Security News
A string of cyber espionage campaigns dating all the way back to 2014 and likely focused on gathering defense information from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future this week, the cybersecurity firm's Insikt Group said it identified ties between a group it tracks as "RedFoxtrot" to the People's Liberation Army Unit 69010 operating out of Ürümqi, the capital of the Xinjiang Uyghur Autonomous Region in the country.
Cybersecurity researchers on Thursday took the wraps off a new cyberespionage group that has been behind a series of targeted attacks against diplomatic entities and telecommunication companies in Africa and the Middle East since at least 2017. Dubbed "BackdoorDiplomacy," the campaign involves targeting weak points in internet-exposed devices such as web servers to perform a panoply of cyber hacking activities, including laterally moving across the network to deploy a custom implant called Turian that's capable of exfiltrating sensitive data stored in removable media.
Secureworks, and Volexity shed light on a new spear-phishing activity unleashed by the Russian hackers who breached SolarWinds IT management software, the U.S. Department of Justice Tuesday said it intervened to take control of two command-and-control and malware distribution domains used in the campaign. Com - were used to communicate and control a Cobalt Strike beacon called NativeZone that the actors implanted on the victim networks.
The Justice Department said Tuesday that it has seized two domain names used in a cyberespionage campaign that targeted U.S. and foreign government agencies, think tanks and humanitarian groups. The campaign was disclosed last week by Microsoft, which linked it to the same group of Russian intelligence operatives responsible for the massive SolarWinds intrusion that breached federal agencies and private corporations.
Cybersecurity researchers from FireEye unmasked additional tactics, techniques, and procedures adopted by Chinese threat actors who were recently found abusing Pulse Secure VPN devices to drop malicious web shells and exfiltrate sensitive information from enterprise networks. FireEye's Mandiant threat intelligence team, which is tracking the cyberespionage activity under two threat clusters UNC2630 and UNC2717, said the intrusions lines up with key Chinese government priorities, adding "Many compromised organizations operate in verticals and industries aligned with Beijing's strategic objectives outlined in China's recent 14th Five Year Plan.".
In the evolution of cyber-attacks I'd argue while the fundamentals have stayed the same there have been two major critical changes recently in the past few years among nation-state and criminal attackers that require us to thoroughly understand and respond in a different manner than in the past. Most of the world and in most industries we've reached the tipping point in our digital dependence on our IT infrastructure and it has drawn attackers in.
Researchers with the PRODAFT Threat Intelligence Team took a deep dive into the operations of the SilverFish cyber-espionage group and linked one of its command and control servers with recent high-profile malicious attacks. The investigation, which started from indicators of compromise published for the December 2020 SolarWinds attacks, has led the researchers to identifying a new advanced persistent threat group called SilverFish, which has conducted cyber-attacks on at least 4,720 targets worldwide.
An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts. In recent campaigns Bismuth launched Monero coin miners on compromised systems belonging to private and government organizations in France and Vietnam.
A new type of campaign that involves cyber espionage is the latest example of a cybercrime being perpetrated by people for hire. In its new report "The CostaRicto Campaign: Cyber-Espionage Outsourced," BlackBerry describes the actions of a malicious campaign carried out by freelance mercenaries.
Strider Technologies, a company that provides solutions for combating cyber-espionage, on Tuesday announced that it raised $10 million in Series A funding. Aiming to help organizations mitigate innovation theft and supply-chain vulnerabilities, Strider offers a platform suitable not only for corporations, but also for government agencies and research institutions looking to identify, assess, and remediate state-sponsored economic espionage.