North Korea is stepping up its cyber capabilities to target international aerospace and defence industries through a shadowy and sophisticated hackers group called Reaper, a new report revealed on Tuesday.
The group, also known as APT37, was identified in research by American private security company FireEye, which tracks cyber-attackers around the world.
They reported that it is using malware to infiltrate computer networks and now represents “an advanced persistent threat” that has dramatically increased the reach of North Korea’s already formidable cyber operations
The indictment of 13 Russians charged with attempting to manipulate American voters using social media shines a fascinating light on a sophisticated, relentless operation to exploit the internet for political gain. Here’s how US investigators say the Russians did it.
It was 2014, and in a building in St Petersburg, the Russian Internet Research Agency (IRA) was already hard at work building its arsenal to take on US politics.
According to US prosecutors, the IRA had gathered stolen identities of real Americans, and a formidable encyclopaedia of what “works” on social media when it comes to riling up Americans talking about politics. Two members of the agency were said to have travelled to the US to gather more intelligence, a fact-finding tour taking in nine states, according to investigators.
WASHINGTON (AP) — Russian cyberspies pursuing the secrets of military drones and other sensitive U.S. defense technology tricked key contract workers into exposing their email to theft, an Associated Press investigation has found.
What ultimately may have been stolen is uncertain, but the hackers clearly exploited a national vulnerability in cybersecurity: poorly protected email and barely any direct notification to victims.
The hackers known as Fancy Bear, who also intruded in the U.S. election, went after at least 87 people working on militarized drones, missiles, rockets, stealth fighter jets, cloud-computing platforms or other sensitive activities, the AP found.
Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company.
The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others.
The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.
Dutch intelligence services had eyes and ears for years on the Russian outfit that hacked the Democratic National Committee, even infiltrating a surveillance camera at the Cozy Bear headquarters and recording hackers’ faces, Dutch media reported.
That trove of intelligence gathered by the Netherlands since 2014 has been crucial to the U.S. investigation into the Russian campaign influence operation, the reports from Nieuwsuur and Volkskrant said.
US, British and other nuclear weapons systems are increasingly vulnerable to cyber attacks, according to a new study by the international relations thinktank Chatham House.
The threat has received scant attention so far from those involved in nuclear military planning and the procurement of weapons, the report said.
It blames this partly on failure to keep up with fast-moving advances, lack of skilled staff and the slowness of institutional change.
“Nuclear weapons systems were developed before the advancement of computer technology and little consideration was given to potential cyber vulnerabilities. As a result, current nuclear strategy often overlooks the widespread use of digital technology in nuclear systems,” the authors of the study said.
At the fortified border between South and North Korea, students on a computer hacking course are instructed to peer northwards across a strip of empty land toward the enemy state.
“Our country is divided and we are at war, but you can’t see that division in cyberspace,” said Kim Jin-seok. “So we take them to see it in person.”
Kim manages a program called Best of the Best, the goal of which is to train the next generation of so-called white-hat hackers, netizens with elite cybersecurity skills who are able and willing to defend South Korea against malicious hacking attacks, many of which are believed to come from North Korea.
The US has blamed North Korea for the rampant WannaCry ransomware that infected more than 200,000 victims in around 150 countries.
Businesses, schools and hospitals including the NHS were brought to their knees by the malicious software after it spread in May.
Tom Bossert, President Donald Trump’s security adviser said that the rogue Asian state was “directly responsible” for the malware that spread “indiscriminately”. He said that officials had investigated the matter and had evidence to suggest the attack came from North Korea.
The digital attack that brought Estonia to a standstill 10 years ago was the first shot in a cyberwar that has been raging between Moscow and the west ever since
It began at exactly 10pm on 26 April, 2007, when a Russian-speaking mob began rioting in the streets of Tallinn, the capital city of Estonia, killing one person and wounding dozens of others. That incident resonates powerfully in some of the recent conflicts in the US. In 2007, the Estonian government had announced that a bronze statue of a heroic second world war Soviet soldier was to be removed from a central city square. For ethnic Estonians, the statue had less to do with the war than with the Soviet occupation that followed it, which lasted until independence in 1991. For the country’s Russian-speaking minority – 25% of Estonia’s 1.3 million people – the removal of the memorial was another sign of ethnic discrimination. Russia’s government warned that the statue’s removal would be “disastrous” for Estonia.
That evening, Jaan Priisalu – a former risk manager for Estonia’s largest bank, Hansabank, who was working closely with the government on its cybersecurity infrastructure – was at home in Tallinn with his girlfriend when his phone rang. On the line was Hillar Aarelaid, the chief of Estonia’s cybercrime police.
The Department of Homeland Security and FBI issued rare public alert warning owners of U.S. critical infrastructure to battle an ongoing campaign of cyber attacks against their information and control networks.
Energy and industrial firms were notified Friday and again Saturday that sophisticated hackers are attempting to penetrate industrial control systems used by the electrical and nuclear power industry, as well as water, aviation, and manufacturing sectors.
“DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector,” the notice said.
In 2015, Israeli government hackers saw something suspicious in the computers of a Moscow-based cybersecurity firm: hacking tools that could only have come from the National Security Agency.
Israel notified the NSA, where alarmed officials immediately began a hunt for the breach, according to people familiar with the matter, who said an investigation by the agency revealed that the tools were in the possession of the Russian government.
Nuclear plants and other energy providers have been put on high alert after Homeland Security revealed hackers had attempted to break into their computer system.
Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kansas, was one of the hackers’ targets according to a joint report by Homeland Security and the FBI last week.
The report carried an urgent amber warning, the second-highest rating for such a threat.
Global terrorism and cryptoviral extortion may seem unrelated but they both rely on the feasibility of anonymous or encrypted cooperation between non-state actors. Ransomware is made possible not only by asymmetric encryption, which makes kidnapping files possible, but also by anonymous digital money like Bitcoin, which makes illicit payments practical. Terrorism needs secure messaging to reach out to “Lone Wolves.” In their own ways both ISIS and the Petya virus illustrate the weakness of the Westphalian State model by posing challenges that could formerly not be mounted by groups without territory.
The Communications Security Establishment, known as Canada’s electronic spy agency, is advising Ottawa on how to protect three general targets that could be attacked in an attempt to influence the 2019 federal election.
The BBC is reporting that British-lead international investigation into the origins of Wanna Cry has come to the same conclusions as the NSA and a number of private firms: North Korea was behind the attacks.
The Wanna Cry ransomware held hundreds of thousands of computers hostage in May by encrypting files until users paid for a decryption key.