Tag Archive for: breached

Hackers Claim to Have Breached Dallas County Government

/in


(TNS) — Dallas County may be the latest victim in a string of local cyber attacks after a ransomware group claimed on the dark web over the weekend that it has obtained county information.

County officials said Monday that they became aware of a “cybersecurity incident” on Oct. 19, but they have not released details.

“We immediately took steps to contain the incident and engaged an external cybersecurity firm to conduct a comprehensive forensic investigation,” County Judge Clay Lewis Jenkins said in a statement.


The statement said that the county has put in place stringent security protocols and is working with cybersecurity specialists and law enforcement to address the situation. Citing an ongoing investigation, it did not elaborate on the incident. Lewis Jenkins’ office declined to comment further.

Commissioner John Wiley Price said that the county knew about the alleged attack before the ransomware group posted on the dark web. Price said that the county is not validating the claim that this group infiltrated the county’s system but rather investigating whether a breach occurred.

“We just know that it’s a claim,” he said in an interview. “We’re not validating any claim at this time.”

The Dallas Police Department sent an internal email on Monday cautioning employees to not log into the law enforcement portal shared with Dallas County, upload or download evidence or open attachments or links from Dallas County email addresses.

District Attorney John Creuzot said that the incident could impede attorneys’ and prosecutors’ ability to upload documents to court cases.

“If there is a larger a problem, I haven’t been informed of it, and nobody in my office told me that they were impaired in their ability to do their work,” Creuzot said in an interview.

Cyber experts have posted on X, formerly Twitter, screenshots from the dark web of a cyber hacking group claiming to have information from Dallas County. The screenshots say the hackers created the post Oct. 28.

Brett Callow, a cyber threat analyst with cybersecurity firm Emsisoft, said that, while these hackers typically are criminals and…

Source…

Boeing Breached by Ransomware, LockBit Gang Claims

/in


In a post on its leak site, prolific ransomware threat group LockBit claims that it breached Boeing, and said that it will start releasing sensitive data it purportedly stole from the company’s systems if ransom demands aren’t met by Nov. 2.

“A tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing do (sic) not contact within deadline!” the LockBit post shared by cybersecurity analyst Dominic Alvieri read. “For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline.”

The post included a countdown clock to the deadline.

A Boeing spokesperson told Dark Reading, “We are assessing this claim.”

LockBit boasted it accessed Boeing’s systems with a zero-day vulnerability.

If this turns out to be true, James Dyer, threat intelligence lead at Egress, predicts a long recovery road ahead for the sprawling multinational aviation and aerospace organization.

“This incident is not only worrying because of its immediate threat but also in terms of the fallout,” Dyer said in a statement. “Ultimately, the company and customers could now be at greater risk from increased phishing attacks using credentials compromised in the other initial attack — otherwise known as business email compromise (BEC).”

LockBit has been the most active ransomware threat group over the past year, according to Black Kite’s head of research, Ferhat Dikbiyik, but he added in a statement that the group doesn’t traditionally target organizations as large as Boeing.

LockBit appears to be proceeding cautiously by not immediately publishing any sample data,” he noted.

This seems to be a departure from previous operations. Last August, LockBit breached a UK defense contractor, Zaun Ltd., and leaked sensitive data on the physical security surrounding several agencies in the UK Ministry of Defence.

Source…

Exclusive: North Korean hackers breached top Russian missile maker

/in


  • Hackers breached systems at NPO Mashinostroyeniya
  • Russian firm produces hypersonic missiles, satellites
  • Discovery comes shortly after Russian defence minister visits Pyongyang

LONDON/WASHINGTON, Aug 7 (Reuters) – An elite group of North Korean hackers secretly breached computer networks at a major Russian missile developer for at least five months last year, according to technical evidence reviewed by Reuters and analysis by security researchers.

Reuters found cyber-espionage teams linked to the North Korean government, which security researchers call ScarCruft and Lazarus, secretly installed stealthy digital backdoors into systems at NPO Mashinostroyeniya, a rocket design bureau based in Reutov, a small town on the outskirts of Moscow.

Reuters could not determine whether any data was taken during the intrusion or what information may have been viewed. In the months following the digital break-in Pyongyang announced several developments in its banned ballistic missile programme but it is not clear if this was related to the breach.

Experts say the incident shows how the isolated country will even target its allies, such as Russia, in a bid to acquire critical technologies.

NPO Mashinostroyeniya did not respond to requests from Reuters for comment. Russia’s embassy in Washington did not respond to an emailed request for comment. North Korea’s mission to the United Nations in New York did not respond to a request for comment.

News of the hack comes shortly after a trip to Pyongyang last month by Russian defence minister Sergei Shoigu for the 70th anniversary of the Korean War; the first visit by a Russian defence minister to North Korea since the 1991 breakup of the Soviet Union.

The targeted company, commonly known as NPO Mash, has acted as a pioneer developer of hypersonic missiles, satellite technologies and newer generation ballistic armaments, according to missile experts – three areas of keen interest to North Korea since it embarked on its mission to create an Intercontinental Ballistic Missile (ICBM) capable of striking the mainland United States.

According to technical data, the intrusion roughly began in late 2021 and continued until May 2022 when, according to internal…

Source…

State, Commerce Departments Breached by Hackers

/in


(TNS) — Hackers breached Microsoft Outlook email accounts linked to government agencies in the United States, including State and Commerce departments, and others in Western Europe, according to government officials and Microsoft Corp., which described the attackers as being based in China.

Last month, the U.S. State Department identified anomalous activity and alerted Microsoft to the attack, according to a spokesperson. A subsequent investigation by the company determined that the hackers accessed and exfiltrated unclassified Exchange Online Outlook data from a small number of accounts,” according to a statement from the U.S. Cybersecurity and Infrastructure Security Agency, known as CISA.

The U.S. Commerce Department was also breached and took immediate action after being notified by Microsoft, a spokesperson said. The department is monitoring its systems and would respond promptly if additional activity is detected, the spokesperson added.


It wasn’t known which other U.S. agencies were affected by the breach, but a senior official said the number was in the single digits.

In an interview with ABC News on Wednesday morning, national security adviser Jake Sullivan said, “We detected it fairly rapidly, and we were able to prevent further breaches. The matter is still being investigated.”

In a blog post published Tuesday night, Microsoft described the group behind the attack as China-based and named it Storm-0558. The hackers were able to remain undetected for a month after gaining access to email data from around 25 organizations in mid-May.

“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, an executive vice president at Microsoft, wrote in another post.

It also wasn’t clear which European governments were affected. Italian cybersecurity officials said they were in contact with Microsoft “in order to identify potential Italian subjects involved in the latest attacks.”

Asked about the findings, China’s Foreign Ministry spokesman Wang Wenbin, at a regular briefing Wednesday, accused the U.S. of being the world’s…

Source…