European Government Air-Gapped Systems Breached Using Custom Malware
source: bleepingcomputer.com (contributed by FAN, Steve Page) | image: pexels.com
An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents.
According to an ESET report, this happened at least two times, one against the embassy of a South Asian country in Belarus in September 2019 and again in July 2021, and another against a European government organization between May 2022 and March 2024.
In May 2023, Kaspersky warned about GoldenJackal’s activities, noting that the threat actors focus on government and diplomatic entities for purposes of espionage.
Hacktivists trouble humanitarian organizations with nuisance attacks.
Content moderation during wartime.
Not content-moderation, but fact-checking.
Cyberespionage at the ICC.
Okta discloses a data breach.
Identity and access management company Okta has disclosed a data breach affecting some of the company’s customers. The company stated, “The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted. In addition, the Auth0/CIC case management system is not impacted by this incident.”
China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
source: thehackernews.com | image: pixabay.com
China’s Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei’s servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries.
In a message posted on WeChat, the government authority said U.S. intelligence agencies have “done everything possible” to conduct surveillance, secret theft, and intrusions on many countries around the world, including China, using a “powerful cyber attack arsenal.” Specifics about the alleged hacks were not shared.
It explicitly singled out the U.S. National Security Agency’s (NSA) Computer Network Operations (formerly the Office of Tailored Access Operations or TAO) as having “repeatedly carried out systematic and platform-based attacks” against the country to plunder its “important data resources.”
Officials found suspected Chinese malware hidden in various US military systems. Its intended use is disruption rather than surveillance, a ‘disturbing’ change in intent, experts say.
source: businessinsider.com | image: pexels.com
Suspected Chinese malware has been identified in several US military systems.
Unlike other surveillance malware from China, this malware seems intended to disrupt operations.
The malware could also have the ability to disrupt normal civilian life and businesses.
US officials found suspected Chinese malware across several military systems — and unlike previous attacks, experts say the intent is more likely to disrupt rather than to surveil, The New York Times reports.
The attacks first came into the public eye in May after Microsoft identified malicious code in telecommunications software in Guam, where the US houses the Andersen Air Force Base.
source: artoftheprank.com, contributed by Artemus FAN, Steve Jones | Image: Pixabay via pexels.com
An interesting footnote to the German occupation of France during WW II.
You might be aware that this year is the 100th anniversary of Citroën. Here’s a fascinating bit of wartime Citroën lore. It involves screwing with Nazis in a genuinely clever and subtle way that nevertheless had big repercussions.
So, when France was occupied by the Germans in 1940, major French factories like Citroën were forced to produce equipment for the Nazis. Citroën president Pierre-Jules Boulanger knew he couldn’t just refuse to produce anything, but he also knew there’s no way in hell he’s going to just roll over and build trucks for a bunch of filthy Nazis. Pierre had a plan.
John Reynold’s book Citroën 2CV describes Boulanger’s sabotage efforts. Of course, he instructed workers to set a nice, leisurely pace when building trucks (likely Citroën T45 trucks) for the Wehrmacht, but that’s fairly obvious. What was brilliant was Boulanger’s idea to move the little notch on the trucks’ oil dipsticks that indicated the proper level of oil down just a bit lower.
By moving the notch down, the trucks would not have enough oil, but German mechanics would have no idea, because the little notch on the dipstick says it’s just fine.
Then, after the truck has been used for a while and is out deployed somewhere crucial, whammo, the engine seizes up and you’ve got a lot of angry, stranded, vulnerable Nazis, balling up their little fists and madly barking curses in German.
It’s such a fantastic act of sabotage: it’s extremely cheap to implement, it’s subtle, there’s no way to see something amiss is happening as the trucks are being built and it delivers its blow away from the site of the sabotage and when it will cause the most inconvenience and trouble. That’s some mighty good sabotaging, Pierre. Happy 100th Anniversary, Citroën!
FBI investigation details former CIA operative’s efforts to help Qatar’s World Cup bid, influence US policy
source: wfin.com | image: pexels.com
An FBI investigation into alleged unlawful activity to help Qatar obtain World Cup 2022 hosting privileges may have extended further to help improve Qatar’s image in the U.S. and influence U.S. policy, according to an Associated Press report.
The initial investigation focused on former CIA officer Kevin Chalker’s work to help Qatar through alleged foreign lobbying, surveillance and exporting sensitive information to undermine the country’s rivals in bidding for the World Cup, according to individuals with knowledge of the investigation.
Chalker’s company Global Risk Advisors employed a number of methods, such as a Facebook “honeypot” trap, in which an attractive woman connected with a target, or someone posed as a photojournalist to keep tabs on one nation’s bid.
Scientists at America’s top nuclear lab were recruited by China to design missiles and drones, report says
source: nbcnews.com | image: pexels.com
“China is playing a game that we are not prepared for, and we need to really begin to mobilize,” said Greg Levesque, the lead author of the report by Strider Technologies.
