Tag Archive for: campaigns

PRC Spying, Malware and Disinformation Campaigns Push Hong Kong Dissidents to Underground Communications Channels

/in


Following the anti-extradition protests that spanned from 2019 into 2020, the Chinese Communist Party has stepped up its digital actions against Hong Kong activists and dissidents. A new report from threat intelligence firm Intsights finds that aggressive disinformation campaigns and related measures have forced organizers to move to the digital underground, using encryption and the dark web to keep the PRC from observing and inserting itself into their communications.

Disinformation campaigns, mass surveillance drive “dark web” uptick in Hong Kong

Though the Hong Kong street protests have since dissipated, tensions have nevertheless remained high as the Chinese government has aggressively moved to control the flow of information in the region. It has also made mass arrests of protesters under charges such as “subverting state power.” The PRC has also been conducting blanket surveillance that sweeps up even those that are not politically involved, for example monitoring and censoring Zoom conferences organized by businesses and schools. The country’s national security laws require companies based in its territory to turn over any information requested by the government.

Dissidents have responded to disinformation campaigns and surveillance by moving their communications to encrypted messaging apps and dark web forums. However, the researchers warn that this opens up inexperienced navigators to a new realm of criminal threats; some paid services have sprung up to safely guide activists and dissidents to the clandestine meeting places and resources that they are seeking.

The dark web is best known for the sale of illicit goods, everything from credit card skimming equipment to illegal drugs. This is the world that novices must learn to navigate, generally without assistance (unless they pay for it). And when they do find homes for political discussion, they are not necessarily ideologically friendly. The report finds that the most popular Chinese-language discussion forums on the dark web actually tend to be pro-PRC. And the dark web is not free from the eyes of the government; posts from users indicate that Chinese espionage agents monitor at…

Source…

US Treasury Warns of Increasing Ransomware Campaigns Against Coronavirus Vaccine Research Institutions

/in


US Treasury Warns of Increasing Ransomware Campaigns Against Coronavirus Vaccine Research Institutions

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a warning that alerts financial institutions in the United States about increasing ransomware attacks against coronavirus vaccine research organizations.

US Treasury Warns of Ransomware Attacks, Phishing Schemes Targeting Covid-19 Vaccine Research Institutions

According to the alert, FinCEN says that fraud, ransomware attacks, and “similar types of criminal activity” target the distribution of Covid-19 vaccines, which could affect their supply chains if proper actions are not taken on time.

The alert reads as follow in regards to ransomware campaigns:

Cybercriminals, including ransomware operators, will continue to exploit the Covid-19 pandemic alongside legitimate efforts to develop, distribute, and administer vaccines. FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines.

Within the attacks, the bureau states that phishing schemes are on the rise by placing misinformation about Covid-19 vaccines as bait to catch victims. The alert provides a series of steps that institutions should follow to report such incidents to FinCEN.

The warning was published the same day that the U.S. Food and Drug Administration (FDA) issued two emergency authorizations for coronavirus vaccines.

Financial Companies That Facilitate Ransomware Payments Could Face Sanctions

But the ransomware campaigns’ incidents have another component that put extra weight on the financial institutions’ back. On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) released an advisory to highlight the sanctions risk associated with ransomware crypto payments.

In fact, the OFAC warns:

Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC…

Source…

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns – Threatpost

/in



Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns  Threatpost

Source…

Nation-State Hacking Campaigns Targeting COVID-19 Research Firms

/in


By Jessica Davis

– COVID-19 vaccine developers and research firms are again facing targeted cyberattacks, with an ongoing campaign led by nation-state hackers with ties to North Korea and Russia, according to Microsoft.

Researchers have observed nation state threat actors targeting seven firms leading COVID-19 vaccine and treatment research, including pharmaceutical companies and researchers in the US, Canada, France, India, and South Korea.

The campaigns are led by the Russian hacking group known as Strontium and North Korean hackers, Zinc and Cerium.

Cybercriminals have ramped up their malicious attacks throughout the pandemic, from phishing attacks and fraud schemes tied to the coronavirus, to nation-state attacks on coronavirus research and human-operated ransomware attacks on the healthcare sector.

Most recently, a joint alert from the FBI and the Departments of Health and Human Services and Homeland Security warned of a wave of ransomware attacks on healthcare entities, which has already claimed at least a dozen victims.

The latest hacking campaign is primarily focused on COVID-19 vaccine manufacturers in various stages of clinical trials, including one clinical research foundation involved in clinical trials and one firm that developed a COVID-19 test, Tom Burt, Microsoft’s corporate vice president, customer security and trust, explained in a blog post.

Several targeted organizations are contracted with or have investments from the government to work on research tied to the virus.

The Russian-backed Strontium attacks leverage brute-force login or password-spray attacks, which are designed to break into user’s accounts using thousands or millions of rapid attacks.

Meanwhile, Zinc primarily uses spear-phishing lures masked as fabricated job descriptions sent from recruiters in an effort to steal credentials. The other North Korean-tied campaign, Cerium, also focuses on spear-phishing emails that use COVID-19 themes purportedly sent from fake World Health Organization representatives.

Microsoft was able to block the majority of the attempts, and…

Source…