Espionage | Breaking Cybersecurity News | The Hacker News

The notorious North Korea-linked threat actor known as the  Lazarus Group  has been attributed to a new global campaign that involves the opportunistic exploitation of security flaws in Log4j to deploy previously undocumented remote access trojans (RATs) on compromised hosts. Cisco Talos is tracking the activity under the name Operation Blacksmith, noting the use of three DLang-based malware families, including a RAT called NineRAT that leverages Telegram for command-and-control (C2), DLRAT, and a downloader dubbed BottomLoader. The cybersecurity firm described the latest tactics of the adversary as a definitive shift and that they overlap with the cluster widely tracked as Andariel (aka Onyx Sleet or Silent Chollima), a sub-group within the Lazarus umbrella. "Andariel is typically tasked with initial access, reconnaissance and establishing long term access for espionage in support of the North Korean government's national interests," Talos researchers Jung soo An, As...

The infamous Lazarus Group actor has been targeting vulnerable versions of Microsoft Internet Information Services ( IIS ) servers as an initial breach route to deploy malware on targeted systems. The findings come from the AhnLab Security Emergency response Center (ASEC), which detailed the advanced persistent threat's (APT) continued abuse of DLL side-loading techniques to run arbitrary payloads. "The threat actor places a malicious DLL (msvcr100.dll) in the same folder path as a normal application (Wordconv.exe) via the Windows IIS web server process, w3wp.exe," ASEC explained . "They then execute the normal application to initiate the execution of the malicious DLL." DLL side-loading , similar to DLL search-order hijacking, refers to the proxy execution of a rogue DLL via a benign binary planted in the same directory. Lazarus , a highly-capable and relentless nation-state group linked to North Korea, was most recently spotted leveraging the same t...

Are you using the cloud or thinking about transitioning? Undoubtedly, multi-cloud and hybrid environments offer numerous benefits for organizations. However, the cloud's flexibility, scalability, and efficiency come with significant risk — an expanded attack surface. The decentralization that comes with utilizing multi-cloud environments can also lead to limited visibility into user activity and poor access management.  Privileged accounts with access to your critical systems and sensitive data are among the most vulnerable elements in cloud setups. When mismanaged, these accounts open the doors to unauthorized access, potential malicious activity, and data breaches. That's why strong privileged access management (PAM) is indispensable. PAM plays an essential role in addressing the security challenges of complex infrastructures by enforcing strict access controls and managing the life cycle of privileged accounts. By employing PAM in hybrid and cloud environments, you're not...

An OPSEC error by an Iranian threat actor has laid bare the inner workings of the hacking group by providing a rare insight into the "behind-the-scenes look into their methods." IBM's X-Force Incident Response Intelligence Services (IRIS) got hold of nearly five hours worth of video recordings of the state-sponsored group it calls ITG18 (also called Charming Kitten , Phosphorous , or APT35 ) that it uses to train its operators. Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist. "Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the researchers said. The IBM researchers said they found the videos on a virtual private cloud server that wa...

The United States Justice Department has unveiled charges against WikiLeaks founder Julian Assange with 17 new counts on the alleged violation of the Espionage Act by publishing classified information through WikiLeaks website. If convicted for all counts, Assange could face a maximum sentence of 175 years in U.S. prison for his "alleged role in one of the largest compromises of classified information in the history of the United States." Assange was arrested last month in London after Ecuador abruptly withdrew his asylum and later sentenced to 50 weeks in U.K. prison for breaching his bail conditions in 2012. The 47-year-old is currently facing extradition to the United States for his role in publishing thousands of classified diplomatic and military documents on WikiLeaks in 2010 that embarrassed the U.S. governments across the world. Though the previous indictment charged Assange with just one count of helping former Army intelligence analyst Chelsea Manning c...

Google has reportedly suspended all businesses with the world's second-biggest smartphone maker, Huawei, and revoked its Android license effective immediately—a move that will have a drastic impact on Huawei devices across the globe. Revoking Android license means Huawei future smartphones will no longer have access to Android updates and apps like Gmail or the Play Store, as well as Google technical support beyond services that are publicly available via open source licensing, Reuters report. Why? That's because last week, U.S. President Donald Trump signed an executive order declaring a national emergency banning foreign companies—over surveillance fear—from doing telecommunication business in the United States without the government's approval. About the executive order, White House Press Secretary Sarah Sanders said in a statement that President Trump "has made it clear that this Administration will do what it takes to keep America safe and prosperous, an...

