Monday, July 18, 2022 // (IG): BB //Weekly Sponsor: The Fintel Brief
Hacktivist Group Reveals Identities Of Several IRGC Hackers
FROM THE MEDIA: A hacking group has revealed the identities of several hackers working for the cyber division of Iran’s Revolutionary Guard (IRGC). According to information obtained by Iran International July 16, these hackers – or the so-called Iranian Cyber Army -- work for Naji Technology and Afkar System companies, which are affiliated with the IRGC. In their report, the hacktivist group, called ‘Lab-Doukhtegan’ or ‘Sealed Lips’, said these IRGC hackers “repeatedly attacked targets in the US and Europe with the aim of extortion," making use of "the security loopholes discovered in European and American organizations.”
Early in June, the ranking member of the US Senate Foreign Relations Committee condemned the cyberattack by Iran-backed hackers on Boston Children’s Hospital last summer. Describing the attempted attack as “deeply disturbing,” Idaho’s Republican Senator Jim Risch said that “it’s typical of a regime that’s synonymous with global terrorism.”
READ THE STORY: Iran International
The espionage war between China and the USA
FROM THE MEDIA: The intensity of US accusations of China of China’s use of vast espionage networks behind Chinese intelligence to access information on the intellectual property of American inventions has increased. With the American assertion that Chinese espionage costs the United States of America more than $600 billion annually in stolen intellectual property. From here, you will find full cooperation and sharing of information between students, scholars, academics, and even Chinese citizens residing in the United States of America and all its various states with the “Chinese Ministry of National Security”, and all official and national institutions of the Chinese state, and cooperation with Chinese security agencies, which are fully targeted regularly meeting with Chinese scholarship students abroad, especially in the United States of America.
READ THE STORY: Modern Diplomacy
Iran and a Suspicious Flight to Argentina
FROM THE MEDIA: The Argentine treasury, strapped for cash, is lobbying hard in Washington for a new half-billion-dollar loan from the Inter-American Development Bank. Argentina’s lousy debt-service record, as discussed in this space last week, is one reason not to turn over the money. A second, and perhaps greater, reason has to do with a Venezuelan-flagged plane parked on the tarmac at Buenos Aires’s Ezeiza International airport since June 8. The aircraft, whose Iranian operator is subject to U.S. sanctions, was allowed to land at Ezeiza by Argentine aviation authorities on June 6 with a crew of 14 Venezuelans and five Iranians, including at least one senior Tehran official.
READ THE STORY: WSJ
China Accuses Indian APT Group Of Cyber Warfare Against Pakistan; 2nd Major Accusation After ‘Evil Flower’
FROM THE MEDIA: The Chinese cybersecurity company Antiy conducted a thorough one-and-a-half-year investigation into this matter and determined that the group’s first attacks can be dated to 2013, the Global Times reported. The state-run Global Times alleged that the group primarily targeted the governments, military, and energy sectors of neighboring countries such as China, Pakistan, and Bangladesh to steal sensitive data. These hackers were classified as “Advanced Persistent Threat” (APT) in the report, which is largely a hacking group that repeatedly attacks particular targets.
READ THE STORY: Eurasian Times
Cybersecurity Firm: What US Journalists Need To Know About The Foreign Hackers Targeting Them
FROM THE MEDIA: In the days just before the January 6 attack at the US Capitol Building in 2021, a flurry of emails with seemingly anodyne subject lines started landing in the inboxes of White House correspondents and other journalists who cover national politics. Those subject lines, pulled from recent US news articles, read like quick blasts of news filtered through a distinctly partisan lens: US issues Russia threat to China. Trump Call to Georgia Official Might Violate State and Federal Law. And, Jobless Benefits Run Out as Trump Resists Signing Relief Bill.
