Tag: cybersecurity

Germany accuses Russia of ‘intolerable’ cyberattack, warns of consequences | Russia-Ukraine war News

Germany has blamed “state-sponsored” Russian hackers for an “intolerable” cyberattack on members of the Social Democratic Party (SPD) and warned there would be consequences.

On Friday, Foreign Minister Annalena Baerbock said a German federal government investigation into who was behind the 2023 cyberattack on the SPD, a leading member of the governing coalition, had just concluded.

“Today we can say unambiguously [that] we can attribute this cyberattack to a group called APT28, which is steered by the military intelligence service of Russia,” she said at a news conference in the Australian city of Adelaide.

“In other words, it was a state-sponsored Russian cyberattack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.”

APT28, also known as Fancy Bear or Pawn Storm, has been accused of dozens of cyberattacks around the world.

The attack on German Chancellor Olaf Scholz’s SPD was made public last year and blamed on a previously unknown vulnerability in Microsoft Outlook.

Germany’s Federal Ministry of the Interior said German companies, including in the defence, aerospace and information technology sectors, as well as targets related to Russia’s war in Ukraine were also a focus of the attacks.

German Interior Minister Nancy Faeser said the campaign was orchestrated by Russia’s military intelligence service GRU and began in 2022.

A German Federal Foreign Office spokesperson said on Friday that the acting charge d’affaires of the Russian embassy in Berlin has been summoned.

The cyberattack showed “that the Russian threat to security and peace in Europe is real and enormous”, the spokesperson said.

Russia has denied past allegations by Western governments of being behind cyberattacks. On Friday, its embassy in Germany said it “categorically rejected the accusations that Russian state structures were involved in the given incident … as unsubstantiated and groundless”.

The Czech Republic’s Ministry of Foreign Affairs said on Friday that the country’s institutions had also been targeted by APT28 by exploiting a vulnerability in Microsoft Outlook from 2023.

“Cyberattacks targeting political entities, state institutions and critical infrastructure are not only a threat to national security but also disrupt the democratic processes on which our free society is based,” the ministry said. It didn’t provide details about the targets.

The European Union condemned the “malicious cyber campaign conducted by the Russia-controlled Advanced Persistent Threat Actor 28 (APT28) against Germany and Czechia”.

NATO said APT28 targeted “other national governmental entities, critical infrastructure operators” across the alliance, including in Lithuania, Poland, Slovakia and Sweden.

“We are determined to employ the necessary capabilities in order to deter, defend against and counter the full spectrum of cyberthreats to support each other, including by considering coordinated responses,” said the North Atlantic Council, the political decision-making body within NATO.

‘Concrete signs’ of Russian origin

The EU’s computer security response unit, CERT-EU, last year noted a German media report that an SPD executive had been targeted in a cyberattack in January 2023, “resulting in possible data exposure”.

It said there were reportedly “concrete signs” it was of Russian origin.

Baerbock spoke after a meeting with Australian Foreign Minister Penny Wong, who said: “We have previously joined the United States, UK, Canada and New Zealand in attributing malicious cyberactivity to APT28.”

It is not the first time that Russian hackers have been accused of spying on Germany.

In 2020, then-Chancellor Angela Merkel said Germany found “hard evidence” that Russian hackers had targeted her.

One of the most high-profile incidents so far blamed on Russian hackers was a cyberattack in 2015 that paralysed the computer network of Germany’s lower house of parliament, the Bundestag, forcing the entire institution offline for days while it was fixed.



Check out our Latest News and Follow us at Facebook

Original Source

Israeli firms sold invasive surveillance tech to Indonesia: Report | Cybersecurity News

An international investigation has found that at least four Israeli-linked firms have been selling invasive spyware and cyber surveillance technology to Indonesia, which has no formal diplomatic ties with Israel and is the world’s most populous Muslim nation.

The research by Amnesty International’s Security Lab – based on open sources including trade records, shipping data and internet scans – uncovered links between official government bodies and agencies in the Southeast Asian country and Israeli tech firms NSO, Candiru, Wintego and Intellexa, a consortium of linked firms originally founded by a former Israeli military officer, going back to at least 2017.

