Hacking & Cyberwarfare News and Discussions

[Nanotechandmorefuture]

NSA Says Chinese Hackers Are Exploiting a Zero Day Bug inn Popular Networking Gear
by Carly Page
December 14, 2022

Introduction:

(TechCrunch) The U.S. National Security Agency is warning that Chinese government-backed hackers are exploiting a zero-day vulnerability in two widely used Citrix networking products to gain access to targeted networks.

The flaw, tracked as CVE-2022-27518, affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool, and are both popular in enterprise networks. The critical-rated vulnerability allows an unauthenticated attacker to remotely run malicious code on vulnerable devices — no passwords needed. Citrix also says the flaw is being actively exploited by threat actors.

“We are aware of a small number of targeted attacks in the wild using this vulnerability,” Peter Lefkowitz, chief security and trust officer at Citrix, said in a blog post. “Limited exploits of this vulnerability have been reported.” Citrix hasn’t specified which industries the targeted organizations are in or how many have been compromised. A Citrix spokesperson did not immediately respond to TechCrunch’s questions.

Citrix rushed out an emergency patch for the vulnerability on Monday and is urging customers using affected builds of Citrix ADC and Citrix Gateway to install the updates immediately.

Citrix didn’t share any further details about the in-the-wild attacks. However, in a separate advisory, the NSA said that APT5, a notorious Chinese hacking group, has been actively targeting Citrix ADCs in order to break into organizations without having to first steal credentials. The agency also provided threat-hunting guidance [PDF] for security teams and asked for intelligence sharing among the public and private sectors.

Read more here: https://techcrunch.com/2022/12/14/nsa- ... ing-gear/

The Chinese hackers probably are... the NSA. The amount of sometimes out of nowhere news that the gov hacks their own stuff and blames others that has come out is hilarious in itself. It could be the Chinese but after those articles were put out I just shake my head at things like this.

[caltrek]

Italy Sounds Alarm on Large-scale Computer Hacking Attack
February 5, 2023

Introduction:

ROME (Reuters via MSN) -Thousands of computer servers around the world have been targeted by a ransomware hacking attack, Italy's National Cybersecurity Agency (ACN) said on Sunday, warning organisations to take action to protect their systems.

The hacking attack sought to exploit a software vulnerability, ACN director general Roberto Baldoni told Reuters, adding it was on a massive scale.

Italy's ANSA news agency, citing the ACN, reported that servers had been compromised in other European countries such as France and Finland as well as the United States and Canada.

Dozens of Italian organisations were likely to have been affected and many more had been warned to take action to avoid being locked out of their systems.

Telecom Italia customers reported internet problems earlier on Sunday, but the two issues were not believed to be related.

Read more here: https://www.msn.com/en-us/news/technol ... smsnnews11

[caltrek]

FBI Seizes Genesis Market, a Notorious Hacker Marketplace for Stolen Logins
by Carly Page
April 5, 2023

Introduction:

(Techcrunch) U.S. and international law enforcement agencies have seized Genesis Market, a notorious hacker marketplace used to acquire compromised credentials and digital browser fingerprints.

The FBI announced the takedown, dubbed “Operation Cookie Monster,” on Wednesday. Genesis Market domains now display a notice stating that U.S. law enforcement officials have executed a seizure warrant. “Genesis Market’s domains have been seized by the FBI pursuant to a seizure warrant issued by the United States District Court for the Eastern District of Wisconsin,” the message reads.

In addition to the FBI, the notice says the takedown involved law enforcement agencies from the United Kingdom, Europe, Australia, Canada, Germany, Poland and Sweden.

The operation also saw about 120 people arrested and 200 searches carried out globally. The U.K.’s National Crime Agency said it arrested 19 suspected site users, including two men aged 34 and 36, who are being held on suspicion of fraud and computer misuse. A senior FBI official told TechCrunch that arrests have also been made in the United States, but exact numbers were not confirmed.

“This is the biggest operation of its kind. We’re not just going after administrators or taking sites down; we’re going after users on a global scale,” the official said.

