CyberCrime - W/E - 01/11/19
Chinese Hackers Charged in Global APT10 Threat Campaigns (12/26/2018)
Two Chinese hackers associated with the APT10 cyber threat group have been indicted for their roles in global computer intrusion campaigns that have taken place since at least 2006, the Justice Department (DOJ) announced. The defendants, Zhu Hua and Zhang Shilong, were part of APT 10, a hacking collective associated with the Chinese government's intelligence service, used malware to gain access to computer networks and exfiltrate data over an extended period of time, and compromised managed security providers in at least a dozen countries. Among other things, Zhu and Zhang registered IT infrastructure that APT10 used for its intrusions and engaged in illegal hacking operations. Deputy Attorney General Rod J. Rosenstein said, "We hope the day will come when the defendants face justice under the rule of law in a federal courtroom."
Two Chinese hackers associated with the APT10 cyber threat group have been indicted for their roles in global computer intrusion campaigns that have taken place since at least 2006, the Justice Department (DOJ) announced. The defendants, Zhu Hua and Zhang Shilong, were part of APT 10, a hacking collective associated with the Chinese government's intelligence service, used malware to gain access to computer networks and exfiltrate data over an extended period of time, and compromised managed security providers in at least a dozen countries. Among other things, Zhu and Zhang registered IT infrastructure that APT10 used for its intrusions and engaged in illegal hacking operations. Deputy Attorney General Rod J. Rosenstein said, "We hope the day will come when the defendants face justice under the rule of law in a federal courtroom."
Coinbase Freezes ETC Blockchain Following Double Spend Attack (01/09/2019)
Coinbase detected a deep chain reorganization with the Ethereum Classic (ETC) blockchain that included a double spend attack and has paused interactions with that blockchain. Approximately $500,000 USD was spent twice on January 5 and Coinbase halted send/receive interactions with the ETC blockchain to protect customer funds.
Coinbase detected a deep chain reorganization with the Ethereum Classic (ETC) blockchain that included a double spend attack and has paused interactions with that blockchain. Approximately $500,000 USD was spent twice on January 5 and Coinbase halted send/receive interactions with the ETC blockchain to protect customer funds.
DNS Hijacking Enables Criminals to Gain Access, Abuse Various Entities Globally (01/10/2019)
FireEye's Mandiant team has identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and Internet infrastructure entities across the Middle East and North Africa, Europe and North America. The threat entity is thought to be connected to Iran and may consist of multiple actors. The attacker uses DNS hijacking to gain a foothold and then uses that method for further exploitation purposes.
FireEye's Mandiant team has identified a wave of DNS hijacking that has affected dozens of domains belonging to government, telecommunications and Internet infrastructure entities across the Middle East and North Africa, Europe and North America. The threat entity is thought to be connected to Iran and may consist of multiple actors. The attacker uses DNS hijacking to gain a foothold and then uses that method for further exploitation purposes.
Ransomware Attack Affects Some US Newspapers (01/02/2019)
The Ryuk ransomware is to blame for causing problems with the publication of newspapers distributed by Tribune Publishing. The company publishes various Tribune newspapers along with southern California versions of The Wall Street Journal, The New York Times, and the Baltimore Sun. Jeff Light, the San Diego Union-Tribune's editor and publisher, issued a statement that noted that many subscribers were without their newspapers on December 29 after the virus hit the computer systems controlling production. Digital replicas of certain newspapers were also affected.
The Ryuk ransomware is to blame for causing problems with the publication of newspapers distributed by Tribune Publishing. The company publishes various Tribune newspapers along with southern California versions of The Wall Street Journal, The New York Times, and the Baltimore Sun. Jeff Light, the San Diego Union-Tribune's editor and publisher, issued a statement that noted that many subscribers were without their newspapers on December 29 after the virus hit the computer systems controlling production. Digital replicas of certain newspapers were also affected.
Report: Kaspersky Responsible for Nabbing Alleged NSA Data Thief (01/10/2019)
Kaspersky Lab had a hand in the investigation that led to the arrest of former National Security Agency (NSA) contractor Harold Martin, who siphoned at least 50 TB of government data during a 20-year period, Politico has reported. The Moscow-based company notified the NSA after receiving Twitter messages that are now suspected to have come from Martin and requested to speak with Eugene Kaspersky, the vendor's founder and CEO. The messages arrived on August 13, 2016, just minutes prior to the massive online dump of NSA tools by the Shadow Brokers collective. Clues in the tweets led Kaspersky personnel to consider that Martin may have been part of the Shadow Brokers. Although Kaspersky Lab has declined to comment on its involvement in the investigation, two people close to the matter told Politico that the security firm gave the NSA the Twitter messages and evidence of the sender's identity. That information was provided to the FBI, which executed search warrants for Martin's home, property, and Twitter accounts. Martin was found to have a trove of classified information that had been taken from the NSA since 1996 and some of the materials contained the tools that were released by the Shadow Brokers, including surveillance exploits. Martin is scheduled to go to trial in June where he faces 20 counts of unauthorized and willful retention of national defense information.
Kaspersky Lab had a hand in the investigation that led to the arrest of former National Security Agency (NSA) contractor Harold Martin, who siphoned at least 50 TB of government data during a 20-year period, Politico has reported. The Moscow-based company notified the NSA after receiving Twitter messages that are now suspected to have come from Martin and requested to speak with Eugene Kaspersky, the vendor's founder and CEO. The messages arrived on August 13, 2016, just minutes prior to the massive online dump of NSA tools by the Shadow Brokers collective. Clues in the tweets led Kaspersky personnel to consider that Martin may have been part of the Shadow Brokers. Although Kaspersky Lab has declined to comment on its involvement in the investigation, two people close to the matter told Politico that the security firm gave the NSA the Twitter messages and evidence of the sender's identity. That information was provided to the FBI, which executed search warrants for Martin's home, property, and Twitter accounts. Martin was found to have a trove of classified information that had been taken from the NSA since 1996 and some of the materials contained the tools that were released by the Shadow Brokers, including surveillance exploits. Martin is scheduled to go to trial in June where he faces 20 counts of unauthorized and willful retention of national defense information.