Security News

U.S. cybersecurity and intelligence agencies on Tuesday disclosed that multiple nation-state hacking groups potentially targeted a "Defense Industrial Base Sector organization's enterprise network" as part of a cyber espionage campaign. " actors used an open-source toolkit called Impacket to gain their foothold within the environment and further compromise the network, and also used a custom data exfiltration tool, CovalentStealer, to steal the victim's sensitive data," the authorities said.

The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The hackers combined custom malware called CovalentStealer, the open-source Impacket collection of Python classes, the HyperBro remote access trojan, and well over a dozen ChinaChopper webshell samples.

The U.S. Government today released an alert about state-backed hackers using a custom 'CovalentStealer' malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The hackers combined custom malware called CovalentStealer, the open-source Impacket collection of Python classes, the HyperBro remote access trojan, and well over a dozen ChinaChopper webshell samples.

The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense. DarkFeed, which monitors the dark web for ransomware intelligence, tweeted this week that BlackCat had added NJVC to its victims' list, along with sharing a screenshot allegedly of ALPHV's blog notifying NJVC that it had stolen data during its intrusion.

Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a single, less monitored port, Windows TCP port 135. While the original PsExec is available in the Sysinternals utility suite, there is also an implementation in the Impacket collection of Python classes for working with network protocols, which has support for SMB and other protocols like IP, UDP, TCP that enable connections for HTTP, LDAP, and Microsoft SQL Server.

"Enterprises of all shapes and sizes were deep into the process called digital transformation before the COVID-19 virus hit the world. Digital transformation is"a catchall term for describing the implementation of new technologies, talent, and processes to improve business operations. Now, on the other side of the pandemic, most organizations are accelerating their digital business initiatives2 to meet the demands of the hybrid, work from-anywhere workforce.

Beijing-backed cyberspies used specially crafted phishing emails and six different backdoors to break into and then steal confidential data from military and industrial groups, government agencies and other public institutions, according to Kaspersky researchers. "The attackers were able to penetrate dozens of enterprises and even hijack the IT infrastructure of some, taking control of systems used to manage security solutions," the team wrote in a report published on Monday.

An extensive series of attacks detected in January used new Windows malware to backdoor government entities and organizations in the defense industry from several countries in Eastern Europe. Kaspersky linked the campaign with a Chinese APT group tracked as TA428, known for its information theft and espionage focus and attacking organizations in Asia and Eastern Europe [1, 2, 3, 4]. The threat actors successfully compromised the networks of dozens of targets, sometimes even taking control of their entire IT infrastructure by hijacking systems used to manage security solutions.

Very few organizations are focusing on protecting their machine learning assets and even fewer are allocating resources to machine learning security. The advantages are proven, but as we've seen with other new technologies, they quickly become a new attack surface for malicious actors.

The Minister for Foreign Affairs of Belgium says multiple Chinese state-backed threat groups targeted the country's defense and interior ministries. "Belgium assesses these malicious cyber activities to have been undertaken by Chinese Advanced Persistent Threats."