cyber espionage | Breaking Cybersecurity News | The Hacker News

In Brief The Microsoft's Windows Defender Advanced Threat Hunting team detected that a cyber espionage group of hackers, known as PLATINUM, has found a way to turn the Windows's Hotpatching technique (a way of updating the operating system without requiring a restart) to hide its malware from Antivirus products. PLATINUM group has been active since 2009 and launching large-scale attacks against governmental organizations, intelligence agencies, defense institutes and telecommunication providers in South and Southeast Asia. Practically speaking, the most important thing for a sophisticated APT hacker and a cyber-espionage group is to remain undetected for the longest possible period. Well, that's exactly what an APT (Advanced Persistent Threat) group has achieved. The Microsoft's Windows Defender Advanced Threat Hunting team has discovered that an APT group, dubbed Platinum, has been spying on high-profile targets by abusing a " novel " technique called

In the most surprising manner, the Chinese government said it arrested criminal hackers behind the massive cyber attack on US Office of Personnel Management (OPM) earlier this year, dismissing its involvement. Three months back, we reported that China arrested a handful of hackers within its borders who were suspected of allegedly stealing commercial secrets from US companies. The arrests took place shortly before China President Xi Jinping visited the United States in September 2015 when both heads of states agreed that neither side will participate in commercial espionage against one another. China: Cyber Criminals Hacked OPM, Not Government Spies Now, those suspected hackers have turned out to be the ones in connection with the OPM hack that resulted in the theft of personal details of more than 21 Million United States federal employees, including 5.6 Million federal employees' fingerprints . Citing an " investigation ", the Chinese governme

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The German authorities have initiated a further investigation into espionage by the United States secret service NSA and British intelligence agency GCHQ after...   ...the head of the German Federal Chancellery unit had his private laptop infected. According to a recent report published by Der Spiegel , the laptop of the Chancellery division leader was infected with Regin – a highly advanced espionage malware program that has been linked to the National Security Agency (NSA) and its UK counterpart, the Government Communications Headquarters (GCHQ). As The Hacker News reported almost a year ago, Regin is one of the most highly advanced, sophisticated malware programs that was used to spy on a wide range of international targets including: Internet service providers (ISPs) Telecommunications backbone operators Energy firms Airlines Government entities Research institutes Other high-profile individuals …around the world since at least 2008. Regin has d

The Potential threat, range from very narrow to very broad, posed by Cyber-Terrorism has provoked considerable alarm. Terrorists involved in Cyber Espionage and Operations aim at gaining access to Nation's critical infrastructure involving both Government as well as Private sectors. The Frequency and Intensity of such Cyber-attacks are increasing rapidly and extending into absolute cyber-war between states, allowing terrorist organizations to pilfer data from financial and military organizations. Similar Incident happened, few months back, when a group of Middle-east terrorists tried to infiltrate Indian Government officials operational in Cyber related divisions. In response, a team of Independent Indian security researchers planned a counter operation to track down the terrorist organization behind the cyber attack. Shesh Sarangdhar , a security researcher at Seclabs & Systems Pvt. told The Hacker News that his team successfully penetrated the sourc

Advanced Persistent Threat (APT) type attacks continue to emerge on a global scale. What makes these attacks deviate from the norm is often the resources required to develop and implement them: time, money, and the knowledge required to create custom pieces of malware to carry out specific, targeted attacks. Operation Lotus Blossom is one of the more recent APT attacks that has been discovered and analyzed. It is an advanced adversary campaign against the mostly government and state-sponsored entities in the Philippines, Hong Kong, Vietnam, and Indonesia. It is thought that this group carried out the attack to gain a geopolitical advantage by stealing specific information from government and military institutions in that area.  At this point, it is still too early to tell if the reach of the attack will extend to the private sector (a la Stuxnet and Duqu). How does the attack work? It was found that Operation Lotus Blossom involved a novel custom-built malware

