attribution – SSL and internet security news

Nation-State Attacker of Telecommunications Networks

October 22, 2021 infossl

attribution, china, cyberespionage, espionage, hacking, Security technology, Uncategorized

Someone has been hacking telecommunications networks around the world: LightBasin (aka UNC1945) is an activity cluster that has been consistently targeting the telecommunications sector at a global scale since at least 2016, leveraging custom tools and an in-depth knowledge of telecommunications network architectures. Recent findings highlight this cluster’s extensive knowledge of telecommunications protocols, including the … Read More “Nation-State Attacker of Telecommunications Networks” »

Nation-State Espionage Campaigns against Middle East Defense Contractors

June 23, 2020 infossl

attribution, cyberespionage, espionage, impersonation, linkedin, malware, reports, Security technology

Report on espionage attacks using LinkedIn as a vector for malware, with details and screenshots. They talk about “several hints suggesting a possible link” to the Lazarus group (aka North Korea), but that’s by no means definite. As part of the initial compromise phase, the Operation In(ter)ception attackers had created fake LinkedIn accounts posing as … Read More “Nation-State Espionage Campaigns against Middle East Defense Contractors” »

AI and Cybersecurity

May 19, 2020 infossl

artificialintelligence, attribution, cybersecurity, nationalsecuritypolicy, reports, Security technology

Ben Buchanan has written “A National Security Research Agenda for Cybersecurity and Artificial Intelligence.” It’s really good — well worth reading. Powered by WPeMatico

Identifying and Arresting Ransomware Criminals

November 12, 2019 infossl

attribution, hacking, operationalsecurity, ransomware, Security technology

The Wall Street Journal has a story about how two people were identified as the perpetrators of a ransomware scheme. They were found because — as generally happens — they made mistakes covering their tracks. They were investigated because they had the bad luck of locking up Washington, DC’s video surveillance cameras a week before … Read More “Identifying and Arresting Ransomware Criminals” »

Details of the Olympic Destroyer APT

October 21, 2019 infossl

advancedpersistentthreats, attribution, cyberattack, northkorea, russia, Security technology, sports

Interesting details on Olympic Destroyer, the nation-state cyberattack against the 2018 Winter Olympic Games in South Korea. Wired’s Andy Greenberg presents evidence that the perpetrator was Russia, and not North Korea or China. Powered by WPeMatico

New Reductor Nation-State Malware Compromises TLS

October 10, 2019 infossl

attribution, certificates, kaspersky, malware, randomnumbers, russia, Security technology, tls

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it’s calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, “marking” infected TLS handshakes by compromising the underlining random-number generator, and adding new digital certificates. The result is … Read More “New Reductor Nation-State Malware Compromises TLS” »

Cell Networks Hacked by (Probable) Nation-State Attackers

July 9, 2019 infossl

attribution, cellphones, datacollection, espionage, hacking, metadata, Security technology, vulnerabilities

A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — … Read More “Cell Networks Hacked by (Probable) Nation-State Attackers” »

WhatsApp Vulnerability Fixed

May 15, 2019 infossl

attribution, exploits, patching, Security technology, vulnerabilities, whatsapp

WhatsApp fixed a devastating vulnerability that allowed someone to remotely hack a phone by initiating a WhatsApp voice call. The recipient didn’t even have to answer the call. The Israeli cyber-arms manufacturer NSO Group is believed to be behind the exploit, but of course there is no definitive proof. If you use WhatsApp, update your … Read More “WhatsApp Vulnerability Fixed” »

More on the Triton Malware

April 16, 2019 infossl

attribution, cybersecurity, infrastructure, malware, Security technology

FireEye is releasing much more information about the Triton malware that attacks critical infrastructure. It has been discovered in more places. This is also a good — but older — article on Triton. We don’t know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both are still speculations. Fireeye report. BoingBoing … Read More “More on the Triton Malware” »

Marriott Hack Reported as Chinese State-Sponsored

December 13, 2018 infossl

attribution, china, hacking, hotels, Security technology

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources … Read More “Marriott Hack Reported as Chinese State-Sponsored” »