Archive for the ‘hacking’ Category

Trump campaign out $2.3 million after hack of Wisconsin GOP

October 29th, 2020
Trump campaign out $2.3 million after hack of Wisconsin GOP

Enlarge (credit: Aurich Lawson / Getty Images)

Hackers have stolen $2.3 million from the Wisconsin Republican Party that was intended for use in the president's re-election campaign, officials told the Associated Press on Thursday. The state party says it noticed suspicious activity a week ago and contacted the FBI last Friday.

Andrew Hitt, the chairman of the Wisconsin Republican Party, says the theft puts Trump at a disadvantage in the state. He told the AP the party planned to use the money for last-minute needs in the final days of the race.

The theft was accomplished by tampering with invoices submitted to the party from four vendors. The modified invoices directed the state GOP to send money to accounts controlled by the hackers. The hack apparently began as a phishing attempt, Hitt told the AP.

Read 3 remaining paragraphs | Comments

Posted in Donald Trump, hacking, Policy, Republican party, Wisconsin | Comments (0)

Fancy Bear imposters are on a hacking extortion spree

October 17th, 2020
Fancy Bear imposters are on a hacking extortion spree

Enlarge

Ransomware attacks that tear through corporate networks can bring massive organizations to their knees. But even as these hacks reach new popularity highs—and new ethical lows—among attackers, it's not the only technique criminals are using to shake down corporate victims. A new wave of attacks relies instead on digital extortion—with a side of impersonation.

On Wednesday, the Web security firm Radware published extortion notes that had been sent to a variety of companies around the world. In each of them, the senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28. The communications threaten that if the target doesn’t send a set number of bitcoin—typically equivalent to tens or even hundreds of thousands of dollars—the group will launch powerful distributed denial of service attacks against the victim, walloping the organization with a fire hose of junk traffic strategically directed to knock it offline.

Read 12 remaining paragraphs | Comments

Posted in Biz & IT, extortion, Fancy Bear, hacking | Comments (0)

Apple pays $288,000 to white-hat hackers who had run of company’s network

October 8th, 2020
Inside a black-and-white Apple logo, a computer screen silhouettes someone typing.

Enlarge (credit: Nick Wright. Used by permission.)

For months, Apple’s corporate network was at risk of hacks that could have stolen sensitive data from potentially millions of its customers and executed malicious code on their phones and computers, a security researcher said on Thursday.

Sam Curry, a 20-year-old researcher who specializes in website security, said that, in total, he and his team found 55 vulnerabilities. He rated 11 of them critical because they allowed him to take control of core Apple infrastructure and from there steal private emails, iCloud data, and other private information.

The 11 critical bugs were:

Read 16 remaining paragraphs | Comments

Posted in apple, Biz & IT, bug bounties, hacking, icloud, Tech | Comments (0)

Custom-made UEFI bootkit found lurking in the wild

October 5th, 2020
Custom-made UEFI bootkit found lurking in the wild

Enlarge (credit: sasha85ru | Getty Imates)

For only the second time in the annals of cybersecurity, researchers have found real-world malware lurking in the UEFI, the low-level and highly opaque firmware required to boot up nearly every modern computer.

As software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an operating system in its own right. It’s located in a SPI-connected flash storage chip soldered onto the computer motherboard, making it difficult to inspect or patch the code. And it’s the first thing to be run when a computer is turned on, allowing it influence or even control the OS, security apps, and all other software that follows.

Those characteristics make the UEFI the perfect place to stash malware, and that’s just what an unknown attack group has done, according to new research presented on Monday by security firm Kaspersky Lab.

Read 28 remaining paragraphs | Comments

Posted in Biz & IT, hacking, hacking team, malware, Policy, Tech, UEFI, unified extensible firmware interface | Comments (0)

Russia’s Fancy Bear hackers likely penetrated a federal agency

October 3rd, 2020
SONY DSC

Enlarge / SONY DSC (credit: Boris SV | Getty Images)

A warning that unidentified hackers broke into an agency of the US federal government and stole its data is troubling enough. But it becomes all the more disturbing when those unidentified intruders are identified—and appear likely to be part of a notorious team of cyberspies working in the service of Russia's military intelligence agency, the GRU.

Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. It identified neither the attackers nor the agency, but it did detail the hackers' methods and their use of a new and unique form of malware in an operation that successfully stole target data. Now, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest a likely answer to the mystery of who was behind the intrusion: They appear to be Fancy Bear, a team of hackers working for Russia's GRU. Also known as APT28, the group has been responsible for everything from hack-and-leak operations targeting the 2016 US presidential election to a broad campaign of attempted intrusions targeting political parties, consultancies, and campaigns this year.

Read 11 remaining paragraphs | Comments

Posted in Biz & IT, Fancy Bear, hacking, national security, Policy, russia | Comments (0)

Hammer drops on hackers accused of targeting game and software makers

September 17th, 2020
A large seal of a white, Classical Revival-style office building is flanked by flags.

Enlarge / The Department of Justice seal as seen during a press conference in December 2019. (credit: Samuel Corum | Getty Images)

For more than a decade, hackers working on behalf of the Chinese government have brazenly pursued advanced cyber intrusions on technology companies, with a particular focus on those that market software, such as CCleaner, role-playing games, and other types of games. On Wednesday, US authorities fired back, charging seven men allegedly backed by the Chinese government for carrying out a string of financially motivated hacks on more than 100 US and overseas organizations.

