Similar Posts
WASHINGTON – Russian hackers are going after US government officials, defence workers and others in a new email phishing campaign targeting thousands of people, according to Microsoft Corp.
The hackers have sent “a series of highly targeted spearphishing emails” to thousands of people in more than 100 organisations since Oct 22, according to a blog post from Microsoft Threat Intelligence published on Oct 29.
The latest campaign will add to mounting concerns over US failures to outwit suspected Russian and Chinese hackers.
The FBI said on Oct 25 it is investigating unauthorised access by Chinese state-affiliated hackers targeting the commercial telecommunications sector.
In some of the emails that were part of the latest campaign, the senders impersonated Microsoft employees, according to the blog.
Spearphishing involves sending tailored emails to individuals, including links to malicious websites that can then steal information.
It wasn’t immediately clear how many of the attacks, if any, were successful.
Microsoft has said the attacks are perpetrated by a sophisticated Russian nation-state group it calls Midnight Blizzard, which US and UK governments have connected to the SVR, the Russian foreign intelligence service.
The company said in January that the group attacked its corporate systems, getting into a “small number” of email accounts, including senior leadership and employees who work in cybersecurity and legal.
In April, US federal agencies were ordered to analyse emails, reset compromised credentials and work to secure Microsoft accounts.
At the time, the Cybersecurity and Infrastructure Security Agency (Cisa) said the incident represented a “grave and unacceptable risk” to agencies, according to the April directive.
Cisa and US State Department didn’t immediately respond to requests for comment.
The Russian Embassy in Washington didn’t immediately respond to a request for comment. BLOOMBERG
An Iranian hacking group is actively scouting U.S. election-related websites and American media outlets as Election Day nears, with activity suggesting preparations for more “direct influence operations,” according to a Microsoft blog published on Wednesday.
The hackers – dubbed Cotton Sandstorm by Microsoft and linked to Iran’s Islamic Revolutionary Guard Corps – performed reconnaissance and limited probing of multiple “election-related websites” in several unnamed battleground states, the report said. In May, they also scanned an unidentified U.S. news outlet to understand its vulnerabilities.
U.S. Vice President Kamala Harris, the Democratic candidate, faces Republican rival Donald Trump in the Nov. 5 presidential election, which polls suggest is an extremely tight race.
“Cotton Sandstorm will increase its activity as the election nears given the group’s operational tempo and history of election interference,” researchers wrote. The development is particularly concerning because of the group’s past efforts, they said.
A spokesperson for Iran’s mission to the United Nations said that “such allegations are fundamentally unfounded, and wholly inadmissible.”
“Iran neither has any motive nor intent to interfere in the U.S. election,” the spokesperson said.
In 2020, Cotton Sandstorm launched a different cyber-enabled influence operation shortly before the last presidential election, according to U.S. officials. Posing as the right-wing “Proud Boys,” the hackers sent thousands of emails to Florida residents, threatening them to “vote for Trump or else!”
The group also released a video on social media, purporting to come from activist hackers, where they showed them probing an election system. While that operation never affected individual voting systems, the goal was to cause chaos, confusion and doubt, senior U.S. officials said at the time.
Following the 2020 election, Cotton Sandstorm also ran a separate operation that encouraged violence against U.S. election officials who had denied claims of widespread voter fraud, Microsoft said.
The Office of the Director of National Intelligence, which is coordinating the U.S. federal effort to protect the election from foreign influence, referred Reuters to a past statement that said: “Foreign actors — particularly Russia, Iran, and China — remain intent on fanning divisive narratives to divide Americans and undermine Americans’ confidence in the U.S. democratic system.” REUTERS
The World Health Organisation (WHO) and some 50 countries issued a warning on Nov 8 at the United Nations about the rise of ransomware attacks against hospitals, with the United States specifically blaming Russia.
Ransomware is a type of digital blackmail in which hackers encrypt the data of victims – individuals, companies or institutions – and demand money as a “ransom” in order to restore it.
Such attacks on hospitals “can be issues of life and death,” according to WHO head Tedros Adhanom Ghebreyesus, who addressed the UN Security Council during a meeting on Nov 8 called by the United States.
“Surveys have shown that attacks on the healthcare sector have increased in both scale and frequency,” Dr Ghebreyesus said, emphasising the importance of international cooperation to combat them.
