Tag Archive for: sanctions

U.S. and UK Impose Sanctions on APT 31 Chinese Hackers

/in


In a significant move to counter cyber threats, the United States and the United Kingdom have imposed sanctions on a group of China-linked hackers accused of targeting critical infrastructure in the U.S.

The coordinated action includes indictments, sanctions, and a rewards program aimed at curtailing the activities of these cyber operatives.

The U.S. Department of Justice has unsealed indictments against Zhao Guangzong, Ni Gaobin, and five other individuals for their involvement in a series of cyber attacks.

These individuals are believed to be connected to the Wuhan Xiaoruizhi Science and Technology Company, Limited (Wuhan XRZ), which is allegedly a front for the Chinese Ministry of State Security (MSS).

The Office of Foreign Assets Control (OFAC) of the Department of the Treasury has sanctioned Wuhan XRZ and the two Chinese nationals, Zhao Guangzong and Ni Gaobin, for their roles in the cyber operations.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

These operations have targeted entities within the U.S. critical infrastructure sectors, posing a direct threat to national security.

APT 31: A Chinese Malicious Cyber Group

The hackers are affiliated with the state-sponsored Advanced Persistent Threat group 31 (APT 31), which is known for its sophisticated cyber espionage campaigns.

OFAC’s sanctions are pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, which targets individuals and entities responsible for or complicit in cyber-enabled activities that threaten the U.S.

This action represents a collaborative effort involving the U.S. Department of Justice, the Federal Bureau of Investigation (FBI), the Department of State, and the UK Foreign,…

Source…

US imposes sanctions on spyware group members

/in


US imposes sanctions on spyware group members

by AFP Staff Writers

Washington (AFP) March 5, 2024






US authorities announced sanctions Tuesday on parties associated with Intellexa Consortium, citing their role in making and distributing commercial spyware used to target US officials, journalists and others.

Commercial surveillance tools “increasingly present a security risk to the United States and our citizens,” said Treasury Under Secretary for terrorism and financial intelligence Brian Nelson.

In particular, the Intellexa Consortium was founded in 2019 and served as a “marketing label” for companies offering commercial spyware and surveillance tools.

The tools, the Treasury Department said, are packaged as a suite under the brand-name “Predator” spyware, able to infiltrate devices without user interaction.

“The Predator spyware has been deployed by foreign actors in an effort to covertly surveil US government officials, journalists, and policy experts,” the Treasury said.

Among those targeted on Tuesday were Intellexa Consortium founder Tal Jonathan Dilian and Sara Aleksandra Fayssal Hamou, who has provided managerial services to the group.

Five companies were also hit with sanctions, over activities such as exporting Intellexa’s surveillance tools to authoritarian regimes and working as a developer of the Predator spyware.

In July last year, Washington blacklisted Greece- and Ireland-incorporated units of Intellexa.

They were placed on the Commerce Department’s Entities List, which tightly restricts Americans from doing business with them.

Related Links

Cyberwar – Internet Security News – Systems and Policy Issues

Source…

US, partners target North Korea with sanctions following satellite launch

/in


WASHINGTON/SEOUL (Reuters) -The United States on Thursday targeted North Korea with fresh sanctions after its launch of a spy satellite last week, designating foreign-based agents it accused of facilitating sanctions evasion to gather revenue and technology for its weapons of mass destruction program.

The U.S. Treasury Department in a statement said it also applied sanctions to cyber espionage group Kimsuky, accusing it of gathering intelligence to support North Korea’s strategic and nuclear ambitions.

Thursday’s action, taken in coordination with Australia, Japan and Korea, comes after North Korea last week successfully launched its first reconnaissance satellite, which it has said was designed to monitor U.S. and South Korean military movements.

“Today’s actions by the United States, Australia, Japan, and the Republic of Korea reflect our collective commitment to contesting Pyongyang’s illicit and destabilizing activities,” Treasury’s Under Secretary for Terrorism and Financial Intelligence, Brian Nelson, said in the statement.

“We will remain focused on targeting these key nodes in the DPRK’s illicit revenue generation and weapons proliferation,” Nelson added, calling North Korea by the initials of its official name, the Democratic People’s Republic of Korea.

South Korea’s foreign ministry said on Friday that it had blacklisted 11 North Koreans for involvement in the country’s satellite and ballistic missile development, banning them from any financial transactions.

The list includes senior officials from the National Aerospace Technology Administration, which oversaw the satellite launch, and the munitions industry department.

North Korea’s mission to the United Nations in New York did not immediately respond to a request for comment on Thursday’s sanctions.

Since the launch of the satellite, North Korea said that its leader, Kim Jong Un, has reviewed spy satellite photos of the White House, Pentagon and U.S. aircraft carriers at the naval base of Norfolk. Its state media has also reported that the satellite photographed cities and military bases in South Korea, Guam, and Italy, in addition to Washington.

On Monday, the United Nations ambassadors of the United States and North Korea…

Source…

How Effective Are Government Sanctions Against Ransomware

/in


How Effective Are Government Sanctions Against Ransomware

As ransomware attacks reach an all-time high, with 46% of them directed against American individuals and organizations, sanctions have become an important weapon for the government to fight back.

The US government imposed sanctions on Mikhail Mahteev — a Russian cybercriminal on the FBI’s most-wanted list.

Mahteev has been accused of being a “prolific ransomware affiliate” carrying out cyberattacks both in the US and abroad. The sanctioning of ransomware attackers is meant to protect victims from extortion, but it is a double-edged sword. Companies that pay ransom to sanctioned individuals and groups end up on the receiving end of the consequences.

The Downside of Sanctions

While it’s true that sanctions make it more difficult for cybercriminals to operate, they are far from being the perfect solution. A number of factors make it hard to effectively sanction ransomware groups, and there are still ways these groups can work around the sanctions. Besides, it’s ultimately the victims who face the consequences, which can range from hefty fines to criminal prosecution.

The tactic is meant to bar American victims from paying ransomware extortionists, but the only way it can be enforced is by penalizing victims who violate the sanctions.

A lot of ransomware actors like Mahteev are based in Russia — a country with a reputation for allowing hackers to operate freely, especially against Western targets.

There isn’t much the US government can do against such cybercriminals to enforce the sanctions effectively.

Besides, the way sanctions work makes them a less-than-ideal solution for tackling the ransomware threat, too. Imposed by the U.S.

Treasury’s Office of Foreign Assets Control (OFAC), these sanctions make it unlawful for individuals and businesses in the US to transact with sanctioned entities like Mahteev.

Experts also fear that such sanctions could potentially encourage opposite reactions. Victim organizations violating the sanctions by making ransomware payments to sanctioned entities or countries, even unknowingly, might not notify authorities of the incident out of fear of prosecution.

This would lead to a lot of ransomware attacks going…

Source…