Hacking, Security & Privacy - Page 2

A group of hackers connected to the Russian government have launched cyber attacks at Starlink-connected infrastructure in Ukraine to target devices being used by Ukrainian soldiers on the frontline. Microsoft has confirmed the infrastructure has been compromised, and currently, investigators still don't know what vulnerability was exploited.

Microsoft has labeled the group as "Secret Blizzard," and according to reports and the latest Microsoft Security blog post, in at least one instance this year when Ukrainian frontline devices were targeted, Secret Blizzard used infrastructure created by a cybercrime group Microsoft tracks as Storm-1919. In another instance,e Secret Blizzard leveraged infrastructure from another group called Storm-1837, a Russian-based cybercrime group that targets Ukrainian drone operations.

So, how did they gain access to the infrastructure? Microsoft explains the cybercriminals between March and April this year used a bot swarm attack to install the XMRIG cryptocurrency app on targeted servers. Typically, hackers will install this malware and then use the device's resources to mine a cryptocurrency, which they then sell online for real money. However, Microsoft writes the ultimate objective of bot swarm malware was to install Tavdig, a backdoor Secret Blizzard used to conduct reconnaissance on the target device.

Microsoft Threat Intelligence has warned that a Chinese government espionage hacking group is targeting critical US infrastructure, such as telecommunications networks, financial and legal services industries, and government and non-government agencies.

Sherrod DeGrippo, the director of threat intelligence strategy at Microsoft, spoke with The Register, saying the new group Microsoft is tracking under the moniker "Storm-0227" began targeting critical US infrastructure as soon as yesterday. DeGrippo says the group has been active since January but didn't say its total number of victims. Notably, DeGrippo said the group's members have some overlap with Silk Typhoon, a notorious Chinese government-affiliated hacking group known for healthcare, law firms, higher education, defense contractors, and non-governmental organizations.

Furthermore, over the past 12 months, Microsoft has seen a significant increase in the frequency of attacks by Chinese hacking groups. As for how the hacking is done, The Register reports Storm-0227 typically infiltrates a system by exploiting security vulnerabilities in public-facing applications and spear-fishing emails that contain contaminated links or attachments. The objective of Storm-0227 is to get a victim to click on a document that automatically downloads SparkRAT, an open-source remote administration tool that enables the controller administrative access to a machine.

Last week, telecommunications executives sat in front of the Biden administration and discussed the exponential frequency of cyber attacks from China on the United States, with one Senator saying the attacks from China make severe cyber security events such as Solar Winds caused by Russia-affiliated bad actors look like "child's play."

The details come from Senator Mark R Warner, who spoke to the press and said that "my hair is on fire" with the ramping cyber attacks from China, which started increasing well before the recent US election. Additionally, the Senator stated the presence and nature of the attacks may require the replacement of "literally thousands and thousands and thousands" of routers, switches, and other potentially infiltrated hardware.

Furthermore, the Senator warned that the extent to which these attacks have affected US networks is currently unknown, describing the situation as follows: "The barn door is still wide open, or mostly open." More specifically, US telecommunications networks that have been infiltrated may provide Chinese state employees or affiliated hackers with the means of listening in on phone calls, even as high as President-elect Donald Trump.

In a recent interview with the Financial Times, Brad Smith, the vice chair and top legal officer at Microsoft, said that he is hoping President Trump and his administration push back harder against foreign cyber attacks, particularly those that originate from Russia and China.

Cyber attacks from Russia and China have become more and more frequent, with Microsoft only recently confirming that Russian state-backed hacking group Midnight Blizzard infiltrated its servers. Microsoft has since implemented security updates to mitigate the likelihood of breaches, but attacks are still increasing and only becoming more sophisticated. Brad Smith, Microsoft's vice chair and top legal officer, has called upon the Trump Administration to "push harder" against cyber attacks, saying the issue "deserves to be a more prominent issue of international relations".

Smith has said he hopes Trump is prepared to send a "strong message" to Russia, Iran, and any other nation that is launching cyber attacks on the US. It was only earlier this month US authorities accused China of launching widespread cyber espionage campaigns against the US, with a recent Microsoft-led study finding that more than 600 million cyber attacks are launched at its customers every day. Moreover, Microsoft found that criminal gangs are now increasingly teaming up with "nation-state groups" to launch operations against targets and share hacking tools.

Scammers are always looking for new ways to take advantage of unsuspecting people, and according to Switzerland's National Cyber Security Center (NCSC) there is a rise in a new method of scamming, and it involves the use of QR codes and the traditional postage system.

In a new statement issued by the National Cyber Security Center, hackers are attempting a new scheme to get malware into as many devices as possible, and it involves sending fake letters, such as the one above, to residents that request they download a "Severe Weather Warning App" for Android via the provided QR code. The letters were faked to look like letters sent from the nation's Federal Office of Meteorology and Climatology, and the app the scammers requested residents to download was designed to mimic the official Alertswiss weather app by using a similar name "AlertSwiss," and a slightly different logo.

