Tag Archives: cyberespionage

Panda Security

The US Malware Developer who Helped Russia Spy on Devices

Leave a comment

Latvian-born hacker Alexsey Belan, a Russian citizen, has been on the FBI’s list of most wanted cybercriminals for some time. His latest misdeed was the theft of 500 million Yahoo accounts in order to spy on Russian journalists and officials from both the US government and the Kremlin itself.

The Department of Justice of the United States has officially accused him of the crime. The department suspects that he have committed the crime in collaboration with another cybercriminal and with two spies from the Russian Federal Security Service. Antichat was one of the cybercrime forums which Belan frequented. It is also one of those used by the Russian spyware company OpenGSM to recruit cybercriminals and increase their sales.

According to a Forbes investigation, OpenGSM has resold a tool to spy iPhones and Android smartphones that was developed by an American. Killer Mobile, a company headed by Joshua Alner, created a surveillance software called Tracer that has made its way to Russian shores.

A dangerous deal between Americans and Russians

A researcher who preferred to remain anonymous found an OpenGSM document that redirects users to a website owned by Alner from which a spyware kit could be obtained as part of a 600 euro package.

He also found Killer Mobile malware for Android on an OpenGSM website, proof that the company bought the vendor’s surveillance tools. In fact, Alner could have pocketed between 150 and 500 thousand dollars for that sale.

Neither Alner nor OpenGSM, which sells its software to government agencies and consumers, have come forth to comment about their research. Killer Mobile, a company with only ten employees, offered its malware — which is legally defined as a “hidden listening device” — to about sixty resellers in at least ten countries, an activity requiring an export license .

The spy software that OpenGSM commercialized served to host spyware on the devices of almost 800 users in Russia, Kazakhstan and the European Union in 2015. Another tool that OpenGSM offered, which was not developed by Killer Mobile, appears to have had mobile users in the US in its crosshairs.

Tensions are on the rise between geopolitical actors, both big and small, in the cyber-sphere, and as such we are collectively entering a period of uncertainty about where we stand in terms of our own personal security on our devices. Wherever the threat may come from, be it a government agency or a malware entrepreneur, it’s always best to be protected by an advanced cybersecurity solution.

The post The US Malware Developer who Helped Russia Spy on Devices appeared first on Panda Security Mediacenter.

Panda Security

China-based ‘Cloud Hopper’ Campaign Targets MSPs and Cloud Services

Leave a comment

A new report by PwC UK and BAE Systems has revealed a sophisticated cyber campaign “of unprecedented size and scale” targeting managed IT service providers (MSPs). The campaign, dubbed Operation Cloud Hopper, was motivated by espionage and information gathering, as evidenced by the attackers’ choice of high value and low profile targets.

The authors of the report were able to conclude that Operation Cloud Hopper is almost certainly the work of a previously known group called APT10. The APT10 group is already well known in the world of cybersecurity, and it is a widely held view that it is based in China.

Using forensic analysis of operational times and IP zones, the authors of the report were able to conclude with a high level of certainty the identity of the group, their location in China, and the extent of the campaign. They were even able to sketch a portrait of their workday, including “a two hour lunch break”.

“Operating alone, none of us would have joined the dots to uncover this new campaign of indirect attacks,” Richard Horne, cyber security partner at PwC, recently told the BBC.

APT10 appears to be a well-staffed, highly organized operation with extensive logistical resources. According to the report, the group uses a variety of customized open-source software, original bespoke malware, and spear phishing techniques to infiltrate their targets’ systems.

Their strategy of choosing MSPs as a primary target has given them “unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally,” according to the report. “Given the level of client network access MSPs have, once APT10 has gained access to a MSP, it is likely to be relatively straightforward to exploit this and move laterally onto the networks of potentially thousands of other victims.”

Luis Corrons, technical director of PandaLabs, points out that carefully selecting targets, and customizing attacks accordingly, is more common every day. “Aside from the myriads of common cyberattacks businesses regularly have to deal with, nowadays we are witnessing huge increases in the amount of attacks in which cybercriminals are actually inside their victim’s network, adapting to his defenses and carrying out strikes with surgical precision as they target specific assets,” wrote Mr. Corrons in an email.

The Cloud Hopper campaign comes at a time when geopolitical tensions are increasingly crossing over into the realm of cyberespionage and cyberwarfare. Though the report does not openly suggest that there was any involvement on the part of the Chinese government, it does point out that the targeting of diplomatic and political organizations, as well as certain companies, “is closely aligned with strategic Chinese interests.”