Read more here: https://techcrunch.com/2023/04/05/fbi- ... n-logins/

[caltrek]

Secretary Mayorkas Announces New Measures to Tackle A.I., PRC Challenges at First State of Homeland Security Address
April 21 , 2023

Introduction:

(Department of Homeland Security) DHS Unveils First Task Force Dedicated to Artificial Intelligence and a 90-Day Sprint to Counter PRC Threats at Council on Foreign Relations Event

WASHINGTON – Secretary of Homeland Security Alejandro N. Mayorkas today announced two new groundbreaking initiatives to combat evolving threats during his first address on the State of the Homeland Security. Focused on two trends that will shape what President Biden has called a “decisive decade” for the world” - the revolution created by generative artificial intelligence (AI) and the multi-faceted threat posed by the People’s Republic of China (PRC) - the Secretary unveiled the Department’s first-ever AI Task Force and a Department-wide 90-day sprint to counter PRC threats.

The address, delivered at the Council on Foreign Relations in Washington, DC, also highlighted the mission areas detailed in the Quadrennial Homeland Security Review delivered to Congress yesterday, which include combatting a range of evolving threats like cybersecurity, targeted violence, and crimes of exploitation. The Secretary’s remarks offered an insightful look at how the homeland security environment has changed since the Department was founded 20 years ago, and the modern approach driving it into its third decade.

“The profound evolution in the homeland security threat environment, changing at a pace faster than ever before, has required our Department of Homeland Security to evolve along with it,” said Secretary of Homeland Security Alejandro N. Mayorkas. “We must never allow ourselves to be susceptible to ‘failures of imagination,’ which, as the 9/11 Commission concluded nearly 20 years ago, held us back from connecting the dots and preparing for the destruction that was being planned on that tragic day. We must instead look to the future and imagine the otherwise unimaginable, to ensure that whatever threats we face, our Department – our country – will be positioned to meet the moment.”

The initiatives announced today draw on the entirety of the capabilities and expertise that the more than 260,000 personnel of DHS bring to bear every day in the protection of our homeland. Secretary Mayorkas also participated in a fireside chat with CBS “Face the Nation” moderator and chief foreign affairs correspondent Margaret Brennan, which included questions from the audience of members of the independent foreign policy think tank.

Read more here: https://www.dhs.gov/news/2023/04/21/se ... rst-state

[caltrek]

Reddit Hackers Demand $4.5 Million Ransom and API Pricing Changes
by Mia Sato
June 19, 2023

Introduction:

(The Verge) A ransomware group is claiming responsibility for a hack on Reddit’s systems earlier this year — and demanding not just money but policy changes.

BlackCat, a ransomware group, says it was behind the February phishing attack on Reddit, as previously reported by Bleeping Computer. In a post shared by researcher Dominic Alvieri, BlackCat claims to have stolen 80GB of data from Reddit and threatens to release it publicly if demands aren’t met. The group wants a $4.5 million payout in exchange for the data and also demands Reddit roll back its planned API pricing changes that spurred user and moderator protests last week.

At the time of the hack, Reddit said hackers had used a “sophisticated and highly-targeted” phishing attack to get access to internal documents and data, including contact information for employees and advertisers. The company maintained that the hackers hadn’t accessed user data that wasn’t public.

Reddit declined to comment on the record about the hack. Bleeping Computer reports that the BlackCat hack and the incident disclosed by Reddit in February are the same.

BlackCat’s new demands around API pricing changes follow a contentious back-and-forth between Reddit leadership and some of its most engaged users. After Reddit announced it would begin charging developers of third-party apps — potentially to the tune of millions of dollars a year — many top subreddits went dark in response, limiting new posts and closing public access. In an interview with The Verge, Reddit CEO Steve Huffman said the platform was “never designed” to support third-party apps and that the company wouldn’t pull back from its proposed changes.

Read more here: https://www.theverge.com/2023/6/19/237 ... -huffman

[caltrek]

Two of The World's Most Advanced Telescopes Remain Closed Following Cyberattack
by Mike McCrae
August 31, 2023

Introduction:

(Science Alert) Weeks after a cybersecurity incident was detected by researchers at the US National Science Foundation (NSF), a number of telescopes remain offline.

