cyber espionage | Breaking Cybersecurity News | The Hacker News

Kaspersky Lab has identified another Chinese APT campaign , dubbed ' Icefog ', who targeted Governmental institutions, Military contractors, maritime / shipbuilding groups, telecom operators, industrial and high technology companies and mass media. The Hacking group behind the attack who carry out surgical hit and run operations , is an advanced persistent threat (APT) group, used a backdoor dubbed Icefog that worked across Windows and Mac OS X to gain access to systems. " The Mac OS X backdoor currently remains largely undetected by security solutions and has managed to infect several hundred victims worldwide ," the report  (PDF) said. This China-based campaign is almost two years old and follows the pattern of similar APT-style attacks where victims are compromised via a malicious attachment in a spear-phishing email, or are lured to a compromised website and infected with malware . The attackers embed exploits for several known vulnerabilities (CV

Russian Security Firm Kaspersky Lab has revealed that it has been following a sustained attack on South Korea by hackers seemingly based in North Korea.,  This new Cyber Espionage campaign dubbed "Kimsuky"  has targeted several South Korean think tanks. R esearchers believe the Kimsuky malware is most likely delivered via spear-phishing e-mails  and used multiple Dropbox email accounts "It's interesting that the drop box mail accounts iop110112@hotmail.com and rsh1213@hotmail.com are registered with the following "kim" names: kimsukyang and "Kim asdfa " The Kaspersky researchers revealed that the operation presents distinctive characteristics in its execution and logistics. The investigation started after the team of experts detected an unsophisticated spy program that communicated with it control server via a public e-mail server, an approach followed by too many amateur malware authors. Victims download a Trojan dropper which is used to download additional malwa

The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

According to a new report, the world's biggest personal computer maker, Chinese firm Lenovo Group Limited has reportedly been banned from supplying equipment for  networks of the intelligence and defense services of Australia, the United States, Britain, Canada and New Zealand, due to hacking concerns. Sources from intelligence and defense entities in the UK and Australia have confirmed the ban introduced in the mid-2000s after intensive laboratory testing of its equipment. In 2006 it was disclosed that the US State Department had decided not to use 16,000 new Lenovo computers on classified networks because of security concerns. Serious backdoor vulnerabilities in hardware and firmware were apparently discovered during the tests which could allow attackers to remotely access devices without the knowledge of the owner. Lenovo, headquartered in Beijing, acquired IBM's personal computer business in 2005, after which IBM continued to sell servers and mainframes that we

McAfee Lab researchers issued a report on the large scale cyber attacks against South Korea that appear to be linked to hackers also specialized in cyber espionage . The attackers behind these recent attacks against South Korean infrastructure are skilled professionals and they designed a specialized malware to steal military secrets from the South Korea and US military networks. The cyber espionage campaign dubbed as " Operation Troy ", due the numerous references into the source code analyzed to the city. McAfee said that in 2009, malware was implanted into a social media website used by military personnel in South Korea Ryan Sherstobitoff, a senior threat researcher at McAfee, started the investigation after the malware came into action in an attacks occurred on March 20th, known as the Dark Seoul Incident , in which tens of thousands of hard drives belongs to television networks and banks in South Korea were wiped completely. Versions of the code

Security experts are confident that the Chinese hackers group known as Comment Crew is still operating under cover. " The Comment Crew is back again " this is the rumor within Intelligence community, researchers suspect the involvement of the group of hackers in the recent cyber dispute between U.S. and China. Let's make a step back, last February Mandiant Intelligence firm released an interesting report that revealed an enterprise-scale computer espionage campaign dubbed APT1. Mandiant linked the APT1 attacks, that compromised 141 organizations in seven years, to Chinese military unit called " 61398 ". The is very interesting is that the security firm identified a common pattern for the attacks conducted by Chinese hackers group, it was also able to define a series of key indicators for identifying ongoing APT attacks. Mandiant security firm had monitored the group during last years and report details its operations, it wasn't the only one FireEye is anoth

Russian President Vladimir Putin bluntly rejected U.S. pleas to extradite National Security Agency Whistleblower Edward Snowden on Tuesday, says since Snowden has not committed a crime in that country, the government will not extradite him back. Putin said, "Mr. Snowden is a free man," Snowden did not cross the Russian border, implying that he is still in the Moscow airport's transit zone, a sort of diplomatic neutral space. " He arrived as a transit passenger – he didn't need a visa, or other documents, " Putin said. After arriving Sunday on a flight from Hong Kong, Snowden booked a seat on a Havana-bound flight from Moscow on Monday en route to Venezuela and then possible asylum in Ecuador, but he didn't board the plane. " The sooner he selects his final destination point, the better both for us and for himself ," Putin said. White House Press Secretary Jay Carney on Monday urged Russia to ultimately turn him over. " We do ex