 

Adaptive Defense Lets You Rest Easy

Fortunately, targeted attacks, even sophisticated ones perpetrated by highly professional groups like APT10, are pieces of cake for Panda’s Adaptive Defense. As it sees absolutely everything happening on all computers, it can stop these kinds of attacks proactively. Adaptive Defense can also provide forensic information about threats, by giving detailed and intelligent traceability for everything that happens on a company’s IT infrastructure — threat timeline, information flow, the behavior of active processes, etc.

Adaptive Defense 360 is the first cybersecurity managed service that combines next-generation protection (NG EPP) and detection and remediation technologies (EDR), with the ability to classify 100% of running processes. With this innovative technology, it is able to detect and block malware that other protection systems miss.

The post China-based ‘Cloud Hopper’ Campaign Targets MSPs and Cloud Services appeared first on Panda Security Mediacenter.

Panda Security

The Russian Government Uses Known Black Hat for Cyberespionage

Leave a comment

Evgeniy M. Bogachev is in his early thirties and lives a comfortable life among his collection of luxury cars in a small resort city on the shores of the Black Sea. He is the most-wanted cybercriminal in the world, and the FBI is offering 3 million dollars for his capture.

The US accuses Bogachev of having created a global botnet composed of infected computers with the attention of winnowing millions of dollars from bank accounts all over the world. According to reporting from The New York Times, the cybercriminal’s victims included everyone from private users to public organizations such as, for example, a pest control company in North Carolina or a police precinct in Massachusetts.

However, Bogachev is seemingly much more than your common cybercrook. The FBI suspects that although he probably got into the business for the same reason as most cybercriminals (money), his activities have grown more complex with time. In fact, he is also suspected of controlling more than a million computers around the world, with access to photographs, documents, and all kinds of confidential personal and corporate information. So what began as a way of draining bank accounts all over the world for huge financial gain has become a unique window of opportunity for Russian intelligence agencies to carry out wide-reaching espionage.

While Bogachev perpetrated his cyber-heists, the Russian authorities appear to have not only turned a blind eye, but also shown their appreciation of his work. Given the extent of Bogachev’s access to computers from all over the globe, the Russian agency allegedly obtained, among other things, information from military services with ties to the conflicts in Ukraine and Syria. According to the Times, they also appear to have accessed information from US intelligence agencies.

At the moment, the attacks carried out by Bogachev under pseudonyms like slavik, lucky12345 or pollingsoon are going unpunished. Russia has no extradition treaty with the United States, and Russian officials have stated that as long as Bogachev does not commit any crime in Russian territory, there would be no reason to stop him.

The logical conclusion of this stance toward international cybercrime is troubling. It implies that the sale of malware by Russian cybercriminals in the dark corners of the internet, or even the theft of money, could be given a pass by Russian agencies.

If confirmed, the situation would prove that black hats could be recruited as mercenaries in cyber-conflicts between the world’s major powers. In such a scenario, the victims (i.e., individuals and businesses) are mere pawns in a game of cyberwar. The loss of things that are of great value to you, such as your privacy, confidential data, even the money in your bank accounts, is seen as mere collateral damage caught up in the forces of conflict between rival nations. It is now more indispensable than ever to have the necessary security tools to protect yourself and guarantee the safety of your digital assets.

The post The Russian Government Uses Known Black Hat for Cyberespionage appeared first on Panda Security Mediacenter.

Security

New Hammertoss Espionage Tool Tied to MiniDuke Gang

Leave a comment

Hammertoss, a backdoor uncovered by researchers at FireEye, combines many previous communication venues used by APT29, a espionage outfit linked to the Russian government.

Security

Equation APT Group Attack Platform A Study in Stealth

Leave a comment

The EquationDrug cyberespionage platform is a complicated system that is used selectively against only certain target machines, one that can be extended via a collection of 116 malware plug-ins, researchers at Kaspersky Lab said.

Security

U.S. Officials Say Chinese Cyberespionage ‘Needs to Stop’

Leave a comment

The top cybersecurity officials in the United States on Wednesday said that China is harming the potential for an open Internet through its policies of censorship, and also said the country’s continued cyberespionage operations are damaging the two countries’ relationship. In a piece co-authored in Politico with Ambassador Robert Holleyman and Alex Niejelow, the chief […]