North

now browsing by tag

 
 

2 Chinese Charged with Laundering $100 Million for North Korean Hackers

Source: National Cyber Security – Produced By Gregory Evans

North Korea Hacking Cryptocurrency

Two Chinese nationals have been charged by the US Department of Justice (DoJ) and sanctioned by the US Treasury for allegedly laundering $100 million worth of virtual currency using prepaid Apple iTunes gift cards.

According to a newly unsealed court document, the illicit funds originated from a $250 million haul stolen from two different unnamed cryptocurrency exchanges that were perpetrated by Lazarus Group, a cybercrime group with ties with the North Korean government.

The two individuals in question — Tian Yinyin (田寅寅, and Li Jiadong (李家东) — were both charged with operating an unlicensed money transmitting business and money laundering conspiracy.

Prosecutors said the defendants worked on behalf of the threat actors based in North Korea to allegedly launder over a $100 million worth of stolen cryptocurrency to obscure transactions, adding the hacking of cryptocurrency exchanges posed a severe threat to the security of the global financial system.

It’s worth noting that Lazarus Group was one among the three hacking outfits to be sanctioned by the US government last September for conducting a variety of financially-motivated operations ranging from cyber-espionage to data theft, so as to fund the country’s illicit weapon and missile programs.

Per the US Treasury, the Lazarus Group stole the funds in 2018 after an employee of a cryptocurrency exchange unwittingly downloaded malware through an email, which gave the threat actor access to private keys, virtual currency, and other customer information.

“Lazarus Group cyber actors used the private keys to steal virtual currencies (250 million dollar equivalent at date of theft) from this exchange, accounting for nearly half of the DPRK’s estimated virtual currency heists that year.” the Treasury said.

While the name of the exchange remains unknown, a report by Kaspersky back in August 2018 detailed a campaign that involved dropping malware in the corporate networks of a number of crypto-exchanges by sending spear-phishing emails.

Stating that North Korea trains hackers to “target and launder stolen funds from financial institutions,” the Treasury added that both Tian and Li received $91 million from North Korea-controlled accounts that can be traced by the 2018 cryptocurrency exchange hack and an additional $9.5 million from a hack of a second exchange.

Prosecutors said the two individuals helped convert more than $34 million of the illicit funds they received back into Chinese yuan by moving them to a bank account linked to the exchange account, in addition to converting $1.4 million worth of cryptocurrency into Apple gift cards.

Created in 2007, the Lazarus Group has gone after a number of targets, including militaries, governments, financial institutions, media companies, and utility sectors, to perpetrate monetary heists and destructive malware attacks, making it the most-profitable cryptocurrency-hacker syndicate in the world.

A United Nations report last August estimated North Korea to have generated an estimated $2 billion for its weapons programs through “widespread and increasingly sophisticated cyberattacks” targeting banks and cryptocurrency exchanges.

The Original Source Of This Story: Source link

The post 2 Chinese Charged with Laundering $100 Million for North Korean Hackers appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | North Korean Hackers Use New TrickBot Module

Source: National Cyber Security – Produced By Gregory Evans

North Korea’s infamous Lazarus Group has been using a new stealth module developed by the group behind TrickBot for covert data theft, according to new research.

The Anchor module is a framework of tools designed “for targeted data extraction from secure environments and long-term persistency,” according to SentinelOne.

It includes memory scrapers, POS malware, backdoor installers and submodules enabling lateral movement, among other capabilities.

“The Anchor project combines a collection of tools — from the initial installation tool to the cleanup meant to scrub the existence of malware on the victim machine. In other words, Anchor presents as an all-in-one attack framework designed to compromise enterprise environments using both custom and existing toolage,” the firm’s SentinelLabs team wrote.

“Logically, this tool will be a very tempting acquisition for high-profile, possibly nation-state groups. However, the Anchor is also be used for large cyber heists and point-of-sale card theft operations leveraging its custom card scraping malware. Among the nation-state groups, only a few are interested in both data collection and financial gain, and one of them is Lazarus.”

Linking the two groups is the PowerRatankba PowerShell backdoor, previously associated with Lazarus but which is actually part of Anchor.

Lazarus isn’t the only customer of TrickBot’s Anchor module; it’s also being used in a “wave of targeted campaigns against financial, manufacturing and retail businesses” designed to steal card data from POS and other systems, according to Cybereason.

Those researchers pointed to a new Anchor_DNS variant which uses DNS tunneling to communicate covertly with C2 servers.

TrickBot is one of the most successful botnets ever built, used in a range of attacks, from banking trojans to ransomware and data theft. Threat intelligence firm Blueliv revealed last week that it detected a 283% increase in detections of the botnet across Q2-Q3 this year.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | North Korean Hackers Use New TrickBot Module appeared first on National Cyber Security.