The United States Department of Justice has announced espionage charges against a former US Air Force intelligence officer with the highest level of top-secret clearance for providing the Iranian government classified defense information after she defected to Iran in 2013. Monica Elfriede Witt , 39, was a former U.S. Air Force Intelligence Specialist and Special Agent of the Air Force Office of Special Investigations, who served the Air Force between 1997 and 2008 and Department of Defense (DOD) as a contractor until 2010. The indictment states that Witt once held the highest level of Top Secret security clearance and had access to details of highly classified counterintelligence operations, real names of sources, and the identities of U.S. intelligence officers. In February 2012, Witt allegedly traveled to Iran to attend an all-expenses-paid "Hollywoodism" conference held by the Iranian New Horizon Organization, which DoJ describes as focused on promoting anti-U.S....

The decision of the United Nations investigation into the Julian Assange case is set to be revealed and could order the release of Wikileaks founder on February 5 . " BREAKING: UN set to announce decision on #Assange's release on Friday, "BREAKING: UN set to announce decision on #Assange's release on Friday," Wikileaks has tweeted . Assange has been living in the Ecuadorian embassy in London for over 3 years, after being granted political asylum by the Ecuadorian government of the South American country. Assange has been residing in the embassy since 2012 to avoid extradition: First to Sweden where he is facing sexual assault allegations, which he has always denied. Ultimately to the United States where he could face cyber espionage charges for publishing classified US military and diplomat documents via his website Wikileaks. The leak of publishing secret documents has amounted to the largest information leak in United States history ...

The United States has filed criminal charges against Chinese military officials for hacking and cyber espionage against several American companies. This case is first of its own kind in which the prosecutors have formally accused members of a foreign government with economic espionage charges. Attorney General Eric Holder and FBI are expected to reveal the new indictment later this afternoon, in which five officials of China's People's Liberation Army will be named, who are believed to be the current members of Beijing's military establishment. Accused chinese officials allegedly worked for the People's Liberation Army and have spied on U.S companies and stolen trade secrets. The alleged hackers are said to work for the PLA's Unit 61398 in Shanghai. Among the trade secrets, they are also accused for stealing information about a nuclear power plant design and a solar panel company's cost and pricing data, " They used military and intelligence faci...

The Iranian hacking group, which calls itself the " Ajax Security Team ", was quite famous from last few years for websites defacement attacks , and then suddenly they went into dark since past few months. But that doesn't mean that the group was inactive, rather defacing the websites, the group was planning something bigger. The Group of hackers at Ajax Security Team last defaced a website in December 2013 and after that it transitioned to sophisticated malware-based espionage campaigns in order to target U.S. defense organizations and Iranian dissidents, according to the report released by FireEye researchers. " The transition from patriotic hacking to cyber espionage is not an uncommon phenomenon. It typically follows an increasing politicization within the hacking community, particularly around geopolitical events ," researchers Nart Villeneuve, Ned Moran, Thoufique Haq and Mike Scott wrote in the report. " This is followed by increasing links between the hacking ...

The United States charged two men for their involvement in a conspiracy to hack into the computer systems of dozens of government and commercial organizations, including the U.S. Navy and National Geospatial-Intelligence Agency (NGA), according to the U.S. Attorney's Office in Tulsa. On Monday, the U.S. Department of Justice announced that the 27 year old Virginia man, Nicholas Knight , who served as systems administrator in the nuclear reactor department of an aircraft carrier, was one of two individuals charged with one count of conspiring to hack the computer systems of about 30 public and private organizations, while he was active in his duty as a Navy member. Along with Knight, a 20 year old Illinois man, Daniel Krueger, who was a student at an Illinois community college where he studied network administration, was also charged with the conspiracy count for his participation to hack into the computer servers as part of a plan to steal identities, obstruct justice,...

Sooner or later it had to Happen! After whistle-blower Edward Snowden unfolded various spying operations that were controlled by the US Intelligence agency, it gave a reason to all other countries to start their own Counter-Surveillance programs. Last year in October, it was revealed that the National Security Agency ( NSA ) was eavesdropping the mobile communications of German Chancellor  Angela Merkel's  and  Gerhard Schroder's   from many years. Snowden documents detailed about a so-called  National Sigint Requirement List , a list of people and Institutions named as primary targets for the U.S. Intelligence Agency; whose telephone communications should be monitored. After Suffering from spying on them, Germany has finally decided to give a ' Roland for their Oliver ' and planning to resume active Counter Espionage Operations against both the US and several Western associate countries. " This step would be an about-face from the dec...

