Tag Archive for: Attempt

US cyberwarriors thwarted 2020 Iran election hacking attempt

/in


Iranian hackers broke into to a system used by a U.S. municipal government to publish election results in 2020 but were discovered by cyber soldiers operating abroad and kicked out before an attack could be launched, according to U.S. military and cybersecurity officials.

The system involved in the previously undisclosed breach was not for casting or counting ballots, but rather was used to report unofficial election results on a public website. The breach was revealed during a presentation this week at the RSA Conference in San Francisco, which is focused on cybersecurity. Officials did not identify the local government that was targeted.

“This was not a system used in the conduct of the election, but we are of course also concerned with systems that could weigh on the perception of a potential compromise,” said Eric Goldstein, who leads the cybersecurity division at the U.S. Cybersecurity and Infrastructure Security Agency.

If not expelled from the site, the hackers could have altered or otherwise disrupted the public-facing results page — though without affecting ballot-counting.

“Our concern is always that some type of website defacement, some type of (denial of service) attack, something that took the website down or defaced the website say on the night of the election, could make it look like the vote had been tampered with when that’s absolutely not true,” Major Gen. William J. Hartman, commander of U.S. Cyber Command’s Cyber National Mission Force, told conference attendees Monday.

Hartman said his team identified the intrusion as part of what he termed a “hunt-forward” mission, which gathers intelligence on and surveils adversaries and criminals. The team quickly alerted officials at the U.S. cybersecurity agency, who then worked with the municipality to respond to the intrusion.

Hartman said his team then acted “to ensure the malicious cyber actor no longer had access to the network and was unable to come back into the network in direct support of the elections.”

No details were released on how or from what country the Iranian intrusion was detected.

Source…

Health ministry approaches CERT-In over hacking attempt of its website

/in


The Union health ministry has asked the Indian Computer Emergency Response Team (CERT-In) under the the Ministry of Electronics and Information Technology to look into the reported attempt of hacking of its website allegedly by a Russian hacker group.

Cyber security experts from CloudSEK have claimed that Russian hacker group ‘Phoenix’ targeted the website and managed to get access to the ministry’s Health Management Information System portal and has details of all the hospitals of India, employees and and physicians data. ”We have sought details and asked the CERT-In to look into the alleged hacking of the health ministry’s website. They will submit a report,” an official source told PTI. CERT-In is the national nodal agency for responding to computer security incidents and provides prevention and response services to government departments and private bodies.

According to a report by CloudSEK, the group mentioned that the attack is ”a consequence of India’s agreement over the oil price cap and sanctions of G20 over the Russia-Ukraine war”.

”The motive behind this target was the sanctions imposed against the Russian Federation where Indian authorities decided not to violate the sanctions as well as comply with the price ceiling for Russian oil approved by G7 countries,” CloudSEK said.

”This decision resulted in multiple polls on the telegram channel of the Russian Hacktivist Phoenix asking the followers for their votes,” it stated. CloudSEK stated that Phoenix has been active since January 2022 and is known for phishing scams and a history of targeting hospitals based in Japan and the UK, US based healthcare organisation serving the US military and DDoS attack on the website of Spanish foreign ministry among others.

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)

Source…

North Korea Reportedly Exploited Itaewon Tragedy in Hacking Attempt

/in


Seoul, South Korea – North Korean hackers exploited public interest in October’s tragic Itaewon crowd surge to target South Koreans with malware, Google cybersecurity researchers said Wednesday.

The North Korean hackers distributed a corrupted Microsoft Word document that appeared to be an official press release from South Korea’s Ministry of Interior and Safety, according to a blog post by Google’s Threat Analysis Group, which focuses on government-backed cyber-attacks.

Once opened, the document would download another file that would attempt to deploy malware onto the user’s device.

The document exploited a weakness in the Internet Explorer web browser, an attack known as a zero-day vulnerability, the Google blog post said. In a zero-day attack, hackers exploit such unidentified flaws to gain access to a computer system.

‘We attribute this activity to a group of North Korean government-backed actors known as APT37,’ Google added, saying the group has previously carried out similar attacks.

At least 158 people died in the crowd surge, which occurred when Halloween partygoers became stuck in a narrow alley in Seoul’s Itaewon neighborhood on October 29.

A man bows in the middle of the scene of a deadly accident following Saturday night's Halloween festivities in Seoul, South Korea, Monday, Oct. 31, 2022.A man bows in the middle of the scene of a deadly accident following Saturday night's Halloween festivities in Seoul, South Korea, Monday, Oct. 31, 2022.

South Korea Probes Halloween Crowd Surge as Nation Mourns

North Korea’s government never offered condolences in the incident. Instead, North Korea fired an unprecedented barrage of missiles, including some that landed near South Korea’s coast, during the South’s period of national mourning.

FILE - A man watches a television showing a news broadcast with file footage of a North Korean missile test, at a railway station in Seoul on Nov. 18, 2022. FILE - A man watches a television showing a news broadcast with file footage of a North Korean missile test, at a railway station in Seoul on Nov. 18, 2022.

N. Korea Fires Artillery Near Border in Warning to S. Korea

Google did not specify how the North Korean hackers distributed the corrupted document, who received it or how many devices may have been affected.

Google said it became aware of the North Korean malware in late October after multiple users from South Korea uploaded the document to the company’s VirusTotal tool, which analyzes suspicious files.

Within hours of discovering the hacking attempt, Google reported it to Microsoft, which sent out security updates about a week later to protect users from the attack, Google said.

‘This is not the first time APT37 has used Internet Explorer 0-day exploits to target users,’ Google said. ‘The group has historically focused their targeting on South…

Source…

Albany Schools Still Without Internet After Hacking Attempt

/in


(TNS) — There will be no Internet in Albany schools for one more day, after an attempted cyber attack last weekend, school Superintendent Kaweeda Adams said.

The Division of Homeland Security and other experts need more time to finish a forensic investigation to determine who or what tried to repeatedly hack into the school district, Adams said. Originally they had planned to finish the investigation by the end of Wednesday.

In addition, they are checking every machine in the district for programs that might have snuck in during the attack.


They must “interrogate all our machines to make sure nothing’s hiding,” she said.

The forensic investigation could also lead to changes in how the district keeps its systems secure, she said.

But the superintendent emphasized again that although the district was repeatedly hacked over the weekend, the attacks did not succeed. Adams did not specify how the hackers attempted to gain access.

“None of our information was compromised,” she said. “Our team was getting all the notifications of (cyber attack) activity and we were able to shut down that access.”

In the meantime, teachers will use printed materials for one more day, and students will not be able to use their Chromebooks or district-issued hotspots.

The district has established an “alternate” way to maintain business operations, so that it could update the website, collect attendance and complete other duties. Employees will be paid as normal, she said.

The shutdown Thursday will give investigators an additional four days to work, because Friday is a school holiday.

©2022 the Times Union (Albany, N.Y.). Distributed by Tribune Content Agency, LLC.

Source…