View full post on National Cyber Security

Fishtech Group Preps North Arkansas Cyber Defense Center

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity services provider Fishtech Group, which has a Top 200 MSSP arm, has announced plans to open a 10,000-square-foot Cyber Defense Center (CDC) in Rogers, Arkansas.

Fishtech’s Arkansas CDC will complement the company’s CDC in Martin City, Missouri. It will initially house 20 employees and expand to host up to 100 onsite staff, the company stated.

Also, the new CDC will be run by Fishtech CISO Kerry Kilker, a former Walmart executive who joined the company earlier this year. It is expected to open in the second quarter of next year.

Fishtech’s Arkansas CDC will bring cybersecurity training, technology and resources to Northwest Arkansas, the company said. In doing so, the CDC will help organizations bridge the cybersecurity resource and talent gap.

Approximately 58 percent of enterprises have unfilled cybersecurity positions, according to the 2019 “State of Cybersecurity” survey from information security organization ISACA. Furthermore, 62 percent of survey respondents said they have to wait three to six months to fill open cybersecurity positions.

Fishtech Joins the OneLogin Accelerate Partner Program

In addition to announcing plans to open a new CDC, Fishtech in April joined the OneLogin Accelerate identity and access management (IAM) partner program. Fishtech has incorporated the OneLogin unified access management (UAM) platform into its offerings and added IAM solutions to its portfolio.

Fishtech provides data-driven cybersecurity solutions designed to help organizations identify security gaps and comply with industry mandates, the company indicated. It also partners with other cybersecurity companies to deliver on-premises and cloud security solutions.

Source

The post Fishtech Group Preps North Arkansas Cyber Defense Center appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | North Korean Malware Found at Indian Nuke Plant

Source: National Cyber Security – Produced By Gregory Evans

A malware infection at one of India’s nuclear power plants has been confirmed by its owner, with researchers speculating that it is North Korean in origin.

News began circulating on social media earlier this week that the Kudankulam Nuclear Power Plant (KNPP) may have been hit by an attack. A third party contacted cyber-intelligence analyst Pukhraj Singh who in turn notified the country’s National Cyber Security Coordinator on September 3, he said.

He added that the malware in question was later identified by Kaspersky as Dtrack.

Although initially KNPP officials said an attack on the plant was “not possible,” they changed their tune in a letter dated Wednesday.

The government-owned Nuclear Power Corporation of India (NPCIL) released a statement saying the original reports had been correct, and handled by CERT-In when the organization was notified on September 4.

“The investigation revealed that the infected PC belonged to a user who was connected in the internet connected network used for administrative purposes,” it clarified. “This was isolated from the critical internal network. The networks are being continuously monitored. Investigation also confirms that the plant systems are not affected.”

Dtrack was first revealed in late September by Kaspersky as linked to the infamous Lazarus Group. It discovered over 180 samples of the malware, which is said to take advantage of weak network security, password management and a lack of traffic monitoring to deploy information stealing and remote access capabilities to victim systems.

It’s unclear what the attacker’s goals were in this raid — whether it was an accidental infection, a deliberately targeted multi-stage IP-stealing mission, or something more sinister still.

However, at the time of discovery, Singh tweeted about a causus belli (act of war) in Indian cyberspace. He later clarified this was a reference to a second, as-yet-unnamed, target.

“Actually, the other target scared the sh*t out of me. Scarier than KKNPP in some ways,” he said.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | North Korean Malware Found at Indian Nuke Plant appeared first on National Cyber Security.

View full post on National Cyber Security

North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors

North Korean hackers are using Android apps with malware to target the country’s defectors, according to researchers from security software firm McAfee.

The Android apps, which were detected as Google Play Store malware, go beyond the usual unwanted advertisements and attempted scams. The apps track and blackmail the targets for escaping North Korea.

North Korea Launches Targeted Malware Attacks
A North Korea hacking team was recently able to upload three Android apps to the Google Play Store that targeted people who escaped from the authoritarian country, according to a report from McAfee.

The team behind the attacks was Sun Team, instead of the more infamous Lazarus, which was previously linked to the WannaCry ransomware from a year ago. This was not Sun Team’s first attempt at this kind of attack though. In January, McAfee spotted the same attempt, but it required the targets go out of their way and download the apps with malware outside of the Google Play Store.

The malware campaign, nicknamed RedDawn, involved the hackers contacting the targets through Facebook to invite them to install seemingly innocent apps from the Google Play Store. Compared to the first attempt, the new method of attack may have been more convincing, as the apps were downloaded from the official app store for Android devices.