Since 2010, foreign state sponsored organizations have repeatedly compromised an unencrypted database maintained by the Veterans Affairs Department that contains personally identifiable information on roughly 26 million veterans. Including at least eight foreign-sponsored organizations, mostly connected to the Chinese military had successfully compromised VA networks and data.  Other than this, possibly Russia were identified as likely culprits in the attempts to steal VA data. Details regarding exactly what information has been compromised are sparse, but unencrypted data included names, dates of birth and Social Security numbers of veterans that could be used to commit credit and identity fraud. Lack of basic security controls, such as encryption of data, make VA an easy target. The 2006 breach was caused by the theft of a VA employee's laptop, which contained personal information on about 26 million veterans and military personnel. From another report, The Marc

A global cyber espionage campaign affecting over 350 high profile victims in 40 countries, appears to be the work of Chinese hackers using a Surveillance malware called " NetTraveler ". Kaspersky Lab's team of experts published a new research report about NetTraveler, which is a family of malicious programs used by APT cyber crooks. The main targets of the campaign, which has been running since 2004, are Tibetan/Uyghur activists, government institutions, contractors and embassies, as well as the oil and gas industry. Spear phishing emails were used to trick targets into opening malicious documents . The attackers are using two vulnerabilities in Microsoft Office including Exploit.MSWord.CVE-2010-333, Exploit.Win32.CVE-2012-0158, which have been patched but remain highly-popular on the hacking scene, and have run NetTraveler alongside other malware. C&C servers are used to install additional malware on infected machines and exfiltrate stolen data and more

As concerns are growing regarding Chinese hacking attacks, the country will undergo its first digital war games. Only two days after the U.S. has attributed cyber espionage attacks against U.S. government and business entities to the Chinese Government and Military, it was announced that the Chinese will soon be conducting digital war games for the first time in the country's history. " It will be the first time a People's Liberation Army exercise has focused on combat forces including digitized units, special operations forces, army aviation and electronic counter forces, " the report said. The timing of the digital war games is also interesting, since it will coincide with a meeting between President Barack Obama and Chinese President Xi Jinping next week as Washington's level of concern rises regarding Chinese hacking of US military networks. The army's general staff department said eight military academies and forces from the Beijing Military Area Comman

According to report published by for the Defense Department and government and defense industry officials, Chinese hackers have gained access to the designs of many of the nation's most sensitive advanced weapons systems. The compromised U.S. designs included those for combat aircraft and ships, as well as missile defenses vital for Europe, Asia and the Gulf, including the advanced Patriot missile system, the Navy's Aegis ballistic missile defense systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter. The report comes a month before President Obama meets with visiting Chinese President Xi Jinping in California. The report did not specify the extent or time of the cyber-thefts, but the espionage would give China knowledge that could be exploited in a conflict, such as the ability to knock out communications and corrupting data. For the first time, the Pentagon specifically named the Chinese government a

In 2010, as part of what has been dubbed as Operation Aurora , Chinese hackers infiltrated a special database within Google's systems and gained access to a sensitive database worth of information about American surveillance targets.  Google reported the hack publicly years ago, saying that the sophisticated attack resulted in the theft of Google intellectual property and the partial compromise of some human rights activists' email accounts. When the news first surfaced in 2010, Google said hackers stole the source code behind its search engine, and targeted email accounts of activists critical of China's human rights record. But recently discovered that the hackers also obtained surveillance information, including emails belonging to suspected spies, diplomats and terrorists which law enforcement officials had been monitoring. Google reported this breach to the FBI, resulting in a national security investigation. According to the sources, hackers were after the names of

Cyber Security researchers have discovered a family of information stealing malware targeting Pakistan that originates out of India.  Norman Shark, the global security leader in malware analysis solutions for enterprises, service providers and government, today released a report detailing a large and sophisticated cyber-attack infrastructure that appears to have originated from India. The attacks, conducted by private threat actors over a period of three years and still ongoing, showed no evidence of state sponsorship but the primary purpose of the global command-and-control network appears to be intelligence gathering from a combination of national security targets and private sector companies. Attackers used known vulnerabilities in Microsoft software, chucking malware dubbed HangOver onto target machines, most of which were based in Pakistan, where 511 infections associated with the campaign were detected. HangOver installs keyloggers , takes screenshots and rec

In the recent months I had the opportunity to conduct an interesting study on the use of Social Media in the Military Sector, large diffusion of media platforms makes them very attractive for governments and intelligence agencies . Social media platforms reveal enormous potentiality that could be exploited also in critical sectors such as military and defense. Modern social media networks are actively used by every government, the US, China and Russia are the most active in this field, but also emerging cyber countries like Iran and North Korea demonstrates an increasing interest in the matter. The principal uses of social media for government are Psychological Operations (PsyOps) OSInt Cyber espionage Offensive purposes On May 10th the Illinois Air National Guard 183rd Fighter Wing published a notice in the monthly issue of a newsletter titled Falcon View. The notice, that seems to be authentic, dedicates a paragraph to the use of social networking sites for

