Hacking & Cyberwarfare News and Discussions

[Yuli Ban]

Microsoft says SolarWinds hackers have struck again at the US and other countries

The hackers behind one of the worst data breaches ever to hit the US government have launched a new global cyberattack on more than 150 government agencies, think tanks and other organizations, according to Microsoft.

The group, which Microsoft calls "Nobelium," targeted 3,000 email accounts at various organizations this week — most of which were in the United States, the company said in a blog post Thursday.

It believes the hackers are part of the same Russian group behind last year's devastating attack on SolarWinds — a software vendor — that targeted at least nine US federal agencies and 100 companies.

[weatheriscool]

Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency
Source: nytimes


By David E. Sanger and Nicole Perlroth


May 28, 2021 Updated 12:37 p.m. ET

Hackers linked to Russian intelligence surreptitiously seized an email system used by the United States government’s international aid agency to burrow into the computer networks of human rights groups and other organizations of the sort that have been critical of President Vladimir V. Putin, Microsoft Corporation disclosed on Thursday.

Discovery of the breach comes only three weeks before President Biden is scheduled to meet Mr. Putin in Geneva, and at a moment of increased tension between the two nations — in part because of a series of increasingly sophisticated cyberattacks emanating from Russia.

The newly disclosed attack was also particularly bold: By breaching the systems of a supplier used by the federal government, the hackers sent out genuine-looking emails to more than 3,000 accounts across more than 150 organizations that regularly receive communications from the United States Agency for International Development. Those emails went out as recently as this week, and Microsoft said it believes the attacks are ongoing.

The email was implanted with code that would give the hackers unlimited access to the computer systems of the recipients, from “stealing data to infecting other computers on a network,” Tom Burt, a Microsoft vice president, wrote on Thursday night.....................................

Read more: https://www.nytimes.com/2021/05/28/us/p ... 1bf32ec141

[wjfox]

JBS: Cyber-attack hits world's largest meat supplier

18 minutes ago

The world's largest meat processing company has been targeted by a sophisticated cyber-attack.

Computer networks at JBS were hacked, temporarily shutting down some operations in Australia, Canada and the US, with thousands of workers affected.

The company believes the ransomware attack originated from a criminal group likely based in Russia, the White House said.

The attack could lead to shortages of meat or raise prices for consumers.

In a ransomware attack, hackers get into a computer network and threaten to cause disruption or delete files unless a ransom is paid.

https://www.bbc.co.uk/news/world-us-canada-57318965

[weatheriscool]

Commerce secretary on cyberattacks against corporations: 'This is the reality'
Source: The Hill

Commerce Secretary Gina Raimondo said Sunday that companies should brace for the reality that cyberattacks have become the norm, but stopped short of proposing that the Biden administration require businesses to secure their technology.

Raimondo said the administration would instead urge businesses to adopt standards such as two-factor authentication and remain "vigilant" about expecting cyberattacks.

"This is the reality and we should assume and businesses should assume that these attacks are here to stay and if anything, will intensify," Raimondo said.

When asked by ABC's "This Week" host George Stephanopoulos if the administration should require businesses to take certain security steps, Raimondo said the administration would avoid taking such a "heavy-handed" approach.

Read more: https://www.msn.com/en-us/news/politics ... li=BBnb7Kz

[Yuli Ban]

You know, I've been thinking about the different dimension of cyberwarfare as compared to a hot war— nations can directly attack each other without military retaliation. So this makes me wonder: what would it take for a cyberattack to trigger a shooting war? Stuxnet didn't, but perhaps it didn't aim large enough...?

[wjfox]

World’s biggest meat producer JBS pays $11m cybercrime ransom

Thu 10 Jun 2021 09.00 BST

JBS, the world’s biggest meat processor, has paid an $11m (£7.8m) ransom after a cyber attack shut down operations, including abattoirs in the US, Australia and Canada.

While most of its operations have been restored, the Brazilian-headquartered company said it hoped the payment would head off any further complications including data theft.

JBS, which supplies more than a fifth of all beef in the US, reportedly made the payment in bitcoin.

