Tag: cyber espionage
Chinese Hackers Using ORB Networks to Evade Detection – May 23rd
Mandiant revealed that Chinese-linked state-backed hackers rely on operational relay box (ORBs) network proxy meshes to avoid detection for cyber espionage campaigns. For example, Mandiant pointed out that these advanced persistent threat actors (APTs) used ORBs for the 'SPACEHOP' critical vulnerability campaign earlier this year.
Critical infrastructure at risk from modem flaws
“Critical flaws” have been identified in modems deployed in millions of devices worldwide. Cybersecurity firm Kaspersky has issued a report warning companies of severe security vulnerabilities in Cinterion cellular modems. According to Kaspersky, Cinterion modems are cornerstone components in machine-to-machine (M2M) and Internet of Things (IoT) communications and now offer a back door for all kinds of threat actors. They support various applications, ranging from industrial automation and vehicle telematics to smart metering and healthcare monitoring. Gemalto, the initial developer of the modems, was subsequently acquired by Thales. In 2023, Telit acquired Thales’ cellular IoT products business, including the Cinterion modems.
BogusBazarr signals red light for brands
By operating a “fraud-as-a-service’ (FaaS) website, BogusBazarr, operating out of China, runs 200 fraudulent webshops and has so far claimed 850,000 victims, mostly from the US and Western Europe. Victims who access BogusBazarr shops are offered amazing-sounding deals on shoes and apparel from well-known brands. But as the webshops are totally fraudulent, the victims end up having their credit card details stolen with nothing to show for it.
SSCL named as breached MoD contractor
UK-based Shared Services Connected Limited (SSCL) has been named as the Ministry of Defence (MoD) contractor hacked by, according to senior government sources, China. British defense minister Grant Shapps has admitted that the personal and financial details of 272,000 service personnel were hacked by “a malign actor.” However, the breach is now being widely attributed to China, despite China’s dismissal of the allegations as “absurd”. But while the compromised payment system has now been taken offline, there are growing fears that the breach may not merely be confined to the MoD, as SSCL handle a number of UK government contracts. “We’re the largest provider of critical business support services for the Government, the UK Military & Veterans (MoD), Metropolitan Police Service, and the Construction Industry Training Board (CITB),” boasts SSCL on its website.
FBI warns of fresh North Korean hacking tactic
The US Federal Bureau of Investigation (FBI) has issued a joint advisory warning of a new tactic being used by North Korean intelligence-gathering cyber group Kimsuky. The warning is squarely aimed at think tanks, academic institutions, non-profit organizations, and members of the media in Western countries. Despite North Korea’s previous reliance on revenue from international crime to finance its weapons and military programs, the FBI reports that Kimsuky’s role is intelligence gathering. Kimsuky exploits an improperly configured Domain Name System (DNS) to mimic legitimate email senders and hack targeted individuals. Without properly configured DNS Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies, malicious hackers can send spoofed emails as if they came from a legitimate domain’s email exchange.
Ransomware drives corporate cyber-crime
Cybercriminals are getting greedier. According to Google subsidiary Mandiant’s M-Trends 2024 Special Report, the proportion of financially motivated intrusions grew from more than a quarter of all investigations (26 percent) in 2022 to over a third (36 percent) in 2023. Ransomware-related intrusions represented almost two-thirds of financially motivated intrusions and 23 percent of all 2023 intrusions; the remaining financially motivated intrusions included business email compromise (BEC) fraud and cryptocurrency theft. In 70 percent of cases, organizations learned of ransomware-related intrusions from external sources. In three-quarters of those cases, organizations were notified of a ransomware incident by an attacker ransom message. The remaining quarter came from external partners, such as law enforcement or cybersecurity companies. “This is consistent with the extortion business model in which attackers intentionally and abruptly notify organizations of a ransomware intrusion and demand payment,” says Mandiant.
NSA Publishes AI System Guidelines for Security – April 15th
The National Security Agency (NSA) released a Cybersecurity Information Sheet (CSI) focused on the secure deployment of AI systems. The CSI, entitled "Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems," covers the guidelines set to avoid the exploitation of malicious activity targeting software of still-developing AI technology.
AI is fueling China’s cyber war against the US
Once again, China is harnessing new Western technology to attack and undermine the US at home and overseas. According to a new report from Microsoft, this time, China is using AI-generated fake social media accounts to influence the outcome of the upcoming US presidential elections. The report, Same targets, new playbooks: East Asia threat actors employ unique methods, details China’s recent attempts to discredit the US government, including misinformation regarding: the Kentucky train derailment in November; the Maui wildfires in August; the disposal of Japanese nuclear wastewater, illegal drug use in the US as well as exacerbating the increasing racial tensions across the US.
Cyber Consultant Claims Universities are More Vulnerable to Cyber Attacks – April 8th
Highlighting the severity of the University of Winnipeg data breach, Cybersecurity consultant Kathy Knight asserts that the education sector is one of the most vulnerable to cyber attacks, potentially leading to significant data loss and privacy breaches. “The thing about universities is they’re very big, complex institutions … and they collect a lot of information and data that is very attractive to cyber criminals. So that puts them really, at the top of the list, in terms of attack targets,” she said.
Cyber-attackers try to divert a commercial flight
Airline security has just entered a new era with the news that on Saturday, cybercriminals hacked the communications network on a commercial flight and tried to divert the plane to a fake destination, putting it in the hands of the gang. On Sunday, EL AL Israel Airlines confirmed the attack on one of its planes. During the attack, instructions were given to the El Al crew that differed from their set route, alerting them to the possibility that terrorists were planning to crash the plane or that their attackers were planning a kidnapping. However, despite the nationality of the airline concerned, the motive behind hacking into the airline’s communications is thought not to have been primarily political. Although the attack took place over an area where Iran-backed Houthis are known to be active, it is believed that the hackers are most likely based in Somaliland, which last month signed a controversial territorial agreement with neighboring Ethiopia.
Finland Police Accuse Chinese APT31 Group of 2020 Parliament Attack – March 29th
Following the US-led sanctions on Chinese individuals behind the Chinese APT31 group, the Police of Finland formally accused the group of hacking Finland's parliament in 2020. The country's law enforcement confirmed the connections between the breach and the Chinese group, claiming to have identified one specific suspect.
US Government Sanctions 7 Chinese Hackers – March 26th
The Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against seven Chinese nationals based in Wuhan, China, for their affiliation with the 'APT31' hacking group. According to OFAC, APT31 is a nation-state-backed Chinese hacking group focused on infiltrating critical infrastructure in Eastern Europe, France, and the US.