Tag Archive for: Infiltrated

Royal ransomware gang infiltrated networks weeks before striking


Hackers began surveillance of the city of Dallas’ networks weeks before carrying out a devastating ransomware attack in May, according to a recent report on the incident

The 31-page After-Action Report, published last week, outlines what happened before, during and after the ransomware attack crippled critical systems used by the city’s police, firefighters, hospitals and government officials. As the ninth largest city in the country, Dallas was a “a logical choice for bad actors wishing to initiate and prosecute” an attack, the experts said.

The city operates more than 860 applications and has about 200 IT workers within the Dallas Department of Information & Technology Services (ITS).

The hackers — part of the Royal ransomware gang — first infiltrated government systems on April 7 and immediately began surveillance operations. They used a government service account to pivot into the city’s infrastructure and deploy remote management tools.

From April 7 to May 2, the hackers exfiltrated nearly 1.17 terabytes of data and prepared themselves to deploy the ransomware, which they did the following morning.

“Using its previously deployed beacons, Royal began moving through the City’s network and encrypting an apparently prioritized list of servers using legitimate Microsoft system administrative tools,” they explained.

“City attack mitigation efforts began immediately upon the detection of Royal’s ransomware attack. To thwart Royal and slow its progress, City Server Support and Security teams began taking high- priority services and service supporting servers offline. As this was done, City service restoration identification activities began.”

The city noted officials focused on restoring critical systems like the Public Safety Computer-Aided Dispatch, which was brought down during the attack and caused police and ambulances to go to the wrong location multiple times for days.

Officials also focused on 311 services and city-facing communication websites as the first systems that needed to be restored.

In addition to internal and external cybersecurity assistance, the city called on federal law enforcement agencies like the FBI and Cybersecurity and…

Source…

Hackers claim to have infiltrated internal D.C. police files


Hackers who claim to have infiltrated the D.C. police department’s computer network are threatening to publicize confidential files that could reveal names of suspected gang members and intelligence from crime briefings, according to online posts reviewed by cybersecurity experts.

Loading...

Load Error

A ransomware entity called Babuk posted its warning on the dark Web, purporting to have downloaded a vast array of information, and warned police to “get in touch as soon as possible and pay us, otherwise we will publish the data.”

The group posted several pictures of suspected gang members and maps drawn by police of territories claimed by street crews, a sample of information experts say is meant to prove their threats are real. Babuk said it downloaded 250 gigabytes of data, which could be large enough to store up to 70,000 photos or tens of thousands of documents, according to computer security experts.

Babuk displayed screenshots of dozens of file folders, including ones dealing with discipline and listed by officer names, and others titled “known shooters,” “most violent person,” “RAP feuds,” “gang conflict report” and “strategic crime briefings.”

Authorities including the FBI are trying to determine whether Babuk actually has gained access to those files.

One security expert provided screenshots of the group’s online comments to The Washington Post. A D.C. official familiar with the investigation, who spoke on the condition of anonymity because a probe is underway, confirmed the city is looking into the claims believed to be made by Babuk.

“It’s fair to say it’s very serious,” said D.C. Council member Charles Allen (D-Ward 6), who chairs the public safety committee. “It’s open to assessment as to how serious.”

Allen said authorities “are trying to assess and understand what happened,” and what type of information may have been stolen. He said he learned the hackers probably did not get access to files shared by the District and federal law enforcement authorities.

But still, if the group has the documents it claims, revealing them could affect ongoing criminal investigations, publicize personal information about…

Source…

PHP Infiltrated with Backdoor Malware – Threatpost



PHP Infiltrated with Backdoor Malware  Threatpost

Source…

LAPD Infiltrated An Anti-Fascist Protest Group Because The First Amendment Is Apparently Just A Suggestion

Maybe the LAPD doesn’t have the experience its counter-coastal counterpart has in inflicting damage to rights and liberties, but it’s trying, dammit! The NYPD’s brushes with the Constitution are numerous and perpetual. The LAPD may have spent more time working on the Fourth and Fifth Amendments during its Rampart peak, but now it’s rolling up on the First Amendment like a repurposed MRAP on a small town lawn.

The Los Angeles Police Department ordered a confidential informant to monitor and record meetings held by a political group that staged protests against President Trump in 2017, a move that has drawn concern and consternation from civil rights advocates.

On four separate occasions in October 2017, the informant entered Echo Park United Methodist Church with a hidden recorder and captured audio of meetings held by the Los Angeles chapter of Refuse Fascism, a group that has organized a number of large-scale demonstrations against the Trump administration in major U.S. cities, according to court records reviewed by The Times.

Perhaps no entities show more concern about opposition to fascism than law enforcement agencies, for some weird and completely inexplicable reason. Somehow, this investigation involved the Major Crimes Division, which felt the need to get involved because of all the major criminal activity that is the hallmark of protest groups.

What sort of major crimes are we talking about? Well, let’s just check the record…

Police reports and transcripts documenting the informant’s activities became public as part of an ongoing case against several members of Refuse Fascism who were charged with criminal trespassing…

I see the term “major” has been redefined by the Major Crimes Division to encompass anything it might feel the urge to investigate. Supposedly, this incursion on the First Amendment was the result of an “abundance of caution” following reports of violent clashes between anti-fascists and alt-right demonstrators at other protests/rallies.

Again, the LAPD seems to not understand the meaning of the words it uses, because an “abundance of caution” should have resulted in steering clear of First Amendment-protected activities, rather than infiltrating them.

Also, an abundance of caution might have resulted in the LAPD checking out the other set of theoretical combatants, but the Los Angeles Times reports a police official said no attempt was made to infiltrate any far-right protest groups.

“Major.” “Caution.” “Consistency.” These words are beyond the department’s comprehension. And here’s the kicker: the Major Crimes Division did not send its informant in until after the demonstration was already over, the freeway had already been blocked, and criminal trespassing charges had already been brought. This wasn’t an investigation. It was a fishing expedition targeting people who don’t like fascists that used the First Amendment as a doormat. Calls to the LAPD’s Irony Division were not returned.

I guess we’re all supposed to feel better about this now that the LAPD has promised to investigate itself over its First Amendment-infringing infiltration. But it seems a department that routinely struggles to use words properly and cannot steer clear of the Constitutional shoreline shouldn’t be trusted to run a fax machine, much less an internal investigation.

Permalink | Comments | Email This Story

Techdirt.