Tag Archive for: worse

China hack on MPs worse than government admitted with at least 30 targeted


A Chinese cyber-attack on British MPs was more widespread than the UK Government initially revealed, i has learned.

Oliver Dowden, the deputy prime minister, announced on Monday that a group of three MPs and one peer had been targeted.

The MPs, including China hawk Iain Duncan Smith, say they were privately reassured in a briefing by Parliament’s head of security that only a small number of parliamentarians had been effected.

But it has now emerged email accounts belonging to over 30 MPs, peers, and their parliamentary staff were targeted by the same cyber hack, which was in the form of a phishing email.

Mr Duncan Smith told i: “They completely screwed up the other day. They told us that there are only three or four of us that apparently had these emails – it’s complete bollocks.

“Parliament is just a joke when it comes to security, a joke.”

The identified targets were email accounts of members of the Inter-Parliamentary Alliance on China (Ipac), a global group of parliamentarians with hawkish views on China.

It is unclear at this stage why the full effect of the hacking attack was not revealed by Mr Dowden, but sources told i the latest analysis showed around 30 individuals were effected.

Parliamentarians in the group were sent infected emails from an account posing as a democracy-focused news website under the domain nropnews.com.

The emails contained spyware hidden within the images in a spear-phishing campaign using pixel technology capable of sending personal information to an unauthorized third-party server in order to steal private data from users, i can reveal.

The same false domain was used to hack a Belgian MP during the same period. Last year, Samuel Cogolati, also an Ipac member, was named by Belgian intelligence as the victim of an identical APT31 attack during the same period, leading to questions as to how the attack on UK parliamentarians has taken so long to emerge. Parliamentary security officers are now looking into the domain linked to the emails.

Mr Dowden on Monday said British intelligence concluded it was “almost certain” that Chinese state affiliated hacking group ‘APT31’ had conducted the “malicious cyber campaign”. The Deputy Prime…

Source…

The 23andMe User Data Leak May Be Far Worse Than Believed


With the Israel-Hamas war intensifying by the day, many people are desperate for accurate information about the conflict. Getting it has proven difficult. This has been most apparent on Elon Musk’s X, formerly Twitter, where insiders say even the company’s primary fact-checking tool, Community Notes, has been a source of disinformation and is at risk of coordinated manipulation.

Case in point: An explosion at a hospital in Gaza on Tuesday was followed by a wave of mis- and disinformation around the cause. In the hours following the explosion, Hamas blamed Israel, Israel blamed militants in Gaza, mainstream media outlets repeated both sides’ claims without confirmation either way, and people posing as open source intelligence experts rushed out dubious analyses. The result was a toxic mix of information that made it harder than ever to know what’s real.

On Thursday, the United States Department of the Treasury proposed plans to treat foreign-based cryptocurrency “mixers”—services that obscure who owns which specific coins—as suspected money laundering operations, citing as justification crypto donations to Hamas and the Palestinian Islamic Jihad, a Gaza-based militant group with ties to Hamas that Israel blamed for the hospital explosion. While these types of entities do use mixers, experts say they do so far less than criminal groups linked to North Korea and Russia—likely the real targets of the Treasury’s proposed crackdown.

In Myanmar, where a military junta has been in power for two years, people who speak out against deadly air strikes on social media are being systematically doxed on pro-junta Telegram channels. Some were later tracked down and arrested.

Finally, the online ecosystem of AI-generated deepfake pornography is quickly spiraling out of control. The number of websites specializing in and hosting these faked, nonconsensual images and videos has greatly increased in recent years. With the rise of generative AI tools, creating these images is quick and dangerously easy. And finding them is trivial, researchers say. All you have to do is a quick Google or Bing search, and this invasive content is a click away.

That’s not all. Each week, we round up…

Source…

Schools Are a Top Target of Ransomware Attacks, and It’s Getting Worse


Ransomware and other cyberattacks on K-12 schools are increasing, especially as districts lean further into technology use for teaching, learning, and other school operations.

Eighty percent of school IT professionals reported that their schools were hit by ransomware in the last year, according to a global survey of 3,000 IT/cybersecurity leaders conducted by cybersecurity company Sophos between January and March. That’s up from 56 percent from the 2022 survey.

School IT professionals were also more likely to report that they’ve experienced ransomware attacks than IT professionals from other industries, according to the survey, which included responses from 200 IT professionals from the K-12 sector.

“Given the resource challenges facing schools, we’ve accumulated a lot of sort of technical debt that is going to make better defending school communities from these threats a challenging endeavor,” said Doug Levin, the national director of the K12 Security Information Exchange, a nonprofit focused on helping K-12 schools prevent cyberattacks.

In a ransomware attack, cybercriminals break into a district or school’s network and take data and encrypt it, preventing the district from accessing the data. Attackers will decrypt and return the data if the district or its insurance company pays a ransom. Attackers typically threaten to release student and employee data to the public if they aren’t paid.

For instance, after a ransomware attack on Los Angeles Unified last year, hackers published highly sensitive mental health records of current and former students. And after a breach at Minneapolis Public Schools in March, a cyber gang published files detailing campus rape cases, child abuse inquiries, student mental health crises, and suspension reports, according to The 74.

Guidance from the FBI and the federal Cybersecurity and Infrastructure Security Agency discourages paying the ransom because it doesn’t guarantee that the data will be decrypted or that the systems will no longer be compromised. Paying the cyber criminals also encourages hackers to target more victims.

But the question of whether or not to pay ransom does not always have a simple answer, especially for school…

Source…

Eight years since the Obama-Xi agreement, Chinese hacking is worse than ever


SAN FRANCISCO — Eight years ago, the United States and China reached an historic treaty agreement that was designed, in part, to end a persistent deluge of cyberattacks targeting American businesses to steal their corporate secrets and intellectual property.

At the time, then-President Barack Obama lauded the agreement in a joint press conference with China President Xi Jinping, saying it marked a “common understanding” between the two nations “that neither the U.S. or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”

Eight years later, that sentiment has aged like warmed over milk.

Chinese hackers did not stop targeting American businesses, but according to security experts at Google, they have evolved to become significantly more aggressive and innovative in the years since.

“I’ll tell you investigating intrusions that are orchestrated by China threat actors today are very different than investigating intrusions from … before the Obama/Xi treaty agreement in 2015,” said Charles Carmakal, chief technology officer at Google Mandiant, at an April 24 briefing held during the RSA 2023 Conference in San Francisco.  

Prior to the agreement, hackers associated with China were broad and unfocused in the businesses they hacked. Today, a range of threat groups operating in China or working directly on behalf of Beijing to target valuable actors and specific industries with laser-like precision, including defense contractors, telecommunications firms, government agencies and technology companies. Most of those industries tend to manage, own or operate chunks of IT infrastructure on behalf of hundreds, thousands or millions of clients, meaning they can offer a potential pathway to infecting downstream customers, the way Chinese hackers did in the 2021 Microsoft Exchange attacks.

Chinese threat groups’ strategies and tactics change since 2015 agreement

These have also altered their strategies and tactics to increasingly target edge devices like virtual private networks (VPN) and other remote access solutions, firewalls and hypervisors

Source…