READ THE STORY: Forbes
A Chinese office platform confirms that users’ files on its cloud server are subject to censorship
FROM THE MEDIA: How would you react if you were blocked from accessing important documents stored on your personal cloud drive? A Chinese netizen, “Metoo just wants to make money” (米兔只想赚钱 and referred to below as “Meetoo”), claims she was denied access to one of her own online documents by WPS Office, a Chinese cloud-based office platform, due to censorship. The document is a draft of a novel more than one million Chinese words in length. On July 11, 2022, “Metoo” posted the complaint about being locked out of WPS on the popular writer’s forum Ikong.com. According to a screen capture of an auto-notification issued by WPS, “Metoo”‘s was denied access to her document on because it contained illegal content.
READ THE STORY: Global Voices
Data of millions at risk if Malaysia faces cyberattack
FROM THE MEDIA: The data of Malaysians could fall into the wrong hands if the country becomes a target of cyberwarfare, experts said. According to a report by The Malaysian Insight, the recent cybersecurity breaches in government agencies showed Malaysia was neither prepared nor equipped for a cyber attack. Cybersecurity expert Professor Dr Selvakumar Manickam of University Sains Malaysia said even China, which is known for its cyber capabilities, was hacked. “Malaysia is not ready to face any cyber attack. We are not even ready even at the lowest, fundamental level,” the senior lecturer and researcher at National Advanced IPv6 Centre, told The Malaysian Insight.
READ THE STORY: The Sun Daily
Akamai research finds PayPal security measures utilized in new phishing scam
FROM THE MEDIA: New research from Akamai has found that a new threat actor is parasitizing benign WordPress sites to execute an extensive PayPal phishing scam. According to the Akamai blog, the scam injects a discreet phishing kit into existing, non-malicious WordPress sites as a way of maintaining evasion. It then gains extensive access to a victim’s identity and information by mimicking new security practices.
Common bogus prompts require users to submit government documents and photographs, in addition to their banking information and email passwords. This can lead to substantial identity theft issues and further extensive loss of financial and data security. The scam also attempts to gain trust by claiming there is unusual activity, tricking users into going through with the security checkpoints.
A unique aspect of the phishing kit is that it attempts to directly evade security companies by providing multiple different checks on the connecting IP address to ensure that it doesn’t match specific domains or originate from security organisations.
READ THE STORY: Security Brief
Hackers can spoof commit metadata to create false GitHub repositories
FROM THE MEDIA: Checkmarx security researchers have warned about an emerging new supply chain attack tactic involving spoofed metadata commits to present malicious GitHub repositories as legit.
According to the IT security researchers at Checkmarx, this attack technique allows threat actors to deceive developers into using malicious code. In the Gut version control system, commits are vital elements as these record every change made to the documents, the timeline of change, and who made the change.
Moreover, each commit boasts a unique hash or ID. Developers must remain cautious as threat actors can falsify some data from GitHub repositories to enhance their track record and make them appealing.
READ THE STORY: HackRead
Pegasus Spyware Used Against Thailand’s Pro-Democracy Movement
FROM THE MEDIA: The Kingdom of Thailand is a constitutional monarchy with a parliamentary-style government divided into executive, legislative, and judiciary branches. The country has been beset by intense political conflict since 2005, during the government of former Prime Minister Thaksin Shinawatra. Corruption allegations against the regime culminated in a military coup on September 19, 2006 that ousted Thaksin. The military launched another coup on May 22, 2014 and seized power following mass protests against the civilian government led by Thaksin’s sister, Yingluck Shinawatra. The junta claimed that the 2014 coup was needed to restore order and called itself the National Council for Peace and Order (NCPO).
READ THE STORY: Citizenlab
Conti Ransomware: Still Alive and Kicking
FROM THE MEDIA: Conti ransomware surfaced as far back as 2020. Believed to have been created by Russia-based cybercriminal group Wizard Spider, it has been involved in a multitude of double extortion campaigns over the years. Just last May, the U.S. government began offering a reward of up to US$15 million for information on the gang’s key members. Law enforcement agencies have had no such luck catching the bad guys, at least to our knowledge, as Conti ransomware infections continue to make headlines.
