Tag Archive for: hacking
APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated
Unpacking the Matryoshka dolls behind Kremlin-backed cybercrime campaigns
State-sponsored Russian cyber espionage groups are among the most sophisticated of the nation-state threat actors, with an added flair for deception that makes them the canniest of adversaries.
Experts quizzed by The Daily Swig said that Russian cyber-threat actors are among the best in the world, on a par with the top groups operating out of China, and with similar capabilities to western intelligence agencies – especially those with close links to the Federal Security Service (FSB) or military.
What are the techniques and tactics of Russian threat actors?
Russian state-sponsored actors typically have more sophisticated tactics, techniques, and procedures (TTPs) alongside custom malware development capabilities and tighter operational security when compared to other groups.
Xueyin Peh, senior cyber threat intelligence analyst at Digital Shadows, told The Daily Swig: “Russia-linked APT groups are arguably some of the most technically advanced state-sponsored threat groups.
“They have used techniques that enable them to remain undetected for long periods of time, such as in the supply chain attack leveraging SolarWinds’ Orion Platform (which likely began as early as Spring 2020 but was only made known publicly in December 2020).
“This large-scale intrusion and the multiple techniques used to obfuscate their activity are testament to the technical prowess of these groups. In comparison, very few other state-associated APT groups – probably only those linked to the People’s Republic of China – have conducted supply chain attacks of similar scale,” Peh added.
The recent SolarWinds campaign that drew so much attention to the threat of Russian cyber espionage was actually atypical for Russian actors in its use of a technology supply chain access vector, according to some threat intel experts.
SOLARWINDS ATTACK Hackers could have launched supply chain attack months earlier than previously thought
Paul Prudhomme, head of threat intelligence advisory at IntSights, explained: “Russian cyber espionage groups have not historically used such attack vectors on any…
Three Former U.S. Intelligence Community and Military Personnel to Pay $1.68M Hacking Fine
On Sept. 7, U.S. citizens, Marc Baier, 49, and Ryan Adams, 34, and a former U.S. citizen, Daniel Gericke, 40, all former employees of the U.S. Intelligence Community (USIC) or the U.S. military, entered into a deferred prosecution agreement (DPA) that restricts their future activities and employment and requires the payment of $1,685,000 in penalties to resolve a Department of Justice investigation regarding violations of U.S. export control, computer fraud and access device fraud laws. The Department filed the DPA today, along with a criminal information alleging that the defendants conspired to violate such laws.
According to court documents, the defendants worked as senior managers at a United Arab Emirates (U.A.E.)-based company (U.A.E. CO) that supported and carried out computer network exploitation (CNE) operations (i.e., “hacking”) for the benefit of the U.A.E government between 2016 and 2019. Despite being informed on several occasions that their work for U.A.E. CO, under the International Traffic in Arms Regulations (ITAR), constituted a “defense service” requiring a license from the State Department’s Directorate of Defense Trade Controls (DDTC), the defendants proceeded to provide such services without a license.
These services included the provision of support, direction and supervision in the creation of sophisticated “zero-click” computer hacking and intelligence gathering systems – i.e., one that could compromise a device without any action by the target. U.A.E. CO employees whose activities were supervised by and known to the defendants thereafter leveraged these zero-click exploits to illegally obtain and use access credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States.
“This agreement is the first-of-its-kind resolution of an investigation into two distinct types of criminal activity: providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization…
Three former US intelligence agents admit to hacking for the UAE
Three former US intelligence agents admitted to committing hacking crimes against the country and providing sophisticated computer hacking tools to the United Arab Emirates, according to court documents made public on Tuesday.
The three hackers that include two US nationals and a former American citizen agreed to pay the penalty of $1.68 mn under a legal settlement with the federal government in a bid to avoid prosecution, said US Justice Department.
The operatives, Marc Baier, Ryan Adams and Daniel Gericke, all former employees of the US Intelligence community, worked as senior managers in a UAE-based company called DarkMatter, reported the New York Times. The Justice Department alleged that while working with the company, the three conducted hacking operations for the benefit of the UAE government.
The department accused the three men of committing computer fraud and violating export control laws by providing defense services without the required license.
It alleged that between 2016 and 2019, the three men provided access to “zero-click” computer hacking services which could compromise a “device without any action by the target”. These were then used to “obtain unauthorized access to computers, like mobile phones, around the world, including in the US,” said the Justice Department statement.
According to the media reports, the issue came to the fore after Lori Stroud, a former National Security Advisor and a former employee with DarkMatter raised the alarm with authorities about the Abu Dhabi-based organization hacking US citizens.
“This is progress,” she told AP, as she saw the case come to a resolution.
The UAE government has so far not issued a statement in the matter, reported AP, adding that the email sent to the officials at DarkMatter could not be delivered.
In 2018, DarkMatter’s founder and CEO, Faisal al-Bannai, had told AP that the…