Tag Archive for: Brazen

Cash-Starved North Korea Eyed in Brazen Bank Rakyat Indonesia Hack

/in


Think Ocean’s 11—only the robbers are cash-starved, nuke-thirsty North Koreans and their weapons are keyboards, not explosives and guns.

In the latest efforts to fund Kim Jong-Un’s nuclear ambitions, hackers suspected of working for the North Korean government appear to have slithered their way into the computer networks of an Indonesian bank in an apparent attempt to pull off a megaheist to fund regime goals, The Daily Beast has learned.

It was around February of 2020 when the hackers, suspected of working for North Korea’s military intelligence agency—the Reconnaissance General Bureau (RGB)—are believed to have targeted the networks of Bank Rakyat Indonesia, cybersecurity researchers that have studied the malware culprit told The Daily Beast.

The hackers appear to have gone after the bank’s networks with custom-made North Korean malware, according to a technical report on the apparent breach obtained by The Daily Beast. It remains unclear whether the North Korean hackers were successful in stealing any money—the report doesn’t confirm with 100 percent certainty that the hackers were successful in hitting the bank and making off with the cash—but the report indicates the hackers were likely successful in running the final parts of their hacking campaign against the bank, said Adrian Nish, the head of threat intelligence at BAE Systems.

Nish added that the particular malware believed to have hit Bank Rakyat Indonesia was a “late-stage tool,” typically used after hackers have already gained access to the network and done reconnaissance on its systems.

That malware, known as “BEEFEATER,” also links the campaign to the same malware that the North Korean hackers used in another heist, in which they successfully stole millions of dollars from Bangladesh Bank, Nish told The Daily Beast.

In 2016, North Korean hackers broke into Bangladesh Bank, stealing $81 million by sending fraudulent payment orders through the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a messaging system that makes bank transfers.

The North Koreans are [realizing] it’s so much more lucrative to go after the cryptocurrency exchanges.They get so much more out of it….

Source…

Advisories: “Brazen” Russian ransomware hackers target hundreds of US hospitals

/in


Advisories: “Brazen” Russian ransomware hackers target hundreds of US hospitals

Getty Images

Russian hackers are targeting hundreds of US hospitals and healthcare providers just as the Corona Virus is making a comeback and the US presidential election is in its final stretch, officials from three government agencies and the private sector are warning.

The hackers typically use the TrickBot network of infected computers to penetrate the organizations and after further burrowing into their networks deploy Ryuk, a particularly aggressive piece of ransomware, a joint advisory published by the FBI, Health and Human Services, and the Cybersecurity & Infrastructure Security agency said.

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers,” Wednesday evening’s advisory stated. “CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”

Security firm Mandiant said much the same in its own notice, which provided indicators of compromise that targeted organizations can use to determine if they were under attack.

Mandiant Senior VP and CTO Charles Carmakal said in an email to reporters that the targeting was “the most significant cyber security threat we’ve ever seen in the United States.” He went on to describe the Russian hacking group behind the plans as “one of most brazen, heartless, and disruptive threat actors I’ve observed over my career.” Already several hospitals have come under attack in the past few days, he said.

Crossing lines

“The intention by the threat actor is to hit hundreds of other organizations out there,” he said in an interview. “Most threat actors don’t want to deliberately hit hospital organizations. There’s an ethical line and they choose not to cross it. This particular actor, they have no problem crossing the line. They’re actively targeting healthcare and hospital organizations.”

There are reports of a handful of hospitals that have been hit with cyberattacks over the past few weeks. CNN said, it had confirmed that “Universal Health…

Source…

Feds pin brazen kernel.org intrusion on 27-year-old programmer

/in

Enlarge (credit: Ildar Sagdejev)

In August 2011, multiple servers used to maintain and distribute the Linux operating system kernel were infected with malware that gave an unknown intruder almost unfettered access. Earlier this week, the five-year-old breach investigation got its first big break when federal prosecutors unsealed an indictment accusing a South Florida computer programmer of carrying out the attack.

Donald Ryan Austin, 27, of El Portal, Florida, used login credentials belonging to a Linux Kernel Organization system administrator to install a hard-to-detect backdoor on servers belonging to the organization, according to the document that was unsealed on Monday. The breach was significant because the group manages the network and the website that maintain and distribute the open source OS that’s used by millions of corporate and government networks around the world. One of Austin’s motives for the intrusion, prosecutors allege, was to “gain access to the software distributed through the www.kernel.org website.”

The indictment refers to kernel.org officials P.A. and J.H., who are presumed to be Linux kernel developer H. Peter Anvin and kernel.org Chief System Administrator John “‘Warthog9” Hawley, respectively. It went on to say that Austin used the credentials to install a class of extremely hard-to-detect malware known as a rootkit and a Trojan that logs the credentials of authorized users who use the secure shell protocol to access an infected computer.

Read 7 remaining paragraphs | Comments

Technology Lab – Ars Technica

Brazen computer thieves steal big – Gladstone Observer

/in

Clinton State School acting deputy principal Astred Binnerts confirmed computer equipment had been stolen but was unable to elaborate on the method of entry or other details. However, she said a damaged security system had since been repaired.
Read more