gentoo developers. The entity then proceeded to make various changes to content. Gentoo Developers & Infrastructure escalated to GitHub support and the Gentoo Organization was frozen by GitHub staff. Gentoo has regained control of the Gentoo GitHub Organization and has reverted the bad commits and defaced content. The attack took place on June 28. In a post regarding the incident, Gentoo said that a password appeared to be to blame. "Evidence collected suggests a password scheme where disclosure on one site made it easy to guess passwords for unrelated Web pages," the report stated.
Hamas Spied on Israeli Soldiers Via Tainted Google Play Apps (07/06/2018)
The Israel Defense Forces (IDF) discovered a campaign launched by Hamas in which the militant group hacked the smartphones of Israeli soldiers who were using dating and World Cup apps to steal sensitive information, Haaretz has reported. The apps enabled Hamas to implant malware on the phones, cull such data as pictures and email addresses, and take remote control of the devices' microphones and cameras. At some points, Hamas filmed activities taking place on IDF bases without the knowledge of the soldiers. IDF security personnel first started receiving complaints from military staff in January about suspicious activity on social networks in which soldiers were pushed to download specific apps from Google Play. If downloaded, those apps gave the attackers access to all information on IDF devices.
The Israel Defense Forces (IDF) discovered a campaign launched by Hamas in which the militant group hacked the smartphones of Israeli soldiers who were using dating and World Cup apps to steal sensitive information, Haaretz has reported. The apps enabled Hamas to implant malware on the phones, cull such data as pictures and email addresses, and take remote control of the devices' microphones and cameras. At some points, Hamas filmed activities taking place on IDF bases without the knowledge of the soldiers. IDF security personnel first started receiving complaints from military staff in January about suspicious activity on social networks in which soldiers were pushed to download specific apps from Google Play. If downloaded, those apps gave the attackers access to all information on IDF devices.
TEMP.Periscope Gang Targets Cambodia's July Elections (07/11/2018)
Multiple Cambodian entities with ties to the country's electoral system have been hacked as the July 29 election draws near and the TEMP.Periscope gang is to blame. In research conducted by FireEye, this group, which has connections to the Chinese government, used the same infrastructure against other targets globally including the defense industrial base in the United States and a chemical company based in Europe. TEMP.Periscope has been active since at least 2013 and typically focuses on infiltrating maritime-related targets across multiple verticals, research universities, professional/consulting services, high-tech industry, healthcare, and media/publishing.
Multiple Cambodian entities with ties to the country's electoral system have been hacked as the July 29 election draws near and the TEMP.Periscope gang is to blame. In research conducted by FireEye, this group, which has connections to the Chinese government, used the same infrastructure against other targets globally including the defense industrial base in the United States and a chemical company based in Europe. TEMP.Periscope has been active since at least 2013 and typically focuses on infiltrating maritime-related targets across multiple verticals, research universities, professional/consulting services, high-tech industry, healthcare, and media/publishing.