Tag Archive for: Hijacked

Finland warns of Facebook accounts hijacked via Messenger phishing

/in


Facebook

Finland’s National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims’ friends in Facebook Messenger chats.

In the alert, the NCSC-FI says that all Facebook users who received messages from online acquaintances asking for their phone numbers and a verification number delivered via SMS are the targets of this ongoing scam.

If they provide the information they’re asked for, the attackers will take control of their accounts by changing the password and associated email address.

Once hijacked, the Facebook accounts will target other potential victims from their friend list in similar scams.

“In the attempts, a hacked account is used to send messages with the aim of obtaining the recipients’ telephone numbers and two-factor authentication codes to hijack their Facebook accounts,” the cybersecurity agency explained.

To successfully hijack their targets’ Facebook accounts, the scammers will go through the following steps:

  1. They first send a message from the previously compromised friend’s account via Facebook Messenger.
  2. They ask for the target’s phone number, saying they want to help with registering for an online contest promising prizes of thousands of euros.
  3. The next stage involves asking for a code sent via SMS allegedly sent by the contest’s organizers to confirm the entry.
  4. If the SMS confirmation code is shared with the scammers, they will use it together with the phone number to access and hijack the victim’s Facebook account.
  5. Next, they will change the account password and email address and start forwarding similar scams to the victims’ friends.

“The best way to protect yourself from this scam is to be wary of Facebook messages from all senders, including people you know,” the NCSC-FI advised.

“If the message sender is a friend, you can contact him, for example, by phone and ask if he is aware of this message. This information should not be disclosed to strangers.”

Meta (formerly known as Facebook) has recently filed a federal lawsuit in a California court to disrupt other ongoing phishing attacks targeting Facebook, Messenger, Instagram, and WhatsApp users.

The threat actors behind these…

Source…

China Hijacked an NSA Hacking Tool in 2014—and Used It for Years

/in


More than four years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raised—whether any intelligence agency can prevent its “zero-day” stockpile from falling into the wrong hands—still haunts the security community. That wound has now been reopened, with evidence that Chinese hackers obtained and reused another NSA hacking tool years before the Shadow Brokers brought it to light.

On Monday, the security firm Check Point revealed that it had discovered evidence that a Chinese group known as APT31, also known as Zirconium or Judgment Panda, had somehow gained access to and used a Windows-hacking tool known as EpMe created by the Equation Group, a security industry name for the highly sophisticated hackers widely understood to be a part of the NSA. According to Check Point, the Chinese group in 2014 built their own hacking tool from EpMe code that dated back to 2013. The Chinese hackers then used that tool, which Check Point has named “Jian” or “double-edged sword,” from 2015 until March 2017, when Microsoft patched the vulnerability it attacked. That would mean APT31 had access to the tool, a “privilege escalation” exploit that would allow a hacker who already had a foothold in a victim network to gain deeper access, long before the late 2016 and early 2017 Shadow Brokers leaks.

Only in early 2017 did Lockheed Martin discover China’s use of the hacking technique. Because Lockheed has largely US customers, Check Point speculates that the hijacked hacking tool may have been used against Americans. “We found conclusive evidence that one of the exploits that the Shadow Brokers leaked had somehow already gotten into the hands of Chinese actors,” says Check Point’s head of cyber research Yaniv Balmas. “And it not only got into their hands, but they repurposed it and used it, likely against US targets.”

A source familiar with Lockheed Martin’s cybersecurity research and reporting confirms to WIRED that the company found the Chinese hacking tool being used in a US private sector network—not its own or part…

Source…

Chinese spies used hijacked NSA code in their hacking operations

/in


Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by governments can boomerang against their creators.



A map of China is seen through a magnifying glass on a computer screen showing binary digits.

© Provided by National Post
A map of China is seen through a magnifying glass on a computer screen showing binary digits.

Tel Aviv-based Check Point Software Technologies issued a report noting that some features in a piece of China-linked malware it dubs “Jian” were so similar they could only have been stolen from some of the National Security Agency break-in tools leaked to the internet in 2017.

Yaniv Balmas, Checkpoint’s head of research, called Jian “kind of a copycat, a Chinese replica.”

The find comes as some experts argue that American spies should devote more energy to fixing the flaws they find in software instead of developing and deploying malicious software to exploit it.

The NSA declined comment. The Chinese Embassy in Washington did not respond to requests for comment.

A person familiar with the matter said Lockheed Martin Corp – which is credited as having identified the vulnerability exploited by Jian in 2017 – discovered it on the network of an unidentified third party.

In a statement, Lockheed said it “routinely evaluates third-party software and technologies to identify vulnerabilities.”

Countries around the world develop malware that breaks into their rivals’ devices by taking advantage of flaws in the software that runs them. Every time spies discover a new flaw they must decide whether to quietly exploit it or fix the issue to thwart rivals and rogues.

That dilemma came to public attention between 2016 and 2017, when a mysterious group calling itself the “Shadow Brokers” published some of the NSA’s most dangerous code to the internet,…

Source…

Google Chrome, Firefox, Edge hijacked by massive malware attack: what you need to know

/in

With the pandemic seismically shifting the way we work, there is an increasing dependence on digital connectivity in our day-to-day lives. 

As December rolls through to Christmas, Microsoft has now reported that a sophisticated set of malware attacks have trained their sights on big browsers: Mozilla Firefox, Microsoft Edge, and Google Chrome are all caught up in the exploit. Another link in the chain of cyber threats flourishing in the year of Covid-19.

While the technical detail runs deep, the malware commonly presents through a number of attack avenues. Web users who fall foul can expect unauthorized browser extensions being added, their search results’ advertisements presenting with malicious scripts that automate the theft of personal credentials, and even the complete shutdown of crucial security controls by affecting Dynamic-link Libraries (DLLs).

The Microsoft 365 Defender Research Team has issued a statement that certainly doesn’t evade the seriousness of the issue; more, it refers to a ‘persistent malware campaign’ called Adrozek—a family of malicious browser modifiers—that, if not identified and stopped, can entrench malicious ads which allows the threat actors to earn money via affiliate advertising.

These types of attacks are ambitious in scope, but by no means new. Browser modifiers represent some of the earliest underhand tactics of cyber criminals – a sign that older methods of stealing personal credentials are increasingly adapting to new digital environments.

Microsoft labels these ‘polymorphic’ attacks as dangerous but, optimistically, they are preventable. The Windows 10 proprietary Microsoft Defender Antivirus utilities behavior-eccentric, machine learning-fueled detecting capabilities to pursue, and ultimately block Adrozek, despite its shape shifting abilities. Of course, it must be switched on and attuned to the latest threats through regular updating.

Looking beyond prevention: those who are unfortunate enough to have already been infected with the malware are advised to completely overhaul and reinstall browsers. Microsoft has steered users towards its malware literature, which details best practice around cyber security.

Source…