SMALL WARS COUNCIL
Go Back   Small Wars Council > Small Wars Participants & Stakeholders > Media, Information & Cyber Warriors

Media, Information & Cyber Warriors Getting the story, dealing with those who do, and operating in the information & cyber domains. Not the news itself, that's here.

Reply
 
Thread Tools Display Modes
Old 05-16-2017   #41
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

Massive cryptocurrency botnet used leaked NSA exploits weeks before WCry
https://arstechnica.com/?post_type=post&p=1098281#

The three bitcoin wallets tied to #WannaCry ransomware have received 216 payments totaling 34.6200695 BTC ($58,821.36 USD).

Last edited by OUTLAW 09; 05-16-2017 at 07:33 AM.
OUTLAW 09 is offline   Reply With Quote
Old 05-16-2017   #42
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

@DAlperovitch on lessons learned from the #WannaCry cyberattacks:
http://www.atlanticcouncil.org/blogs...ave-your-data#
OUTLAW 09 is offline   Reply With Quote
Old 05-17-2017   #43
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

Hackers mint crypto-currency with technique in global 'ransomware' attack
http://reut.rs/2pTagMh
#
OUTLAW 09 is offline   Reply With Quote
Old 05-17-2017   #44
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

The Electronic signature technology provider DocuSign suffered a data breach
Hackers broke into the system of the technology provider DocuSign and accessed customers email. The experts warn of possible spear phishing attacks. The#Electronic signature technology provider DocuSign suffered a data breach, hackers have stolen emails.



Shadow Brokers are back after WannaCry case, it plans to offer data dump on monthly subscription model

Shadow Brokers made the headlines once again, the notorious group plans to offer data dump on a monthly subscription model. The notorious Shadow Brokers hacking group made the headlines during the weekend#when systems worldwide were compromised by the WannaCry#ransomware..which they had released as part of their NSA data dump.....
OUTLAW 09 is offline   Reply With Quote
Old 05-17-2017   #45
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

Some machines can’t be infected by WannaCry because they have been already infected by Adylkuzz

Security experts at ProofPoint security discovered that many machines can't be infected by WannaCry because they have been already infected by Adylkuzz.
OUTLAW 09 is offline   Reply With Quote
Old 05-17-2017   #46
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

APT32, a new APT group alleged linked to the Vietnamese Government is targeting foreign corporations

APT32 is a new APT group discovered by security experts at FireEye that#is targeting#Vietnamese interests around the globe. The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a#state-sponsored hacking and cybercrime group........
OUTLAW 09 is offline   Reply With Quote
Old 05-17-2017   #47
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

WikiLeaks Reveals two distinct malware platforms codenamed AfterMidnight and Assassin used by the CIA operators to target Windows systems.

While critical infrastructure worldwide and private organizations were ridiculed by the#WannaCry attack,#WikiLeaks released a new batch of CIA documents from the#Vault 7 leaks.

The new dump included the documentation related to#two CIA frameworks used to create custom malware for Microsoft Windows platform.
The two frameworks are codenamed#AfterMidnight#and#Assassin, both malware implements classic backdoor features that allowed the CIA to take control over the targeted systems.
OUTLAW 09 is offline   Reply With Quote
Old 05-18-2017   #48
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

EU fines Facebook 110 million euros over misleading WhatsApp data
http://reut.rs/2pWdMWj
#
OUTLAW 09 is offline   Reply With Quote
Old 05-18-2017   #49
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

When ransomware guys provide better customer support than most companies #WannaCry
Attached Images
File Type: jpg tweet.jpg (63.7 KB, 12 views)
OUTLAW 09 is offline   Reply With Quote
Old 05-19-2017   #50
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

French security researchers say they have found a method to decrypt Windows files locked by WannaCry ransomware.
OUTLAW 09 is offline   Reply With Quote
Old 05-20-2017   #51
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

UIWIX, the Fileless Ransomware that leverages NSA EternalBlue Exploit to spread

experts discovered a new ransomware family, dubbed UIWIX, that uses the NSA-linked EternalBlue exploit for distribution The effects of the militarization of the cyberspace are dangerous and unpredictable. A malicious code developed by a government...


WikiLeaks revealed CIA Athena Spyware, the malware that targets all Windows versions

Wikileaks released the documentation for the Athena Spyware, a malware that could infect and remote control almost any Windows machine. Last Friday, Wikileaks released#the#documentation for AfterMidnight and Assassin malware platforms
Attached Images
File Type: jpg chart1.jpg (15.0 KB, 8 views)
OUTLAW 09 is offline   Reply With Quote
Old 05-20-2017   #52
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

HTTPs Phishing sites are increasing, it is the reaction to browser improvements

The number HTTPs Phishing sites continues to increase, it is the response of phishers to the improvements implemented by Browser-makers. If you believe that the HTTPs could protect you from phishing attacks you are wrong, in 2014#TrendMicro warned of the increase#in this ability.....
Attached Images
File Type: jpg chart3.jpg (20.7 KB, 8 views)
OUTLAW 09 is offline   Reply With Quote
Old 05-20-2017   #53
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

CISCO start assessing its products against the WannaCry Vulnerability

The tech giant Cisco announced an investigating on the potential impact of WannaCry malware on its products. Recent massive WannaCry#ransomware attack highlighted the importance of patch management for any organization and Internet users.
OUTLAW 09 is offline   Reply With Quote
Old 05-20-2017   #54
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

Microsoft Patch Tuesday updates for May 2017 fix Zero Days exploited by Russian APT groups

Microsoft Patch Tuesday for May 2017 address tens security vulnerabilities, including a number of zero-day flaws exploited by Russian APT groups. Microsoft Patch Tuesday updates for May 2017 fix more than 50 security flaws, including a number of zero-day...
OUTLAW 09 is offline   Reply With Quote
Old 05-21-2017   #55
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

Exclusive: North Korea's Unit 180, the cyber warfare cell that worries the West
http://www.reuters.com/article/us-cy...idUSKCN18H020#
OUTLAW 09 is offline   Reply With Quote
Old 05-21-2017   #56
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

Buckle-up for another cyber ride
https://www.wired.com/2017/03/wikile...a-hacks-dump/#

Another datadump of CIA hacked tools...by the Russian intel org Wikileaks...
OUTLAW 09 is offline   Reply With Quote
Old 05-21-2017   #57
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

Security experts at threat intelligence firm Record Future have found a clear link between APT3 cyber threat group and China’s Ministry of State Security.

Quote:
The curtain has been pulled back a little on the Chinese Intelligence Agency intelligence gathering structure — and it includes private security contractors and the network vendor supply chain.

In 2010, security vendor FireEye identified the Pirpi Remote Access Trojan (RAT) which exploited a then 0-day vulnerability in Internet Explorer versions 6, 7 and 8. FireEye named the threat group APT3 which has also been described as TG-0100, Buckeye, Gothic Panda, and UPS and described them as “one of the most sophisticated threat groups” being tracked at the time.

Since then, APT3 has been actively penetrating corporations and governments in the US, UK and most recently Hong Kong — and everyone has been trying to figure out who they are. APT3 functions very differently than 3LA, the former Chinese military hacking organization leading to the assumption that APT3 is not part of the military complex. At least not officially.

On May 9th, 2017, an unknown party using the alias ‘intrusiontruth’ published a series of blogs posts describing connections between the Pirpi RAT command and control components and shareholders of the Chinese security contractor Guangzhou Boyu Information Technology Company, aka Boyusec.

“On May 9, a mysterious group calling itself “intrusiontruth” identified a contractor for the Chinese Ministry of State Security (MSS) as the group behind the APT3 cyber intrusions.” states the analysis published by Recorder Future.

The names of two specific shareholders of Boyusec appear in the domain registration for the Pirpi C&C servers.##This is particularly interesting because Boyusec supports the Chinese Ministry of State Security (MSS) by collecting civilian human intelligence. Think of them as an outsourcer for a government agency like the United States’ National Security Agency (NSA).

Also interesting is that in 2016 a Pentagon report described the relationship between Boyusec and network equipment manufacturer, Huawei. According to the report, the two companies were colluding to develop security equipment with embedded backdoors which would likely be used by Boyusec to compromise Huawei customers.

“In November 2016, the Washington Free Beacon reported that a Pentagon internal intelligence report had exposed a product that Boyusec and Huawei were jointly producing.” continues the analysis.”According to the Pentagon’s report, the two companies were working together to produce security products, likely containing a backdoor, that would allow Chinese intelligence “to capture data and control computer and telecommunications equipment.” The article quotes government officials and analysts stating that Boyusec and the MSS are “closely connected,” and that Boyusec appears to be a cover company for the MSS.”

To protect our networks, it is important to assess the threats. An important part of threat assessment is to anticipate the motivation of the attackers. APT3 has demonstrated above average skills and has been active for a long time. Add ties to the network vendor supply chain and you have the makings of a dangerous adversary. As part of the Chinese MSS structure you can start to guess at motivation. With this new information, it is a good time to reassess your threat model.
Attached Images
File Type: jpg china.jpg (82.6 KB, 5 views)
OUTLAW 09 is offline   Reply With Quote
Old 05-21-2017   #58
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

Europol supported the Slovak NAKA crime unit in an operation that resulted in the seizure of the Bloomsfield darknet marketplace.

Another success of the European#police, last week#Europol supported the Slovak NAKA crime unit in the arrest of a Slovak national believed to operate the Bloomsfield#darknet marketplace dealing in drugs and arms.

“Bloomsfield started its marketplace around two years ago, but remained throughout its shelf life a rather small market with few listings and users.” reported website darkweb.world.

The police took into custody the suspect and several of his premises have been searched.

“Europol has supported the Slovak authorities in their investigation into a Slovak national who had been trading firearms, ammunition, and drugs on the Darknet.” reads the statement published by the Europol.

“In one of the locations searched, Slovak authorities discovered and seized five firearms and approximately 600 rounds of ammunition of different calibers. The investigators also found a sophisticated indoor cannabis plantation, 58 cannabis plants and a Bitcoin wallet containing bitcoins worth EUR 203 000, which is thought to have been obtained from illegal online activities.”

The law enforcement has seized the server running the darknet marketplace, experts are analyzing it searching for evidence and other information useful for the investigation.

“The server used by the suspect to host the Darknet marketplace was also seized during the raids and is currently being forensically analysed. Slovak authorities and Europol have extended the investigation into the users and vendors who utilised the marketplace.” states Europol

Bloomsfield was launched around two years ago but is considered a very small market with few listings and users.#It started as the vendor shop of the vendor ‘Biocanna‘ and later other vendors have#joined the darknet market.
Biocanna has shared a portion of a conversation on Twitter concerning the ‘owner of the failing Bloomsfield market.’

Best I've ever seen pic.twitter.com/yKxkNvQ43G
— C (@2ctfm) May 4, 2017

It the above#claims are correct the Europol will have no difficulties to track the other operators of the black market.

“Europol supported Slovakia throughout the entire investigation by providing its analytical and financial intelligence capabilities.” reads the Europol’s announcement. “Also, across-check performed during the house searches generated a hit on Europol’s databases which helped investigators identify a

Darknet vendor living in another EU country. The individual was suspected of supplying one of the firearms found during the house searches in Bratislava.”
Darknet marker places are important facilitators of criminal activities, the monitoring of this ecosystem is crucial for law enforcement.
Attached Images
File Type: jpg photo1.jpg (77.2 KB, 5 views)
OUTLAW 09 is offline   Reply With Quote
Old 05-21-2017   #59
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

The Stegano exploit kit, also known as Astrum, continues to evolve, recently its authors adopted the Diffie-Hellman algorithm to hinder analysis.

