Tag: breached | Page 4

Chinese spies breached hundreds of public, private networks, security firm says | Associated Press

June 15, 2023/in Internet Security

Suspected state-backed Chinese hackers used a security hole in a popular email security appliance to break into the networks of hundreds of public and private sector organizations globally, nearly a third of them government agencies including foreign ministries, the cybersecurity firm Mandiant said Thursday.

“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer, said in a emailed statement. That hack compromised tens of thousands of computers globally.

In a blog post Thursday, Google-owned Mandiant expressed “high confidence” that the group exploiting a software vulnerability in Barracuda Networks’ Email Security Gateway was engaged in “espionage activity in support of the People’s Republic of China.” It said the activivity began as early as October.

The hackers sent emails containing malicious file attachments to gain access to targeted organizations’ devices and data, Mandiant said. Of those organizations, 55% were from the Americas, 22% from Asia Pacific and 24% from Europe, the Middle East and Africa and they included foreign ministries in Southeast Asia, foreign trade offices and academic organizations in Taiwan and Hong Kong. the company said.

Mandiant said the majority impact in the Americas may partially reflect the geography of Barracuda’s customer base.

Barracuda announced on June 6 that some of its its email security appliances had been hacked as early as October, giving the intruders a back door into compromised networks. The hack was so severe the California company recommended fully replacing the appliances.

After discovering it in mid-May, Barracuda released containment and remediation patches but the hacking group, which Mandiant identifies as UNC4841, altered their malware to try to maintain access, Mandiant said. The group then “countered with high frequency operations targeting a number of victims located in at least 16 different countries.”

Word of the breach as U.S. Secretary of State Antony Blinken departs for China this weekend as part of the Biden…

Source…

Hackers behind 3CX breach also breached US critical infrastructure

April 24, 2023/in Computer Security

The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec.

Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, Symantec told Bleeping Computer.

The report of other organizations also being breached comes a day after Mandiant revealed that trojanized X_TRADER application was the cause of the 3CX breach.

“The attackers behind these breaches clearly have a successful template for software supply chain attacks and further similar attacks cannot be ruled out,” Symantec said in its report.

Last month, several security researchers reported that the 3CX Desktop App had malware in it. The company confirmed the same and released an update for the Desktop App.

Attacks attributed to Lazarus group

Based on the methodology, Mandiant has attributed the attacks to the North Korean hacking group Lazarus. Symantec too agrees that the attackers appear to be linked to North Korea.

“It appears likely that the X_Trader (X_TRADER) supply chain attack is financially motivated, since Trading Technologies, the developer of X_Trader (X_TRADER), facilitates futures trading, including energy futures,” Symantec said in the report, adding that North Korea-sponsored actors are known to engage in both espionage and financially-motivated attacks.

“It cannot be ruled out that strategically important organizations breached during a financial campaign are targeted for further exploitation,” Symantec said.

Source…

FBI warns Rust-based ransomware has breached over 60 organisations

April 25, 2022/in Internet Security

The Federal Bureau of Investigation (FBI) has warned of BlackCat ransomware-as-a-service (RaaS) which it believes has compromised at least 60 entities around the world since last November.

BlackCat has been recruiting new affiliates since late 2021 and targeting organisations across multiple sectors across the world, according to Varonis Threat Labs. It has actively recruited former REvil, BlackMatter, and DarkSide operators and increased its activity since November 2021. Varonis found that it offers lucrative affiliate payouts, up to 90%, and uses a Rust-based ransomware executable. The group’s leak site also named over 20 victim organisations since January 2022, although the data security firm predicted that the total number of victims was likely to be greater.

The FBI released an alert earlier this month where it found that BlackCat, also known as ALPHV or Noberus, has compromised at least 60 entities worldwide through RaaS as of March 2022. It said it’s the first ransomware group to do so successfully using Rust, a programming language that offers high performance and improved safety features.

The advisory stated that the ransomware leverages previously compromised user credentials to gain initial access to the victim’s system. Once the malware establishes access, it compromises Active Directory user and administrator accounts. The malware utilises Windows Task Scheduler to configure malicious Group Policy Objects (GPOs) to deploy ransomware.

The initial deployment of the malware leverages PowerShell scripts, along with Cobalt Strike, and disables security features within the victim’s network. The ransomware also uses Windows administrative tools and Microsoft Sysinternals tools during compromise. BlackCat/ALPHV steals victim data before the execution of the ransomware, including from cloud providers where company or client data was stored.

“BlackCat-affiliated threat actors typically request ransom payments of several million dollars in Bitcoin and Monero but have accepted ransom payments below the initial ransom demand amount,” stated the FBI in the advisory. “Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter,…

Source…

Cybersecurity firm says Chinese hackers breached six US state agencies – SOUTHEAST

March 8, 2022/in Computer Security

The wide range of state agencies targeted include “health, transportation, labor (including unemployment benefit systems), higher education, agriculture, and court networks and systems,” the FBI and US Cybersecurity and Infrastructure Security Agency (CISA) said in a separate, private advisory to state governments obtained by CNN.

Source…

Tag Archive for: breached

Attacks attributed to Lazarus group