Tag Archive for: discovers

Microsoft Discovers State-backed Hackers From China, Russia, and Iran Are Using OpenAI Tools for Honing Skills

/in


A new study from Microsoft and OpenAI has revealed that AI tools such as ChatGPT and other Large Language Models (LLM) are being used by several hacking groups from Russia, China, Iran, and North Korea to increase hacking productivity and fraud schemes, prompting the tech giant to ban its AI tools to all state-backed hacking groups.

The study, which was reportedly branded as the first time an AI company had disclosed cybersecurity concerns from threat actors using AI, discovered five threat actors, two of whom were linked to China and one each with Russia, Iran, and North Korea.

According to reports, most hacker groups employed LLMs or OpenAI technologies to create phishing emails, automate computer programming and coding skills, and comprehend various subjects. It has also been discovered that a small group of threat actors with ties to China employ LLMs for translation and improved target communication.

The study found that Charcoal Typhoon, a threat actor associated with China, utilized artificial intelligence (AI) to facilitate communication and translation with targeted individuals or organizations, comprehend particular technologies, optimize program scripting techniques for automation, and simplify operational commands.

OpenAI Holds Its First Developer Conference

(Photo : Justin Sullivan/Getty Images)
SAN FRANCISCO, CALIFORNIA – NOVEMBER 06: Microsoft CEO Satya Nadella speaks during the OpenAI DevDay event on November 06, 2023 in San Francisco, California. OpenAI CEO Sam Altman delivered the keynote address at the first ever Open AI DevDay conference.

Salmon Typhoon, another threat actor with ties to China, is allegedly utilizing AI to translate technical papers and computing jargon, find coding mistakes, write harmful code, and better grasp various subjects related to public domain research. 

It was also discovered that the Russian state-sponsored hacker collective Forest Blizzard employed LLMs to learn more about specific satellite capabilities and scripting methods for complex computer programs. According to reports, the group has claimed victims who are essential to the Russian government, such as groups involved in the conflict between Russia and…

Source…

Infoblox discovers rare Decoy Dog C2 exploit

/in


Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor.

Illustrated rat wearing sunglasses in front of a blue background
Image: andrenascimento/Adobe Stock

If you do a search for the most recent reports on Domain Name System attacks, you may have a hard time finding one since IDC’s 2021 report noting that in 2020, 87% of organizations experienced a DNS attack during 2020.

The fact that DNS isn’t front-of-mind nomenclature for many attacks that actually put DNS in the attack chain may have to do with the security alphabet soup of DNS over TLS or HTTP. As a CloudFlare report explains, TLS and HTTP encrypt plaintext DNS queries, keeping browsing secure and private.

SEE: Google’s 2FA may lack encryption, meaning unlocked doors to mobile devices

Still, Akamai’s Q3 DNS threat report noted a 40% increase in DNS attacks in that quarter last year, and 14% of all protected devices communicated with a malicious designation at least once in the third quarter last year.

Jump to:

Infoblox Threat Intelligence Group, which says it analyzes billions of DNS records and millions of domain-related records each day, has reported a new malware toolkit called Decoy Dog that uses a remote access trojan called Pupy.

Renée Burton, senior director threat intelligence at Infoblox, said Pupy is an open-source product that is very difficult to use and not well documented. Infoblox found that the Decoy Dog toolkit that uses Pupy in fewer than 3% of all networks, and that the threat actor who has control of Decoy Dog is connected to just 18 domains.

“We discovered it through our series of anomaly detectors and learned that Decoy Dog activities have been operating a data exfiltration command and control, or C2, system for over a year, starting early April 2022,” Burton said. “Nobody else knew.”

Russian hound

When Infoblox analyzed the queries in external global DNS data, the firm’s researchers found that the Decoy Dog C2 originated almost exclusively from hosts in Russia.

“One of the main dangers is nobody knows what it is,” Burton said. “That means something is compromised and someone…

Source…

Zimperium Discovers Novel Predatory Loan Malware In Flutter Apps

/in


Zimperium, have revealed details of a newly discovered Android malware campaign hidden in money lending apps developed with Flutter, a software development kit used to create applications that work across multiple platforms, including Android and iOS

The team at Zimperium zLabs have unearthed MoneyMonger, a menace that takes advantage of personal data taken from a device to extort the victims into paying more than what the usurious loans necessitate.

The malicious code is a part of the predatory loan malware scheme previously discovered by K7 Security Labs.

This recently identified malicious software has been operational since May 2022 and is utilising a variety of methods of manipulating its targets. It starts with a fraudulent loan offer that promises a fast payout.

When the person attempts to access the app, they are informed that certain authorizations need to be granted on their mobile device in order for them to qualify for the loan.

MoneyMonger takes advantage of Flutter’s framework to obfuscate malicious features and complicate the detection of malicious activity by static analysis.

Due to the nature of Flutter, the malicious code and activity now hide behind a framework outside the static analysis capabilities of legacy mobile security products.

The MoneyMonger malware is distributed solely through third-party app stores or is sideloaded onto the victim’s device through phishing messages, compromised websites, social media campaigns or other tactics. It has not been found in any Android app stores.

Upon infiltrating a user’s device, MoneyMonger will send all kinds of private information to their server, including apps that are installed, GPS coordinates, text messages, contact list, device specifications, and other data related to images.

This stolen information is used to blackmail and threaten victims into paying excessively high-interest rates. If the victim fails to pay on time, and in some cases even after the loan is repaid, the malicious actors threaten to reveal information, call people from the contact list, and even send photos from the device.

MoneyMonger is a risk to individuals and enterprises because it collects a wide range of data from the victim’s device,…

Source…

A radio telescope in China reportedly discovers a possible alien signal

/in


Humans have invented a rogue’s gallery of nightmarish fictional aliens over the decades: acid-blooded xenomorphs who want to eat us and lay their eggs in our chest cavities; Twilight Zone Kanamits who want to fatten us up like cows and eat us; those lizard creatures in the 1980s miniseries V who want to harvest us for food. (You may be sensing a theme here.)

But the most frightening vision isn’t an alien being at all — it’s a computer program.

In the 1961 sci-fi drama A for Andromeda, written by the British cosmologist Fred Hoyle, a group of scientists running a radio telescope receive a signal originating from the Andromeda Nebula in outer space. They realize the message contains blueprints for the development of a highly advanced computer that generates a living organism called Andromeda.

Andromeda is quickly co-opted by the military for its technological skills, but the scientists discover that its true purpose — and that of the computer and the original signal from space — is to subjugate humanity and prepare the way for alien colonization.

No one gets eaten in A for Andromeda, but it’s chilling precisely because it outlines a scenario that some scientists believe could represent a real existential threat from outer space, one that takes advantage of the very curiosity that leads us to look to the stars. If highly advanced aliens really wanted to conquer Earth, the most effective way likely wouldn’t be through fleets of warships crossing the stellar vastness. It would be through information that could be sent far faster. Call it “cosmic malware.”

Phoning ET

To discuss the possibility of alien life seriously is to embark upon an uncharted sea of hypotheses. Personally, I fall on the Agent Scully end of the alien believer spectrum. The revelation of intelligent extraterrestrials would be an extraordinary event, and as SETI pioneer Carl Sagan himself once said, “extraordinary claims require extraordinary evidence.”

Intelligent extraterrestrials who also want to hack our planet would be even more extraordinary. But this scenario became a bit easier to envision this week.

On Wednesday, a story published in China’s state-backed Science and…

Source…