Connect with us

Cyber Security

Incident Of The Week: Chinese Hackers Accused Of Freelancing For The Chinese Gov…

Avatar

Published

on

[Records Exposed: Several Terabytes of IP  |  Industry: Private and Public Sectors  |  Type Of Attack: Zero-Day]

Li Xiaoyu and Dong Jiazhi, Chinese nationals who met in a Chengu, China engineering school, were indicted by the Department of Justice on Tuesday, July 21. Their crime? Stealing several terabytes of intellectual property from 11 Western nations over the past decade.  

The Facts:

When called upon, Li and Dong allegedly worked as freelance hackers for the Chinese government. In return, they were immune from persecution when performing private hacks for monetary value. DOJ authorities estimate that since 2009, the hacker duo has hacked hundreds of companies globally, and continue to do so. Their targets include manufacturers, energy and pharmaceutical enterprises, video game and education software companies, and most recently—and perhaps most disturbingly—Covid-19 research facilities working on a cure.

Their “rob, replicate, replace” strategy works like this: The intellectual property that is stolen is sold to Chinese enterprises. Those corporations replicate the technology and replace its Western counterpart first in the Chinese markets and eventually and ideally in the global markets. The Chinese government, who vehemently deny such allegations, appear to utilize the hackers to control its citizens. Examples include the theft of dissidents’ emails and the emails of Chinese religious leaders who are not part of the government’s sanctioned religions.  

Related: Four 2019 Enterprise Cyber Focal Points And The 2020 Ramifications

The efficiency of Li and Dong’s operation can be credited to their workflow and teamwork. Dong researches victims for Zero Day vulnerabilities and Li takes advantage of the vulnerabilities to extract data. A Zero Day vulnerability is an unknown or unaddressed weakness in computer software. Typically, a hacker can exploit the weakness in order to gain access to internal data. Further, the hacker is able to remain inside the system for prolonged periods of time undetected until the vulnerability is discovered and fixed. It is believed that China’s Ministry of State Secretary fed Zero-Day malware to Li and Dong.

Using web shells—their favorite being the “China Chopper” —the pair gains remote access to its victim’s networks in order to steal data and usernames and passwords. Such untethered and undetected access gives them time to explore the internal systems, collect data in a compressed RAR file they hid in the recycle bin, and extract data. While the DOJ doesn’t release names of those hacked, they have released some locations and the amount of data stolen in specific targeted attacks.

According to senior manager of analysis at cyber security firm FireEye, Ben Reid, this indictment comes as no surprise. “The Chinese government has long relied on contractors to conduct cyber intrusions. Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations.”

Related: Enterprises And State Governments Commit To Cyber Liability Insurance To Protect The Business

For their part, the Chinese Foreign Ministry spokesman had this to say: “The Chinese government is a staunch supporter and champion of cyber safety. We’ve been cracking down on all forms of cyber attacks and cyber crimes. We demand the U.S. side immediately stop discrediting China on the issue of cyber security.”

Lessons Learned:

The DOJ has issued a reminder to corporations that all cyber crimes and cyber crime suspicions must be reported to the DOJ at the earliest sign of the breach. Even if the issue is assumed to be an HR problem or an internal glitch, involving the DOJ benefits enterprises with top-level government resources and detective work, mitigating the damage an enterprise may get into should it attempt to ignore or resolve the attack on its own. In the case of the cyber attacks out of China, hackers returned to the scene of the crime again and again in order to extract as much data as possible. The DOJ reminds American enterprises that one-time hacks are unlikely, stressing the importance of working with experts.

The DOJ also reminds enterprises that their reputation is not at stake when reporting cyber crimes. Enterprise C-suite and board members should not be concerned that the DOJ will poke around where it doesn’t belong, expose the corporation, or punish the corporation. Further, the DOJ does not release the names of the enterprises it investigates. Conversely, by not reporting a breach to the DOJ, an organization runs the risk of the breach being leaked to the media or discovered by other nefarious actors.

Quick Tips:

Zero Day threats are a risk to every organization. Especially with more and more people working from home, it is imperative that all security measures available are utilized such as:

  • Firewalls – Beyond simply installing a firewall, be sure to configure its settings so that only necessary transactions are allowed.
  • Essential Applications – The more third-party software an enterprise has, the more risk it takes on. Limit applications to the essential ones and try to utilize several applications from the same vendor.
  • Patches – Don’t ignore patch and system updates. Download them immediately upon notification. Patches fix software and operating system vulnerabilities which reduces malware risks.
  • HIPS – A host intrusion prevention system (HIPS) is a software program that monitors a single host’s code for disruptions, blocks the system from any changes, and notifies the user. It goes a step further than traditional antivirus software as it does more than just detect.

Read More: Incident Of The Week

Source: https://www.cshub.com/attacks/articles/incident-of-the-week-chinese-hackers-accused-of-freelancing-for-the-chinese-government

Cyber Security

USCYBERCOM Released New Malware Samples

Avatar

Published

on

Malware

New malware samples associated with the operations of Russian threat actors Turla and Zebrocy have been released this week by the United States Cyber Command (USCYBERCOM).