Google Play Store Malware Harasses North Korea Defectors
The three apps were uploaded to the Google Play Store between January and March. The first app was Food Ingredients Info, which offered information on food, true to its name. The second and third apps were FastAppLock and Fast AppLock Free, which functioned as security tools.

The apps, however, were laced with malware. Once installed, the malware used Dropbox and Yandex to upload data and issue commands. The hackers were able to steal their targets’ personal data, which could then be used to track, threaten, and blackmail them.

It is unclear, however, how effective the apps were. They have now been removed from the Google Play Store after McAfee contacted Google, but only after recording about 100 downloads. McAfee said that it was able to identify the malware early on, and that there have been no public reports of being infected with them.

Being careful in downloading apps does not only apply to North Korean defectors though. Targeted malware attacks may come in any form, so users will need to be very cautious with the apps that they install, even if they come from the Google Play Store.

advertisement:

The post North Korea #Hackers Use #Android Apps With #Malware To #Harass #Defectors appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Olympic #Games #hackers tried to frame #Russia, #North Korea

Source: National Cyber Security News

When Olympic Destroyer hit the 2018 Winter Games in South Korea, a quick list of suspects behind the attack surfaced.

Reports attributed the destructive attack to Russia and North Korea. In the malware, which was designed to wreak havoc on the Olympics IT system, there were lines of code that only North Korean hackers had used in the past.

But new research from Kaspersky Lab shows these codes were purposely left in there to throw researchers off their trail.

“Attackers are becoming smarter and they know that creating the ultimate false flag is the ultimate defense,” Vitaly Kamluk, director of Kaspersky’s global research and analysis team, said Thursday at the cybersecurity company’s conference in Cancun, Mexico.

Finding out who’s behind cyberattacks is essential for taking countermeasures, but it can be difficult for researchers to pinpoint the exact perpetrators. Just because WannaCry, a global ransomware attack from 2017, used the NSA’s hacking tools, doesn’t mean the US government was behind it, for example. It took about eight months before the White House was able to announce that Russia was behind “NotPetya,” calling it the “most destructive cyberattack in history.”

Researchers are still working to find out who was really behind the Olympic Destroyer attack, Kamluk said, but he noted that code from North Korea’s hacking unit Lazarus Group had been forged.

Read More….

advertisement:

View full post on National Cyber Security Ventures

North America CACS

Source: National Cyber Security News

General Cybersecurity Conference

 April 30 – May 2, 2018 | Chicago, Illinois, United States

Cybersecurity Conference Description

North America CACS attracts the best and brightest with its content-rich and thought-provoking sessions that delve into some of the biggest challenges facing IT audit and security professionals.

Read More….

advertisement:

View full post on National Cyber Security Ventures

North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency

Source: National Cyber Security – Produced By Gregory Evans

North Korea has been accused of hacking server networks to install mining scripts for the Monero cryptocurrency. A new Monero mining hacker group has been seizing control of servers over the past year. It’s now been linked back to North Korea.

Bloomberg reports the hacking team called Andariel came to the attention of authorities after it successfully hijacked a South Korean company’s servers last summer. The group then used the extra computing power to mine Monero coins, a cryptocurrency that’s rapidly growing and is especially popular in Asian countries.

Monero is privacy-oriented and easier to conceal than more mainstream alternatives such as Bitcoin and Ethereum. These qualities make it attractive to hacking groups looking to either steal or surreptitiously mine large quantities of cryptocash. Andariel obtained control of the target server without its real owners noticing.

It’s unknown whether Andariel has compromised other organisations. However, South Korean hacking analysis expert Kwak Kyoung-ju told Bloomberg that the unit is sophisticated and looking to broaden its targets. Kyoung-ju said Andariel is “going after anything that generates cash these days,” searching for cryptocurrencies or information which could be used to create money.

Andariel has now been tracked back to North Korea as the country finds itself accused of growing numbers of cyberattacks. After being hit with stricter sanctions and trade bans from the United Nations, the country is looking to alternative forms of income as the pressure on its economy increases. Hijacking foreign servers to mine lucrative digital cash could be one way to survive under the tougher sanctions.

In the past year, North Korea has been blamed by U.S. investigators for the WannaCry ransomware attack. The campaign affected thousands of Windows computers around the world last year and forced several major organisations to suspend their operations. Hackers exploited a vulnerability in unpatched versions of Windows to install the ransomware, forcing PC users to pay in Bitcoin before unlocking the machine.

As Computing notes, North Korea has also been implicated in a string of attempted attacks against the SWIFT international payments network used by major banks. The country is thought to have been involved in an attempt to steal over $950 million from Bangladesh’s central bank back in 2016. The operation was only aborted because the attackers got one word wrong.

