Tag Archive for: wake

U.S. officials warn of dire Chinese cyber threats in wake of FBI operation to disrupt botnet

/in


The FBI and U.S. Department of Justice used court-endorsed legal authorities to disrupt a botnet operated as part of Chinese-directed hacking operations that leveraged insecure home and office routers to target U.S. critical infrastructure, the DOJ said Wednesday.

A Chinese government hacking campaign, tracked publicly as “Volt Typhoon,” used privately owned Cisco and NetGear routers infected with “KV Botnet” malware in an attempt to conceal the activity, the agency said in a statement. The DOJ and FBI operation, the agency added, “deleted the KV Botnet malware from the routers and took additional steps to sever their connection to the botnet, such as blocking communications with other devices used to control the botnet.”

An unidentified FBI agent described the operation in court records released Monday, writing that the bureau issued a command to infected routers that would delete the KV Botnet malware from the devices without affecting any legitimate files or information on the routers.

A December 2023 analysis by Lumen, a telecommunications company, showed that the KV Botnet had been active since “at least February 2022,” and targeted edge devices, including routers, “a segment that has emerged as a soft spot in the defensive array of many enterprises, compounded by the shift to remote work in recent years.”

Lumen observed an “uptick in exploitation of new bots” in August 2023, and then a “remodel” of the botnet infrastructure in mid-November 2023.

The disruption operation, first disclosed by Reuters on Monday, is the latest U.S. government action focused on Volt Typhoon, which first came to light in a May 2023 Microsoft advisory. That advisory was followed quickly by a joint advisory issued by the FBI, NSA, and the Cybersecurity and Infrastructure Security Agency that warned of Chinese hacking operations targeting U.S. critical infrastructure and other sensitive targets.

In the wake of the May 2023 disclosure, U.S. national security officials warned repeatedly that the Chinese operation was not an intelligence collection mission. Instead, officials said, it was a preparatory activity that the Chinese government could…

Source…

Transport Workers’ Union will call an emergency safety summit in the wake of attack on female bus driver

/in


The Transport Workers’ Union will call an emergency safety summit in the wake of a violent attack on a female bus driver in which she was allegedly spat on, kicked and punched by a 13-year-old boy and an older accomplice.

The woman was driving the route between Elizabeth Quay and Curtin University when she pulled into the Victoria Park station about 7.15pm on Thursday and was set upon in an assault TWU WA branch secretary Tim Dawson said was “hard to put into words”.

According to police, a 13-year-old boy who had boarded the bus with a disorderly group of people spat on the bus driver before stealing her phone.

It is alleged the same boy then kicked the victim, before a 32-year-old woman punched her in the face.

The brutal alleged attack came just two days after Edward Charles Abbott pleaded guilty to attacking a 66-year-old TransWA bus driver in Geraldton.

When Abbott was denied a seat on the bus, he struck the bus driver multiple times to the head, causing him to lose his front teeth, and leaving him with cutting and bruising to his mouth and face. He will be sentenced next month.

In a statement on Sunday, the TWU said it was time to call time on the “safety crisis” on WA buses, saying the union has had enough of State Government “inaction on anti-social behaviour and bus driver attacks”.

Mr Dawson has called on bus operators to release union delegates and health and safety representatives from work next Wednesday so they could attend the urgent safety summit.

He said the union had long been calling for an increase to security measures for bus drivers, including bringing security services in-house rather than contracting it out.

‘Hacking should be used to wake up and rebel,’ says hacker group Guacamaya · Global Voices

/in


Illustration by Global Voices featuring two guacamaya birds

In an interview with Global Voices, Guacamaya, the group that hacked the computers of several Latin American governments explains their motivations and the impact they expect after their massive leaks.

The hacktivist group says their role is not defending nature, but rather they are nature. According to them, their rebellion comes from years of repression against the living beings that inhabit Abya Yala, or the American continent. This led to entering the digital world, where they fight to promote collaborative models online and denounce territorial exploitation.

This concern ought to be shared by any government in Latin America, given the critical global environmental situation. According to a report by the World Meteorological Organization (WMO), published in July of this year, the situation of vital systems such as glaciers, the Amazon rainforest, and coral reefs is acute and practically irreversible in the region. According to the document, deforestation reached its highest point since 2009 and the warming temperatures are increasing. On the other hand, the threats against environmental activists are increasingly intense. According to Global Witness, 227 land defenders and environmentalists were murdered worldwide in 2020, the vast majority in Latin America.

Guacamaya revealed a massive hack in September 2022 in which they extracted almost 10 terabytes of information with millions of emails. The documents reveal Latin American government projects that are damaging the environment. Mexico, Chile, Colombia, Guatemala, Venezuela, Brazil, and Ecuador are some of the targets of the group, which not only leaked the information, but also published a video explaining how they did it.

Screen capture of the video in which they explain how they hack

The group emphasized the selection process of the organizations from which they would extract information. Guacamaya told us:

On the one hand, we chose the worst companies and state entities, the ones that are committing most abuses and where there is the most resistance from local communities. On the other hand, as in the case of what we just leaked, we scanned the entire internet…

Source…

HomeTrust Mortgage Reports Data Breach in the Wake of Ransomware Attack | Console and Associates, P.C.

/in


On November 23, 2022, HomeTrust Mortgage reported a data breach with the Attorney General of Montana after hackers carried out a successful ransomware attack against the company, compromising consumer data stored on the company’s computer system. According to HomeTrust Mortgage, the breach resulted in the names, addresses and Social Security numbers of certain customers being compromised. Recently, HomeTrust Mortgage sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you were shocked to receive a data breach letter from a mortgage bank, you are not alone. Consumers implicitly trust companies—especially those in the financial services industry—to keep their information secure. Not surprisingly, these businesses are frequently targeted in cyberattacks because they typically store information that is valuable to hackers. However, as we’ve discussed in other posts, U.S. data breach laws allow for victims of a data breach to pursue a claim for compensation against any company that negligently leaked their data. While it’s too early to tell if HomeTrust Mortgage was negligent, that possibility cannot be ruled out.

What We Know About the Home Mortgage of America Data Breach

The available information regarding the Home Mortgage of America breach comes from the company’s filing with the Attorney General of Montana. According to this source, on July 15, 2022, HomeTrust Mortgage was made aware of suspicious activity within its computer system. In response, the company began working with third-party data security experts to better understand the incident and whether any consumer information was compromised as a result.

The HomeTrust Mortgage investigation confirmed that the company was victimized in a ransomware attack and that an unauthorized party had gained access to the HomeTrust Mortgage network. The investigation also revealed that the unauthorized party removed some of the files from the company’s network and that these files contained sensitive consumer information.

Upon discovering that sensitive consumer data was made available to an unauthorized…

Source…