“This was a very difficult decision to make for our company and for me personally,” said JBS’s chief executive, Andre Nogueira. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

The meat producer was forced to stop all cattle slaughtering at its US plants for a day last week, in a move that threatened to disrupt food supply chains and lead to further food price inflation in the US, where labour shortages, high demand, and Covid-related disruptions are taking their toll.

https://www.theguardian.com/business/20 ... ime-ransom

[wjfox]

EA: Gaming giant hacked and source code stolen

16 hours ago

Hackers have stolen valuable information from major game publisher Electronic Arts (EA), the company said.

The attackers claimed to have downloaded source code for games such as FIFA 21 and for the proprietary Frostbite game engine used as the base for many other high-profile games.

News of the hack was first reported by news site Vice, which said some 780GB of data was stolen.

EA said no player data had been stolen in the breach.

The firm is one of the largest games companies in the world. It counts major series such as Battlefield, Star Wars: Jedi Fallen Order, The Sims, and Titanfall among the titles it develops or publishes - as well as a vast array of annual sports games.

https://www.bbc.co.uk/news/technology-57431987

[weatheriscool]

McDonald's latest company to be hit by a data breach
Source: AP

McDonald's has become the latest company to be hit by a data breach after unauthorized activity on its network exposed the personal data of some customers in South Korea and Taiwan.

McDonald's Corp. said Friday that it quickly identified and contained the incident and that a thorough investigation was done.

“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data," the burger chain said.

McDonald's said its investigation determined that only South Korea and Taiwan had customer personal data accessed, and that they would be taking steps to notify regulators and also the customers who may be impacted. No customer payment information was exposed.

Read more: https://www.msn.com/en-us/money/compani ... li=BBnb7Kz

[wjfox]

50,000 security disasters waiting to happen: The problem of America's water supplies

"If you could imagine a community center run by two old guys who are plumbers, that's your average water plant," one cybersecurity consultant said.

June 17, 2021, 5:20 PM BST

On Jan. 15, a hacker tried to poison a water treatment plant that served parts of the San Francisco Bay Area. It didn't seem hard.

The hacker had the username and password for a former employee's TeamViewer account, a popular program that lets users remotely control their computers, according to a private report compiled by the Northern California Regional Intelligence Center in February and seen by NBC News.

After logging in, the hacker, whose name and motive are unknown and who hasn't been identified by law enforcement, deleted programs that the water plant used to treat drinking water.

[...]

The incident, which has not been previously reported, is one of a growing number of cyberattacks on U.S. water infrastructure that have recently come to light. The Bay Area attack was followed by a similar one in Oldsmar, Florida, a few weeks later. In that one, which made headlines around the world, a hacker also gained access to a TeamViewer account and raised the levels of lye in the drinking water to poisonous levels. An employee quickly caught the computer's mouse moving on its own, and undid the hacker's changes.

The Biden administration and the public are in the middle of a cybersecurity reckoning. Russian and Chinese spies have sneaked into numerous federal government networks, sometimes sitting for months undetected. Criminals have hacked into practically every industry and extorted companies at will, including those that occupy important parts of U.S supply chains.

But of all the country's critical infrastructure, water might be the most vulnerable to hackers: the hardest in which to guarantee everyone follows basic cybersecurity steps, and the easiest in which to cause major, real-world harm to large numbers of people.

Read more: https://www.nbcnews.com/tech/security/5 ... e-rcna1206

[weatheriscool]

Garland: More "depth" needed to protect against cyberattacks
Source: AP

WASHINGTON (AP) — Attorney General Merrick Garland said Tuesday that private industry needs better safeguards to avoid calamitous consequences in the event of cyberattacks like the ones that have targeted American infrastructure and corporations.

“You have to have a secondary method if your first method is shut down. You have to have depth, and we need to work with them on that," Garland said, a week after a meeting between President Joe Biden and Russian President Vladimir Putin that included discussion of a spate of Russia-linked ransomware attacks in the last year.

In a wide-ranging question-and-answer session with reporters, his first since being confirmed in March as the country’s chief law enforcement officer, Garland also reiterated his concerns about the death penalty, defended the Justice Department’s position in a defamation case against former President Donald Trump and insisted that the government would work to protect both journalists’ personal safety and their ability to conceal their confidential sources.