The post North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

HACKERS #HIT NORTH #CAROLINA COUNTY #GOVERNMENT AND #DEMAND TWO #BITCOIN #RANSOM

Source: National Cyber Security – Produced By Gregory Evans

he county government of Mecklenburg, North Carolina, has been hacked, leaving their server files being held for a ransom of 2 bitcoins.


One of the growing problems for businesses and governments today is having their electronic files hacked and held for ransom. Last month, computer hackers targeted the Sacramento Regional Transit system, resulting in 30 million files being deleted. The ransom price demanded by the hackers for that attack was a single bitcoin. Now that ransom price is being doubled as hackers have hit the Mecklenburg, North Carolina county government and are demanding 2 bitcoins.

DON’T OPEN THAT ATTACHMENT!

County Manager Dena Diorio said that the hackers got into the county’s system when an employee clicked on an email attachment they shouldn’t have. (It’s amazing in this day and age that people still click on strange email attachments.) Once the click took place, spyware and a worm were unleashed into the system, freezing all of the electronic files.

Diorio told county commissioners in a meeting that the files were being held for ransom as the hackers were demanding 2 bitcoins, which is now worth almost $25,000 (at the time of this article’s writing). The deadline for paying the ransom is 1pm EST today.

Dena Diorio told reporters that the county was considering paying the ransom, but she did express some concerns over doing so, stating:

There’s a risk you don’t get the decryption key and don’t get your files back. There’s also the chance if they think you’ll pay, they may try to get you to come back again.

IS IT CHEAPER TO PAY THE RANSOM?

Local governments and businesses do find themselves in a quandary when targeted by hackers. Is it actually cheaper to pay the hackers off to once again have access to critical files? A third-party group could restore said files, but using them could cost more than what the hackers were demanding. Of course, as Diorio mentioned above, paying off a hacker could embolden them to attack you again.

This difficult decision is summed up by Diorio when she said:

We need to determine how much it would cost (to pay) versus fixing it on our own. There are a lot of places that pay because it’s cheaper.

The short deadline is obviously putting pressure on the country commissioners to capitulate to the hackers. As of now, the county is switching to paper records for their employees today.

As for the hacking attack, County Manager Dena Diorio summed it up by saying:

I don’t think we were targeted. I don’t think we were at fault. There have been many, many institutions that have been breached. I think we do everything we can to keep our firewall secure.

The post HACKERS #HIT NORTH #CAROLINA COUNTY #GOVERNMENT AND #DEMAND TWO #BITCOIN #RANSOM appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North Korea #accused of #stealing #warship #blueprints in #hack

Source: National Cyber Security – Produced By Gregory Evans

North Korea #accused of #stealing #warship #blueprints in #hack

North Korea’s cyber army appears to be going after real weapons.

Hackers tied to Kim Jong Un’s regime stole blueprints and other information about warships and submarines last year when they broke into one of the world’s biggest shipbuilders, according to South Korean lawmaker Kyeong Dae-soo.

Blueprints, shipbuilding technology, weapons systems and test data related to submarines and destroyers were among roughly 60 classified military documents taken from Daewoo Shipbuilding last year, according to Kyeong’s office. It said it was summarizing information it had received from the South Korean Defense Ministry and several military agencies.

The hackers are believed to have accessed some 40,000 documents in all.

Kyeong, a member of the opposition party, learned of the Daewoo hack at an intelligence briefing last week, according to a spokesman for the lawmaker. The South Korean Defense Ministry declined to comment on the matter, but said it is working to strengthen military security.

Daewoo has built several South Korean warships and submarines, all part of the country’s defenses against North Korea.

A Daewoo spokeswoman declined to comment, beyond saying that the company is looking into the matter.

The Daewoo hack is the latest case to come to light suggesting North Korea is using its hacking abilities to try to gain an edge in the tense standoff with the U.S. and its allies over Pyongyang’s nuclear weapons program.

Earlier this month, another South Korean lawmaker revealed that North Korean hackers allegedly stole classified military documents from a Defense Ministry database. Among the documents stolen were a South Korea-U.S. wartime operation plan and a document that included procedures to “decapitate” North Korean leadership.

North Korean hackers have also been tied to other high profile cyberattacks, including the massive ransomware attack WannaCry earlier this year, a series of attacks on global banks that came to light last year and the hacking of Sony Pictures in 2014.

The North Korean government has repeatedly denied involvement in international cyberattacks.

Cybersecurity experts say the latest alleged heist shows the risks for government contractors.

“State versus state espionage has moved into the digital realm,” said Bryce Boland, Asia Pacific chief technology officer with cybersecurity firm FireEye.

Companies “involved in state activities like defense are considered fair game by cyber spies,” he said.

 

The post North Korea #accused of #stealing #warship #blueprints in #hack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures