Tag: tied | Page 3

Hacking campaign exploited zero-day tied to spyware firm

April 3, 2023/in Internet Security

A spyware campaign driven by “mercenary” hackers exploited a zero-day vulnerability in Android devices, reported Amnesty International’s Security Labs.

In its report, released Wednesday, security researchers said they notified Google of the spyware campaign in December, which sparked software updates that prevented the hack from being executed on the “billions of Android, Chrome and Linux users” vulnerable to the zero-day flaw.

The human rights organization did not name the spyware company while it continues to investigate and track its activities. However, Amnesty International said “the attack showed all the hallmarks of an advanced spyware campaign developed by a commercial cyber-surveillance company and sold to governments hackers to carry out targeted spyware attacks.”

Also on Wednesday, Google’s Threat Analysis Group (TAG) detailed the zero-day reported by Amnesty International, as well as a zero-day in iOS devices used in a separate spyware campaign.

The reports of the spyware campaigns that governments are using against dissidents, journalists, human rights workers and political opposition members come the same week that U.S. President Joe Biden issued a ban on federal agencies from using commercial spyware except in certain cases, such as research.

Amnesty International shared its technical findings with Google TAG and other vendors, including Samsung, which released security updates for devices affected by the exploit.

“Unscrupulous spyware companies pose a real danger to the privacy and security of everyone. We urge people to ensure they have the latest security updates on their devices,” said Donncha Ó Cearbhaill, head of Amnesty International’s Security Lab, in a press release. He also called for a global moratorium on the sale, transfer and use of spyware until safeguards are in place for human rights.

Google captured the zero-day exploit chain used to hack Android devices in December. The campaign has been active since at least 2020, according to Amnesty International, and targeted mobile and desktop devices, including Google’s Android OS. The spyware and exploits came from a network of over 1,000 malicious domains, which included spoofed media sites…

Source…

Viasat Hack Tied to Data-Wiping Malware Designed to Shut Down Modems

April 1, 2022/in Internet Security

Last month’s massive Viasat satellite internet outage has been connected to malware capable of wiping data from modems and routers.

Cybersecurity firm SentinelOne says it spotted a malware sample that was likely used during the Feb. 24 Viasat hack, which disrupted internet service. The malware, dubbed AcidRain, is a Unix executable program designed to target devices built with the MIPS architecture.

SentinelOne noticed the malware after a sample of AcidRain was uploaded to malware-detection service VirusTotal on March 15. The same sample came from Italy, where SkyLogic, the Viasat operator managing the affected network, is also based. In addition, the malware sample was labeled with the name “ukrop,” a possible reference to Ukraine Operation.

The computer code executed by Acid Rain.

(SentinelOne)

SentinelOne also examined AcidRain and found it can perform “an in-depth wipe of the filesystem and various known storage device files” on an infected modem. The malware will then trigger a reboot, leaving the device inoperable.

The security firm issued the report a day after Viasat provided more details about the Feb. 24 outage, which occurred right as Russia began to invade Ukraine. The disruption caused thousands of users in Ukraine and tens of thousands more across Europe to temporarily lose internet access.

Viasat’s investigation found the hackers behind the incident exploited a misconfigured VPN device to gain remote access to the satellite internet infrastructure, and then used “legitimate, targeted management commands” across a large number of modems to knock them offline.

However, Viasat’s investigation made no mention of any data-wiping malware. Instead, the company’s report pointed to “destructive commands” overwriting key data in flash memory on the affected modems, rendering them useless.

Still, Viasat isn’t denying SentinelOne’s findings about AcidRain. In a statement, the satellite internet provider said: “The analysis in the SentinelLabs report regarding the ukrop binary is consistent with the facts in our report—specifically, SentinelLabs identifies the destructive executable that was run on the modems using a legitimate management command as Viasat previously…

Source…

U.S. prosecutors unseal indictments tied to computer hack at Kansas nuclear plant – The Wellington Daily News

March 29, 2022/in Computer Security

By Tim Carpenter Kansas Reflector

TOPEKA — Federal prosecutors unsealed indictments against four Russian government computer hackers who targeted global infrastructure in a campaign that included breach of the business network at Wolf Creek nuclear power plant in Kansas.

