Meta spots largest influence network to date

source: axios.com  |  image: pixabay.com

 

Meta said it’s taken down what it believes is the biggest online influence operation of all time.

Why it matters: The wide-reaching, pro-Chinese operation targeted social media users in Taiwan, alongside users in a handful of the island’s allies like the U.S., the U.K. and Japan, as anxieties over a possible Chinese invasion of Taiwan grow.

Details: Meta estimated in its second-quarter threat report, released today, that the China-linked campaign involved 7,704 accounts, 954 pages, 15 groups on Facebook and 15 accounts on Instagram.

  • Researchers uncovered evidence of the campaign on more than 50 online platforms, including YouTube, TikTok, Reddit, Pinterest and X, formerly known as Twitter.
  • The campaign mostly spread pro-China messages, amplified criticisms of U.S. and other Western policies, and targeted journalists, human rights activists and other critics of the Chinese government.

What they’re saying: “This is one of the single-biggest takedowns of coordinated inauthentic behavior that we’ve ever run into,” Ben Nimmo, global threat intelligence lead at Meta, told reporters.

Yes, but: Campaign operators struggled to garner significant, authentic engagement or reach, much like most recent pro-Chinese influence campaigns.

Catch up quick: Meta believes the latest campaign is an extension of an ongoing effort known as “Spamouflage” that emerged in 2019.

The intrigue: Campaign operators started their scheme by posting content directly to Facebook and Instagram, but automated systems were quick to detect the posts, according to the report.

  • This prompted campaign operators to start posting on smaller platforms and later amplify those posts on Meta’s social media sites.

What’s next: Meta researchers expect the threat actors behind the campaign to rebuild and keep trying, despite consistently struggling to reach real people, Nimmo said.

A New Attack Reveals Everything You Type With 95 Percent Accuracy

 

source: wired.com (contributed by Artemus Founder, Bob Wallace)  |  image: pixabay.com

A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.

When Zoom was used for training the sound classification algorithm, the prediction accuracy dropped to 93%, which is still dangerously high, and a record for that medium.

Such an attack severely affects the target’s data security, as it could leak people’s passwords, discussions, messages, or other sensitive information to malicious third parties.

Continue reading “A New Attack Reveals Everything You Type With 95 Percent Accuracy”

Ransomware Attacks are on the Rise

source:  threatpost.com  |  image: pixabay.com

 

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

After a recent dip, ransomware attacks are back on the rise. According to data released by NCC Group, the resurgence is being led by old ransomware-as-a-service (RaaS) groups.

With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks. That’s ten more than the month prior, and more than twice as many as the second and third most prolific groups combined. “Lockbit 3.0 maintain their foothold as the most threatening ransomware group,” the authors wrote, “and one with which all organizations should aim to be aware of.”

Continue reading “Ransomware Attacks are on the Rise”

Officials found suspected Chinese malware hidden in various US military systems. Its intended use is disruption rather than surveillance, a ‘disturbing’ change in intent, experts say.

 

source: businessinsider.com  |  image: pexels.com

 

  • Suspected Chinese malware has been identified in several US military systems. 
  • Unlike other surveillance malware from China, this malware seems intended to disrupt operations.
  • The malware could also have the ability to disrupt normal civilian life and businesses.

US officials found suspected Chinese malware across several military systems — and unlike previous attacks, experts say the intent is more likely to disrupt rather than to surveil, The New York Times reports.

The attacks first came into the public eye in May after Microsoft identified malicious code in telecommunications software in Guam, where the US houses the Andersen Air Force Base.

Continue reading “Officials found suspected Chinese malware hidden…”

New report details China’s presence in U.S. systems

 

source: axios.com (contributed by FAN, Bill Amshey)  |  image: pexels.com

 

U.S. officials are reportedly concerned about the possibility that China-backed hackers have snuck malware onto networks underpinning military and critical infrastructure operations.

Driving the news: That’s according to a New York Times report that ran Saturday, which raises the question of whether China is already laying the groundwork for a potential Taiwan invasion.

Why it matters: U.S. officials and cybersecurity experts have long anticipated that cyber warfare would play a major role in a potential Chinese invasion of Taiwan.

  • In that scenario, experts anticipate that China would use a destructive cyberattack to disrupt communications between the U.S. and Asian countries.

The big picture: In recent years, China state-backed hackers have become stealthier and more difficult to detect on networks — targeting internet-facing security tools to evade traditional detection and stealing obscure encryption keys to hack government email accounts.

  • The Times’ report is the latest warning that China-backed hackers are getting savvier.

Details: The new concerns build on a Microsoft report released in May that identified a new piece of China-linked malware on telecommunications systems in Guam and elsewhere in the U.S.

