Tag Archive for: disables

US disables hacking network targeting critical infrastructure


The US launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter.

The Justice Department (DoJ) and Federal Bureau of Investigation (FBI) sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.

The Biden administration has increasingly focused on hacking, not only for fear that nation states may try to disrupt the US election in November, but because ransomware wreaked havoc on Corporate America in 2023.

The hacking group at the center of recent activity, Volt Typhoon, has especially alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities.

While the Volt Typhoon campaign initially came to light in May 2023, the hackers expanded the scope of their operations late last year and changed some of their techniques, according to three people familiar with the matter.

The widespread nature of the hacks led to a series of meetings between the White House and private technology industry, including several telecommunications and cloud computing companies, where the US government asked for assistance in tracking the activity.

Such breaches could enable China, national security experts said, to remotely disrupt important facilities in the Indo-Pacific region that in some form support or service US military operations. Sources said US officials are concerned the hackers were working to hurt US readiness in case of a Chinese invasion of Taiwan.

China, which claims democratically governed Taiwan as its own territory, has increased its military activities near the island in recent years in response to what Beijing calls “collusion” between Taiwan and the United States.

The Justice Department and FBI declined to comment. The Chinese embassy in Washington did not immediately respond to a request for comment.

When Western nations first warned about Volt Typhoon in May, Chinese foreign ministry spokesperson Mao Ning said the hacking…

Source…

Microsoft Disables Iran-Linked Lebanese Hacking Group Polonium


After detecting a Lebanese hacking group it calls Polonium abusing its OneDrive personal storage service, Microsoft says it was able to disable the group, which could have links to the Iranian government.

In its latest effort, the advanced persistent threat (APT) targeted more than 20 Israeli organizations and one intergovernmental organization. The Microsoft Threat Intelligence Center (MSTIC) says it suspended more than 20 malicious OneDrive applications created by Polonium actors in the campaign.

Among the targeted organizations were those involved in critical manufacturing, transportation systems, financial services, IT, and Israel’s defense industry, the software giant says – all of which offer an avenue to carry out downstream supply chain attacks.

“In at least one case, Polonium’s compromise of an IT company was used to target a downstream aviation company and law firm in a supply-chain attack that relied on service provider credentials to gain access to the targeted networks,” according to MSTIC. “Multiple manufacturing companies they targeted also serve Israel’s defense industry, indicating a Polonium tactic that follows an increasing trend by many actors, including among several Iranian groups, of targeting service provider access to gain downstream access.”

Polonium’s Infection Routine

In 80% of the observed cases, the group exploited a flaw in Fortinet VPN appliances (likely via CVE-2018-13379 vulnerability) to gain initial access. Then they installed a custom PowerShell implant called CreepySnail on the target networks, according to Microsoft. From there, the actors deployed a set of tools named CreepyDrive and CreepyBox to abuse legitimate cloud services for command-and-control (C2) across most of their victims. 

MSTIC says with “moderate confidence” that the attacks were likely carried out with help from Iran’s Ministry of Intelligence and Security (MOIS).

“The observed activity was coordinated with other actors affiliated with Iran’s [MOIS], based primarily on victim overlap and commonality of tools and techniques,” the MSTIC assessment states. “The tactic of leveraging IT products and service providers to gain access to downstream customers remains…

Source…

FirstEnergy temporarily disables millions of accounts after hack


Usernames and passwords obtained from “stuffing” were used to try to break into FirstEnergy accounts. The company is urging customers to change their passwords.

AKRON, Ohio — If you’re a FirstEnergy customer, you may have received a notice to change your password, or worse – your account may have been disabled altogether. 

Upwards of six million customers have been affected by unauthorized logins to their account. 

The problem is repeated hacking attempts found during a routine security check of accounts by FirstEnergy.

RELATED: Here’s why FirstEnergy is making you change your account password

“People were trying to log in and were unable to. They saw a number of those,” says Alex Hamerstone of Strongsville security consulting company TrustedSec. 

FirstEnergy serves millions of customers in the Midwest and Mid-Atlantic regions, from Ohio up to New Jersey. And many customers found they were locked out of their online accounts this weekend.

“If you go on the internet, there are oftentimes lists of usernames and passwords that have been taken off other breaches or other situations, and what it looks like is someone was trying all of those usernames and password combinations on the FirstEnergy site,” says Hamerstone.

While nearly all of the hacking attempts were unsuccessful, some of them worked. The sneaky practice is called “stuffing.” Someone can easily get your username and password from one source, and then try to plug them into other accounts, like your bank or credit card, to see if they work.

SUBSCRIBE: Get the day’s top headlines sent to your inbox each weekday morning with the free 3News to GO!…

Source…