Tag Archive for: intel

Intel agencies issue guidance to protect against Russian botnet


U.S. and international authorities on Tuesday urged owners of routers used in a Russian botnet operation to ensure the devices cannot still be exploited by malicious actors.

The additional warning came a week after a coordinated international action by the FBI and others disrupted a Russian GRU-led hacking campaign that infiltrated more than a thousand home and small business routers that were used to carry out cyber espionage around the globe.

Dubbed Operation Dying Ember, it was first announced by FBI Director Christopher Wray in remarks at the Munich Security Conference.

LISTEN: FBI Director Chris Wray sat down for a rare interview with the Click Here podcast to talk about Operation Dying Ember.

It marked the latest effort by U.S. law enforcement, led by the bureau and the Justice Department, to combat digital criminal groups — including a similar action earlier this month that knocked off Chinese government-sponsored hackers from hundreds of home and small business routers that were allegedly used to target American infrastructure networks.

“With these operations, and many more like them, we’ve set our sights on all the elements that we know from experience make criminal organizations tick,” Wray said in Munich. “Because we don’t just want to hit them: we want to hit them everywhere it hurts and put them down hard.”

Despite last week’s apparent success against the so-called “Moobot” botnet that infected routers, “owners of relevant devices should” take steps to “ensure the long-term success of the disruption effort and to identify and remediate any similar compromises,” authorities cautioned.

In particular, they recommended owners conduct a hardware reset to “flush file systems of malicious” content; upgrade to the latest firmware; change default usernames and passwords; and enact firewall protections in order to “prevent the unwanted exposure of remote management services.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Source…

Russian hackers targeted US intel officers in ‘sophisticated spear phishing campaign,’ DOJ says


Hackers acting on behalf of the Russian government targeted U.S. intelligence officers in a “sophisticated spear phishing campaign” designed to influence elections in the United Kingdom, the Justice Department (DOJ) alleged Thursday.

The operation successfully hacked into computer networks in the U.S., the U.K., Ukraine and other NATO member countries and “stole information used in foreign malign influence operations designed to influence the U.K.’s 2019 elections,” the DOJ said.

The DOJ unsealed a federal indictment Thursday against two individuals connected to the plot, after a federal grand jury in San Francisco returned an indictment Tuesday.

The two individuals charged are Ruslan Aleksandrovich Peretyatko, an officer in Russia’s Federal Security Service (FSB), the DOJ claimed, and Andrey Stanislavovich Korinets. They are each charged with one count of conspiracy to commit an offense against the United States and one count of conspiracy to commit wire fraud.

Along with other unindicted co-conspirators, the defendants were part of the so-called “Callisto Group,” the DOJ said.

The indictment alleges that the hacking campaign took place between at least October 2016 and October 2022 and targeted current and former employees of the U.S. Intelligence Community, Department of Defense, Department of State, defense contractors, and Department of Energy facilities.

The spear phishing campaign often was carried out by sending “sophisticated looking emails” that tricked the targets into providing their log-in credentials, thereby allowing the hackers to access the victims’ email accounts whenever they wanted to, the DOJ said.

Some of the emails were sent from “spoofed” accounts designed to look like other personal and work-related emails the victims would receive, the DOJ said. Sometimes, the emails claimed the users had violated terms of service on an account and had to log in via a provided link. When the users thought they were signing into their accounts, they were actually providing the account credentials to hackers, the DOJ said.

U.S. officials pointed to the indictments as evidence that Russia still is trying to target democratic elections, and they pledged to…

Source…

Intel insiders go undercover revealing fresh details into NoName hacktivist operations


In a Black Hat exclusive interview with Cybernews, two Radware threat researchers turned ‘undercover hacktivists’ pose as pro-Russian sympathizers, revealing new insights into the inner workings of the cyberterrorist gang NoName057(16).

“The importance of NoName for us, if you look at the number of attacks that their doing, it’s much bigger than, for example, Anonymous Sudan or even Killnet,” said the Radware researchers, who asked to remain anonymous for security reasons.

Calling Killnet media savvy, the researchers pointed out that “Killnet makes it a lot into the news, but actually, in terms of attacks and targeting, they don’t do that much anymore.”

Anonymous Sudan and Killnet, whose self-proclaimed leader is known as Killmilk, are just two of the well-known pro-Russian hacktivist groups that have been actively targeting Ukraine and the West since the Russian invasion last spring

but more on that later.

The two unnamed insiders sat down with me to tell their tale on the last day of the Black Hat USA convention, settling in at a random table on the floor of the swag-filled Business Hall, away from the commotion.

Cybernews readers will get to see the visuals accompanying their research – For Intel and Profit: Exploring the Russian Hacktivist Community – here for the first time.

From insights into the ever-evolving Russian hacktivist landscape to documenting NoName’s steady stream of persistent attacks, these security gurus have proven firsthand that the gang’s crowdsourced “DDoSia” platform is providing a steady stream of crypto payouts to otherwise ordinary citizens whose only commonality is that they despise Ukraine and any of its Western supporters.

Furthermore, according to the duo, it’s not going to stop anytime soon.

NoName nation heat map:
Image by Radware

Who is NoName057(16)?

Before we dive right into the gang’s newly discovered operations, let’s briefly profile this steadfast group of attackers and find out what they’ve been up to since they first entered the scene back in March of 2022, and more recently.

To begin with, Radware’s research shows that NoName dominated the pro-Russian hacktivist landscape in the first half of 2023, carrying out a whopping 1174…

Source…

Tokyo risks being carried away by intel craving



Japanese Prime Minister Fumio Kishida speaks during his news conference in Tokyo, Japan, on February 24, 2023. [Photo/Agencies]

The reforms implemented by Tokyo over the past 10 years have seen a break with the so-called postwar Yoshida Doctrine that emphasized concentrating resources on economic development and letting the US take care of the country’s security.

By bolstering its capacity for decision-making and removing some of the legal constraints on the use of force, Tokyo has positioned itself for a more integrated military alliance with the US while giving itself room to act in what it perceives to be its interests.

Japan released three documents last year that defined its change of security policy. With a sharp increase in military spending, the most significant take-away from the three documents is the US-Japan alliance is entering a new phase. With its own combat-credible forces, Japan will be proactively involved in international security affairs.

Since war-fighting requires a much higher level of information acquisition and analysis, as well as information sharing between militaries, to better enable this new approach, Japan is looking to strengthen its intelligence gathering and analysis capabilities by building an intelligence network in the Asia-Pacific. It has been proposed that Japan should be included in the Five Eyes intelligence-sharing group that comprises Australia, Canada, New Zealand, the United Kingdom, and the US, and the plan to set up a NATO liaison office in Tokyo was aimed at facilitating this.

But with that plan stalled, due to the opposition of some NATO members, the Fumio Kishida government has been prompted to take a new tact.

According to Japanese media reports, it intends to build an intelligence network to deal with cyberattacks with countries and regions in the “Indo-Pacific” region. It will begin by building cyber defense capabilities for vulnerable Pacific Island countries, and eventually establish a system that can share information about the symptoms and methods of attacks. This has in part been prompted by the hybrid warfare in Ukraine, where cyberspace…

Source…