Turla was most recently observed attacking a European government agency with numerous backdoors, connected to malicious activities dating back two decades and often referred to as Rat, Waterbug, Venomous Bear, Belugasturgeon, and KRYPTON.

USCYBERCOM posted new samples of the ComRAT Trojan on VirusTotal on Thursday, which is suspected to be one of the oldest malware families employed by Russia-linked threat actors.

The FBI is extremely optimistic that ComRAT malware is being used by Russian-sponsored APT actor Turla, an intelligence organisation operating for at least a decade, to hack victim networks. A malware intelligence study from the Cybersecurity and Information Protection Agency (CISA) reports that the group is well known for its customised software and tailored operations.

The report shares knowledge about a PowerShell script that is used to mount another script that loads the ComRAT version 4 DLL in turn. CISA clarifies that the malware contains DLLs used as contact modules that are inserted into the default browser and that use a called pipe to communicate with the ComRATv4 code. In order to accept commands and exfiltrate files, a Gmail web interface is used.

A total of five ComRAT files and two samples identified with the Russian threat actor Zebrocy were posted by USCYBERCOM on VirusTotal.

The Russian hacker community, initially detailed in 2018, is considered part of the notorious Sofacy APT (also referred to as APT28, Fancy Bear, Pawn Storm, Sednit, and Strontium) by some security firms, while others see it as a distinct organisation.

New Zebrocy attacks were discovered in September 2020, demonstrating persistent targeting of countries connected to the North Atlantic Treaty Organization ( NATO).

Windows executables are the two examples that USCYBERCOM shared on VirusTotal that are suspected to be a new version of the Zebrocy backdoor. The malware gives remote access to a compromised device to attackers and facilitates multiple operations, CISA says.

CISA advises that security best practises be implemented by users and administrators to ensure that their devices stay safe from recently shared samples of ransomware or other risks.

Source: https://cybersguards.com/uscybercom-released-new-malware-samples/

Continue Reading

Cyber Security

The WordPress Core Team has Released an Emergency Release of WordPress 5.5.3

Avatar

Published

on

wordpress

An emergency update of WordPress 5.5.3 has been released by the WordPress core team, just one day after version 5.5.2 was released. This emergency update was made to fix a problem implemented in WordPress 5.5.2, making it difficult to run WordPress without a database link installed on a brand new website. A second problem caused a number of pages to be erroneously upgraded to version 5.5.3-alpha while planning for this emergency upgrade.

According to the release notes, the WordPress auto-update framework upgraded some pages from version 5.5.2 to 5.5.3-alpha between about 15:30 and 16:00 UTC on October 30th. This happened because, in an effort to discourage new users from using this update, the WordPress Core team blocked the 5.5.2 release download. By deleting the 5.5.2 download, the wordpress.org API returned the 5.5.3-alpha-49449 alpha version as the version that WordPress can migrate to.

An overview of the release 5.5.3-alpha-49449 showed no distinction between the release 5.5.2 of WordPress and 5.5.3-alpha-49449 of WordPress, since much of the key features is the same. Owing to the mistake, no recorded site functionality was disabled. However, along with the Akismet plugin, a number of additional Twenty- themes were built with that autoupdate.

To fix both concerns, download 5.5.2 was originally re-enabled by the Core team to discourage sites from upgrading to the alpha version, followed by the WordPress 5.5.3 emergency release to resolve the issue that stopped new install.

What Should I Have Done?

If your WordPress 5.5.3-alpha site has been upgraded, you can have additional themes built on your site. You may have Akismet mounted as well. When installed as part of the pre-release kit, these themes and plugins were not allowed. Check the themes and installation of plugins. There will be no other plugins installed or deleted.

Upgrade the pages to WordPress 5.5.3 normally, just as you will on every other update to WordPress. If you want your site to auto-update, you will already have version 5.5.3 enabled.

If you haven’t upgraded to 5.5.2 for WordPress yet, upgrading to 5.5.3 is exactly the same version with a slight patch. It is secure to upgrade your site.

Source: https://cybersguards.com/the-wordpress-core-team-has-released-an-emergency-release-of-wordpress-5-5-3/

Continue Reading

Cyber Security

Hackers Continue to Target Zerologon Vulnerability

Avatar

Published

on

Microsoft

This week, Microsoft announced that it continues to obtain complaints of attacks targeting the Zerologon vulnerability from customers.

Patched on August 11, the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) found the security vulnerability. Tracked as CVE-2020-1472, to compromise Active Directory domain controllers and obtain domain administrator rights, the problem can be exploited.

After the DHS directed federal departments to quickly submit available fixes, the flaw came into the spotlight, with both Microsoft and CISA releasing reports on the attackers actively exploiting the bug.

Microsoft released a guide at the end of September to provide companies with all the required information to fix the problem inside their Active Directory implementations, but it seems that certain customers are already vulnerable.

“The vulnerability could cause an attacker to fake a domain controller account that could be used to capture domain credentials and take over the domain, if the original advice is not implemented,” Microsoft now says.

