Tag Archive for: Bear

Ukrainian security service identifies Russian FSB officers behind Primitive Bear. US sanctions four spyware firms, including NSO Group.

/in


By the CyberWire staff

Ukrainian security service identifies Russian FSB officers behind Primitive Bear.

Ukraine’s security service, the SSU, has identified five Russian FSB officers as operators behind the Gamaredon threat actor (also known as “Primitive Bear”). The group has specialized in targeting Ukrainian critical infrastructure and classified networks. The group is centered, geographically, in Russian-occupied Ukraine, and the FSB chatter the SSU intercepted includes a lot of whining about getting shafted out of awards and bonuses, recognition going to the undeserving, and everybody having to get tested for COVID at work.

US sanctions four spyware firms, including NSO Group.

The US Department of Commerce has sanctioned four companies for providing spyware to foreign governments. NSO Group and Candiru (both based in Israel) have been added to the Entity List, as have Positive Technologies (a Russian firm), and the Computer Security Initiative Consultancy PTE (headquartered in Singapore).

Of the two Israeli firms, Commerce said they “were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers. These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order.”

Positive Technologies and the Computer Security Initiative Consultancy were placed on the Entity List after, Commerce said, “a determination that they traffic in cyber tools used to gain unauthorized access to information systems, threatening the privacy and security of individuals and organizations worldwide.”

The sanctions, Commerce explains, represent a move in support of human rights. “This effort is aimed at improving citizens’ digital security, combating cyber threats, and mitigating unlawful surveillance and follows a recent interim final rule released by the Commerce Department…

Source…

North Korea continues targeting security researchers. Holiday Bear gained access to DHS emails. Charming Kitten is phishing for medical professionals.

/in


By the CyberWire staff

North Korea continues targeting security researchers.

Google’s Threat Analysis Group (TAG) has published an update on a North Korean cyberespionage campaign targeting security researchers. TAG warned in January that a threat actor was messaging researchers on various social media platforms asking to collaborate on vulnerability research. They also set up a watering hole site that posed as a phony research blog, using an Internet Explorer zero-day.

Now, Google says the actor is using a new website and social media profiles posing as a fake company called “SecuriElite.” TAG writes, “The attacker’s latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action.” Google also believes the attackers are using more zero-days.

Holiday Bear gained access to DHS emails.

The Associated Press reports that the suspected Russian hackers behind the SolarWinds attack gained access to the emails of former acting Department of Homeland Security Secretary Chad Wolf and other DHS officials. So far it doesn’t appear that classified communications were compromised, but POLITICO says the number of emails stolen was in the thousands. A State Department spokesperson told POLITICO, “the Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”

5 Top ICS Cybersecurity Recommendations in the Year in Review

Find out about the major ICS cyber threats, vulnerabilities and lessons learned from our field work in the just released Year in Review report. You’ll discover 5 recommendations to secure your industrial environment and the 4 new threat activity groups we’re tracking.  Read the executive summary. 

Charming Kitten is phishing for medical professionals.

Proofpoint reports that…

Source…

Russia’s Cozy Bear comes out of hiding with post-election spear-phishing blitz

/in
Russian President Vladmir Putin in St. Petersburg today for the St. Petersburg International Economic Forum, acknowledged today that Russian hackers may have interfered in the US election.

Enlarge / Russian President Vladmir Putin in St. Petersburg today for the St. Petersburg International Economic Forum, acknowledged today that Russian hackers may have interfered in the US election. (credit: Mikhail Svetlov/Getty Images)

Attackers suspected of working for the Russian government masqueraded as a US State Department official in an attempt to infect dozens of organizations in government, military, defense contracting, media, and other industries, researchers from security firm FireEye warned on Monday.

The spear-phishing campaign began last Wednesday. This is almost exactly two years after the Russian hacking group known under a variety of monikers, including APT29 and Cozy Bear, sent a similar barrage of emails that targeted many of the same industries, FireEye said in a blog post. The tactics and techniques used in both post-election campaigns largely overlap, leading FireEye to suspect the new one is also the work of the Russian-government-controlled hacking arm. FireEye researchers Matthew Dunwoody, Andrew Thompson, Ben Withnell, Jonathan Leathery, Michael Matonis, and Nick Carr wrote:

Analysis of this activity is ongoing, but if the APT29 attribution is strengthened, it would be the first activity uncovered from this sophisticated group in at least a year. Given the widespread nature of the targeting, organizations that have previously been targeted by APT29 should take note of this activity. For network defenders, whether or not this activity was conducted by APT29 should be secondary to properly investigating the full scope of the intrusion, which is of critical importance if the elusive and deceptive APT29 operators indeed had access to your environment.

“Secure” communications

At least 38 FireEye clients have been targeted so far in the spear-phishing campaign, Carr told Ars. The emails purport to deliver an official US State Department from a known public-affairs official at the same US agency. The messages were designed to appear as a secure communication that’s hosted on a webpage linked to the official’s personal drive. To further appear legitimate, the message delivers a legitimate State Department form.

Read 9 remaining paragraphs | Comments

Biz & IT – Ars Technica

Smart teddy bear maker faces scrutiny over data breach response – InfoWorld

/in

Smart teddy bear maker faces scrutiny over data breach response
InfoWorld
Did a toymaker ignore warnings about a data breach? That's a key question swirling around Spiral Toys, a company behind a line of smart stuffed animals that security researchers worry can be easily hacked. On Tuesday, Spiral Toys said the breach, which …
Troy Hunt: Data from connected CloudPets teddy bears leaked and ransomed, exposing kids' voice messagesTroy Hunt
Internet of Things Teddy Bear Leaked 2 Million Parent and Kids Message Recordings – Motherboard – Motherboard – ViceMotherboard – Vice
Smart teddy bears involved in a contentious data breachNetwork World

all 94 news articles »

data breach – Google News