Tag Archive for: States

Nation states buying hacking tools from underground Russian cyber forums

/in


Nation states have been identified shopping on Russian cyber crime forums for malware they can use to wipe computers of data in hostile hacking attacks.

Russian-speaking hacking forums, including Exploit and XSS, run black markets in tools and services used by cyber criminals intent on making money by hacking computer systems and stealing data.

According to Sergey Shykevich, a threat intelligence expert at cyber security company Check Point Software, nation states are increasingly using underground cyber crime forums to pose as cyber criminals and hackers.

“Nation states understand that to pretend to be involved in hacktivism allows them deniability,” he told Computer Weekly. “They don’t want to be accused, even if everyone knows it’s Russia, or Iran.”

Russian forums

Some of Russia’s cyber crime forums have been in operation for more than 20 years. One of the oldest Russian-speaking forums is Exploit, which was established in 2000 and contains one million messages on over 200,000 topics, said Shykevich.  

“They offer everything you could imagine,” he told Computer Weekly. “It starts with software vulnerabilities. You can rent malware, ransomware as a service and spam as a service to distribute fake phishing emails and currently even AI [artificial intelligence]-related services, and deep fake platforms.”

The forums generally exist on the deep web and don’t require a specialist Tor browser to access. But they are strictly members only.

Iran suspected of buying wiper software

Check Point discovered last year that Russian underground forums were offering wiper software, which is designed to destroy computer data irreversibly.

Wiper software is of no interest to cyber criminals who normally inhabit Russia’s hacking forums – strongly suggesting nation-state involvement.

“We saw someone, probably the Iranian government, looking for wiper software,” said Shykevich.

State-sponsored hacking groups are better funded than typical cyber criminal groups, and are not shy of advertising their spending power, said Shykevich.

They typically pay larger deposits to the administrators of cyber crime forums than other members of the hacking community.

“From all…

Source…

Maltese suspected hacker to be extradited to United States for computer malware crimes

/in


A Maltese man is waiting to be extradited to the United States after an operation by the Maltese police assisting the FBI in investigations led to his arrest.

Daniel Joe Meli, who is 27 years old is believed to have worked with people who are not Maltese in connection with the sale of illegal malware on the dark web. The accused, who is from Żabbar, was also said to have been involved in mentoring services on a hack forum, an internet forum for hacker culture and computer security.

The malware, a remote access trojan or RAT, is used by criminals to gain access to computers and servers and control their operation. The police said there were several victims in the United States who had fallen prey to this RAT, with no reported victims in Malta so far.

Meli’s social media profiles suggests that he used to work with Air Malta as a check-in agent, and that he now works with Aviaserve.

The investigations in Malta, overseen by the police cybercrime unit, were initiated following a request for assistance from the United States, which indicated that the prime suspect in the sale of this RAT is Maltese.

Investigations revealed the identification of the Maltese suspect and his association with other criminals who are not Maltese and do not reside in Malta.

The suspect was arrested at his workplace in Gudja on 7 February, and during searches conducted at various locations related to the suspect, numerous items linked to this investigation were seized.

The 27-year-old man appeared in court on Thursday afternoon before Magistrate Dr. Giannella Camilleri Busuttil LL.D, to begin extradition proceedings to the United States, where he will face charges before the American court.

He has consented to extradition and is being held in custody at the Correctional Facility in Kordin.

In connection with this investigation, a Nigerian accomplice, residing in Nigeria, was also arrested.

Operations in various countries related to the same illegal malware trade on the dark web were being coordinated by Europol, involving several other states, including the Australian Federal Police, the Canadian Police, Croatian Police, Finnish Police, Dutch Police, Romanian Police, German Police, and Nigerian…

Source…

The Thanksgiving Cyber Siege: Rising Ransomware Attacks Across the United States

/in


3 Steps to Cyber Resilience

The 2023 Thanksgiving holiday, typically a time of celebration, was marred by ransomware breaches that had a significant impact on many large organizations throughout the United States. Read on to discover the reasons behind this alarming trend and why tighter cybersecurity measures are needed.

Ransomware attacks are essentially encryption-based data extortion where threat actors block access to your data until a ransom is paid, after which a decryption key is given to retrieve the data. According to a ransomware trend report, businesses and organizations in the United States remain the most lucrative targets for these threat actors, accounting for 43% of all global attacks.

November 2023 ransomware events in the United States included:

Click Here to Read the Rest

SOURCE Konica Minolta

Source…

Breaches by Iran-affiliated hackers spanned multiple U.S. states, federal agencies say

/in


HARRISBURG, Pa. — A small western Pennsylvania water authority was just one of multiple organizations breached in the United States by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made, U.S. and Israeli authorities say.

“The victims span multiple U.S. states,” the FBI, the Environmental Protection Agency, the Cybersecurity and Infrastructure Security Agency, known as CISA, as well as Israel’s National Cyber Directorate said in an advisory emailed to The Associated Press late Friday.

They did not say how many organizations were hacked or otherwise describe them.

Matthew Mottes, the chairman of the Municipal Water Authority of Aliquippa, which discovered it had been hacked on Nov. 25, said Thursday that federal officials had told him the same group also breached four other utilities and an aquarium.

Cybersecurity experts say that while there is no evidence of Iranian involvement in the Oct. 7 attack into Israel by Hamas that triggered the war in Gaza they expected state-backed Iranian hackers and pro-Palestinian hacktivists to step up cyberattacks on Israeli and its allies in its aftermath. And indeed that has happened.

The multiagency advisory explained what CISA had not when it confirmed the Pennsylvania hack on Wednesday — that other industries outside water and water-treatment facilities use the same equipment — Vision Series programmable logic controllers made by Unitronics — and were also potentially vulnerable.

Those industries include “energy, food and beverage manufacturing and healthcare,” the advisory says. The devices regulate processes including pressure, temperature and fluid flow.

The Aliquippa hack promoted workers to temporarily halt pumping in a remote station that regulates water pressure for two nearby towns, leading crews to switch to manual operation. The hackers left a digital calling card on the compromised device saying all Israeli-made equipment is “a legal target.”

The multiagency advisory said it was not known if the hackers had tried to penetrate deeper into breached networks. The access they did get enabled “more profound cyber physical effects on processes and equipment,” it said.

Source…