Tag: StateBacked | SpinSafe

Microsoft Discovers State-backed Hackers From China, Russia, and Iran Are Using OpenAI Tools for Honing Skills

February 17, 2024/in Computer Security

A new study from Microsoft and OpenAI has revealed that AI tools such as ChatGPT and other Large Language Models (LLM) are being used by several hacking groups from Russia, China, Iran, and North Korea to increase hacking productivity and fraud schemes, prompting the tech giant to ban its AI tools to all state-backed hacking groups.

The study, which was reportedly branded as the first time an AI company had disclosed cybersecurity concerns from threat actors using AI, discovered five threat actors, two of whom were linked to China and one each with Russia, Iran, and North Korea.

According to reports, most hacker groups employed LLMs or OpenAI technologies to create phishing emails, automate computer programming and coding skills, and comprehend various subjects. It has also been discovered that a small group of threat actors with ties to China employ LLMs for translation and improved target communication.

The study found that Charcoal Typhoon, a threat actor associated with China, utilized artificial intelligence (AI) to facilitate communication and translation with targeted individuals or organizations, comprehend particular technologies, optimize program scripting techniques for automation, and simplify operational commands.

OpenAI Holds Its First Developer Conference

(Photo : Justin Sullivan/Getty Images)
SAN FRANCISCO, CALIFORNIA – NOVEMBER 06: Microsoft CEO Satya Nadella speaks during the OpenAI DevDay event on November 06, 2023 in San Francisco, California. OpenAI CEO Sam Altman delivered the keynote address at the first ever Open AI DevDay conference.

Salmon Typhoon, another threat actor with ties to China, is allegedly utilizing AI to translate technical papers and computing jargon, find coding mistakes, write harmful code, and better grasp various subjects related to public domain research.

It was also discovered that the Russian state-sponsored hacker collective Forest Blizzard employed LLMs to learn more about specific satellite capabilities and scripting methods for complex computer programs. According to reports, the group has claimed victims who are essential to the Russian government, such as groups involved in the conflict between Russia and…

Source…

Chinese state-backed cyberattacks hack off potential adversaries

December 5, 2023/in Internet Security

Hong Kong, December 5 (ANI): Few doubt that China is responsible for a massive campaign of computer hacking and nefarious cyber activities. Beijing denies any culpability for cyberattacks, calling such accusations “baseless”, but the weight of evidence rests squarely against China.

The US Office of the Director of National Intelligence, in its 2023 Annual Threat Assessment, recognized the threat: “China probably currently represents the broadest, most active and persistent cyber espionage threat to US government and private-sector networks. China’s cyber pursuits and its industry’s export of related technologies increase the threats of aggressive cyber operations against the US homeland.”If this were not damning enough, the report continued: “China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.” This assessment was borne out by a Chinese state-sponsored threat group called Volt Typhoon, responsible for attacks this year, some of the largest ever, on American infrastructure. Five Eyes partners publicly disclosed the worrying threat posed by Volt Typhoon in May, since the group’s activities represent far more than the usual espionage conducted by nations. The group preplaced technical implants and achieved long-term access into adversaries’ networks, such prepositioning showing maturity in the People’s Liberation Army’s (PLA) joint information warfare capabilities.

Pukhraj Singh, Director of the Centre for Epistemic Security, wrote for the Australian Strategic Policy Institute (ASPI): “The military cyber elements seem to have been extricated from the stovepipes of the theater commands and are ready to produce strategic effects extending beyond the Indo-Pacific. And the integration isn’t just militaristic but also political: the PLA is the Chinese Communist Party’s (CCP) army. Strategic cyber operations are directly sanctioned by the Central Military Commission, and ultimately authorized by Xi.”Singh further posited: “The intelligence that has trickled through from the Five Eyespoints to interesting doctrinal and strategic developments in…

Source…

Russian State-Backed ‘Infamous Chisel’ Android Malware Targets Ukrainian Military

September 1, 2023/in Mobile Security

Cybersecurity and intelligence agencies from Australia, Canada, New Zealand, the U.K., and the U.S. on Thursday disclosed details of a mobile malware strain targeting Android devices used by the Ukrainian military.

The malicious software, dubbed Infamous Chisel and attributed to a Russian state-sponsored actor called Sandworm, has capabilities to “enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information.”

Some aspects of the malware were uncovered by the Security Service of Ukraine (SBU) earlier in August, highlighting unsuccessful attempts on part of adversaries to penetrate Ukrainian military networks and gather valuable intelligence.

Sandworm, also known by the names FROZENBARENTS, Iron Viking, Seashell Blizzard, and Voodoo Bear, refers to the Russian Main Intelligence Directorate’s (GRU) Main Centre for Special Technologies (GTsST).

Active since at least 2014, the hacking crew is best known for its string of disruptive and destructive cyber campaigns using malware such as Industroyer, BlackEnergy, and NotPetya.

In July 2023, Google-owned Mandiant said that the malicious cyber operations of GRU adhere to a playbook that offers tactical and strategic benefits, enabling the threat actors to adapt swiftly to a “fast-paced and highly contested operating environment” and at the same time maximize the speed, scale, and intensity without getting detected.

Infamous Chisel is described as a collection of multiple components that’s designed with the intent to enable remote access and exfiltrate information from Android phones.

Besides scanning the devices for information and files matching a predefined set of file extensions, the malware also contains functionality to periodically scan the local network and offer SSH access.

“Infamous Chisel also provides remote access by configuring and executing TOR with a hidden service which forwards to a modified Dropbear binary providing a SSH connection,” the Five Eyes (FVEY) intelligence alliance said.

A brief description of each of the modules is as follows –

netd – Collate and exfiltrate information from the compromised device at set intervals, including from app-specific…

Source…

Iran: State-Backed Hacking of Activists, Journalists, Politicians

December 5, 2022/in Computer Security

(Beirut) – Hackers backed by the Iranian government have targeted two Human Rights Watch staff members and at least 18 other high-profile activists, journalists, researchers, academics, diplomats, and politicians working on Middle East issues in an ongoing social engineering and credential phishing campaign, Human Rights Watch said today.

An investigation by Human Rights Watch attributed the phishing attack to an entity affiliated with the Iranian government known as APT42 and sometimes referred to as Charming Kitten. The technical analysis conducted jointly by Human Rights Watch and Amnesty International’s Security Lab identified 18 additional victims who have been targeted as part of the same campaign. The email and other sensitive data of at least three of them had been compromised: a correspondent for a major US newspaper, a women’s rights defender based in the Gulf region, and Nicholas Noe, an advocacy consultant for Refugees International based in Lebanon.

“Iran’s state-backed hackers are aggressively using sophisticated social engineering and credential harvesting tactics to access sensitive information and contacts held by Middle East-focused researchers and civil society groups,” said Abir Ghattas, information security director at Human Rights Watch. “This significantly increases the risks that journalists and human rights defenders face in Iran and elsewhere in the region.”

For the three people whose accounts were known to be compromised, the attackers gained access to their emails, cloud storage drives, calendars, and contacts and also performed a Google Takeout, using a service that exports data from the core and additional services of a Google account.

Various security companies have reported on phishing campaigns by APT42 targeting Middle East-focused researchers, civil society groups, and dissidents. Most of them identify APT42 based on targeting patterns and technical evidence. Organizations such as Google and the cybersecurity companies Recorded Future, Proofpoint, and Mandiant have linked APT 42 to Iranian authorities. Identifying and naming a threat actor helps researchers to identify, track, and link hostile cyber…

Source…

Tag Archive for: StateBacked

(Photo : Justin Sullivan/Getty Images)SAN FRANCISCO, CALIFORNIA – NOVEMBER 06: Microsoft CEO Satya Nadella speaks during the OpenAI DevDay event on November 06, 2023 in San Francisco, California. OpenAI CEO Sam Altman delivered the keynote address at the first ever Open AI DevDay conference.

(Photo : Justin Sullivan/Getty Images)
SAN FRANCISCO, CALIFORNIA – NOVEMBER 06: Microsoft CEO Satya Nadella speaks during the OpenAI DevDay event on November 06, 2023 in San Francisco, California. OpenAI CEO Sam Altman delivered the keynote address at the first ever Open AI DevDay conference.