NSS Labs issued the report titled " The Known Unknowns " to explain the dynamics behind the market of zero-day exploits. Last week I discussed about the necessity to define a model for " cyber conflict " to qualify the principal issues related to the use of cyber tools and cyber weapons in an Information Warfare context, today I decided to give more info to the readers on cyber arsenals of governments. Governments consider the use of cyber weapons as a coadiuvant to conventional weapons, these malicious application could be used for sabotage or for cyber espionage, they could be used to hit a specifically designed software (e.g. SCADA within a critical infrastructure ) or they could be used for large scale operations infecting thousand of machines exploiting zero-day in common application ( e.g. Java platform, Adobe software ). The zero-day flaw are the most important component for the design of an efficient cyber weapon, governments have recently created dedic...

A notorious Chinese hacker collective known as APT1 or Comment Crew, possibly linked to the Chinese Army, have been caught red handed breaking into a fake United States water control system i.e. known as a Honeypot . Kyle Wilhoit, a researcher with security company Trend Micro has just revealed the details at BlackHat Conference on Wednesday.  Hackers hacked a water control system for a US municipality back in December last year, but it was merely a decoy set up by Kyle Wilhoit using a Word document hiding malicious software to gain full access.  The honeypots directly mimicked the ICS/Scada devices used in many critical infrastructure power and water plants. Cloud software was used to create realistic Web-based login and configuration screens for local water plants seemingly based in Ireland, Russia, Singapore, China, Japan, Australia, Brazil, and the U.S. Researchers have been tracked back to the APT1 Group, which security company Mandiant has claime...

Edward Snowden , the former U.S. The intelligence contractor wanted for revealing the National Security Agency 's secret program to collect American phone and internet records, left at Moscow airport after Russian authorities granted him temporary asylum for one year. Mr Snowden's lawyer Anatoly Kucherena said, " Snowden has left the Sheremetyevo airport. He has just been given a certificate that he has been awarded temporary asylum in Russia for one year ," " Edward Snowden was granted temporary asylum in Russia for a year and has now left Moscow airport under the care of Wikileaks' Sarah Harrison ," Wikileaks tweeted. He had gone to a secure location which would remain secret. " His location is not being made public for security reasons since he is the most pursued man on the planet. He himself will decide where he will go ," In a statement released by WikiLeaks , Snowden thanked Russia for giving him asylum and critici...

The US isn't the only western country with an Digital eye i.e PRISM like  surveillance program , designed to monitor internet and phone communications . French is leading member at European Parliament and they voted to launch an in-depth inquiry against the US's based PRISM surveillance project. The fact that the French DGSE is itself engaged in similar program should make for some awkward proceedings as that inquiry gets underway. France's General Directorate for External Security has a PRISM like system that intercept and processes the metadata for billions and billions of communications, including internet messaging, phone calls , SMS and even faxes. The one difference being that PRISM was used to spy on international targets whereas the DGSE were only keeping a watch on the French. According to French newspaper, Le Monde - program goal is ostensibly to track the behavior of terrorist cells, but the Directorate allegedly shares the anonymized i...

Ask an expert on cyber espionage and he for sure he will speak of China, the most active and advanced country in this sector, this time a clamorous campaign apparently originated from Korea has been discovered. Security company FireEye collected evidences of a cyber espionage campaign, named " Sanny ", attributable to Korea. FireEye hasn't revealed the real origin of the offensive, it's a mystery which Korea is responsible between North or South Korea, but it confirmed that 80% of victims are Russian organizations and companies belonging to space research industry, information, education and telecommunication. According Ali Islam, security researcher at FireEye declared " Though we don't have full concrete evidence, we have identified many indicators leading to Korea as a possible origin of attack."   The following are the indicators we have so far: 1. The SMTP mail server and CnC are in Korea 2. The fonts "Batang" and "KP CheongPong" used in the ...

The news is sensational, according the French magazine L'Express the offices of France's former president Sarkozy were victim of a cyber attack, but what is even more remarkable is that for the offensive was used the famous malware Flame. On the origin of the malware still persist a mystery, many security experts attribute it to joint work of Israel and US development team. Let's remind that according the analysis on Flame source code conducted by Kaspersky the malware is linked to Stuxnet, a version of the famous virus shared a module with the spy toolkit. Frame is considered one of the most complex spy tool produced by a state sponsored project and its use in the attacks against French government suggests the existence of a cyber espionage campaign to collect sensible information. An official declaration coming from spokesmen of the Elysee Palace and reported by the magazine states: "Hackers have not only managed to get to the heart of French political power,...