Tag Archive for: Email

Chinese Hackers Breached US Govt Email Accounts

/in


Chinese-based hackers seeking intelligence information breached the email accounts of a number of US government agencies, computer giant Microsoft said.

“The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558,” the company said in a blog post late Tuesday.

Microsoft said Storm-0558 gained access to email accounts at approximately 25 organizations including government agencies, AFP said.

Microsoft did not identify the targets but a US State Department spokesperson said the department had “detected anomalous activity” and had taken “immediate steps to secure our systems.”

“As a matter of cybersecurity policy, we do not discuss details of our response and the incident remains under investigation,” the spokesperson said.

According to The Washington Post, the breached email accounts were unclassified and “Pentagon, intelligence community and military email accounts did not appear to be affected.”

But the paper reported Wednesday evening, quoting US officials, that State Department email accounts and that of Commerce Secretary Gina Raimondo were hacked. Raimondo’s agency has angered China by imposing tough export controls on Chinese technologies.

CNN, citing sources familiar with the investigation, said the Chinese hackers targeted a small number of federal agencies and the email accounts of specific officials at each agency.

In the blog post, Charlie Bell, a Microsoft executive vice president, said “we assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection.

“This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems,” Bell said.

US National Security Adviser Jake Sullivan addressed the hack in an appearance on Wednesday on ABC’s Good Morning America, and said it had been detected “fairly rapidly.”

“We were able to prevent further breaches,” Sullivan said.

“The matter is still being investigated, so I have to leave it there because we’re gathering further information in consultation with Microsoft and we will continue to apprise the public as we learn more,” Sullivan said.

Espionage and data theft
Microsoft…

Source…

Chinese hackers breached US govt email accounts: Microsoft

/in


China-based hackers seeking intelligence information breached the email accounts of a number of US government agencies, Microsoft said (GERARD JULIEN)

China-based hackers seeking intelligence information breached the email accounts of a number of US government agencies, Microsoft said (GERARD JULIEN)

Chinese-based hackers seeking intelligence information breached the email accounts of a number of US government agencies, computer giant Microsoft said.

“The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558,” the company said in a blog post late Tuesday.

Microsoft said Storm-0558 gained access to email accounts at approximately 25 organizations including government agencies.

Microsoft did not identify the targets but a US State Department spokesperson said the department had “detected anomalous activity” and had taken “immediate steps to secure our systems.”

“As a matter of cybersecurity policy, we do not discuss details of our response and the incident remains under investigation,” the spokesperson said.

According to The Washington Post, the breached email accounts were unclassified and “Pentagon, intelligence community and military email accounts did not appear to be affected.”

CNN, citing sources familiar with the investigation, said the Chinese hackers targeted a small number of federal agencies and the email accounts of specific officials at each agency.

In the blog post, Charlie Bell, a Microsoft executive vice president, said “we assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection.

“This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems,” Bell said.

US National Security Adviser Jake Sullivan addressed the hack in an appearance on Wednesday on ABC’s Good Morning America, and said it had been detected “fairly rapidly.”

“We were able to prevent further breaches,” Sullivan said.

“The matter is still being investigated, so I have to leave it there because we’re gathering further information in consultation with Microsoft and we will continue to apprise the public as we learn more,” Sullivan said.

– Espionage and data theft –

Microsoft said Storm-0558 “primarily targets government agencies in Western Europe and focuses on espionage, data…

Source…

Mumbai Police Issues Advisory On Email Bombing For Citizens To Stay Safe From Online Threat

/in


The Mumbai police on Friday issued an advisory for citizens on a lurking email bomb cyber attack. An email bomb is a form of net abuse that sends large volumes of email to an address, making the mailbox overflow and overwhelm the server. This smoke screen distracts the attention from important email messages, indicating a security breach.

Methods Of Email Bomb Attack

There are three ways of carrying out an email bomb attack, including mass mailing, linking lists, and zip bombing, according to the advisory.

‘‘Mass mailing consists of sending numerous duplicate emails to the same email address. These types of mail bombs are simple to design but their extreme simplicity means they can be easily detected by spam filters. Email-bombing using mass mailing is also commonly performed as a Distributed Denial-of-Service attack by employing the use of botnets, hierarchical networks of computers compromised by malware and under the attacker’s control,” the advisory states.

The advisory further reads, “As in spamming, the attacker instructs the botnet to send out millions of emails, but unlike normal botnet spamming, the emails are all addressed to only one or a few addresses the attacker wishes to flood,” it said.

“This type of attack is more difficult to defend against than a simple mass-mailing bomb because of the multiple source addresses and the possibility of each infected computer sending a different message or employing stealth techniques to defeat spam filters,” it said, adding that “a zip bomb is a variant of mail-bombing”.

Details On Email Cluster Bomb Attack

“List linking, also known as ‘email cluster bomb’, means signing a particular email address up to several email list subscriptions. The victim then has to unsubscribe from these unwanted services manually. The attack can be carried out automatically with simple scripts,” said the advisory.

“This is easy, almost impossible to trace back to the perpetrator, and potentially very destructive. To prevent this type of bombing, most email subscription services send a confirmation email to a person’s inbox,” it said.

“It is generally advisable not to click…

Source…

Russian APT Group Caught Hacking Roundcube Email Servers

/in


A prolific APT group linked to the Russian government has been caught exploiting security flaws in the open-source Roundcube webmail software to spy on organizations in Ukraine, including government institutions and military entities involved in aircraft infrastructure.

According to an advisory [PDF] from threat intelligence firm Recorded Future, the Roundcube server infections are being used to run reconnaissance and exfiltration scripts, redirecting incoming emails and gathering session cookies, user information, and address books.

Recorded Future teamed up with Ukraine’s Computer Emergency Response Team (CERT-UA) to document the activity, which is being attributed to Russia’s GRU military spy unit.

“The campaign leveraged news about Russia’s war against Ukraine to encourage recipients to open emails with attachments, which immediately compromised vulnerable Roundcube servers without engaging with the attachment,” Recorded Future explained.

The company said the attachment contained JavaScript code that executed additional JavaScript payloads from the hacking team’s infrastructure. “The campaign displayed a high level of preparedness, quickly weaponizing news content into lures to exploit recipients. The spear-phishing emails contained news themes related to Ukraine, with subject lines and content mirroring legitimate media sources,” Recorded Future said.

The GRU-linked group, which has been operational since at least November 2021, has been blamed for previous use of zero-day flaws in Microsoft’s flagship Outlook software. According to public documentation, the group is focused on digital spying on entities in Ukraine and across Europe, primarily among government and military/defense organizations.  

Recorded Future released IOCs and technical artifacts from the latest discovery to help defenders and recommended that organizations configure intrusion detection systems (IDS), intrusion prevention systems (IPS) or  network defense mechanisms to pinpoint malicious activity from malicious domains.

Advertisement. Scroll to continue reading.

The company is also recommending that organizations implement measures to disable HTML and/or JavaScript within email…

Source…