Tag Archive for: targeting

Google says North Korean state hackers are targeting security researchers on social media

/in


  • Google believes that hackers in North Korea are pretending to be cybersecurity bloggers and targeting researchers in the field on social media platforms like Twitter and LinkedIn.
  • The search giant announced that its Threat Analysis Group has “identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.”
  • It attributed the campaign to a government-backed entity based in North Korea.



a man sitting at a desk in front of a computer

© Provided by CNBC


Google believes that hackers in North Korea are pretending to be cybersecurity bloggers and targeting researchers in the field on social media platforms like Twitter and LinkedIn.

Loading...

Load Error

The search giant announced that its Threat Analysis Group has “identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations.”

It attributed the campaign to a government-backed entity based in North Korea. The nation’s cooperation office with South Korea did not immediately respond to CNBC’s request for comment..

Google said the actors have targeted specific security researchers with a “novel social engineering” technique, although it didn’t specify which researchers have been targeted.

Google’s Adam Weidemann said in a blog on Monday that the hackers set up a research blog and created multiple Twitter profiles to engage with security researchers.

The hackers used these accounts to post links to the blog and share videos of software exploits that they claimed to have found, Google said. 

They also used LinkedIn, Telegraph, Discord, Keybase and email to engage with security researchers, Google said.

“After establishing initial communications, the actors would ask the targeted researcher if they wanted to collaborate on vulnerability research together,” wrote Weidemann.

The actors then shared a group of files with the researchers that contained malware — software that is intentionally designed to cause damage to a computer, server, client, or computer network.

Google listed several accounts and websites that it believes are controlled by the hackers. The list includes 10 Twitter profiles and five LinkedIn…

Source…

New Goontact spyware discovered targeting Android and iOS users

/in


goontact.png

Image: Lookout

Security researchers have discovered a new malware strain with spying and surveillance capabilities —also known as spyware— that is currently available in both Android and iOS versions.

Named Goontact, this malware has the ability to collect from infected victims data such as phone identifiers, contacts, SMS messages, photos, and location information.

Detected by mobile security firm Lookout, the Goontact malware is currently distributed via third-party sites promoting free instant messaging apps dedicated to reaching escort services.

The target audience of these sites appears to be limited at the moment to Chinese speaking countries, Korea, and Japan, Lookout said in a report shared today with ZDNet.

Although the malware has yet to reach official Apple and Google app stores, there are signs that users are downloading and side-loading Goontact-infected applications.

Data collected from these apps is sent back to online servers under the Goontact operators’ control. Based on the language used for the admin panels of these servers, Lookout believes the Goontact operation is most likely managed by Chinese-speaking threat actors.

Links suggest connection to past sextortion campaign

Apurva Kumar, Staff Security Intelligence Engineer at Lookout, told ZDNet that the Goontact operation is very similar to sextortion campaign described by Trend Micro in 2018 (PDF).

Although there is no tangible evidence at the moment, Kumar believes that data collected through these apps could later be used to extort victims into paying small ransoms or have their attempts to arrange sexual encounters exposed to friends and contacts.

“We have notified both Google and Apple of this threat and are actively collaborating with them to protect all Android and iOS users from Goontact,” Kumar told ZDNet in an email over the weekend.

“Apple has revoked the enterprise certificates used to sign the apps and, as a result, the apps will stop working on devices,” the Lookout security engineer added.

“Play…

Source…

Hackers are targeting kindergartens for profit, warns government

/in


Kindergartens and elementary schools struggling to educate children amid sustained coronavirus-induced remote learning can officially add a new woe to their list: hackers. 



graphical user interface, application: Hackers are targeting kindergartens for profit, warns government

© Provided by Mashable
Hackers are targeting kindergartens for profit, warns government

The U.S. government on Thursday issued a statement warning that criminals are specifically going after schools’ distance-learning programs. And while this fits a well-established pattern, the latest alert from the Cybersecurity & Infrastructure Security Agency (CISA) makes it clear that it’s no longer just colleges and universities that need to be on their guard. 

“The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance-learning services,” reads the statement. “Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year.”

Ransomware, which over the course of the past several years has ground businesses and infrastructure to a halt across the globe, works by encrypting a target’s files and demanding some form of payment — often in the form of cryptocurrency — to decrypt those files. That hackers have now moved from corporations to kindergarten, elementary, and high schools likely reflects those organizations’ comparatively lax cybersecurity combined with educators’ increased dependence on digital tools. 

With so many working and learning from home thanks to the coronavirus, it follows that schools might be more willing to pay up should they lose access to the tools making remote learning possible. 

“In these attacks, malicious cyber actors target school computer systems, slowing access, and — in some instances — rendering the systems inaccessible for basic functions, including distance learning,” reads the CISA alert. 

Notably, in a twist reminiscent of the Maze ransomware crew, hackers are doing more than just encrypting target schools’ files. 

“Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen…

Source…

Hackers Targeting Covid-19 Vaccine Supply Chain, IBM Warns

/in


Dry ice will be used to help transport the Covid-19 vaccine, but hackers are targeting the supply chain involved, IBM has warned


Kenzo TRIBOUILLARD

Text size

Source…