Trend Micro researchers have uncovered a new backdoor pieces of malware from the Winnti family, which are mainly used by a Chinese  cyber criminal group to target South East Asian organizations from the video gaming sector. Winnti malware used by hackers to hijack control of web users systems using a new backdoor contained in the legitimate Aheadlib analysis tool. Dubbed as " Bkdr_Tengo.A, " passes itself off as a legitimate system DLL file called winmm.dll. " We believe that this was done using a legitimate tool called Aheadlib, which is a legitimate analysis tool. "  wrote Trend Micro's Eduardo Altares. " The file is not encrypted and neither was it particularly hard to analyze. Its main behavior is to steal Microsoft Office, .PDF, and .TIFF files from USB drives inserted into the system. These stolen files are stored in the $NtUninstallKB080515$ under the Windows folder. It also creates a log file named Usblog_DXM.log. The files can be retrieved by

QinetiQ , a UK-based defense contractor  suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information all this because of QinetiQ's faulty decision-making. QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East. The hacking was so extensive that external consultants ended up more or less working permanently inside the firm to root out malicious software and compromises on an ongoing basis. In one of the attacks, that took place in 2009, the hackers raided at least 151 machines of the firm's Technology Solutions Group (TSG) over a 251-day period, stealing 20 gigabytes of data before being blocked.  As the White House moves to confront China over its theft of U.S. technology through hacking, policy makers are faced with the questi

Few weeks after the discovery of the sophisticated cyber espionage campaign against principal US media The Mandiant® Intelligence Center ™ released an shocking report that reveals an enterprise-scale computer espionage campaign dubbed APT1. The term APT1 is referred to one of the numerous cyber espionage campaign that stolen the major quantity of information all over the world. The evidences collected by the security experts link APT1 to China's 2nd Bureau of the People's Liberation Army (PLA) General Staff Department's (GSD) 3rd Department (Military Cover Designator 61398) but what is really impressive is that the operation have been started in the distant 2006 targeting 141 victims across multiple industries. During the attacks the attackers have took over APT1 malware families and has revealed by the report APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos showing actual APT1 activity. The Mandiant has also identified more than

A new sensational discovered has been announced by Kaspersky Lab's Global Research & Analysis Team result of an investigation after several attacks hit computer networks of various international diplomatic service agencies. A new large scale cyber-espionage operation has been discovered, named Red October , name inspired by famous novel The Hunt For The Red October (ROCRA) and chosen because the investigation started last October. The campaign hit hundreds of machines belonging to following categories: Government Diplomatic / embassies Research institutions Trade and commerce Nuclear / energy research Oil and gas companies Aerospace Military The attackers have targeted various devices such as enterprise network equipment and mobile devices (Windows Mobile, iPhone, Nokia), hijacking files from removable disk drives, stealing e-mail databases from local Outlook storage or remote POP/IMAP server and siphoning files from local network FTP servers. Accordin

Last Friday, we reported that the website of the U.S. Council of Foreign Relations was allegedly compromised by Chinese hackers who exploited the zero-day bug that was only discovered that same day. The CFR website was compromised with JavaScript that served malicious code to older IE browsers and the code then created a heap-spray attack using Adobe Flash Player. Yesterday former hacker Bryce Case Jr (YTCracker) tweeted about a new zero day exploit threatening all users of IE8, " internet explorer 6-8 0day making the rounds force them toolbar installs and keyloggers on exgf while you still can... ". On Saturday, Microsoft published a security advisory warning users of Internet Explorer 6, 7, and 8 that they could be vulnerable to remote code execution hacks. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vuln

Web site for the Council on Foreign Relations was compromised and recently hit by a drive-by attack that was detected earlier this week. Hacker are suspected to be from China , who are exploiting a zero day  Internet Explorer vulnerability for Cyber Espionage attack against one of American most elite foreign policy web groups. According to Fireeye  researchers, a malicious content on the website was hosted by hackers, that is exploiting Internet Explorer version 8.0 (fully patched version) to hack windows systems of visitors. " We have chosen not to release the technical details of this exploit, as Microsoft is still investigating the vulnerability at this time. "  Once the system compromised, hackers look for valuable information from their computers, kinda Cyber Espionage. The FBI was notified of the attack and is said to be investigating. The CFR is one of the most elite foreign policy organizations in the United States with a membership of some 4,700 officials, former

We have seen for the past couple years the cyber wasteland become something that is not dominated by young ambitious hackers anymore. The age of the Wild West is over and the big boys want a piece of the action. With so many infrastructures connected to the web these days it is only natural for more powerful and interested concerns to take their skills to the web. We are seeing the beginnings of true cyber war and it is something that is not going to be stop anytime soon. In the past, what we have seen mostly is governments stay behind the scenes and do defense when it comes to the cyber war. If the government did go on the offensive it would be in secret only discovered when some security firm would get lucky and find some code that would hint to government influence . But these days it is not like that anymore. Everyone knows that the governments of the world are going all out when it comes to cyber war. And the worst part about it is that when it comes to regular civilian