Tag Archive for: telecom

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

/in


Barracuda Zero-Day

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway (ESG) appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign.

Mandiant, which is tracking the activity under the name UNC4841, described the threat actor as “highly responsive to defensive efforts” and capable of actively tweaking their modus operandi to maintain persistent access to targets.

“UNC4841 deployed new and novel malware designed to maintain presence at a small subset of high priority targets that it compromised either before the patch was released, or shortly following Barracuda’s remediation guidance,” the Google-owned threat intelligence firm said in a new technical report published today.

Almost a third of the identified affected organizations are government agencies. Interestingly enough, some of the earliest compromises appear to have taken place on a small number of devices geolocated to mainland China.

The attacks entail the exploitation of CVE-2023-2868 to deploy malware and conduct post-exploitation activities. In select cases, the intrusions have led to the deployment of additional malware, such as SUBMARINE (aka DEPTHCHARGE), to maintain persistence in response to remediation endeavors.

Further analysis of the campaign has revealed a “distinct fall off in activity from approximately January 20 to January 22, 2023,” coinciding with the beginning of the Chinese New Year, followed by two surges, one after Barracuda’s public notification on May 23, 2023, and a second one in early June 2023.

Cybersecurity

The latter is said to have involved the attacker “attempting to maintain access to compromised environments via the deployment of the new malware families SKIPJACK, DEPTHCHARGE, and FOXTROT / FOXGLOVE.”

While SKIPJACK is a passive implant that registers a listener for specific incoming email headers and subjects before decoding and running their content, DEPTHCHARGE is pre-loaded into the Barracuda SMTP (BSMTP) daemon using the LD_PRELOAD environment variable, and retrieves encrypted commands for execution.

Barracuda Zero-Day

The earliest use of DEPTHCHARGE dates back to May…

Source…

Home ministry to host 2-day G20 meet on crime, security in age of NFTs, AI, Metaverse, ET Telecom

/in


<p>The conference will bring together G20 countries, guests from the invitee nations and international bodies.</p>
The conference will bring together G20 countries, guests from the invitee nations and international bodies.

The Union Ministry of Home Affairs will organise the “G20 Conference on Crime and Security in the Age of Non Fungible Tokens (NFTs), Artificial Intelligence (AI) and Metaverse” on July 13-14 in Gurugram.The two-day event is being organised in partnership with the Union Ministry of Electronics and Information Technology (MeitY), Ministry of External Affairs, National Security Council Secretariat and the Central Bureau of Investigation.

The Rashtriya Raksha University, National Forensic Science University, National Law School of India University, Interpol and UNODC are the event’s organising partners.

“The MHA will host the ‘G20 Conference on Crime and Security in the Age of NFTs, AI and Metaverse’ on July 13-14. It will bring together G20 countries, nine special invitee countries and domain experts (from) around the world to delve into the challenges of advancing technologies,” a Union Ministry of Home Affairs (MHA) spokesperson said.

The conference will bring together G20 countries, guests from the invitee nations and international bodies.

NFTs are assets that have been tokenised via a blockchain. These are assigned unique identification codes and metadata to distinguish these from other tokens. NFTs can be traded and exchanged for money or cryptocurrency.

AI is a rapidly growing field of technology that has already made significant contributions to industries such as health care, finance and transportation. AI has recently emerged as a critical component in the development of the Metaverse — a virtual world where people can interact with each other and digital entities in a fully immersive environment.

According to the officials, the conference will see the participation of ministries and central government organisations, chief secretaries and administrators of states and Union Territories, directors general of police of states and Union Territories and cyber experts.

Guest speakers from the legal fraternity, academia, training institutions, financial intermediaries, fintech, social media intermediaries, information and…

Source…

MOVEit hack claims Calpers and Genworth as millions more victims impacted, ET Telecom

/in


The number of victims of the MOVEit hack grew by several million on Thursday after the biggest U.S. pension fund, Calpers, and insurer Genworth Financial said personal information of their members and customers had been compromised.

Both said a third-party vendor, PBI Research Services, was affected in a data theft hack, providing a path for the hackers to then steal data from Calpers and Genworth. PBI could not be reached for comment.

Calpers said on June 6, 2023, PBI told them of a “vulnerability” in their MOVEit Transfer software that allowed hackers to download “our data” without specifying how many people were impacted. News reports said information from more than 700,000 Calpers members and retirees was taken.

The MOVEit software is widely-used by organisations around the world to share sensitive data.

Genworth Financial was harder hit, saying personal information of nearly 2.5 million to 2.7 million of its customers was breached.

“The personal information of a significant number of insurance policyholders or other customers of its life insurance businesses was unlawfully accessed,” Genworth said.

From U.S. government departments to the UK’s telecom regulator and energy giant Shell, a range of victims have emerged since Burlington, Massachusetts-based Progress Software found the security flaw in its MOVEit Transfer product last month.

The insurer said it is working to ensure “protection services” are provided to the impacted individuals, according to a regulatory filing.

Data taken from Calpers included members’ first and last name, date of birth and social security number. It serves more than 2 million members in its retirement system.

The MOVEit hack has hit several state and federal agencies. Last week, the U.S. Department of Energy got ransom requests from the Russia-linked extortion group Cl0p at both its nuclear waste facility and scientific education facility that were recently hit in a global hacking campaign.

Data was compromised at the two DOE entities after hackers breached their systems through a security flaw in MOVEit Transfer.

The wide-ranging impact of the hack shows how even the most security-minded federal…

Source…

IoT Botnet DDoS Attacks Threaten Global Telecom Networks, Nokia

/in


In addition to the rise in botnet-driven DDoS attacks, the Threat Intelligence Report highlights a doubling in the number of trojans targeting personal banking information on mobile devices, now accounting for 9% of all infections.

A recent report from Nokia’s Threat Intelligence Center sheds light on the alarming rise of IoT botnet DDoS attacks targeting telecom networks worldwide. The study reveals a fivefold increase in such attacks over the past year, with cybercriminals exploiting insecure IoT devices and profit-driven hacking collectives.

This surge in malicious activity initially observed during the Russia-Ukraine conflict, has now spread to various regions globally, jeopardizing critical infrastructure and services beyond telecom networks.

The proliferation of IoT devices among consumers has contributed significantly to the escalation of botnet-driven DDoS attacks. The number of compromised IoT devices used in these attacks has soared from 200,000 to approximately 1 million, currently accounting for more than 40% of all DDoS traffic.

IoT Botnet Attacks Threaten Global Telecom Networks, Nokia Threat Intel Report
Geographical distribution of active botnet devices, by country (Source: Nokia Deepfield)

The report underscores that this rise in attacks stems from the growing number of profit-driven hacking collectives, taking advantage of the Ukraine crisis.

A prevalent form of malware in telecommunication networks is bot malware, which scans for vulnerable devices—a tactic associated with multiple IoT botnets. With lax security measures prevalent in billions of IoT devices worldwide, encompassing everything from smart refrigerators to medical sensors and smartwatches, cybercriminals have found ample targets to exploit.

In addition to the rise in botnet-driven DDoS attacks, the Threat Intelligence Report highlights a doubling in the number of trojans targeting personal banking information on mobile devices, now accounting for 9% of all infections. This puts millions of users worldwide at heightened risk of having their financial and credit card details compromised. Trojans are malicious software codes that disguise themselves as legitimate applications.

On a positive note, the report reveals a decline in malware…

Source…