Security firm Check Point has uncovered what seems to be a successful, and long-running, cyber-surveillance campaign called " Volatile Cedar ." Check Point found that targets of the attack included, but were not limited to, defense contractors, media companies, telecommunications, and educational institutions. The attack is said to have originated in Lebanon and possibly has political ties in the region. According to an article in Techworld , previous cyber-campaigns originating from Lebanon have been either extremely unsophisticated or targeted at other countries in the region. However, Volatile Cedar is different. According to the report, this campaign has been in operation since 2012 and has successfully penetrated a large number of targets across the globe. During this time it has allowed the attackers to steal data and monitor a large volume of victim's actions. The actors involved in this campaign do not appear to be using flashy mechanisms like zero day attacks

A State-sponsored Cyber Espionage Group -- most likely linked to the Chinese government becomes the first group to target the so-called " Air-Gapped Networks " that aren't directly connected to the Internet. What are Air-Gapped systems? Air-gapped systems are known to be the most safest and secure systems on the earth. These systems are isolated from the Internet or any other Internet-connected computers or external networks. Air-gapped systems are generally used in the critical situations that demand high security like in payment networks to process debit and credit card transactions, military networks, and in industrial control systems that operate critical infrastructure of the Nation. Why Air-Gapped? It is very difficult to siphon data from Air-Gapped systems because it requires a physical access to the target system or machine in order to do that and gaining physical access is possible only by using removable devices such as a firewire cab

Microsoft has come up with its most important Patch Tuesday for this year, addressing the recently disclosed critical the FREAK encryption-downgrade attack , and a separate five-year-old vulnerability leveraged by infamous Stuxnet malware to infect Windows operating system. Stuxnet malware , a sophisticated cyber-espionage malware allegedly developed by the US Intelligence and Israeli government together, was specially designed to sabotage the Iranian nuclear facilities a few years ago. First uncovered in 2010, Stuxnet targeted computers by exploiting vulnerabilities in Windows systems. Thankfully, Microsoft has issued a patch to protect its Windows machines that have been left vulnerable to Stuxnet and other similar attacks for the past five years. The fixes are included in MS15-020 which resolves Stuxnet issue. The company has also issued an update that patches the FREAK encryption vulnerability in its SSL/TSL implementation called Secure Channel (Schannel). The fix

Last month, cyber security researchers spotted a new strain of french surveillance malware, dubbed " Babar ," which revealed that even French Government and its spying agency the General Directorate for External Security (DGSE) is dedicatedly involved in conducting surveillance operation just like the United States — NSA and United Kingdom — GCHQ . A powerful piece of surveillance malware, known as " Casper ," has recently been discovered by the Canadian security researchers that once again point fingers at the French government. CASPER SURVEILLANCE MALWARE LINKED TO FRANCE The newly discovered sophisticated Casper surveillance malware is believed to be developed by France based hacking group suspected to have ties with the French government, according to the report published by Motherboard . Report suggests that French hacking group have developed ' Swiss Army knife of spying tools ' which has been used by French government to conduct multipl

The U.S. National Security Agency (NSA) may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years in a campaign, giving the agency the means to eavesdrop on thousands of targets' computers, according to an analysis by Kaspersky labs and subsequent reports. 'EQUATION GROUP' BEHIND THE MALWARE The team of malicious actors is dubbed the the " Equation Group " by researchers from Moscow-based Kaspersky Lab, and describes them as " probably one of the most sophisticated cyber attack groups in the world," and "the most advanced threat actor we have seen. " The security researchers have documented 500 infections by Equation Group and believes that the actual number of victims likely reaches into the tens of thousands because of a self-destruct mechanism built into the malware. TOP MANUFACTURERS' HARD DRIVES ARE INFECTED Russian security experts reportedly uncovered sta

A malware campaign has been found targeting iOS devices linked to a wide range of entities, including European defense organizations, governments, and media sectors with dangerous espionage spyware capable of breaching non-jailbroken devices, a recent report claims. The spyware campaign, dubbed " Operation Pawn Storm " by security experts, was first detected on Windows computers late last year, but has now made its way to iOS devices , a report by security researchers at TrendLabs noted. The researchers linked the campaign to the Russian government. XAGENT SPYWARE APP One of the two spywares used in the campaign is actually an application, the firm dubbed the app XAgent, that attempts to install and run on iOS devices. " The XAgent app is fully functional malware ," the researchers noted . " The exact methods of installing these malware is unknown; however, we do know that the iOS device doesn't have to be jailbroken ... We have seen one in

