Tag Archive for: offensive

Spanish hacker arrested, UK offensive cyber principles, eFile malware


Prominent Spanish hacker arrested

Spanish police arrested José Luis Huertas, known by the alias Alcaseca, believed responsible from multiple notable cyberattack in the country. Among other activities, he created the Udyat search engine used for selling stolen personal information. Police launched an investigation into his activity back in November, after a network breach at Spain’s national council of the judiciary that stole data on over half a million taxpayers. He’s also charged with impersonating a media executive and money laundering. 

(Bleeping Computer)

The UK’s Offensive Cyber Capabilities Principles

The UK’s National Cyber Force, or NCF shared its principles it uses to conduct covert  offensive cyber operations. The NCF qualified these by saying it “would rarely if ever get involved” if another response from the government would more effectively deal with a challenge from another nation state. Overall the NCF outline three overall principles, operations need to be accountable, precise, and calibrated. Its operation can include attacks against IT networks and technology to make it less effective or unable to function entirely. The document further places the NCF’s actions within the UK’s existing legal framework, attempting to show how the agency assess targets for escalation and de-escalation. 

(InfoSecurity Magazine)

eFile site serving malware

Bleeping Computer confirmed that the IRS-authorized e-file software service provider eFile.com delivered a malicious JavaScript file since at least April 1st. Some users on Reddit reported seeing suspicious behavior with the eFile site as far back as mid-March. The file prompts users to download a next stage payload. Researchers at MalwareHunterTeam say this payload contained a Windows backdoor that could eventually give full access to machines, essentially communicating with a C2 server to enroll the machine into a full on botnet. The malware is no longer on the site, and did not impact the IRS’ e-file infrastructure. Antivirus solution are also reportedly spotting the malicious file. 

(Bleeping Computer)

Most organizations identify high OT risk…

Source…

UK’s offensive hacking force plans to scale operations to meet government’s demands


The UK’s National Cyber Force (NCF) has revealed plans to scale operations amid rising demands from the government to ramp up offensive hacking capabilities.

In a report offering a unique insight into the NCF’s ongoing expansion, the offensive cyber force said it needs to “scale up to meet the requirements government has of it” and is rapidly expanding personnel and capabilities to meet current demand. 

The NCF is currently in the process of establishing a new permanent base of operations as Samlesbury in Lancashire, which it said will enable the force to “increase operational output”. 

Samlesbury, a 45-minute drive from GCHQ operations in Manchester, was selected as the site for the NCF headquarters in 2021.

As part of this expansion and recruitment drive, the NCF revealed that it plans to further invest in offensive hacking capabilities to contend with escalating global threats. 

The report said that “significant capability investment” will be required to “keep pace with the changing nature of technology” and mitigate increasingly sophisticated cyber threats currently faced by the UK. 

The NCF specifically highlighted rapid technological developments as a key operational challenge, noting that “fundamental changes to the future shape of the internet and globalisation of technology could raise significant complications”. 

“Our adversaries are global and use a wide array of cyber and digital technologies,” the report said. “We need to have the technical ability and readiness to reach these adversaries wherever they are and irrespective of how they are using cyber technology.”

Closer integration with defence partners, including GCHQ, the Ministry of Defence (MOD), and the Secret Intelligence Service (SIS) will also be a key objective for the NCF moving forward.

The NCF noted that it must “integrate effectively with other parts of government and with a wider range of partners and allies”. 

This includes law enforcement, government policy departments, the private sector, and a “growing number of international allies”. 

“More broadly, we are working with the private sector, academia, think tanks, and wider civil society to harness the best…

Source…

The Russia-Ukraine war is causing some to rethink the role of offensive cyber operations in armed conflict


The impact of Russia’s offensive cyber operations against Ukraine appears to be muted. (Image credit: Juanmonino via Getty)

For some, the horror of the Russian invasion of Ukraine was also meant to mark the dawn of a new era in modern warfare: one in which degrading your enemy’s capabilities through cyberspace would play an important — perhaps even decisive — role in determining success on the real-world battlefield.

As militaries and societies grew ever more connected to and reliant on the internet to run, so too would the cyberspace domain grow in importance in combat, and nowhere was that supposed to be demonstrated more clearly than in Russia’s war, where their elite and well-resourced military hacking units could cut off Ukraine’s access to power, water and other essential resources, disrupt their communications, wipe out large swaths of private and public sector systems and data, and smooth the way for ground troops to dominate their Ukrainian counterparts.

In reality, the impact of offensive cyber operations appears to have been far more muted.

While the initial invasion did, in fact, come with a flurry of hacking campaigns against many of these targets as Russian troops crossed the border, the cadence of those campaigns have dropped markedly in the months following and have seemingly failed to provide Moscow with any meaningful advantage on the ground.

The experience has some U.S. observers advising that we collectively pump the breaks on the idea — formally endorsed by the U.S. military and others governments — that cyberspace is now a fully fledged domain of war, comparable to land, air, sea and space. That’s one of the chief conclusions reached by Jon Bateman, a former cyber specialist at the Pentagon who has served as an advisor to the chairman of the Joint Chiefs of Staff and the secretary of defense on military and cyber strategy, in a paper released shortly before the new year.

“I think it’s fair for U.S. military and NATO and others to define cyber as an operational domain. That can be a helpful doctrinal concept. I think where it becomes misleading is when military and civilian leaders then assume that cyberspace is as consequential or major as…

Source…

Preparing for a Russian cyber offensive against Ukraine this winter


As we report more fully below, in the wake of Russian battlefield losses to Ukraine this fall, Moscow has intensified its multi-pronged hybrid technology approach to pressure the sources of Kyiv’s military and political support, domestic and foreign. This approach has included destructive missile and cyber strikes on civilian infrastructure in Ukraine, cyberattacks on Ukrainian and now foreign-based supply chains, and cyber-enabled influence operations[1]—intended to undermine US, EU, and NATO political support for Ukraine, and to shake the confidence and determination of Ukrainian citizens.

In recent months, cyber threat actors affiliated with Russian military intelligence have launched destructive wiper attacks against energy, water, and other critical infrastructure organizations’ networks in Ukraine as missile strikes knocked out power and water supplies to civilians across the country. Russian military operators also expanded destructive cyberactivity outside Ukraine to Poland, a critical logistics hub, in a possible attempt to disrupt the movement of weapons and supplies to the front.

Meanwhile, Russian propaganda seeks to amplify the intensity of popular dissent over energy and inflation across Europe by boosting select narratives online through state-affiliated media outlets and social media accounts to undermine elected officials and democratic institutions. To date these have had only limited public impact, but they foreshadow what may become broadening tactics during the winter ahead.

We believe these recent trends suggest that the world should be prepared for several lines of potential Russian attack in the digital domain over the course of this winter. First, we can expect a continuation of Russia’s cyber offensive against Ukrainian critical infrastructure. We should also be prepared for the possibility that Russian military intelligence actors’ recent execution of a ransomware-style attack—known as Prestige—in Poland may be a harbinger of Russia further extending cyberattacks beyond the borders of Ukraine. Such cyber operations may target those countries and companies that are providing Ukraine with vital supply chains of aid and weaponry this…

Source…