The Gemini North telescope in Hawaii and the Gemini South telescope in Chile, as well as a number of smaller telescopes on the mountains of Cerro Tololo in Chile, were shut down out of "an abundance of caution", and there is currently no word on when they will return to operation.

On the morning of August 1, IT staff at NSF's NOIRLab detected suspicious activity in its computer systems, prompting a decision to shut down operations at its giant, 8.1-meter diameter optical infrared telescopes on Hawaii's Maunakea to be safe.

The telescope's southern 'twin' in the in the Chilean Andes was already being prepared for maintenance, requiring little action.

While it's not clear what danger – if any – the telescopes themselves might have faced, the threat is a reminder of the fact that science is a costly business, with astronomical research facilities requiring annual budgets that easily run into the millions.

Read more here: https://www.sciencealert.com/two-of-th ... erattack

[caltrek]

How the FBI Took Down the Notorious Qakbot Botnet
by Carly Page and Zack Whittaker
September 1, 2023

Introduction:

(TechCrunch) A global law enforcement operation this week took down and dismantled the notorious Qakbot botnet, touted as the largest U.S.-led financial and technical disruption of a botnet infrastructure.

Qakbot is a banking trojan that became infamous for providing an initial foothold on a victim’s network for other hackers to buy access and deliver their own malware, such as ransomware. U.S. officials said Qakbot has helped to facilitate more than 40 ransomware attacks over the past 18 months alone, generating $58 million in ransom payments.

The law enforcement operation, named “Operation Duck Hunt,” saw the FBI and its international partners seize Qakbot’s infrastructure located in the United States and across Europe. The U.S. Department of Justice, which ran the operation alongside the FBI, also announced the seizure of more than $8.6 million in cryptocurrency from the Qakbot cybercriminal organization, which will soon be made available to victims.

In Tuesday’s announcement, the FBI said it carried out an operation that redirected the botnet’s network traffic to servers under the U.S. government’s control, allowing the feds to take control of the botnet. With this access, the FBI used the botnet to instruct Qakbot-infected machines around the world into downloading an FBI-built uninstaller that untethered the victim’s computer from the botnet, preventing further installation of malware through Qakbot.

The FBI said its operation had identified approximately 700,000 devices infected with Qakbot as of June — including more than 200,000 located in the United States. During a call with reporters, a senior FBI official said that the total number of Qakbot victims is likely in the “millions.”

Read more here: https://techcrunch.com/2023/09/01/fbi- ... ck-hunt/

[Time_Traveller]

Russian cyber-attacks ‘relentless’ as threat of WW3 grows, expert warns

2 hours ago

Cyberattacks by the UK’s enemies are becoming “relentless” as we enter a “new era” of global conflict, an expert has warned.

It comes after Russian hackers allegedly acquired top secret security information on some of the country’s most sensitive military sites, including the HMNB Clyde nuclear submarine base on the west coast of Scotland and the Porton Down chemical weapon lab.

The “potentially very damaging” attack last month by hacking group LockBit, which has known links to Russian nationals, saw thousands of pages of data leaked onto the dark web after private security firm Zaun was targeted, the Sunday Mirror newspaper reported.

The company, which provides security fencing for sites related to the Ministry of Defence, said it had been the victim of a “sophisticated cyber attack”.

Responding to the news, Kevin Curran, professor of cyber security at Ulster University, told the PA news agency that LockBit’s attack was “serious” as we approach a potential “World War Three” following Russia’s invasion of Ukraine.

https://www.independent.co.uk/news/uk/k ... 04118.html

[caltrek]

A New Technique to Protect Sensitive AI-based Applications from Attackers
September 16, 2023

Introduction:

(Press Release from the University of Tokyo) Most artificially intelligent systems are based on neural networks, algorithms inspired by biological neurons found in the brain. These networks can consist of multiple layers, with inputs coming in one side and outputs going out of the other. The outputs can be used to make automatic decisions, for example, in driverless cars. Attacks to mislead a neural network can involve exploiting vulnerabilities in the input layers, but typically only the initial input layer is considered when engineering a defense. For the first time, researchers augmented a neural network’s inner layers with a process involving random noise to improve its resilience.