By Ken Dilanian
At least 154 Chinese scientists who worked on government-sponsored research at the U.S.’s foremost national security laboratory over the last two decades have been recruited to do scientific work in China — some of which helped advance military technology that threatens American national security — according to a new private intelligence report obtained by NBC News.
The report, by Strider Technologies, describes what it calls a systemic effort by the government of China to place Chinese scientists at Los Alamos National Laboratory, where nuclear weapons were first developed.
Many of the scientists were later lured back to China to help make advances in such technologies as deep-earth-penetrating warheads, hypersonic missiles, quiet submarines and drones, according to the report.
How the arrest of a burned-out intelligence officer exposed an economic-espionage machine.
In January 2014, Arthur Gau, an aerospace engineer who was nearing retirement age, received an unexpected email from a long-lost acquaintance in China. Years before, Gau had made a series of trips from his home in Phoenix to speak at the Nanjing University of Aeronautics and Astronautics, or NUAA, one of China’s most prestigious research institutions. The original invitation had come from the head of a lab there studying helicopter design. Increasingly, however, Gau had heard from someone else, a man who worked at the university in a vague administrative capacity. Little Zha, as the man called himself, was the one who made sure Gau never had to pay his own airfare when he came to give talks. When Gau brought his mother on a 2003 visit, Zha arranged and paid for them to take a Yangtze cruise to see the river’s dramatically sculpted middle reaches before they were flooded by the Three Gorges Dam.
The relationship had ended awkwardly, though, when Zha offered Gau money to come back to China with information about specific aviation projects from his employer, the industrial and defense giant Honeywell International Inc. Gau ignored the request, and the invitations stopped.
Now, in 2014, Little Zha was reaching out again. The two started corresponding. In early 2016, Gau, whose interests extended far beyond avionics, said he’d planned a trip to China to visit some friends in the musical theater world. Zha was there that spring to meet him at the airport in Beijing. Waiting with him was a colleague Zha was eager for Gau to meet.
Xu Yanjun was on the tall side, at 5 feet 10 inches, with closely cropped hair, glasses, and a tendency toward bluntness. The three had dinner and met up again before Gau flew back to the US. Over pastries in Gau’s hotel room, they discussed Taiwanese politics—Gau grew up there—as well as the engineer’s evolving responsibilities at Honeywell. Late in the evening, Xu handed Gau $3,000 in cash. Gau would later testify that he tried to hand it back, but Xu was insistent. “And then, you know, back and forth, but I took it eventually.”The next year, Gau came back to China to give another lecture—this time a private one in a hotel room to several engineers and officials, including Xu. In preparation, Gau had emailed over PowerPoint slides containing technical information, including algorithms and other sensitive design data for the aircraft auxiliary power units Honeywell makes. “Because of the payment, I felt obligated,” he would later tell a judge.
Xu paid him $6,200 more, and two of his associates accompanied the visiting engineer on a two-day sightseeing trip to West Lake, famed for its picturesque gardens, islands, and temples. Gau was planning his next visit when, in the fall of 2018, agents from the FBI appeared at his home in Arizona to execute a search warrant. There would not be another trip. Xu, the agents explained, was not in Nanjing anymore. He wasn’t even in China. He was in Ohio, in a county jail awaiting trial.
Star American Professor Masterminded a Surveillance Machine for Chinese Big Tech
source: yahoo.com | image: pexels.com
A star University of Maryland (UMD) professor built a machine-learning software “useful for surveillance” as part of a six-figure research grant from Chinese tech giant Alibaba, raising concerns that an American public university directly contributed to China’s surveillance state.
Alibaba provided $125,000 in funding to a research team led by Dinesh Manocha, a professor of computer science at UMD College Park, to develop an urban surveillance software that can “classify the personality of each pedestrian and identify other biometric features,” according to research grant documents obtained via public records request.
“These capabilities will be used to predict the behavior of each pedestrian and are useful for surveillance,” the document read.
Alibaba’s surveillance products gained notoriety in 2020, when researchersfound that one of its products, Cloud Shield, could recognize and classify the faces of Uyghur people. Human rights group believe these high-tech surveillance tools play a major role in the ongoing Uyghur genocide in Xinjiang.
Microsoft claims to have disrupted a prolific Russian state-backed threat group known for conducting long-running cyber-espionage campaigns against mainly NATO countries.
In an update on August 15, the tech giant said it had disabled accounts used by the “Seaborgium” group for reconnaissance, phishing, and email collection, and updated detections against its phishing domains in Microsoft Defender SmartScreen.
Also known by threat researchers as Callisto Group, ColdRiver, TA446 and other monikers, Seaborgium is a “highly persistent threat actor” that focuses most of its time on the US and UK, and occasionally the countries of the Baltics, Nordics and Eastern Europe.
“Once successful, it slowly infiltrates targeted organizations’ social networks through constant impersonation, rapport building, and phishing to deepen their intrusion,” said Microsoft.