The conversation occurred as Garland has faced demands from Democrats to swiftly undo or reverse positions taken by the Justice Department during the Trump administration, including aggressive leak investigations in which law enforcement obtained phone records of journalists and congressional officials. The Justice Department inspector general is now investigating, and Garland met last week with executives from news media organizations.

Read more: https://www.msn.com/en-us/news/politics ... id=DELLDHP

[caltrek]

Reuters Reports That Denmark's Central Bank Exposed in SolarWinds Hack
June 29, 2021

https://news.yahoo.com/denmarks-central ... 12110.html

Introduction:

COPENHAGEN (Reuters via Yahoo) - Denmark's central bank was compromised in last year's global SolarWinds hacking operation, leaving a "backdoor" to its network open for seven months, IT media Version2 reported on Tuesday, citing documents related to the case.

The hackers, accused by the United States of working for Russian intelligence, were unusually sophisticated and modified code in SolarWinds network management software that was downloaded by 18,000 customers around the globe.

The attackers could use SolarWinds to get inside a network and then create a backdoor for potential continued access.

Such a backdoor stood open at the Danish central bank for seven months until it was discovered by U.S. security firm Fire Eye, Version2 said, citing various documents it obtained under a freedom of information request, such as SolarWinds emails.

The central bank, which manages transactions worth billions of dollars each day, said in an emailed comment to Reuters that there were "no signs that the attack had any real consequences".

[wjfox]

US companies hit by 'colossal' cyber-attack

6 hours ago

About 200 US businesses have been hit by a "colossal" ransomware attack, according to a cyber-security firm.

Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.

Kaseya said in a statement on its own website that it was investigating a "potential attack".

Huntress Labs said it believed the Russia-linked REvil ransomware gang was responsible.

The US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was taking action to address the attack.

https://www.bbc.co.uk/news/world-us-canada-57703836

[weatheriscool]

Widespread ransomware attack is affecting hundreds of businesses
Source: Washington Post

A supply-chain ransomware attack that hit hours before the beginning of a holiday weekend has already affected more than 200 businesses, researchers said.

On Friday, information technology company Kaseya sent out a warning of a “potential attack” on its VSA tool, which is used by IT to manage and monitor computers remotely. Kaseya urged customers to shut down their servers running the service.

“Its critical that you do this immediately, because one of the first things the attacker does is shutoff administrative access to the VSA,” the company said.

It was unclear late Friday how disruptive the attack might be on U.S. businesses. More than 40,000 organizations use Kaseya products, the company says, which includes VSA and other IT tools.

Read more: https://www.washingtonpost.com/technolo ... re-attack/

[caltrek]

Apex Legends Hackers Interrupt Games
by Richard Lawler
July 4, 2021

https://www.theverge.com/2021/7/4/22563 ... ea-respawn

Introduction:

(The Verge) Respawn Entertainment’s battle royale shooter Apex Legends has proven to be a hit, with over 100 million unique players, and counted over 300,000 people playing on Steam at one time in May. But an issue bubbling over from its earlier Titanfall games is now having an impact on Apex, as reports across social media show players running into messages from people hacking the game with a “Save Titanfall” message.

Respawn acknowledged the issues on Twitter, saying “We are aware of and actively investigating issues impacting @PlayApex playlists that are preventing players from getting into matches.” In a follow-up tweet at 7PM, the developer said these attacks don’t put the personal information of players at risk, and that the team is testing a fix. As of 10:15PM, the developer appeared confident that problems for Apex Legends are resolved

[weatheriscool]

Hackers demand $70 mn after Kaseya ransomware attack
https://techxplore.com/news/2021-07-hac ... mware.html
by Katy Lee With Nioucha Zakavati In Stockholm

A Coop supermarket in Sweden has a sign reading "Temporarliy closed - We have an IT-disturbance and our systems are not functioning" posted in the window following a cyberattack that targeted a US provider of IT services.

Hackers were on Monday demanding $70 million in bitcoin in exchange for data stolen during an attack on a US IT company that has shuttered hundreds of Swedish supermarkets.

Researchers believe more than 1,000 companies could have been affected by the attack on Miami-based firm Kaseya, which provides IT services to some 40,000 businesses around the world.

The FBI warned Sunday that the scale of the "ransomware" attack—a form of digital hostage-taking where hackers encrypt victims' data and then demand money for restored access—is so large that it may be "unable to respond to each victim individually".

