Security News

China's Ministry of State Security released details this week of three alleged security breaches that saw sensitive data illegally transferred abroad. State-sponsored Xinhua News Agency described the breaches as "Endangering the security of important data" and said by disclosing them, the Ministry sought to build awareness of non-traditional security and, by doing so, better maintain national security. The announcement, which deliberately coincides with the seventh anniversary of the country's anti-espionage law, described airline data stolen by an overseas intelligence agency, shipping data collected by a consulting firm that provided it to a foreign spy agency, and the construction of weather devices to transfer sensitive meteorological data abroad. It is unclear whether one or more foreign intelligence agencies conducted the alleged attacks, or if the actions were linked.

Mordechai Guri from the abovementioned Ben Gurion University of the Negev in Israel has recently published a new 'data exfiltration' paper detailing an unexpectedly effective way of sneaking very small amounts of data out of a cabled network without using any obvious sort of interconnection. How to split a network into two parts, running at different security levels, that can nevertheless co-operate and even exchange data when needed, but only in strictly controlled and well-monitored ways.

Russia's SVR spy agency made off with information about US counterintelligence investigations in the wake of the SolarWinds hack, according to people familiar with the American government cleanup operation. The SVR was named and shamed in April by Britain and the US as the organisation that compromised the build systems of SolarWinds' network monitoring software Orion, used by 18,000 customers across the world.

An Iranian state-sponsored threat actor tracked as TA456 maintained a social media account for several years before engaging with their intended victim, cybersecurity firm Proofpoint reports. The newly detailed activity attributed to the group involved the use of the social media persona "Marcella Flores," which was used to engage with an employee of a subsidiary of an aerospace defense contractor over multiple communication platforms, to gain their trust in an attempt to infect them with malware.

Theft of U.S. IP is a fundamental part of China's stated intention to be the world leader in science and technology by 2050. The Safeguarding American Innovation Act is designed to prevent foreign powers - and especially China - from stealing or unlawfully acquiring U.S. federally funded research.

The head of Britain's National Cyber Security Center has warned it is ransomware that's the key threat for most people. "What I find most worrying isn't the activity of state actors," NCSC chief exec Lindy Cameron told a national security audience, joining the chorus of organisations calling out ransomware criminals as the number one cybersecurity threat of the moment.

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise. A couple of weeks ago, Britain and the US joined forces to out the SVR's Tactics, Techniques and Procedures, giving the world's infosec defenders a chance to look out for the state-backed hackers' fingerprints on their networked infrastructure.

Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awareness campaign launched by domestic spy agency MI5 this morning. Details were previewed in this morning's Times newspaper, which warned specifically of people with "Access to classified or sensitive information" being targeted by Britain's enemies.

New malware with extensive spyware capabilities steals data from infected Android devices and is designed to automatically trigger whenever new info is ready for exfiltration. Zimperium researchers who spotted it said that it's capable of "Stealing data, messages, images and taking control of Android phones."

Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world. The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.