The Stegano exploit kit made was associated in the past with a massive AdGholas malvertising campaign that delivered malware, mostly Gozi and RAMNIT trojans. Experts at TrendMicro also observed the exploit kit in the Seamless malvertising campaign.

“Astrum’s recent activities feature several upgrades and show how it’s starting to move away from the more established malware mentioned above.
It appears these changes were done to lay the groundwork for future campaigns, and possibly to broaden its use.

With a modus operandi that deters analysis and forensics by#abusing the Diffie-Hellman key exchange, it appears Astrum is throwing down the gauntlet.” reads the analysis published by Trend Micro.

In March, the French research Kafeine#reported the Stegano EK exploiting the information disclosure vulnerability tracked as CVE-2017-0022. Hackers exploited the#flaw#to evade antivirus detection and analysis.

A month later, the Stegano exploit kit was updated to#prevent security researchers from replaying the malicious network traffic.

“We found that this anti-replay feature was designed to abuse the Diffie-Hellman key exchange—a widely used algorithm for encrypting and securing network protocols. Angler was first observed doing this back in 2015.” continues the analysis.

“Implementing the Diffie-Hellman key exchange prevents malware analysts and security researchers from getting a hold of the secret key Astrum uses to encrypt and decrypt their payloads. Consequently, obtaining the original payload by solely capturing its network traffic can be very difficult.”

According to the experts, the#Astrum/#Stegano exploit kit includes exploit codes for a number of vulnerabilities in Adobe Flash, including the CVE-2015-8651#RCE, the#CVE-2016-1019 RCE, and the out-of-bound read bug flaw tracked as#CVE-2016-4117.

Experts highlighted that#currently the Stegano#Exploit Kit isn’t used to deliver malware and associated traffic is very low, both circumstances suggest we can soon observe a spike in its activity.

“It wouldn’t be a surprise if [Astrum/Stegano’s] operators turn it into an exclusive tool of the trade—like Magnitude and Neutrino did—or go beyond leveraging security flaws in Adobe Flash. Emulating capabilities from its predecessors such as fileless infections that can fingerprint its targets and deliver encrypted payloads shouldn’t be far off,” concluded Trend Micro.
Attached Images
File Type: jpg photo3.jpg (19.1 KB, 5 views)
OUTLAW 09 is offline   Reply With Quote
Old 05-21-2017   #60
OUTLAW 09
Council Member
 
Join Date: Nov 2013
Posts: 35,747
Default

Hacking #IoT Devices: The Alarming Internet of Things #CyberSecurity MT @ipfconline1
OUTLAW 09 is offline   Reply With Quote
Reply

Bookmarks

Tags
cyber, malware, threats

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Russo-Ukraine War 2016 (April-June) davidbfpo Europe 1088 07-01-2016 08:44 PM
Leadership of Cyber Warriors: Enduring Principles and New Directions SWJ Blog Media, Information & Cyber Warriors 0 07-11-2011 02:41 PM
USAF Cyber Command (catch all) selil Media, Information & Cyber Warriors 150 03-15-2011 09:50 PM
Beijing’s Doctrine on the Conduct of “Irregular Forms of Warfare” Jedburgh Asia-Pacific 51 01-08-2011 06:42 PM
Question 5: Cyber space (oh you know I had to ask at least one of these) selil TRADOC Senior Leaders Conference 7 08-14-2009 03:27 PM


All times are GMT. The time now is 11:06 PM.


Powered by vBulletin® Version 3.8.9. ©2000 - 2017, Jelsoft Enterprises Ltd.
Registered Users are solely responsible for their messages.
Operated by, and site design © 2005-2009, Small Wars Foundation