Tag Archive for: north

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

/in


“That’s not nice, and it’s not a good norm,” says Schneider. She says that much of the US government’s slow approach to cyberattacks stems from its care to ensure it avoids unintentionally hitting civilians as well as breaking international law or triggering dangerous blowback.

Still, Schneider concedes that Caceres and Angus have a point: The US could be using its cyber forces more, and some of the explanations for why it doesn’t amount to bureaucracy. “There are good reasons, and then there are bad reasons,” says Schneider. “Like, we have complicated organizational politics, we don’t know how to do things differently, we’re bad at using this type of talent, we’ve been doing it this way for 50 years, and it worked well for dropping bombs.”

America’s offensive hacking has, by all appearances, gotten less aggressive and less nimble over the past half decade, Schneider points out. Starting in 2018, for instance, General Paul Nakasone, then the head of Cyber Command, advocated a “defend forward” strategy aimed at taking cyber conflict to the enemy’s network rather than waiting for it to occur on America’s turf. In those years, Cyber Command launched disruptive hacking operations designed to cripple Russia’s disinformation-spouting Internet Research Agency troll farm and take down the infrastructure of the Trickbot ransomware group, which some feared at the time might be used to interfere in the 2020 election. Since then, however, Cyber Command and other US military hackers appear to have gone relatively quiet, often leaving the response to foreign hackers to law enforcement agencies like the FBI, which face far more legal constraints.

Caceres isn’t entirely wrong to criticize that more conservative stance, says Jason Healey, who until February served as a senior cybersecurity strategist at the US Cybersecurity and Infrastructure Security Agency. He responds to Caceres’ cyberhawk arguments by citing the Subversive Trilemma, an idea laid out in a 2021 paper by the researcher Lennart Maschmeyer: Hacking operations have to choose among intensity, speed, and control. Even in earlier, more aggressive years, US Cyber Command has tended to turn up the dial…

Source…

Vans, North Face parent downplays cyberattack

/in


U.S. global apparel and footwear company VF Corporation, which owns Vans, The North Face, and Supreme, emphasized that the December cyberattack that impacted data from 35.5 million customers did not include any bank information or credit card details, The Register reports.

In an email sent to impacted individuals, VF Corp. insisted that it never collected or retained financial or payment information outside the payment method used for customer purchases while reassuring that the incident did not result in any password exposure. Attackers were able to compromise individuals’ full names, phone numbers, email addresses, and billing and shipping addresses, as well as order histories, payment methods, and total order values but there has been no evidence suggesting any misuse of such exfiltrated information, said VF Corp., which still urged affected customers to be wary of potential phishing, identity theft, and fraud incidents.

Immediate password changes for VF Corp. accounts and other accounts sharing similar credentials have also been advised.

Source…

South Korea’s Battle Against North Korean Hackers

/in


In the dimly lit corridors of digital warfare, a new chapter unfolds as South Korean authorities mount a determined response to a series of cyberattacks that bear the hallmark of a familiar adversary. This isn’t just a skirmish in the nebulous realm of cyberspace; it’s a direct assault on the country’s judicial backbone, compelling the National Police Agency to take unprecedented action against a threat that’s as intangible as it is insidious.

The Frontline: Supreme Court Servers Under Siege

The serene city of Seongnam, merely a stone’s throw from the bustling capital of Seoul, found itself at the epicenter of this cyber confrontation. Here, within the premises of the Supreme Court’s digital data bureau, police initiated search and seizure operations aimed at reclaiming sovereignty over servers that fell victim to the cyberattacks orchestrated by the Lazarus Group, a notorious entity with indelible ties to North Korea. The operations, marking a significant escalation in the fight against cyberterrorism, commenced on February 13th, signaling a clear intent to safeguard national security interests.

A Persistent Threat: The Lazarus Group’s Shadow

The Lazarus Group isn’t a new player on the global stage of cyberterrorism. Known for its sophisticated attacks and elusive operations, this North Korean-affiliated collective has cast a long shadow over international cybersecurity efforts. The breach of the Supreme Court servers is but the latest in a series of provocations that underscore the group’s audacious approach to digital espionage and sabotage. By targeting the judicial system, the attackers not only compromise sensitive legal information but also challenge the very integrity of South Korea’s governance structures.

Securing the Digital Frontier: Response and Repercussions

In response to this brazen incursion, the National Police Agency’s cyber terror division has not only intensified its efforts to recover and secure the compromised servers but also to assess and mitigate the impact of the breach. These efforts are emblematic of a broader struggle to protect critical infrastructure from the increasingly sophisticated…

Source…

Microsoft reveals how Iran, North Korea, China, and Russia are using AI for cyber war

/in


Microsoft has revealed that US adversaries — primarily Iran and North Korea, with lesser involvement from Russia and China —- are increasingly employing generative artificial intelligence (AI) for mounting offensive cyber operations. These adversaries have begun leveraging AI technology to orchestrate attacks, and Microsoft, in collaboration with business partner ChatGPT maker OpenAI, has detected and thwarted these threats.

In a blog post, the Redmond-based company emphasized that while these techniques were still in their “early-stage,” they were neither “particularly novel nor unique.” Nevertheless, Microsoft deemed it crucial to publicly expose them. As US rivals harness large-language models to expand their network-breaching capabilities and conduct influence operations, transparency becomes essential.

For years, cybersecurity firms have utilized machine learning for defense, primarily to identify anomalous behavior within networks. However, malicious actors—both criminals and offensive hackers—have also embraced this technology. The introduction of large-language models, exemplified by OpenAI’s ChatGPT, has elevated the game of cat-and-mouse in the cybersecurity landscape.

Microsoft’s substantial investment in OpenAI aligns with its commitment to advancing AI research. The announcement coincided with the release of a report highlighting the potential impact of generative AI on malicious social engineering. As we approach a year with over 50 countries conducting elections, the threat of disinformation looms large, exacerbated by the sophistication of deepfakes and voice cloning.

Here are specific examples that Microsoft provided. The company said that it has disabled generative AI accounts and assets associated with named groups:

North Korea: The North Korean cyberespionage group known as Kimsuky has used the models to research foreign think tanks that study the country, and to generate content likely to be used in spear-phishing hacking campaigns.

Iran: Iran’s Revolutionary Guard has used large-language models to assist in social engineering, in troubleshooting software errors, and even in studying how intruders might evade detection in a compromised network….

Source…