Artificial intelligence (AI) has become a relatively common thing; chances are you have a smartphone with an AI assistant or you use a search engine powered by AI. While it’s a broad term that can include many different ways to essentially process information and sometimes make decisions, AI systems are often built using artificial neural networks (ANN) analogous to those of the brain. And like the brain, ANNs can sometimes get confused, either by accident or by the deliberate actions of a third party. Think of something like an optical illusion — it might make you feel like you are looking at one thing when you are really looking at another.

The difference between things that confuse an ANN and things that might confuse us, however, is that some visual input could appear perfectly normal, or at least might be understandable to us, but may nevertheless be interpreted as something completely different by an ANN.

A trivial example might be an image-classifying system mistaking a cat for a dog, but a more serious example could be a driverless car mistaking a stop signal for a right-of-way sign. And it’s not just the already controversial example of driverless cars; there are medical diagnostic systems, and many other sensitive applications that take inputs and inform, or even make, decisions that can affect people.

As inputs aren’t necessarily visual, it’s not always easy to analyze why a system might have made a mistake at a glance. Attackers trying to disrupt a system based on ANNs can take advantage of this, subtly altering an anticipated input pattern so that it will be misinterpreted, and the system will behave wrongly, perhaps even problematically.

Read more here: https://www.u-tokyo.ac.jp/focus/en/pre ... 311.html

[caltrek]

Fidelity National Financial Shuts Down Network In Wake of Cybersecurity Incident
by Lorenzo Franceschi-Bicchierai
November 22, 2023

Introduction:

(TechCrunch) Fidelity National Financial, or FNF, a Fortune 500 company that provides title insurance and settlement services for the mortgage and real estate industries, announced on Tuesday that it was the victim of a “cybersecurity incident that impacted certain FNF systems.”

The company filed a report with the Securities and Exchange Commission (SEC) saying that it has launched an investigation, hired “leading experts” to help, alerted law enforcement and “implemented certain measures to assess and contain the incident.”

“Among other containment measures, we blocked access to certain of our systems, which resulted in disruptions to our business,” the report read, adding that this affected services related to title insurance, escrow, other title-related services and mortgage transactions.

“Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials. The investigation remains ongoing at this time,” the report read.

Read more here: https://techcrunch.com/2023/11/22/fide ... ncident/

[caltrek]

Okta Admits Hackers Accessed Data on All Customers During Recent Breach
by Carly Page
November 29, 2023

Introduction:

(TechCrunch) U.S. access and identity management giant Okta says hackers stole data about all of its customers during a recent breach of its support systems, despite previously stating that only a fraction of customers were affected.

Okta confirmed in October that a hacker used a stolen credential to access its support case management system and steal customer-uploaded session tokens that could be used to break into the networks of Okta customers. Okta told TechCrunch at the time that around 1% of customers, or 134 organizations, were affected by the breach.

In a blog post published on Wednesday, Okta chief security officer David Bradbury said the company has since determined that all of its customers are affected by the breach. Okta spokesperson Cat Schermann would not provide an exact figure when asked by TechCrunch, but Okta has around 18,000 customers, according to the company’s website, including 1Password, Cloudflare, OpenAI, and T-Mobile.

Bradbury said on September 28, a hacker ran and downloaded a report that contained data belonging to “all Okta customer support system users.” For 99.6% of customers, hackers accessed only full names and email addresses, according to Okta, though in some cases they may also have accessed phone numbers, usernames and details of some employee roles.

“While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks,” Bradbury said. The notorious Scattered Spider hacking group, also known as Oktapus, has previously leveraged various social engineering tactics to target the accounts of Okta customers, including Caesars Entertainment and MGM Resorts.

Read more here: https://techcrunch.com/2023/11/29/okta ... -breach/

[wjfox]

23andMe: Profiles of 6.9 million people hacked

40 minutes ago

Hackers have been able to gain access to personal information from about 6.9 million users of genetic testing company 23andMe, using customers' old passwords.

In some cases this included family trees, birth years and geographic locations, the company said.

After weeks of speculation the firm has put a number on the breach, with more than half of its customers affected.

The stolen data does not include DNA records.

