Tag Archive for: investigate

South Korean Agencies Investigate $82M Orbit Bridge Hack


Orbit Bridge HackOrbit Bridge Hack
Source: DALL·E

Orbit Bridge, which serves as the main bridge for the Claytont ecosystem, was exploited for nearly $82 million hours before the new year’s eve. Multiple South Korean agencies are currently investigating the multi million hack.

Allegations have emerged identifying North Korea’s hacking group, ‘Lazarus,’ as the orchestrator of the exploit, prompting several South Korean National Intelligence Service (NIS) to intervene for a comprehensive investigation.

The bridge was utilized by prominent Korean domestic platforms such as Kakao’s blockchain platform Claytont and WEMIX, a blockchain project by WEMADE.

Intelligence Agencies Investigate the Exploit


The NIS’s involvement in determining the perpetrator of the attack signifies an unusual level of engagement for a blockchain-related virtual asset theft. According to Orbit Bridge’s operating company, OZYS, they promptly reported the asset misappropriation incident to the Korea Internet & Security Agency (KISA) and the National Police Agency on January 1st, complying with mandatory reporting obligations under the Information and Communication Network Act.

The NIS commented on the ongoing investigation, stating, “We are currently investigating the cause and the perpetrator of the incident. While no direct link to North Korea has been confirmed so far, we are collaborating with relevant agencies and considering the possibility,” local news media reported.

NIS Involvement in Investigation Deemed Unusual


The incident follows a pattern observed in the cryptocurrency space where cybercrime incidents trigger the involvement of agencies like the Cyber Investigation Division of the National Police Agency and KISA. However, the inclusion of the NIS in this case is deemed exceptional.

OZYS has actively cooperated with the investigation, notifying authorities promptly and seeking assistance from global blockchain analysis firms such as UPsala Security and the TON Foundation.

As the fallout from this incident reverberates not only within the Claytont…

Source…

US government to investigate China’s Microsoft email breach • The Register


Infosec in brief The July breach of Microsoft Exchange Online by suspected Chinese hackers is the next topic up for review by the Department of Homeland Security’s Cyber Safety Review Board (CSRB). 

DHS secretary Alejandro Mayorkas announced the review last Friday, saying it would assess the Microsoft intrusion, as well as conducting a broader review of identity and authentication infrastructure used by cloud providers. 

“Organizations of all kinds are increasingly reliant on cloud computing to deliver services to the American people, which makes it imperative that we understand the vulnerabilities of that technology,”  Majorkas said. 

This will be the third investigation by the recently formed CSRB. It first reviewed Log4j vulnerabilities discovered in 2021, concluding the exploit would likely be a problem for at least a decade. Its second report, which was released earlier this week, focused on the threats from hacking group Lapsus$. In that report, the CSRB said the international cyber crime group used “simple techniques” to evade security tools, and offered ten recommendations for hardening environments against such attackers. 

The decision to investigate the July Outlook intrusion, and cloud security more broadly, was welcomed by senator Ron Wyden (D-OR), who last week blamed Microsoft for its failure to protect cloud accounts belonging to US government officials and called for the CSRB to investigate the incident. 

“I applaud president Biden and CISA director Easterly for acting on my request for the board to review this recent espionage campaign, including cyber security negligence by Microsoft that enabled it,” Wyden said. “The government will only be able to protect federal systems against cyber attacks by getting to the bottom of what went wrong. Ignoring problems is both a waste of taxpayer dollars and a massive gift to America’s adversaries.”

CISA director Jen Easterly said the CSRB’s findings would help advance cyber security across the cloud – both government and enterprise. 

It’s worth noting that the CSRB has no regulatory or enforcement powers. Rather, “its purpose is to identify relevant lessons learned to inform future improvements,”…

Source…

US cyber safety board to investigate cloud security and Exchange Online breach


The Cyber Safety Review Board has launched an investigation into the cybersecurity threats facing cloud service providers.

The probe by the CSRB was first reported by Bloomberg late Thursday and confirmed today. As part of its investigation, the CSRB plans to look into a high-profile breach that hit Microsoft Corp.’s Exchange Online email platform earlier this year. During the cyberattack, a hacking group believed to be affiliated with China accessed the inboxes of several U.S. government officials.

“We must as a country acknowledge the increasing criticality of cloud infrastructure in our daily lives and identify the best ways to secure that infrastructure and the many businesses and consumers that rely on it,” said CSRB Chair and DHS Under Secretary for Policy Rob Silvers. 

The CSRB, which launched last year, was formed by the U.S. Department of Homeland Security in accordance with an executive order that President Joe Biden signed in 2021. Its mission is to investigate large-scale cybersecurity incidents. The CSRB is composed of 15 government officials and private sector experts.

The first focus of the board’s new investigation is the recent cyberattack against Microsoft’s Exchange Online platform, which came to light last month. During the breach, a hacking group suspected to be based in China gained access to the email accounts of Commerce Secretary Gina Raimondo and multiple State Department officials.

The hackers breached the accounts using forged authentication tokens. Those are pieces of data that a computer uses to verify the login request it sends to an application, in this case Exchange Online, is legitimate. The hackers forged the authentication tokens by exploiting an encryption key stolen from Microsoft and a since-patched flaw in one of the software giant’s cybersecurity systems.

The CSRB’s probe comes about two weeks after Senator Ron Wyden asked federal agencies to review the Exchange Online breach. In a letter, the Senator requested that the CSRB “investigate whether lax security practices by Microsoft enabled” the hack.

As part of its investigation, the board also plans to review “issues relating to cloud-based identity and…

Source…

US cyber board to investigate Microsoft hack of government emails


A U.S. review board tasked with investigating major cybersecurity incidents said it will begin looking at the recent intrusion of U.S. government email systems provided by Microsoft, whose handling of the incident drew ire and scrutiny from federal lawmakers and the wider security community.

The Cyber Security Review Board, or CSRB, said Friday that its latest investigation will include a “broader review of issues relating to cloud-based identity and authentication infrastructure.”

The board said it began considering an investigation after learning of the Microsoft cloud breach, which saw China state-backed hackers break into government email accounts, including the inbox of U.S. Commerce Secretary Gina Raimondo, several officials at the U.S. State Department, and other organizations not yet publicly named.

According to the slow-drip of information about the incident, Microsoft said China-backed hackers stole a sensitive signing key that allowed unauthorized access to enterprise and government email inboxes hosted by the technology giant. That stolen key, coupled with a flaw that Microsoft has since patched, allowed the forging of authentication tokens that the hackers used to access the target’s email accounts as if they were the rightful owners.

The intrusions began in mid-May but were not detected until a month later, when State Department officials detected the breach and notified Microsoft. It was only because the State Department used a higher-paid tier account that allowed access to logs that Microsoft keeps, which first revealed the hacks. Other departments with a lower paid tier were not given access to logs that may have spotted the intrusions sooner.

Following criticism, Microsoft capitulated soon after, saying it would make logs available for customers at no additional cost from September.

Ron Wyden, a Democratic lawmaker on the Senate Intelligence Committee, blasted Microsoft in a scathing letter to government agencies requesting an investigation into whether “lax cybersecurity practices” enabled Chinese hackers to spy on high-ranking federal government officials.

Wyden also called on the CSRB to investigate the incident.

In carrying out a post-mortem of the hack, Homeland…

Source…