The U.S. Department of Justice said indictments made public Thursday charged Russian nationals with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted software and hardware systems linked to the global energy sector between 2012 and 2018.

Prosecutors alleged the hacking campaigns targeted thousands of computers at hundreds of companies and organizations in the United States and in more than 135 countries. The indictments allege wire and computer fraud and identity theft.

U.S. Attorney Duston Slinkard of Kansas said potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations was a sobering reality.

“We must acknowledge there are individuals actively seeking to wreak havoc on our nation’s vital infrastructure system, and we must remain vigilant in our effort to thwart such attacks,” Slinkard said.

According to indictments, the energy sector campaign involved two phases. In the first phase, which took place between 2012 and 2014, conspirators engaged in a supply chain attack, compromising computer networks of system manufacturers and software providers and then hiding malware inside legitimate software updates for such systems.

After unsuspecting customers downloaded infected updates, the conspirators used malware to create backdoors into infected systems and scan victims’ networks. Through these and other efforts, prosecutors allege conspirators installed malware on more than 17,000 unique devices in the United States and abroad, including controllers used by power and energy companies.

In the second phase, which transpired between 2014 and 2017, the conspirators transitioned to more targeted specific energy sector entities and individuals and engineers. The indictments say conspirators attacked more than 3,300 users at more than 500…

Source…

Russian Tied to $82M Hacking Scheme in U.S. Deemed Flight Risk, Denied Bail

January 5, 2022/in Computer Security

Vladislav Klyushin, a Russian tied to an $82 million hacking scheme in the U.S., was deemed a flight risk and denied bail Wednesday.

Prosecutor Seth Kosto said Klyushin, 41, is a flight risk, as Russia has no extradition agreement with the U.S. and Klyushin never consented to extradition, along with other reasons.

Klyushin allegedly took part in a scheme, along with five other Russians, to steal information on computer networks to use for insider trading, illegally netting $82 million from 2018 to 2020, federal authorities said. He works for an information company with connections to the upper levels of the Russian government and is also a millionaire.

U.S. District Court Magistrate Judge Marianne Bowler in Boston sided with the prosecution, saying Klyushin “presents a substantial risk of flight.”

Bowler also appeared suspicious of several letters from Klyushin’s wife and friends supporting him. She said there was no way to contact the writers and that the letters all began similarly. “Therefore I do not give heavy weight to them,” she said.

Maksim Nemtsev, Klyushin’s attorney, had requested his client’s release with conditions, such as a $2.5 million bond and home detention in a one-bedroom unit located in Boston’s seaport district with electronic monitoring.

According to court documents, Nemtsev had said that Klyushin “intends to challenge the government’s case in a lawful, professional and principled manner.”

The Associated Press left Nemtsev an email asking for comment after the hearing.

Vladislav Klyushin, Insider Trading, Hearing, Bail Denied — U.S. District Court Magistrate Judge Marianne Bowler in Boston sided with the prosecution, saying Vladislav Klyushin “presents a substantial risk of flight.” A picture taken on Oct. 17, 2016, shows an employee typing on a computer keyboard at the headquarters of Internet security giant Kaspersky in Moscow.
Kirill Kudryavtsev/AFP via Getty Images

Klyushin, who appeared at Wednesday’s hearing via video, pleaded not guilty to conspiring to obtain unauthorized access to computers, and to commit wire fraud and securities fraud; aiding and abetting wire fraud; aiding and abetting unauthorized access to computers; and aiding and abetting securities fraud. If convicted of all charges he faces a maximum of…

Source…

Tag Archive for: tied