23andMe is a giant of the growing ancestor-tracing industry. It offers genetic testing from DNA, with ancestry breakdown and personalised health insights.

https://www.bbc.co.uk/news/technology-67624182

[caltrek]

Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack
by Kateryna Chursina and Cagan Koc
December 12, 2023

Introduction:

(Bloomberg) -- Ukraine’s largest mobile phone operator said Russia was most likely behind a “powerful” cyberattack that disrupted phone and internet services Tuesday for about 24 million people in the country.

The cyberattack, the largest to strike Ukraine since Russia’s invasion began nearly two years ago, took down ATMs and digital banking services, disabled some air raid sirens, and hampered broader cellular service across Ukraine.

“This is definitely a cyberattack and the probability that Russian entities are behind it is very close to 100%,” Oleksandr Komarov, chief executive officer of Kyivstar GSM JSC, told Bloomberg by phone.

Ukraine’s government said in October that such attacks by Russia were becoming more sophisticated as they aimed to disrupt vital infrastructure during wartime. The State Cyber Protection Center previously attributed the majority of such incidents of interference, which commonly tried to steal information and to disrupt or destroy systems, to hacker groups funded by the Russian government.

Read more here: https://www.msn.com/en-us/money/other/ ... snnews11

[caltrek]

Beyond Borders: The Urgent Case for Global Cooperation in Cyber Defence
January 6, 2024

Introduction:

(Eurasia Review) Over the past year, the cyber conflict between Ukraine and Russia has captured much attention. Yet, a similarly critical situation has unfolded in the China–Taiwan theatre, where cyberattacks have significantly escalated. Reports from Google’s threat analysis division and Microsoft security have confirmed this uptick, pinpointing that these incidents predominantly target critical sectors like energy systems, electrical grids, and communication networks. The semiconductor industry has not been spared either.

A report by the cybersecurity company Fortinet reveals a staggering figure of 412 billion attack events detected in Asia-Pacific in the first half of 2023, with Taiwan bearing the brunt at 22.48 billion, marking an 80 per cent increase from the year prior. Alongside espionage efforts, Taiwan has faced Distributed Denial of Service (DDoS) and ransomware attacks. Further intensifying the situation are the misinformation campaigns aimed at undermining public trust in Taiwan’s government and stoking societal confusion.

India has also been at the receiving end of misinformation aimed at Taiwan. A recent rumour claiming that the Taiwanese government was bringing in as many as 100,000 migrant workers from India went viral on social media in Taiwan. Though refuted by the Taiwan government, various social media pages operated by the Taiwan government were spammed with bot messages designed “to create social panic and spark tension between Taiwan and India”.1

In defence, Taiwan has fortified its cyber capabilities by establishing its Information Communication Electronic Force Command in 2017, consolidating various military units into one formidable force of over 6,000 personnel. The latest National Cybersecurity program, the sixth of its kind since 2001 and running until 2024, reflects Taiwan’s commitment to strengthening its cyber defences—protecting crucial infrastructure, enhancing cyber skills, increasing information security, and supporting the private sector in safeguarding its operations. A key goal is to position Taiwan as a hub for cyber research and development.2

Taiwan’s role in global cyber stability is underscored by its critical position in the electronics supply chain. Taiwan is the sixth-largest electronics exporter globally, with electronics exports valued at US$ 94.8 billion in 2021, representing a 3.9 per cent share of the global electronics market.

 1.“Rumor on Mass Indian Worker Influx China’s ‘Cognitive Warfare’: Source”, Focus Taiwan, 26 November 2023.

 2.Kaushal Kishore Chandel, “China as a Factor in Taiwan’s National Cyber Security Strategy”, Occasional Paper No. 94, August 2022, Institute of Chinese Studies, Delhi.

(See linked article for hyperlinks to footnoted sources)

Read more here: https://www.eurasiareview.com/06012024 ... -analysis

[wjfox]

Hacktivists Claim Responsibility for Taking Down the Internet Archive

Published October 10, 2024

A pro-Palestinian group has compromised the login information for the world’s biggest digital archive and launched a sustained DDoS attack against the site.

https://gizmodo.com/hacktivists-claim-r ... 2000510339

[Powers]

Well.