​Researchers have uncovered a new evidence that a powerful computer program discovered last year, called " Regin ", is "identical in functionality" to a piece of malware used by the National Security Agency  (NSA) and its Five Eyes allies . REGIN MALWARE "Regin" is a highly advanced, sophisticated piece of malware the researchers believe was developed by nation state to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008. Regin was first discovered in November 2014 by the researchers at antivirus software maker Symantec and was said to be more sophisticated than both Stuxnet and Duqu . The malware alleged to have been used against targets in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia and Syria, among others. The recent evidence comes from the journalists at Der Spiege

The latest document release by Edward Snowden revealed the industrial-scale cyber-espionage operation of China to learn the secrets of Australia's next front-line fighter aircraft – the US-built F-35 Joint Strike Fighter (JSF) . Chinese spies stole " many terabytes of data " about the design of Australia's Lockheed Martin F-35 Lightning II JSF, according to top secret documents disclosed by former US National Security Agency intelligence contractor Edward Snowden to German magazine Der Spiegel . Chinese spies allegedly stole as much as 50 terabytes of data, including the details of the fighter's radar systems, engine schematics, "aft deck heating contour maps," designs to cool exhaust gases and the method the jet uses to track targets. So far, the F-35 Lightning II JSF is the most expensive defence project in the US history. The fighter aircraft, manufactured by US-based Lockheed Martin, was developed at a cost of around $400 billion (£230 billion). Beijin

For over past two years, Iranian hackers have infiltrated computer networks of some of the world's top organizations including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies, security researchers said. An 87-page report published by the U.S. cyber security firm Cylance says Iranian state-sponsored hackers have hacked critical infrastructure of more than 50 organizations in 16 countries worldwide in a cyber-espionage campaign that could allow them to eventually cause physical damage. Among the targeted organizations, ten are reportedly based in the United States. The threat-detection firm dubbed the campaign as " Operation Cleaver ," which aimed at gathering data from various agencies. The group reportedly stole highly sensitive information and took control of networks in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexic

Researchers have uncovered a highly advanced, sophisticated piece of malware they believe was used to spy on a wide-range of international targets including governments, infrastructure operators and other high-profile individuals since at least 2008. The nasty malware, dubbed "Regin" , is said to be more sophisticated than both Stuxnet and Duqu , according to the researchers at antivirus software maker Symantec Corp. DEVELOPED BY NATION STATE The research showed that the Regin malware is believe to be developed by a wealthy "nation state" and is a primary cyber espionage tool of a nation state because of the financial clout needed to produce code of this complexity with several stealth features to avoid detection. But, the antivirus software maker didn't identify which country was behind it. "It is likely that its development took months, if not years, to complete and its authors have gone to great lengths to cover its tracks. Its capabili

The malicious Russian Tor exit node , which was claimed to be patching binary files, is actually distributing a malware program to launch cyber-espionage attacks against European government agencies. The group behind the rogue Tor exit node had likely been infecting files for more than a year, causing victims to download and install a backdoor file that gave hackers full control of their systems. Last month Josh Pitts of Leviathan Security Group uncovered a malicious Tor exit node that wraps Windows executable files inside a second, malicious Windows executable. But when Artturi Lehtiö of F-Secure carried out an in-depth research, he found that the exit node was actually linked to the notorious Russian APT family MiniDuke . " MiniDuke " previously infected government agencies and organizations in more than 20 countries via a modified Adobe PDF email attachment . MiniDuke malware is written in assembly language with its tiny file size (20KB), and uses hijacke

A seven-year-old cyber espionage campaign has targeted senior level executives from large global companies by using a specialized Advanced Persistent Threat (APT) , zero-day exploits, and well-developed keyloggers to extract information from them when they stay in luxury hotels during their business trips. The researchers at Moscow-based security firm Kaspersky Lab dubbed the threat as " DarkHotel APT ," appear to have the ability to know in advance when a targeted executive checks in and checks out of a hotel. The group has been operating in Asia since from 2009 but there have been infections recorded in the United States, South Korea, Singapore, Germany, Ireland and many others, as well. It uses hotel Wi-Fi networks to target elite executives at organisations in manufacturing, defense, investment capital, private equity, automotive and other industries. The group has access to zero day vulnerabilities and exploits, and it used them to infect victims. Threa