Tag Archive for: U.S.

U.S. officials warn of dire Chinese cyber threats in wake of FBI operation to disrupt botnet

/in


The FBI and U.S. Department of Justice used court-endorsed legal authorities to disrupt a botnet operated as part of Chinese-directed hacking operations that leveraged insecure home and office routers to target U.S. critical infrastructure, the DOJ said Wednesday.

A Chinese government hacking campaign, tracked publicly as “Volt Typhoon,” used privately owned Cisco and NetGear routers infected with “KV Botnet” malware in an attempt to conceal the activity, the agency said in a statement. The DOJ and FBI operation, the agency added, “deleted the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.”

An unidentified FBI agent described the operation in court records released Monday, writing that the bureau issued a command to infected routers that would delete the KV Botnet malware from the devices without affecting any legitimate files or information on the routers.

A December 2023 analysis by Lumen, a telecommunications company, showed that the KV Botnet had been active since “at least February 2022,” and targeted edge devices, including routers, “a segment that has emerged as a soft spot in the defensive array of many enterprises, compounded by the shift to remote work in recent years.”

Lumen observed an “uptick in exploitation of new bots” in August 2023, and then a “remodel” of the botnet infrastructure in mid-November 2023.

The disruption operation, first disclosed by Reuters on Monday, is the latest U.S. government action focused on Volt Typhoon, which first came to light in a May 2023 Microsoft advisory. That advisory was followed quickly by a joint advisory issued by the FBI, NSA, and the Cybersecurity and Infrastructure Security Agency that warned of Chinese hacking operations targeting U.S. critical infrastructure and other sensitive targets.

In the wake of the May 2023 disclosure, U.S. national security officials warned repeatedly that the Chinese operation was not an intelligence collection mission. Instead, officials said, it was a preparatory activity that the Chinese government could…

Source…

Breaches by Iran-affiliated hackers spanned multiple U.S. states, federal agencies say

/in


HARRISBURG, Pa. — A small western Pennsylvania water authority was just one of multiple organizations breached in the United States by Iran-affiliated hackers who targeted a specific industrial control device because it is Israeli-made, U.S. and Israeli authorities say.

“The victims span multiple U.S. states,” the FBI, the Environmental Protection Agency, the Cybersecurity and Infrastructure Security Agency, known as CISA, as well as Israel’s National Cyber Directorate said in an advisory emailed to The Associated Press late Friday.

They did not say how many organizations were hacked or otherwise describe them.

Matthew Mottes, the chairman of the Municipal Water Authority of Aliquippa, which discovered it had been hacked on Nov. 25, said Thursday that federal officials had told him the same group also breached four other utilities and an aquarium.

Cybersecurity experts say that while there is no evidence of Iranian involvement in the Oct. 7 attack into Israel by Hamas that triggered the war in Gaza they expected state-backed Iranian hackers and pro-Palestinian hacktivists to step up cyberattacks on Israeli and its allies in its aftermath. And indeed that has happened.

The multiagency advisory explained what CISA had not when it confirmed the Pennsylvania hack on Wednesday — that other industries outside water and water-treatment facilities use the same equipment — Vision Series programmable logic controllers made by Unitronics — and were also potentially vulnerable.

Those industries include “energy, food and beverage manufacturing and healthcare,” the advisory says. The devices regulate processes including pressure, temperature and fluid flow.

The Aliquippa hack promoted workers to temporarily halt pumping in a remote station that regulates water pressure for two nearby towns, leading crews to switch to manual operation. The hackers left a digital calling card on the compromised device saying all Israeli-made equipment is “a legal target.”

The multiagency advisory said it was not known if the hackers had tried to penetrate deeper into breached networks. The access they did get enabled “more profound cyber physical effects on processes and equipment,” it said.

Source…

Feds: Ransomware attack causing outages at 60 U.S. credit unions

/in



The National Credit Union Administration says some 60 locations across the country are experiencing system outages due to a ransomware hack.

Source…

Iran-linked cyberattacks threaten equipment used in U.S. water systems and factories

/in


Updated December 2, 2023 at 1:51 PM ET

An Iran-linked hacking group is “actively targeting and compromising” multiple U.S. facilities for using an Israeli-made computer system, U.S. cybersecurity officials say.

The Cybersecurity and Infrastructure Security Agency (CISA) said on Friday that the hackers, known as “CyberAv3ngers,” have been infiltrating video screens with the message “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is CyberAv3ngers legal target.”

The cyberattacks have spanned multiple states, CISA said. While the equipment in question, “Unitronics Vision Series programmable logic controllers,” is predominately used in water and wastewater systems, companies in energy, food and beverage manufacturing, and health care are also under threat.

“These compromised devices were publicly exposed to the internet with default passwords,” CISA said.

The agency did not specify how many organizations have been hacked, but on Friday CNN reported that “less than 10” water facilities around the U.S. had been affected.

CyberAv3ngers was behind the breach at a water authority outside of Pittsburgh on Nov. 25. The Aliquippa water authority was forced to temporarily disable the compromised machine, but reassured citizens that the drinking water is safe.

While it did not cause any major disruptions to the water supply, the incident revealed just how vulnerable the nation’s critical infrastructure is to cyberattacks.

“If a hack like this can happen here in Western Pennsylvania, it can happen elsewhere in the United States,” Sens. John Fetterman and Bob Casey, and Rep. Chris Deluzio, who all represent the state, wrote in a letter to Attorney General Merrick Garland on Tuesday. The lawmakers urged the Justice Department “to conduct a full investigation and hold those responsible accountable.”

It also showed the scale and scope of Israel and Hamas’ cyberwarfare. Alongside the fight on the ground, both sides of the conflict are armed with dozens of hacking groups that have been responsible for disrupting company operations, leaking sensitive information online and collecting user data to plan future attacks.

“We’re now tracking over 150 such groups. And since you…

Source…