Sweden's Coop supermarket chain was among the most high-profile victims. Most of their 800 stores were still closed three days after the hack paralysed its cash registers, spokesman Kevin Bell told AFP.

[caltrek]

Russian Hackers Breach Republican National Committee
by Oriana Gonzalez
July 6, 2021

https://www.axios.com/russian-hackers-b ... 52938.html

Introduction:

(Axios) A hacker group associated with the Russian government breached the computer systems of the Republican National Committee last week in a massive ransomware attack, Bloomberg first reported.

The big picture: The attack follows a separate Russia-based criminal group unleashing an attack that compromised the computer systems of at least 1,000 businesses. No connection has been established between the attacks.

What they're saying: It is unclear what, if any, information the Cozy Bear hackers found. Danielle Alvarez, the GOP communications director, released a statement saying that while it was informed by Microsoft that their systems may had been exposed, "no RNC data was accessed."

Alvarez added that it "will continued to work with Microsoft, as well as federal law enforcement officials on this matter."
An RNC spokesperson told Bloomberg it is investigating the situation and has already informed the FBI and the Department of Homeland Security.

[weatheriscool]

White House Issues Threat to Russia Over Hacking
Source: Political Wire

White House press secretary Jen Psaki told reporters that a “high level” of U.S. national security has been in touch with top Russian officials about $70 million ransomware attack by a Russia-linked hacking group.

She added that if Russia doesn’t take action against cyber criminals residing there, “we will.”

https://politicalwire.com/2021/07/06/wh ... r-hacking/

[wjfox]

An international investigation has revealed that Israel's NSO Group is using spyware to target heads of state, along with thousands of activists, journalists and dissidents around the world.

https://www.theguardian.com/world/2021/ ... up-pegasus

https://www.bbc.co.uk/news/technology-57881364

[caltrek]

Russian Hacker Known as 'Bot Master' to be Sentenced in U.S.
Pat Eaton Robb
July 2021

https://www.msn.com/en-us/news/us/russi ... ar-AAMm9Xn

Introduction:

(AP Via MSN) Federal prosecutors are seeking a lengthy prison sentence for a Russian hacker known internationally as the “bot master" on charges he operated a network of devices used to steal computer credentials, distribute spam emails and install malicious software.

Peter Levashov, 40, pleaded guilty in 2018 to conspiracy, wire fraud, identity theft and other charges that he operated several networks of hijacked computers, known as botnets, that were capable of pumping out billions of spam emails.

Prosecutors are asking that he be sentenced Tuesday to between 12 and 14 1/2 years in prison when he appears via teleconference before U.S. District Judge Robert Chatigny in Connecticut.

In their written presentencing arguments, prosecutors said Levashov spent more than a decade controlling the botnets — including one that may have infected 200,000 computers — to harvest email addresses, logins and passwords from infected computers and also distributed malware and other malicious software.

“Levashov used those botnets to send billions of spam messages, messages which ranged in destructive potential from relatively harmless advertisements, to email messages used to conduct 'pump and dump' schemes, to email messages containing malicious links that spread malware such as viruses or ransomware,” Assistant U.S. Attorney Edward Chang wrote.

[weatheriscool]

House passes host of bills to strengthen cybersecurity in wake of attacks
Source: The Hill

The House on Tuesday approved five bipartisan measures designed to enhance various aspects of the nation's cybersecurity following recent major cyberattacks.

The cyber-related package passed in a 319-105 vote. It included measures to fund cybersecurity at the state and local level, bolster reporting requirements and test critical infrastructure.

One bill, the State and Local Cybersecurity Act, would establish a grant program to provide $500 million annually to state and local governments over the next five years for cybersecurity needs. Rep. Yvette Clarke (D-N.Y.), chair of the House Homeland Security Committee's cyber panel, is the lead sponsor of that bill.

Also included in the package was the Cybersecurity Vulnerability Remediation Act, which would improve the reporting of cybersecurity vulnerabilities. The bill, primarily sponsored by Rep. Sheila Jackson-Lee (D-Texas), was previously passed by the House in 2019, but failed to get a vote in the Senate.

Read more: https://www.msn.com/en-us/news/politics ... id=DELLDHP