The technology giant also reiterates that downloading the available patches on each domain controller is the first step in fixing the vulnerability.

Responsive Directory domain controller and trust accounts will be secured alongside Windows domain-joined system accounts until they have been fully deployed. The business states that we highly urge everyone who has not adopted the upgrade to take this measure now.

Customers can use the upgrade to follow the previously released advice from Microsoft to ensure that they are completely covered. In that guide, for more clarification, the organisation has already revised the FAQs.

Following the upgrade, to ensure that CVE-2020-1472 is actually handled in their system, consumers are recommended to locate any devices that might still be vulnerable, fix them, and then allow compliance mode.

CISA issued a warning on Thursday to warn of continuing misuse of Zerologon and to encourage administrators to instal the patches available as soon as possible.

Source: https://cybersguards.com/hackers-continue-to-target-zerologon-vulnerability/

Continue Reading
Blockchain News1 hour ago

Chinese President Xi Jinping: Participate in Making Digital Currency and Digital Tax’s International Rule Actively

Energy2 hours ago

1 p.m. Update: Georgia Power working to restore remaining 68,000 customers after Hurricane Zeta

Blockchain News2 hours ago

South Korean Hospitals to Usher in New Healthcare Era Using Blockchain Technology, AI and Big Data

Code2 hours ago

[AWS Certified Developer] – Associate Practice Test Exam

AR/VR4 hours ago

VR Animation Baba Yaga Exclusive to Oculus Quest in 2021

Blockchain5 hours ago

Bitcoin-Themed NFT Card Set Launches On Anniversary Of Satoshi’s White Paper

Blockchain News5 hours ago

Verizon’s New Blockchain Verification Tool ‘Full Transparency’ Combats Fake News

Energy6 hours ago

9 a.m. Update: Georgia Power working to restore remaining 78,000 customers after Hurricane Zeta

Energy6 hours ago

E-Bikes Catch on Outside China, Boosting Global Market Growth Through 2024

Blockchain News6 hours ago

Chinese City Eyes Blockchain Applications for Urban Governance and Smart Education

Cyber Security6 hours ago

USCYBERCOM Released New Malware Samples

Blockchain News7 hours ago

The Bank of Russia Says CBDC Will Eliminate Challenges Caused by Cryptocurrencies

Cyber Security11 hours ago

The WordPress Core Team has Released an Emergency Release of WordPress 5.5.3

Blockchain23 hours ago

TRAMS DEX Propels Global Adoption of DeFi with Automated Market Maker (AMM) protocol

AI24 hours ago

AI Contact Tracer Awarded at UNLV

Press Releases24 hours ago

Bixin Ventures Announces $100M Proprietary Capital Fund to Support Global Blockchain Ecosystem

Press Releases1 day ago

SHANGHAI, Oct 26, 2020 – (ACN Newswire)

Start Ups1 day ago

CB Insights: Trends, Insights & Startups from The Fintech 250

Press Releases1 day ago

Valarhash Launches New Service Series for its Mining Hosting Operations

zephyrnet1 day ago

Trends, Insights & Startups from The Fintech 250

AR/VR1 day ago

The VR Game Launch Roundup: Time to Grapple With Zombies & Interior Design

Cyber Security1 day ago

Hackers Continue to Target Zerologon Vulnerability

AR/VR1 day ago

Oculus Quest 2 Sales Surpass Facebook Expectations, Pre-orders 5x More Than Original Quest

Crowdfunding1 day ago

Warning: This Is Cyber Criminals’ New Method of Attack

Cannabis1 day ago

Current Research on Effect Specific Uses of Cannabis

Crowdfunding1 day ago

Friday Charts: I Double Dare You To Ignore This Trend

AR/VR1 day ago

Five Nights at Freddy’s AR: Special Delivery Update Expands Phone Compatibility, Adds New Modes

AR/VR1 day ago

Hybrid Tower Defence/FPS Cyberspace VR Launches Kickstarter

Covid191 day ago

How Telemedicine Can Help Keep Your Health on Track

Start Ups1 day ago

Website Packages – Good or Evil?

Blockchain1 day ago

Self-Sovereign Decentralized Digital Identity

Cyber Security2 days ago

Best Moon Lamp Reviews and Buying Guide

Cyber Security2 days ago

Guilford Technical Community College Continues to Investigate a Ransomware Cyberattack

Cyber Security2 days ago

IOTW: Will There Be An Incident Of Impact On Tuesday’s Election?

Ecommerce2 days ago

Market America | SHOP.COM’s 2020 International Convention

Ecommerce2 days ago

First Pier Receives 2020 Clutch Award

Ecommerce2 days ago

Stellar Solutions Contributes Space Industry Expertise to Investors in…

Ecommerce2 days ago

Digital.com Names Top 15 Pay-Per-Click Agencies of 2020

Ecommerce2 days ago

New Balluff Mini Inductive Sensors Approved for up to 135 °C

AI2 days ago

Spookier Or Safer: How AI Autonomous Cars Alter Halloween Trick-Or-Treat Activities 

Trending