The fraudulent app took users that scanned it to a third-party site and not the official Google Play Store, which, for those unfamiliar with the rules of the road when downloading apps - the general rule of thumb is don't download any application onto your device that isn't from the official app marketplaces. The scamming app contained a version of the Copper trojan, malware designed specifically for keylogging purposes, gathering two-factor authentication information, tracking notifications and SMSs, and stealing stored user credentials from other applications.

The FBI and CISA have posted a joint statement revealing that numerous commercial telecommunications organizations have been breached by a hacking group associated with the Chinese government.

The joint statement posted to the official FBI website states the US government is continuing its investigation into the People's Republic of China (PRC) targeting of commercial telecommunications infrastructure across the US, and that it can confirm the existence of a "broad and significant cyber espionage campaign." More specifically, the joint statement reads that US officials have identified PRC-affiliated actors that have "compromised networks at multiple telecommunications companies" to steal customer call data, information, and other data.

Notably, the group behind these attacks on US infrastructure is reportedly Salt Typhoon, which has gained access to customer call records data along with private communications of individuals within the US government. Furthermore, US officials can also confirm the group gained access to a US wiretap system, which is used by authorities to submit requests for court orders. It was only in September 2024 that Salt Typhoon targeted a selection of US internet service providers in what is believed to be a reconnaissance attack to gather information on potential targets for future heavier attacks.

Microsoft has taken to its security blog to shine a light on the company's recent observations in the cybersecurity space, and according to the Redmond company, a known hacking group is now going after US government officials in a series of highly-targeted spear-phishing email waves.

According to Microsoft, the hacking group is Russian government-backed bad actors Midnight Blizzard, which have been on Microsoft's radar since October 22, 2024. Microsoft Threat Intelligence is quite familiar with Midnight Blizzard, as the hacking group targeted Microsoft servers on January 12, 2024, which ended up becoming compromised and Midnight Blizzard gaining access to federal government email accounts, Microsoft's corporate email accounts, and more.

At the time, Microsoft described these attacks by Midnight Blizzard as a "sustained, significant commitment of the threat actor's resources, coordination, and focus." Now, Microsoft has put out a new warning that Midnight Blizzard is sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. Microsoft writes this activity is ongoing, and the likely goal of this operation is to collect intelligence.

A cybersecurity researcher has discovered more than 100,000 United Nations-associated documents containing financial reports, audits, bank account information, staff documents, email addresses, and more in a non-password-protected text database.

vpnMentor cybersecurity researcher Jeremiah Fowler has published a new report revealing the discovery of a non-password-protected database that contained 115,000 records associated with the United Nations Trust Fund to End Violence against Women. The trust fund was set up to provide financial and technical support to local, national, and regional organizations working toward reducing gender-based violence. According to the report the database held 115,141 files that amounted to 228GB of data.

According to Fowler, many of the documents in the database were marked as confidential, with the cybersecurity researcher pointing out one .xls file contained a list of "1,611 civil society organizations, including their internal UN application numbers, whether they are eligible for support, the status of their applications, whether they are local or national, and a range of detailed answers regarding the groups' missions."

Federal authorities have charged two brothers with launching cyberattacks at some of the world's biggest technology companies, including streaming services and social platforms.

The US Department of Justice has alleged two brothers are behind the hacktivist group Anonymous Sudan, which launched thousands of powerful distributed denial-of-service (DDoS) attacks at some of the biggest tech companies in the world. Additionally, the group targeted government agencies such as the FBI, Department of Justice (DOJ), Pentagon, and FBI. The charges by the DOJ outline the two Sudanese brothers are also responsible for a series of cyberattacks against Microsoft, OpenAI, Riot Games, PayPal, Steam, Hulu, Netflix, Reddit, GitHub, and Cloudflare.

Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27, were charged with one count of conspiracy to damage protected computers. Ahmed Salah was separately charged with three counts of damaging protected computers and an attempt to "knowingly and recklessly cause death" after launching several cyberattacks at hospitals in retaliation for hospitals being bombed in Gaza. If convicted of all charges, Ahmed Salah will face a maximum sentence of life in federal prison.

The US Department of Justice has charged two brothers who were allegedly behind a series of cyberattacks launched at hospitals across various countries.

Reports indicate the Sudanese brothers are behind the hacktivist group Anonymous Sudan, which the US Department of Justice believes is behind a series of cyberattacks launched at various hospitals around the world. The Department of Justice recently unsealed the charges against the brothers, accusing them of launching more than 35,000 distributed denial-of-service (DDoS) attacks against hundreds of organizations. The targets of these attacks were websites, network systems, services, media companies, airports, and government agencies such as the Pentagon, FBI, and Department of Justice.

The indictment revealed the brothers had their own ideological reasons behind the attacks but were also making their services available for hire. This would include launching cyberattacks against entities on behalf of clients, and according to US prosecutors and the FBI, their victims include Microsoft's Azure cloud services, OpenAI's ChatGPT, video game companies, and even hospitals. The last point is a particular point of interest for the prosecution as the brothers are accused of launching attacks on Cedars-Sinai Health Systems in Los Angeles, which resulted in multiple hours of downtime and patients having to be moved to different hospitals.