“Cybercrime, including ransomware, poses a serious threat to international security,” he added, calling on the Security Council to consider it as such.
A joint statement co-signed by over 50 countries – including South Korea, Ukraine, Japan, Argentina, France, Germany and the United Kingdom – offered a similar warning.
“These attacks pose direct threats to public safety and endanger human lives by delaying critical healthcare services, cause significant economic harm, and can pose a threat to international peace and security,” read the statement, shared by US Deputy National Security Advisor Anne Neuberger.
The statement also condemned nations which “knowingly” allow those responsible for ransomware attacks to operate from.
At the meeting, Ms Neuberger directly called out Moscow, saying: “Some states – most notably Russia – continue to allow ransomware actors to operate from their territory with impunity.”
France and South Korea also pointed the finger at North Korea.
Russia defended itself by claiming the Security Council was not the appropriate forum to address cybercrime.
“We believe that today’s meeting can hardly be deemed a reasonable use of the Council’s time and resources,” said Russian ambassador Vassili Nebenzia.
“If our Western colleagues wish to discuss the security of healthcare facilities,” he continued, “they should agree in the Security Council upon specific steps to stop the horrific… attacks by Israel on hospitals in the Gaza Strip.” AFP
SINGAPORE – Singapore Telecommunications Ltd., Singapore’s largest mobile carrier, was breached by Chinese state-sponsored hackers this summer as part of a broader campaign against telecommunications companies and other critical infrastructure operators around the world, according to two people familiar with the matter.
The previously undisclosed breach was discovered in June, and investigators believe it was pulled off by a hacking group known as Volt Typhoon, according to the two people, who asked not to be identified to discuss a confidential investigation.
Officials in the US, Australia, Canada, the UK and New Zealand – the “Five Eyes” intelligence-sharing alliance – warned earlier in 2024 that Volt Typhoon was embedding itself inside compromised IT networks to give China the ability to conduct disruptive cyberattacks in the event of a military conflict with the West.
The breach of Singtel, a carrier with operations throughout South-east Asia and Australia, was seen as a test run by China for further hacks against US telecommunications companies, and information from the attack has provided clues about the expanding scope of suspected Chinese attacks against critical infrastructure abroad, including in the US, the people said.
In an e-mailed response to queries from Bloomberg News, Singtel did not directly address questions about the alleged breach. “We understand the importance of network resilience, especially because we are a key infrastructure service provider,” the company said. “That’s why we adopt industry best practices and work with industry-leading security partners to continuously monitor and promptly address the threats that we face on a daily basis. We also regularly review and enhance our cybersecurity capabilities and defences to protect our critical assets from evolving threats.”
A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, said he was not aware of the specifics, as relayed by Bloomberg, but that in general, China firmly opposes and combats cyberattacks and cybertheft.
The US is currently battling its own suspected Chinese attacks of political campaigns and telecommunications companies. Officials have described the telecom breaches as one of the most damaging campaigns on record by suspected Chinese hackers and one that they are still seeking to fully understand and contain.
In the US telecommunications attacks, which investigators have attributed to another Chinese group called Salt Typhoon, AT&T Inc. and Verizon Communications Inc. are among those breached, and the hackers potentially accessed systems the federal government uses for court-authorised network wiretapping requests, the Wall Street Journal reported in early October.
US intelligence officials think the Chinese hacking group that Microsoft Corp. dubbed Salt Typhoon may have been inside US telecommunications companies for months and found a route into an access point for legally authorised wiretapping, according to a person familiar with their views.
AT&T declined to comment. Verizon did not respond to a request for comment.
Through those intrusions, the hackers are believed to have targeted the phones of former President Donald Trump, running mate JD Vance and Trump family members, as well as members of Vice-President Kamala Harris’ campaign staff and others, the New York Times has reported.
In the case of the alleged Singtel breach, one of the people familiar with that incident said the attack relied on a tool known as a web shell.
In August, researchers at Lumen Technologies Inc. said in a blog post they assessed with “moderate confidence” that Volt Typhoon had used such a web shell. A sample of the malware was first uploaded to VirusTotal, a popular site for security experts to research malicious code, on June 7 by an unidentified entity in Singapore, according to Lumen researchers.
