Tag: posed | SpinSafe

Threat posed by mainland hacker forced GMH to shut down network | News

March 14, 2023/in Computer Security

A hacker somewhere in the U.S. mainland got past the protective firewalls of Guam Memorial Hospital’s network and started exploring, which put all of the hospital’s interconnected computer systems at risk of cyberattack, according to the hospital’s legal counsel, who said the hospital provided information to federal investigators and is scheduled to meet with the FBI Wednesday.

The hospital, whose IT staff found evidence of an unauthorized network user on the evening of March 2, shut down all of its nearly 100 computerized systems — from phones to email — at 8 a.m. March 4 in order to increase security measures and prevent any damage or theft of information.

Hospital staff found evidence the unauthorized user had accessed the system “multiple times in the past.”

According to the hospital, there is no evidence that patient information, financial information or employee records were accessed, manipulated or destroyed.

There also were no demands for payment in connection with the incident, according to the hospital.

No disciplinary action was taken against any hospital employee in connection with the incident, according to GMH legal counsel.

The systems shutdown also affected the hospital’s satellite operations, at the skilled nursing facility in Barrigada Heights and at the prison clinic in Mangilao.

Hospital visitation was severely restricted for several days in order to allow employees to focus on restoring systems.

The hospital started operating manually during the shutdown, keeping records on paper, and as of Tuesday had restored about 75 percent of its computer systems. Some phone lines and email addresses, for non-critical employees and departments, still were not working as of Tuesday.

“The nature of the (unauthorized) access was identified, and an individual is identified as being the likely actor,” said hospital attorney Jeremiah Luther, who declined to provide further details about the security flaw or how the network was hacked.

Luther said the hospital will not publicly disclose the “likely actor’s” name in the interest of justice.

“We were told by our IT people that the threat to our system, to patient health…

Source…

Chinese cyber spies ‘posed as Iranians while targeting Israeli government’ | Science & Tech News

August 10, 2021/in Computer Security

A cyber espionage group from China masqueraded as Iranian hackers while breaking into and spying on Israeli government institutions, according to a new report by security researchers.

The report from security company FireEye, which unmasked the group alongside Israeli defence agencies, says there is insufficient evidence to link the espionage group to the Chinese state.

However, the company’s threat analysts are confident that the espionage group is Chinese and that its targets “are of great interest to Beijing’s financial, diplomatic, and strategic objectives”.

The hackers’ attempt to conceal their nationality was “a little bit unusual”, according to Jens Monrad, who heads the work of FireEye’s threat intelligence and incident response division Mandiant in EMEA.

“We have seen historically a few false flag attempts. We saw one during the Olympics in South Korea,” he told Sky News, referencing Russian hackers pretending to be Chinese and North Korean.

“There might be several reasons why a threat actor wants to do a false flag – obviously it makes the analysis a bit more complex,” Mr Monrad told Sky News.

The report focused on cyber spying targeting Israeli government institutions, IT providers, and telecommunications entities, but the group had additionally attempted to hack computer networks in the UAE and elsewhere.

Mr Monrad said the attempt to conceal the hackers’ identity “wasn’t very clever” but did slow the company’s analysis of these incidents, which he added may have been the goal.

The Chinese group attempted to use Farsi in the parts of code which could be recovered by incident response teams, and also used hacking tools associated with Iranian groups that had previously been leaked online.

However, linguistic analysts at FireEye said the terms chosen by the group wouldn’t have been used by native Farsi speakers.

“The use of Farsi strings, filepaths containing /Iran/, and web shells publicly associated with Iranian APT [Advanced Persistent Threat] groups may have been intended to mislead analysts and suggest an attribution to Iran,” the report said.

FireEye said that although this group and the known…

Source…

Covid-19 Posed New Cyber Threats for Businesses: Verizon Mobile Security Index

April 9, 2021/in Mobile Security

Tag Archive for: posed