Tag Archive for: Journalists

Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists

/in


Candiru Spyware Chrome Exploit

The actively exploited but now-fixed Google Chrome zero-day flaw that came to light earlier this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East.

Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware dubbed DevilsTongue, a modular implant with Pegasus-like capabilities.

Candiru, along with NSO Group, Computer Security Initiative Consultancy PTE. LTD., and Positive Technologies, were added to the entity list by the U.S. Commerce Department in November 2021 for engaging in “malicious cyber activities.”

“Specifically, a large portion of the attacks took place in Lebanon, where journalists were among the targeted parties,” security researcher Jan Vojtěšek, who reported the discovery of the flaw, said in a report. “We believe the attacks were highly targeted.”

CyberSecurity

The vulnerability in question is CVE-2022-2294, memory corruption in the WebRTC component of the Google Chrome browser that could lead to shellcode execution. It was addressed by Google on July 4, 2022. The same issue has since been patched by Apple and Microsoft in Safari and Edge browsers.

The findings shed light on multiple attack campaigns mounted by the Israeli hack-for-hire vendor, which is said to have returned with a revamped toolset in March 2022 to target users in Lebanon, Turkey, Yemen, and Palestine via watering hole attacks using zero-day exploits for Google Chrome.

Candiru Spyware

The infection sequence spotted in Lebanon commenced with the attackers compromising a website used by employees of a news agency to inject malicious JavaScript code from an actor-controlled domain that’s responsible for redirecting potential victims to an exploit server.

Via this watering hole technique, a profile of the victim’s browser, consisting of about 50 data points, is created, including details like language, timezone, screen information, device type, browser plugins, referrer, and device memory, among others.

Avast assessed the information gathered to ensure that the exploit was being delivered only to the intended targets. Should the collected data be deemed of…

Source…

Cyberattacks hit Albania. Threat actors prospect journalists. GRU trolls researchers. CISA opens a liaison office in London.

/in


Dateline Moscow, Kyiv: Notes on the hybrid war.

Ukraine at D+144: Firing for whatever effect. (The CyberWire) Heavy Russian artillery fire continues along the line of contact, The strikes are regarded as a preparation for a renewed offensive in the Donbas, as spoiling attacks against a feared Ukrainian counter-offensive in the southern region, as direct terrorism of the civilian population, as a crude expression of a deterrent to HIMARS attacks against high-value targets, and, finally, as a form of attack Russia’s army is actually able to carry out. In the cyber phase of the hybrid war, the GRU seems to be trolling researchers who look into its activities.

Russia-Ukraine war: List of key events, day 144 (Al Jazeera) As the Russia-Ukraine war enters its 144th day, we take a look at the main developments.

Russia-Ukraine war at a glance: what we know on day 144 of the invasion (the Guardian) Evacuations from Sviatohirsk Lavra in Donetsk; Russian forces reportedly preparing new offensive; all bodies identified after Vinnytsia missile attack

Russia-Ukraine war update: what we know on day 143 of the invasion (the Guardian) At least three killed and 15 hurt in Dnipro missile strike; UK says Kremlin responsible for British captive’s death; Ukraine reports May peak in military losses

Russia prepares for next Ukraine offensive in face of new Western weapons (Reuters) As Western deliveries of long-range arms begin to help Ukraine on the battlefield, Russian rockets and missiles have pounded cities in strikes that Kyiv says have killed dozens in recent days.

Ukraine braces for further Russian missile strikes as civilian death toll rises (the Guardian) At least 37 deaths across country since Thursday as residential areas appear to be targeted

Russian War Report: Russian missiles strike Vinnytsia (Atlantic Council) Russian forces launched a missile attack on the Ukrainian town on Vinnytsia, Russia’s public death toll grows, and Iran’s coverage of the war.

Russia escalating attacks on civilians, says top Ukrainian official (the Guardian) Head of national security council says ‘more and more civilian targets’ being hit, after deadly Vinnytsia attack

‘They have come to destroy us’: Ukrainians on…

Source…

What US Journalists Need To Know About The Foreign Hackers Targeting Them

/in


In the days just before the January 6 attack at the US Capitol Building in 2021, a flurry of emails with seemingly anodyne subject lines started landing in the inboxes of White House correspondents and other journalists who cover national politics. Those subject lines, pulled from recent US news articles, read like quick blasts of news filtered through a distinctly partisan lens: US issues Russia threat to China. Trump Call to Georgia Official Might Violate State and Federal Law. And, Jobless Benefits Run Out as Trump Resists Signing Relief Bill.

In reality, those were emails sent by Chinese hackers, part of a sprawling intelligence collection campaign detailed in recent days by ProofpointPFPT
 cybersecurity researchers. Such activity especially ramped up around January 6, some of which was driven by perplexed foreign interests that wanted to try and gain real-time insight into what was happening on the ground — and what it might portend for the US.

More ominously, though, that specific effort was just one of a multitude of state-backed hacking campaigns targeting US-based journalists tracked by the Proofpoint team. And not only have those efforts intensified in recent years, to include cyberattacks originating everywhere from North Korea to Iran that target US journalists.

Ominously, Proofpoint’s newly released analysis has also found these and other hackers relying on a sophisticated suite of tools including phishing emails as recently as just a few weeks ago, all in an effort to burrow into computer systems and access sensitive information that journalists via their high-profile sources are often privy to.

Hackers, regardless of state affiliation, “have and will likely always have a mandate to target journalists and media organizations and will use associated personas to further their objectives and collection priorities,” Proofpoint’s report warns. “From intentions to gather sensitive information to attempts to manipulate public perceptions, the knowledge and access that a journalist or news outlet can provide is unique in the public space.

“Targeting the media sector also lowers the risk of…

Source…

US journalists targeted by foreign hackers who show sophisticated understanding of American politics

/in


As Chinese hackers scrambled to ascertain whether there would be a peaceful transfer of power in the US, they tried to break into the email accounts of high-profile US journalists, who can be softer targets for hackers than officials on US government networks.

The newly revealed hacking campaign shows just how valuable a target journalists can be to intelligence services in search of clues about US policy. To try to lure them, the attackers wrote email subject lines about then-President Donald Trump’s attempts to overturn the 2020 election, pandemic relief legislation and other enticing issues.

It’s unclear how successful the hacking campaign was — Proofpoint said it blocked the malicious emails that it found. But more journalists need to be aware of the issue because the number of capable hacking groups targeting journalists is “unprecedented,” said Ryan Kalember, Proofpoint’s executive vice president for cyber strategy. “And it’s only likely to increase.”

Proofpoint attributed the Chinese hacking efforts to a group that the UK government has linked with China’s civilian intelligence agency, the Ministry of State Security.

CNN has requested comment from the Chinese Embassy in Washington, DC. Beijing routinely denies hacking allegations and has repeatedly accused the US of engaging in cyber attacks against China.

Journalists are perennial targets for cyber espionage because they regularly interact with US government officials, whistleblowers and critics of authoritarian regimes — information that foreign intelligence services look to exploit. And breaching the computer network of a major newsroom could offer the hackers a foothold for a long-running intelligence collection effort.

Cybersecurity vigilance is all the more necessary for journalists, experts say, as the US prepares for midterm elections this fall and foreign actors may try to use media outlets to sow discord or spread disinformation about voting — as Russian operatives did in the 2016 presidential election.

Newsrooms should “take the time to review [hacking] incidents affecting others in your industry,” advised Runa Sandvik, the former senior director for information security at The New York Times. “Have a plan in place….

Source…