The web shell allowed hackers to intercept and gather credentials to gain access to a customer’s network disguised as a bona fide user, they said.
The hackers then breached four US firms, including internet service providers, and another in India, according to Lumen researchers.
General Timothy Haugh, director of the National Security Agency, said in early October that the investigations into the latest telecommunications breaches were at an early stage. Later in October, the FBI and the Cybersecurity and Infrastructure Security Agency said they had identified specific malicious activity by actors affiliated with the Chinese government and immediately notified affected companies and “rendered technical assistance.”
A spokesperson for the National Security Council last week referred to the “ongoing investigation and mitigation efforts,” but directed further questions to the FBI and CISA.
Singtel uncovered the breach of its network after detecting suspicious data traffic in a core back-end router and finding what it believed was sophisticated, and possibly state-sponsored, malware on it, according to the other person familiar with the investigation.
The malware was in “listening” mode and didn’t appear to have been activated for espionage or any other purpose, the person said, adding that it reinforced a suspicion that the attack was either a test run of a new hacking capability or that its purpose was to create a strategic access point for future attacks.
There is evidence that Salt Typhoon reached the US at least as early as spring 2024, and possibly long before, and investigators tracking the group think it has infiltrated other telecommunications companies throughout Asia, including in Indonesia, Nepal, the Philippines, Thailand and Vietnam, according to two people familiar with those efforts.
The NSA has warned since 2022 that telecommunications infrastructure was vulnerable to Chinese hacking. Volt Typhoon has been active since at least mid-2020, having attacked sensitive networks in Guam and elsewhere in the US with a goal of burrowing into critical infrastructure and staying undetected for as long as possible.
The hacks by both Chinese Typhoon groups have alarmed Western officials and raised concerns about the number and severity of backdoors – a way to get around security tools and gain high-level access to a computer system – that China has placed inside critical IT systems. Those entry points could be used to conduct espionage or prepare the battlespace for use in a potential military conflict with the West.
Chinese hackers have long been accused of conducting espionage attacks against the US – including, most notably, the theft of security clearance applications for tens of millions of US government workers held by the Office of Personnel Management.
But officials say the latest hacks go a step further and in some cases suggest China may be amassing capabilities to disrupt or degrade critical services in the US and abroad.
Paul Nakasone, a retired general who led the NSA for nearly six years until February, told reporters in October that the latest telecommunications hacks by Salt Typhoon were distinguished by their scale, and that the two Chinese groups represent a tremendous challenge for the government. “I am not pleased in terms of where we’re at with either of the Typhoons,” he said. BLOOMBERG
It is a sad but undeniable truth that some of the world’s most profitable products are terrible. That lightbulb realisation dawned on me when I worked on the Financial Times’ Lex column and learnt that the most successful pharmaceutical drugs – for manufacturers if not patients – were those that alleviated symptoms but did not cure the complaint. Eliminate the problem and you kill demand. Where is the financial incentive in that?
Lightbulbs, curiously enough, are another example of the same phenomenon. Why develop everlasting lightbulbs (the Centennial Bulb has been in continuous operation in a Californian fire station since 1901) when you can sell ones that blow periodically? Economic theory suggests that these inefficiencies should be competed away. Real life does not always work that way.
No contract
ST app access on 1 mobile device
WASHINGTON – Members of former U.S. President Donald Trump’s family and officials from the Biden administration were among those targeted by China-linked hackers who were able to break into telecommunications company systems, the New York Times reported on Tuesday, citing people familiar with the matter.
The Times said State Department officials, Trump family members including Eric Trump and Jared Kushner, and prominent Democrats including Senate majority leader Chuck Schumer were among those targeted by the spies.
Concerns about the hacking group have grown since media reports disclosed its activities last month.
On Oct. 6, the Wall Street Journal reported that the group, nicknamed “Salt Typhoon”, had accessed the networks of broadband providers and obtained information from systems the federal government uses for court-authorized wiretapping.
The State Department, as well as aides for Trump family members, did not immediately respond to Reuters’ questions. The White House, the National Security Agency, and the cybersecurity watchdog agency CISA did not immediately return messages. A Schumer aide did not immediately reply to an email. The Chinese Embassy in Washington did not immediately respond to an email, although Beijing routinely denies being behind cyberespionage campaigns. REUTERS