READ THE STORY: CircleID
Luxury jeweler sues insurer over cyber ransom
FROM THE MEDIA: Graff paid $US7.5 million in cryptocurrency to a notorious Russian hacking syndicate, Conti, after the company was hacked using ransomware in September of 2021. As a part of the extortion, the public leaking of confidential client information was threatened against Graff. Graff’s lawsuit has been made against Travelers Companies Inc, stating that the ransom paid in cryptocurrency to the criminals should have been covered under its insurance policy. A Graff spokesperson told Bloomberg, “We are extremely frustrated and disappointed by Travelers’ attempt to avoid settlement of this insured risk.”
READ THE STORY: Jeweler
North Korean Hackers Using H0lyGh0st Ransomware To Attack & Demand 1.2 to 5 Bitcoins
FROM THE MEDIA: A ransomware operation called H0lyGh0st is being run by North Korean hackers for more than a year now, attacking small businesses across different countries with ransomware. There has been quite a bit of activity on the part of the group for quite some time. The gang, however, was not able to obtain the same level of fame as the other gangs in the area. Currently, Microsoft Threat Intelligence Center (MSTIC) has identified the hackers as DEV-0530, who are calling themselves H0lyGh0st. It has been known for at least a month now that the gang known as H0lyGh0st is using ransomware, and has succeeded in compromising many organizations in the past few months.
READ THE STORY: GBHACKERS
75 massive tools launched at AI Defense Exhibition
FROM THE MEDIA: Defense Minister Rajnath Singh launched 75 newly-developed AI products during the first-ever symposium and exhibition on Artificial Intelligence in Defense (AIDef) in New Delhi.
At one point, Singh quoted Russian President Vladimir Putin: “Whoever becomes the leader in artificial intelligence will rule the world”. However, he further explained India’s belief in the principle of ‘vasudhaiv kutumbakam’ (the whole world is one family), and the country has no intention to rule the world.
READ THE STORY: Analytics India Mag
Hacker Posts Internal Roblox Employee Documents Online
FROM THE MEDIA: A hacker has posted what appears to be a cache of internal documents stolen from an employee who works for the massively popular gaming platform Roblox, according to the material reviewed by Motherboard. The publication of the documents is part of an extortion effort against Roblox, according to the forum post and a statement from Roblox. The documents themselves appear to relate to some of the most popular games and creators on the platform, and also include personal information of multiple individuals.
READ THE STORY: Vice
Items of interest
PREMINT Hacked: Don’t Click Any Links!
FROM THE MEDIA: Early morning today, July 17, attackers hacked NFT service provider PREMINT’s website. Do not click any links or sign any transactions on the website. While some users have reported that attackers stole their NFTs, we don’t yet know the full extent of the damage. At the time of writing, PREMINT’s website was up and running and the team had not yet confirmed if they had regained access to the website. Let’s take a look at what we know so far about the PREMINT hack.
Today morning, many took to Twitter to issue warnings about PREMINT’s hack, cautioning users against making any transactions on the project’s website. For the uninitiated, PREMINT is an NFT service provider that allows top NFT artists to build access lists and raffles for community members.
READ THE STORY: NFT Evening
How is Ukraine defending itself against cyberattacks during the Russian invasion? (Video)
FROM THE MEDIA: Expert roundtable organized by ISSP and SSH Communications Security - the legendary company with the coolest expertise in encryption and identity protection!
The Case For A Cyber-resilient Society (Video)
FROM THE MEDIA: Faced with the risks associated with cyber threats, governments, and organizations, whatever their sector of activity, must imperatively rethink cybersecurity in a more global, multidisciplinary way, by integrating legal and normative dimensions with the inescapable technical dimensions, in order to develop cyber-resilient systems.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com