US prosecutors said the men targeted tech companies with the aim of stealing software-signing certificates, customer account data, and valuable business information, all with the tacit approval of the Chinese government. Working for front companies located in China, the defendants allegedly used the intrusions into game and software makers for money laundering, identity theft, wire and access device fraud, and to facilitate other criminal schemes, such as ransomware and cryptojacking schemes.

Legal protection

According to one of three indictments unsealed on Wednesday, defendant Jiang Lizhi boasted of his connections to China’s Ministry of State Security and claimed it provided him with legal protection “unless something very big happens.” Jiang’s business associate, Qian Chuan, allegedly spent the past 10 years supporting Chinese government projects, including development of a secure cleaning tool to wipe confidential data from digital media.

Read 13 remaining paragraphs | Comments

Posted in apt41, Biz & IT, china, game makers, hackers, hacking, Policy, software, winnti | Comments (0)

Russian state hackers are targeting Biden and Trump campaigns, MSFT warns

September 11th, 2020
A business suit does not make this threatening man less threatening.

Enlarge / Vladimir Putin. (credit: Kremlin.ru)

Fancy Bear—the Russian state hacking group that brought you the smash-and-leak attacks on the Democratic National Committee and World Anti-Doping Agency, the NotPetya worm that inflicted billions of dollars of damage worldwide, and the VPN Filter compromise of 500,000 routers—is targeting organizations involved in elections taking place in the US and UK, Microsoft has warned.

Over a two-week period last month, the group attempted attacks on more than 6,900 accounts belonging to 28 organizations, Microsoft said. Between September 2019 and last June, Fancy Bear targeted tens of thousands of accounts belonging to employees of more than 200 organizations. The hackers use two techniques—one known as "brute forcing" and the other called "password spraying"—in an attempt to obtain targets' Office365 login credentials. So far, none of the attacks has succeeded.

Security researchers from a host of companies widely agree that Fancy Bear works on behalf of the GRU, Russia's military intelligence agency. The GRU has been tied to more than a decade of advanced hacking campaigns, including several that have inflicted serious damage to national security. Industry members use an assortment of colorful names to refer to the group. Besides Fancy Bear, there's also Pawn Storm, Sofacy, Sednit, and Tsar Team. Microsoft's name for the outfit is Strontium.

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, Fancy Bear, hacking, Policy, presidential campaign, Strontium | Comments (0)

The FBI botched its DNC hack warning in 2016—but says it won’t next time

September 7th, 2020
By notifying hacking victims sooner and at higher levels, the FBI hopes to avert another high-impact communications breakdown.

Enlarge / By notifying hacking victims sooner and at higher levels, the FBI hopes to avert another high-impact communications breakdown. (credit: Drew Angerer | Getty Images)

On April 28, 2016, an IT tech staffer for the Democratic National Committee named Yared Tamene made a sickening discovery: A notorious Russian hacker group known as Fancy Bear had penetrated a DNC server "at the heart of the network," as he would later tell the US Senate's Select Committee on Intelligence. By this point the intruders already had the ability, he said, to delete, alter, or steal data from the network at will. And somehow this breach had come as a terrible surprise—despite an FBI agent's warning to Tamene of potential Russian hacking over a series of phone calls that had begun fully nine months earlier.

The FBI agent's warnings had "never used alarming language," Tamene would tell the Senate committee, and never reached higher than the DNC's IT director, who dismissed them after a cursory search of the network for signs of foul play. That miscommunication would result in the success of the Kremlin-sponsored hack-and-leak operation that would ultimately contribute to the election of Donald Trump.

Read 12 remaining paragraphs | Comments

Posted in Biz & IT, election, FBI, hacking, Policy | Comments (0)

Russian tourist offered employee $1 million to cripple Tesla with malware

August 28th, 2020
Russian tourist offered employee $1 million to cripple Tesla with malware

Enlarge (credit: Tesla)

Tesla’s Nevada Gigafactory was the target of a concerted plot to cripple the company’s network with malware, CEO Elon Musk confirmed on Thursday afternoon.

The plan's outline was divulged on Tuesday in a criminal complaint that accused a Russian man of offering $1 million to the employee of a Nevada company, identified only as “Company A,” in exchange for the employee infecting the company’s network. The employee reported the offer to Tesla and later worked with the FBI in a sting that involved him covertly recording face-to-face meetings discussing the proposal.

“The purpose of the conspiracy was to recruit an employee of a company to surreptitiously transmit malware provided by the coconspirators into the company’s computer system, exfiltrate data from the company’s network, and threaten to disclose the data online unless the company paid the coconspirators’ ransom demand,” prosecutors wrote in the complaint.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, cars, hacking, malware, Policy, ransomware, Tech, Tesla | Comments (0)

Feds avert Russian man’s $1 million plot to infect Nevada company’s network

August 26th, 2020
Feds avert Russian man’s $1 million plot to infect Nevada company’s network

Enlarge (credit: Michael Coghlan)

A Russian national has been criminally charged for allegedly offering $1 million to a person in return for them infecting their employer’s network with malware.

Federal prosecutors said that Egor Igorevich Kriuchkov, 27, met with the unnamed employee on multiple occasions to entice them to install malware that would exfiltrate data from the unidentified Nevada-based company. The group behind the attack allegedly would then demand $4 million in return for the information.

A criminal complaint unsealed on Tuesday said that the malware would be custom developed to propagate through the company's network. For it to work, prosecutors alleged, the group said it needed the employee to provide information about the employer’s network authorizations and network procedures. Kriuchkov said the malware could be transmitted either by inserting a USB drive into a company computer or clicking on an email attachment containing malware, Tuesday's criminal complaint said.

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, data theft, hacking, malware, Policy, ransom, Tech | Comments (0)