CyberCrime - W/E - 12/21/18
harming Kitten Hackers Exploit Google Site3 to Bypass 2-FA (12/17/2018)
Researchers at cybersecurity firm Certfa say that the Iranian hacker entity known as Charming Kitten is behind a phishing campaign that targets politicians, journalists, and human rights activists. The hackers use spear phishing attacks to compromise email and social media accounts. In addition the attackers are using Google Site3, which allows the hackers to show a fake download page of Google Drive to trick the victims into thinking it's a real Google Drive page. They then pretend to share a file with the victim, who downloads and runs it on his or her device. The attackers use this tactic to direct their targets to the fake Google login page, so the users enter their credential details including two-factor authentication.
Researchers at cybersecurity firm Certfa say that the Iranian hacker entity known as Charming Kitten is behind a phishing campaign that targets politicians, journalists, and human rights activists. The hackers use spear phishing attacks to compromise email and social media accounts. In addition the attackers are using Google Site3, which allows the hackers to show a fake download page of Google Drive to trick the victims into thinking it's a real Google Drive page. They then pretend to share a file with the victim, who downloads and runs it on his or her device. The attackers use this tactic to direct their targets to the fake Google login page, so the users enter their credential details including two-factor authentication.
Chinese Hackers Compromised EU Over 3 Years, Thousands of Cables Released (12/19/2018)
The European Union's (European Union) diplomatic communications network was infiltrated over a period of several years and thousands of cables were downloaded, revealing concerns about the Trump Administration, possible nuclear issues with Iran and struggles with Russia and China, the New York Times reported. Computer firm Area 1 discovered the breach, which took place over a three-year period, and made more than 1,000 of the cables available to the Times. The hacking techniques are similar to those used by individuals affiliated with China's People's Libertarian Army. A spokeswoman for the European Council told Bloomberg that the hack is being actively investigated.
The European Union's (European Union) diplomatic communications network was infiltrated over a period of several years and thousands of cables were downloaded, revealing concerns about the Trump Administration, possible nuclear issues with Iran and struggles with Russia and China, the New York Times reported. Computer firm Area 1 discovered the breach, which took place over a three-year period, and made more than 1,000 of the cables available to the Times. The hacking techniques are similar to those used by individuals affiliated with China's People's Libertarian Army. A spokeswoman for the European Council told Bloomberg that the hack is being actively investigated.
Google Cloud Storage Abused in Malicious Campaign Hitting Financial Institutions (12/19/2018)
Menlo Security has been tracking a malicious email campaign targeting employees of banks and financial services companies. The campaign, which appears to have been active in the US and the UK since August, compromises PCs and other endpoints by tricking victims into clicking on malicious links to archive files. In all of the instances identified, the archive files were either .zip or .gz files. In all of the cases, the malicious payload was hosted on storage.googleapis.com, the domain of the Google Cloud Storage service.
Menlo Security has been tracking a malicious email campaign targeting employees of banks and financial services companies. The campaign, which appears to have been active in the US and the UK since August, compromises PCs and other endpoints by tricking victims into clicking on malicious links to archive files. In all of the instances identified, the archive files were either .zip or .gz files. In all of the cases, the malicious payload was hosted on storage.googleapis.com, the domain of the Google Cloud Storage service.
Navy Contractors Breached in 18-Month Cyber Assault from Chinese Hackers (12/17/2018)
A series of breaches targeting the US Navy's contractors has been linked to Chinese hackers and the cyber campaign has occurred since June 2017, a new report has found. In a Wall Street Journal (WSJ) article, a US official said that highly sensitive, classified data regarding advanced military technologies has been stolen and both large and small Navy contractors have been affected. Navy Secretary Richard Spencer ordered a review of the service branch's controls to identify weaknesses and determine how such breaches could occur and what can be done to prevent further cyber assaults.
A series of breaches targeting the US Navy's contractors has been linked to Chinese hackers and the cyber campaign has occurred since June 2017, a new report has found. In a Wall Street Journal (WSJ) article, a US official said that highly sensitive, classified data regarding advanced military technologies has been stolen and both large and small Navy contractors have been affected. Navy Secretary Richard Spencer ordered a review of the service branch's controls to identify weaknesses and determine how such breaches could occur and what can be done to prevent further cyber assaults.
Talos Researchers Connect Bomb Threats to Sextortion Scammers (12/17/2018)
Fake bomb threats that were distributed in malicious email messages to various entities, including schools, news outlets, and universities can be attributed to scammers who have used sextortion schemes in the past, Cisco's Talos researchers say. All of the samples Talos has found to be associated with the bomb threat attack were sent from IP addresses belonging to the domain registrar and hosting company reg.ru, suggesting that the attackers may have compromised credentials for domains that are hosted at this particular domain registrar. Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that Talos saw in a previous campaign.
Fake bomb threats that were distributed in malicious email messages to various entities, including schools, news outlets, and universities can be attributed to scammers who have used sextortion schemes in the past, Cisco's Talos researchers say. All of the samples Talos has found to be associated with the bomb threat attack were sent from IP addresses belonging to the domain registrar and hosting company reg.ru, suggesting that the attackers may have compromised credentials for domains that are hosted at this particular domain registrar. Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that Talos saw in a previous campaign.
Treasury Department Sanctions Russia for US Election Interference, Hacking (12/20/2018)
The Treasury Department is imposing sanctions on 15 Russian-connected individuals "for their involvement in a wide range of malign activity, including attempting to interfere in the 2016 US election, efforts to undermine international organizations through cyber-enabled means, and an assassination attempt in the United Kingdom." Nine officers of Russia's Main Intelligence Directorate (GRU) for their direct roles in interfering with the 2016 Presidential election by targeting election systems and political parties, as well as releasing stolen election-related documents. According to the department, these actions are in response to "Russia's continued disregard for international norms."
The Treasury Department is imposing sanctions on 15 Russian-connected individuals "for their involvement in a wide range of malign activity, including attempting to interfere in the 2016 US election, efforts to undermine international organizations through cyber-enabled means, and an assassination attempt in the United Kingdom." Nine officers of Russia's Main Intelligence Directorate (GRU) for their direct roles in interfering with the 2016 Presidential election by targeting election systems and political parties, as well as releasing stolen election-related documents. According to the department, these actions are in response to "Russia's continued disregard for international norms."