  • Now, the Times reports the malware is more widespread and older than initially suggested. The White House has reportedly kicked off a series of Situation Room meetings and started briefing state officials and utility companies.

Yes, but: It’s unclear what the motive for the campaign might be. Countries spy on each other all the time, but a destructive cyberattack is much rarer and would have larger geopolitical consequences.

What they’re saying: “Without weighing in on the specific details of the NYT story, the topic is significant, but threats of this nature, which seek to compromise our critical infrastructure, are not new,” Marc Raimondi, a former national security official, told Axios.

  • “It’s something to be concerned about for sure, but it’s amongst many things that we should be concerned about regarding the [People’s Republic of China] and our other advanced adversaries in the cyber and critical infrastructure realm,” he added.

US power grid faces escalating cyber threats, infrastructure experts warn

source: govexec.com  |  image: pixabay.com

The power grid is experiencing heightened threats from foreign adversaries and domestic extremist groups that can pose devastating consequences for the nation’s supply of electricity, experts told a House subcommittee. 

 

Energy infrastructure experts testified that the U.S. power grid is facing a myriad of escalating cybersecurity risks and emerging threats from both foreign adversaries and domestic extremists amid an ongoing critical modernization journey.

The latest annual threat assessment out of the Intelligence Community identifies Chinese cyber operations against the U.S. homeland as a major national security threat and warns that Beijing is “almost certainly capable of launching cyber attacks that could disrupt critical infrastructure services” nationwide, including the power grid. 

Continue reading “US power grid faces escalating cyber threats, infrastructure experts warn”

Pro-China influence campaign infiltrates U.S. news websites

source: washington post, courtesy of FAN, Bill Amshey  |  image: pixabay.com

  • Haixun is a private company but has links to Chinese government actors, according to its own publicity and government media coverage of the firm. 
  • It’s not clear whether the content published on U.S. news websites is paid for by Chinese state actors. However, much of it is directly reproduced from Chinese state media reports or state-funded think tanks. 
The articles — which have appeared in financial news subdomains of at least 32 websites including the Arizona Republic and the Pittsburgh Post-Gazette — include Chinese state media stories and scathing critiques of U.S. policymakers, academics and others critical of Beijing. 

Continue reading “Pro-China influence campaign infiltrates U.S. news websites”

Russia-Linked RomCom Hackers Targeting NATO Summit Guests

source: securityweek.com  |  image: pixabay.com

 

A recent RomCom cyber operation has been targeting NATO Summit guests and other entities supporting Ukraine.

As part of a recently identified cyber operation, a Russia-linked threat actor known as RomCom has been targeting entities supporting Ukraine, including guests at the 2023 NATO Summit taking place July 11-12, the cybersecurity unit at BlackBerry reports.

Taking place in Vilnius, Lithuania, the NATO Summit has on the agenda talks focusing on the war in Ukraine, as well as new memberships in the organization, including Sweden and Ukraine itself.

Taking advantage of the event, RomCom has created malicious documents likely to be distributed to supporters of Ukraine, and appears to have dry-tested its delivery on June 22 and a few days before the command-and-control (C&C) domain used in the campaign went live,BlackBerry explains.

Continue reading “Russia-Linked RomCom Hackers Targeting NATO Summit Guests”

Hints of cyber’s role in Taiwan

source: axios.com, contributed by Artemus FAN, Bill Amshey  |  image: pixabay.com

 

he latest evidence of China-linked hackers infiltrating U.S. critical infrastructure is highlighting what role cyberattacks could end up playing in a possible invasion of Taiwan.

What’s happening: Earlier this week, researchers at Microsoft unveiled that a Chinese state-sponsored groupknown as Volt Typhoon has been targeting critical infrastructure organizations in the U.S. and Guam.

  • Affected organizations spanned a long list of sectors: communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education.
  • Volt Typhoon, which has been in operation since mid-2021, infiltrated these organizations by targeting internet-facing devices running Fortinet’s FortiGuard products, per Microsoft.
  • Once inside, the hackers can start “living off the land” and obtain access to a network by stealing user credentials and rerouting any suspicious traffic through home routers, Microsoft said.

Continue reading “Hints of cyber’s role in Taiwan”

Hackers Promise AI, Install Malware Instead

source: securityweek.com  |  image: pexels.com

 

Facebook parent Meta warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malware on devices.

Meta on Wednesday warned that hackers are using the promise of generative artificial intelligence like ChatGPT to trick people into installing malicious code on devices.

Over the course of the past month, security analysts with the social-media giant have found malicious software posing as ChatGPT or similar AI tools, chief information security officer Guy Rosen said in a briefing.

“The latest wave of malware campaigns have taken notice of generative AI technology that’s been capturing people’s imagination and everyone’s excitement,” Rosen said.

Continue reading “Hackers Promise AI, Install Malware Instead”