Security News

Microsoft believes there have been extensive "Cyberattacks targeting people and organizations involved in the upcoming presidential election," and that foreign government hackers responsible for attacks ahead of the 2016 vote are back with new and nastier tactics. The Windows giant's corporate veep for Customer Security & Trust Tom Burt said both sides of US politics are being attacked, that China, Russia and Iran are all active, and that the spies are also actively targeting UK political parties and other international institutions.

Facebook on Tuesday said that it caught a budding Russia-linked campaign to fuel political chaos in the US, working off a tip from the FBI in its latest take-down of coordinated inauthentic behavior at the leading social network. The network of 13 Facebook accounts and two pages posing as journalists and targeting left-wing progressives was removed for violating a policy against "Foreign interference" at the platform.

The United States on Thursday published information on Drovorub, a previously undisclosed piece of malware that Russia-linked cyber-spies are using in attacks targeting Linux systems. Drovorub, a joint advisory from the NSA and the FBI reveals, is being employed by the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center military unit 26165, which is better known as the cyber-espionage group APT 28.

While China is the bête noire du jour of the US government, Russia is the master of spreading disinformation, fostering conflict, and derailing discourse online, the Black Hat security conference was told today. The basic methods of hacking public opinion are fairly simple, DiResta explained.

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals.

FireEye security researchers have linked a series of disinformation operations that have been ongoing since at least March 2017. While some of the aspects of the campaign resemble those of the Secondary Infektion operation, the researchers did not observe cyber threat activity to support the previously detailed operations, and many other attributes of the newly detailed attacks are different.

Russian intelligence services are using a trio of English-language websites to spread disinformation about the coronavirus pandemic, seeking to exploit a crisis that America is struggling to contain ahead of the presidential election in November, U.S. officials said Tuesday. Two Russians who have held senior roles in Moscow's military intelligence service known as the GRU have been identified as responsible for a disinformation effort meant to reach American and Western audiences, U.S. government officials said.

An influential UK Parliamentary committee has called on social media companies to remove covert hostile state material and said the government must "Name and shame" those that fail to act. We are concerned that there is no clear coordination of the numerous organisations across the UK intelligence community working on , this is reinforced by an unnecessarily complicated wiring diagram of responsibilities amongst ministers.... The focus of political attention because of its relevance to the EU referendum and subject to delay at the hands of Prime Minister and his office, the report also details use of technology and social media for nefarious Russian activity.

The Kremlin-backed APT29 crew, also known by a variety of other names such as Cozy Bear, Iron Hemlock, or The Dukes, depending on which threat intel company you're talking to that week, is believed by most reputable analysts to be a wholly owned subsidiary of the FSB, modern-day successor to the infamous Soviet KGB. NCSC ops director Paul Chichester said in a statement: "We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic." Foreign Secretary Dominic Raab added: "It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic. While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health."

Britain, the United States and Canada accused Russian hackers on Thursday of trying to steal information from researchers seeking a coronavirus vaccine, warning scientists and pharmaceutical companies to be alert for suspicious activity. Intelligence agencies in the three nations alleged that the hacking group APT29, also known as Cozy Bear and said to be part of the Russian intelligence services, is attacking academic and pharmaceutical research institutions involved in COVID-19 vaccine development.