Tag Archive for: espionage

Unraveling the Intricate Web of State-Sponsored Cyber Espionage

/in


In an era where digital frontiers are continually expanding, the specter of state-sponsored cyber espionage looms large. Recent revelations have shed light on the intricate web of cyber activities orchestrated by nations like China and Russia, targeting global infrastructures and posing unprecedented threats to international security. This narrative unfolds against the backdrop of accusations leveled against these countries, involving sophisticated hacking operations that not only breach the digital defenses of corporations but also insidiously infiltrate the very core of critical national infrastructures.

The Genesis of Cyber Espionage: Unveiling ‘Bitter’

At the heart of this digital battleground is ‘Bitter’, an advanced persistent threat (APT) group with suspected origins in India, active since at least November 2013. Bitter’s modus operandi is emblematic of the shadows cast by cyber espionage on global politics. Through meticulously crafted spear phishing and watering hole attacks, this group has targeted a swath of countries including Pakistan, Bangladesh, Mongolia, and China. Their actions, ranging from impersonating embassies to deploying malicious files via compromised email accounts, are not merely acts of cyber vandalism but calculated moves on the chessboard of international intelligence gathering.

The activities of Bitter, connected to other groups like Patchwork, SideWinder, and Donot, underscore a broader narrative of cyber operations focused on extracting sensitive information. Cybersecurity firms have linked several attacks over the past two years to Bitter, revealing a pattern of espionage that underscores the strategic importance of digital intelligence in modern geopolitical maneuvering.

Escalating Threats: China’s Cyber Prowess and Global Responses

China’s ever-expanding cyber capabilities have come under intense scrutiny, with accusations of state-sponsored hacking that targets critical infrastructure, notably in countries like Japan. The Deputy Director of Japan’s National Center of Incident Readiness and Strategy for Cybersecurity has voiced concerns over the rising tide of cyber threats,…

Source…

Ex-CIA Officer Imprisoned For ‘Heinous Crimes Of Espionage’

/in


CIA 3d rendering of American flag cyber

iStockphoto

Ex-CIA officer Joshua Adam Schulte sent to prison for “committing some of the most brazen, heinous crimes of espionage in American history.”

The 35-year-old Schulte was sentenced to 40 years in prison for crimes of espionage, computer hacking, contempt of court, and making false statements to the FBI.

Schulte was employed by the CIA as a software developer in the Center for Cyber Intelligence (CCI) from 2012 to 2016.

“Mr. Schulte severely harmed U.S. national security and directly risked the lives of CIA personnel, persisting in his efforts even after his arrest,” Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division, said in a statement.

In March 2016, Schulte was moved within branches of CCI as a result of personnel disputes between Schulte and another developer. Following that transfer, in April 2016, Schulte abused his administrator powers to grant himself administrator privileges over a development project from which he had been removed as a result of the branch change. Schulte’s abuse of administrator privileges was detected, and CCI leadership directed that administrator privileges would immediately be transferred from developers, including Schulte, to another division. Schulte was also given a warning about self-granting administrator privileges that had previously been revoked.

Schulte had, however, secretly opened an administrator session on one of the servers before his privileges were removed. On April 20, 2016, after other developers had left the CCI office, Schulte used his secret server administrator session to execute a series of cyber-maneuvers on the CIA network to restore his revoked privileges, break in to the backups, steal copies of the entire CCI tool development archives (the Stolen CIA Files), revert the network back to its prior state, and delete hundreds of log files in an attempt to cover his tracks. Schulte’s theft of the Stolen CIA Files is the largest data breach in CIA history.

From his home computer, Schulte then transmitted the Stolen CIA Files to WikiLeaks, using anonymizing tools recommended by WikiLeaks to potential leakers, such as the Tails operating system and the…

Source…

Ivanti VPN vulnerabilities exploited by suspected espionage group UNC5221

/in


New details have emerged surrounding two zero-day vulnerabilities impacting Ivanti Connect Secure VPN (formerly known as Pulse Secure) and Ivanti Policy Security appliances. These vulnerabilities have been published by cybersecurity firm Mandiant. The reported vulnerabilities have seen active exploitation in the wild, beginning as early as December 2023.

Threat actor UNC5221, a suspected espionage group currently being monitored by Mandiant, is believed to be behind the exploitation of these vulnerabilities. As highlighted by Mandiant Consulting CTO Charles Carmakal, these CVEs, when chained together, result in unauthenticated remote code execution.

UNC5221 reportedly employed multiple custom malware families to conduct post-exploitation espionage activity after successfully exploiting the zero-day vulnerabilities. This includes establishing footholds for continued access to the Connect Secure (CS) appliances.

According to Mandiant’s researchers, the group’s preparation for maintaining persistent access to the CS appliances suggests that these are not just opportunistic attacks. It would seem UNC5221 planned to maintain its presence on a subset of high-priority targets compromised after an eventual patch release.

Mandiant’s researchers added that, similar to UNC5221, they had previously noted multiple suspected APT actors resorting to appliance-specific malware to facilitate post-exploitation and evade detection. These cases, coupled with findings related to targeting, have led Mandiant to believe that this could be an espionage-motivated APT campaign.

While Mandiant continues to investigate these attacks in detail, early findings also note that UNC5221 primarily utilised compromised, out-of-support Cyberoam VPN appliances for its command and control. The compromised devices were domestic to the victims, likely further aiding the threat actor in evading detection.

Patches are currently being developed, with Ivanti customers advised to stay updated on release timelines. At present, Mandiant has not linked this activity to a previously known group. It also doesn’t currently have enough data to ascertain the origin of UNC5221.

The custom malware families used by…

Source…

Embassy of China in Canada Issues a Statement on U.S Cyber Espionage Campaigns Against Japan

/in


I just came across to a statement issued by the Embassy of China in Canada on the U.S cyber espionage campaigns launched against Japan.

What’s so special about this statement? First it does quite Wikileaks which is a bit of an outdated approach including the actual source to shed more light into a bigger problem and issue for China that the press statement on the Web site of the Chinese Embassy in Canada mentions. In this specific case the statement implies the use of the so called “hunt-forward” missions which could really mean big trouble for China if the U.S somehow manages to secure a deal with a neighbouring country next to China which could really mean big trouble for China as the U.S will then attempt to establish the foundation for a successful cyber attacks and possibly information operations interception campaigns used managed and operated by China including its partners and allies where to ultimate goal would be to measure their true capabilities and set the foundation for a successful cyber situational awareness campaign in terms of cyber attacks and the true state of China’s true cyberspace operations and cyber attack capabilities including the capabilities of some of its neighbouring countries.

The so called Hunt Forward Operations also known as (HFOs) are an early warning system for cyber situational awareness that could improve the true state of the visibility of the actual country that’s doing these missions in this specific case the U.S could really learn a lot about new tactics and techniques courtesy of the attackers based in the specific country where it’s hosting its mission which could be really bad news for China in terms of having the U.S deploy hunt forward missions in its neighbouring countries where the U.S could really get a better picture of China’s understanding and actual applicability of basic cyber warfare principles and concepts in action including the “know-how” of its neighbouring countries.

Despite the fact that the U.S is willing to share its knowledge and understanding of cyber attacks “know-how” with the host country of a hunt forward mission it could also learn a lot about the cyber attacks that originate from the…

Source…