Security News

Russia's SVR spy agency made off with information about US counterintelligence investigations in the wake of the SolarWinds hack, according to people familiar with the American government cleanup operation. The SVR was named and shamed in April by Britain and the US as the organisation that compromised the build systems of SolarWinds' network monitoring software Orion, used by 18,000 customers across the world.

An Iranian state-sponsored threat actor tracked as TA456 maintained a social media account for several years before engaging with their intended victim, cybersecurity firm Proofpoint reports. The newly detailed activity attributed to the group involved the use of the social media persona "Marcella Flores," which was used to engage with an employee of a subsidiary of an aerospace defense contractor over multiple communication platforms, to gain their trust in an attempt to infect them with malware.

Theft of U.S. IP is a fundamental part of China's stated intention to be the world leader in science and technology by 2050. The Safeguarding American Innovation Act is designed to prevent foreign powers - and especially China - from stealing or unlawfully acquiring U.S. federally funded research.

The head of Britain's National Cyber Security Center has warned it is ransomware that's the key threat for most people. "What I find most worrying isn't the activity of state actors," NCSC chief exec Lindy Cameron told a national security audience, joining the chorus of organisations calling out ransomware criminals as the number one cybersecurity threat of the moment.

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise. A couple of weeks ago, Britain and the US joined forces to out the SVR's Tactics, Techniques and Procedures, giving the world's infosec defenders a chance to look out for the state-backed hackers' fingerprints on their networked infrastructure.

Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awareness campaign launched by domestic spy agency MI5 this morning. Details were previewed in this morning's Times newspaper, which warned specifically of people with "Access to classified or sensitive information" being targeted by Britain's enemies.

New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is ready for exfiltration. Zimperium researchers who spotted it said that it's capable of "Stealing data, messages, images and taking control of Android phones."

Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world. The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.

Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from US-based defense contractors, law firms, and infectious disease researchers. Gain access to an Exchange Server either using stolen passwords or by using zero-day vulnerabilities, and disguise themselves as a legitimate user.

North Korean hackers tried to break into the computer systems of pharmaceutical giant Pfizer in a search for information on a coronavirus vaccine and treatment technology, South Korea's spy agency said Tuesday, according to reports. The impoverished, nuclear-armed North has been under self-imposed isolation since closing its borders in January last year to try to protect itself from the virus that first emerged in neighbouring China and has gone on to sweep the world, killing more than two million people.