Espionage News, Articles and Updates

WikiLeaks: CIA impersonated Kaspersky Labs as cover for malware operations

WikiLeaks, under its new Vault 8 series of released documents, has rolled out what it says is the source code to a previously noted CIA tool, called Hive, that is used to help hide espionage actions when the Agency implants malware.

APT28's latest Word doc attack eliminates needing to enable macros

The threat group APT28/Fancy Bear is now using a little used technique available in Microsoft Office that enables the cyber-gang to execute arbitrary code through a Word document, but without requiring macros to be enabled.

Why we need to think twice before blaming North Korea for cyber-attacks

Ahead of today's UK attribution of WannaCry to North Korea, Bharat Mistry advises that the reclusive country's internet and computing infrastructure is not as locked-down as we might believe, thus open to outside interference.

NSA worker infected computer provided access to Equation Group surveillance code, Kaspersky says

After the consumer version of Kaspersky Lab's antivirus software picked up the source code for surveillance tools used by the Equation Group, the NSA''s elite hacking arm, the file was immediately deleted, according to Kaspersky.

BadRabbit 'NotPetya-style' attack hits Russian press & Ukraine targets

BadRabbit ransomware has hit at least three Russian media companies including Russian business newswire Interfax which became unable to deliver some of its news services, and Ukrainian infrastructure has also been hit.

Cyber-Sec pros targeted: NATO cyber-conflict event in cyber-conflict

In a stroke of ironical genius, Russian hackers have targeted security conference attendees with a targeted phishing campaign.

Understanding the human element behind cyber-attacks: indicators of attack

Joep Gommers explains why focusing on the actor will help businesses to protect themselves from a potential cyber-attack, hence the need to understand indicators of attack, in addition to indicators of compromise.

Contractor's only IT technician steals 30GB of Australian defence secrets

30GB of data stolen from a small Australian military defence contractor which included technical information on jet fighters, transport aircraft, 'smart bomb kits.' Culprit, the lone IT technician.

War plans including assassination plan stolen by North Korean hackers

North Korean hackers have stolen the joint South Korean-US plans for war with the north, including plans to assassinate North Korean leader Kim Jung Un according to an FT report quoting South Korea's Democratic party.

Malicious websites targeting Israeli institutions- TwoFace webshell link

A webshell used to harvest credentials from an unnamed Middle Eastern organisation appears to be targeting Israeli institutions and may possibly be linked to the Iranian APT group OilRig.

Election systems in 21 US states hit by Russian hackers says government

21 states were told by the US Department of Homeland Security Friday that their election systems had been the targets of hackers representing the Russian government.

FireEye ties APT33 to Iran and attacks on US, Saudi Arabian interests

FireEye has laid out evidence that it believes connects the hacking of several US, Saudi Arabian and South Korean aerospace and petrochemical facilities to an Iranian cyber-group it has labeled APT33.

Report: Without safeguards, Internet & IoT may create surveillance states

A catastrophic worldwide cyber-attack, the emergence of an IoT-enabled surveillance state, and the weakening of encryption were among the chief security and privacy fears expressed by experts.

US bans use of Kaspersky Labs software on government systems

Acting on concerns that Russian company Kaspersky Lab has connections to cyber-espionage activities, the US government has banned the use of Kaspersky Lab security software.

Controls attacks up 110%; Dragonfly APT group targetting power facilities

An APT group fixated on infiltrating energy facilities in North America and Europe has turned up the juice lately on its operations; IBM says attacks targeting industrial controls systems increased 110 percent in 2016

US Senator pushes for US government wide ban on Kaspersky software

US Senator Jeanne Shaheen (D-N.H.) is pushing for a US federal government-wide ban of security software developed by Kaspersky Lab.

Key-logging malware, dubbed EHDevel, found intelligence gathering

Security researchers have found a sophisticated malware framework, EHDevel, which started with more vulnerable individuals in bid to reach ultimate objective, targeting several Pakistani individuals.

Malicious replacement touchscreens could completely compromise phones

Mobile users who substitute their damaged phone touchscreens or other hardware components with third-party replacements could be infecting their phones with malicious components.

GPS spoofing could have caused warship crash - US navy investigating

Itay Glick: "The ship could have fallen victim to a GPS spoof or malware. Both USS McCain and USS Fitzgerald were part of the 7th Fleet;... there may be a connection. I don't believe in coincidence."

Brute force attack on Scottish Parliament's email system

Yesterday members of the Scottish Parliament in Holyrood were notified that hackers were trying to crack their email passwords and they were advised to update their passwords.

£17 million fines for CNI companies under proposed EU SNIS plans

Under an (NIS) directive being adopted by the UK, CNI providers will face fines of £17 million or up to four percent of annual turnover if they fail to protect critical infrastructure from loss of services due to cyber-attacks.

APT32 targets private sector organisations with an interest in Vietnam

A cyber-espionage group dubbed APT32 is carrying out intrusions into private sector companies across multiple industries.

Huge hacking operation uncovered targeting victims' supply chain

Advanced Persistent Threat group linked to China said to be attacking companies by targeting their suppliers - scale of operation said to be unprecedented.

Canada and Nato attempt to define threshold for cyber-attack response

Amidst a Russian war of intelligence and influence, the Canadian military considers what defines a cyber-attack under the Nato agreement and when it should call in help of other countries.

Facing up to reality: why nation state hacking isn't going away

While states are likely to support the idea of a Geneva Convention for cyber-warfare and espionage, it is not likely to be observed when its so difficult to verify attribution.

State-sponsored hackers turn to Android malware to spy on Israeli soldiers

ViperRat discovered by researchers, designed to exfiltrate data from Israeli Defence Force via Android phones using honey traps.

Watch out, industrial spies and saboteurs about, targeting your firm

A recent court case demonstrates that with the ease of access to cyber-weapons, it's not just the big guys who need to worry about cyber espionage and sabotage, writes Chris Allen.

Shamoon returns to wipe out Saudi virtual desktops

Malware that wiped data from 30,000 Saudi desktops re-emerges to kill VMs

German spy chief claims Russian hackers will disrupt election

The president of Germany's Federal Intelligence Service said he expects Russian cyberattacks to interfere with upcoming electoral processes across Europe, but particularly in Germany.

Can you hear me now? Malware turns headphones into mics for eavesdropping

Headphones plugged into a computer's audio output jack can be converted into a microphone that secretly records nearby conversations by modifying the device's software via malware, according to a new research report.