German firm FinFisher, a rival to the Israeli companies and whose technology has been used to allegedly target government critics in Bahrain and Turkey, was also found to have sent such technologies to Indonesia.

Amnesty said there was little visibility about the targets of the systems.

“Highly invasive spyware tools are designed to be covert and to leave minimal traces,” it said in the report. “This built-in secrecy can make it exceedingly difficult to detect cases of unlawful misuse of these tools against civil society, and risks creating impunity-by-design for rights violations.”

It said this was of “special concern” in Indonesia where civic space had “shrunk as a result of the ongoing assault on the rights to freedom of expression, peaceful assembly and association, personal security and freedom of arbitrary detention”.

Concerns about human rights have intensified in Indonesia since former general Prabowo Subianto was elected president in February at his third attempt. Prabowo, who will formally take office in October, has been accused of serious rights abuses in East Timor and West Papua, where Indigenous people have been fighting for independence from Indonesia since the 1960s. He denies the allegations against him.

The report said it had discovered “numerous spyware imports or deployments between 2017 and 2023 by companies and state agencies in Indonesia, including the Indonesian National Police [Kepala Kepolisian Negara Republik] and the National Cyber and Crypto Agency [Badan Siber dan Sandi Negara]”.

Amnesty said the Indonesian police declined to respond to its queries over the research findings, while the National Crypto and Cyber Agency had not responded to its questions by the time of publication.

 

The investigation noted that several of the imports passed through intermediary firms in Singapore, “which appear to be brokers with a history of supplying surveillance technologies and/or spyware to state agencies in Indonesia”.

Over an investigation lasting several months, Amnesty collaborated with Indonesian news magazine Tempo, Israeli newspaper Haaretz, and news and research organisations based in Greece and Switzerland.

“The murky and complex ecosystem of suppliers, brokers, and retailers of spyware and surveillance, as well as complex corporate structures, allow this industry to evade accountability and regulation easily,” Amnesty International Indonesia director, Usman Hamid, was quoted as saying in Tempo.

It is not the first time that Indonesia has been linked to Israeli spyware, with Tempo reporting in 2023 that traces of NSO’s Pegasus spyware, which can infect targeted mobile phones without any user interaction, had been found in Indonesia.

In 2022, the Reuters news agency said more than a dozen senior Indonesian government and military officials had been targeted the year before with Israeli-made spyware.

Fake websites

Amnesty found evidence that, unlike Pegasus, much of the spyware required the target to click a link to lead them to a website, usually imitating the sites of legitimate news outlets or politically critical organisations.

Researchers found links between some of the fake sites and IP addresses linked to Wintego, Candiru (now named Saito Tech) and Intellexa, which is known for its Predator one-click spyware.

In the case of Intellexa, the fake sites mimicked Papuan news website Suara Papua as well as Gelora, which is the name for a political party but also an unrelated news outlet.

Amnesty also found Candiru-linked domains imitating legitimate Indonesian news sites, including the state news agency ANTARA.

Indonesia does not currently have laws that govern the lawful use of spyware and surveillance technologies but has legislation safeguarding freedom of expression, peaceful assembly and association, and personal security. It has also ratified multiple international human rights treaties, including the International Covenant on Civil and Political Rights (ICCPR).

Amnesty urged the Indonesian government to institute a ban on such highly invasive spyware.

Citing sources it did not name, Haaretz said NSO and Candiru were not currently active in Indonesia.

It reported that Singapore had summoned a senior Israeli official in the summer of 2020 after “authorities there had discovered that Israeli firms had sold advanced digital intelligence technologies to Indonesia”.

In responding to Friday’s findings, NSO cited human rights regulations in response to questions from Haaretz.

“With respect to your specific inquiries, there have been no active geolocation or mobile endpoint intelligence systems provided by the NSO Group to Indonesia under our current human rights due diligence procedure,” it was quoted as saying by the newspaper, referring to a framework it introduced in 2020.

Intellexa was founded by former Israeli military officer Tal Dilian [File: Yiannis Kourtoglou/Reuters]

Candiru, meanwhile, told Amnesty that it operated in accordance with Israeli defence export rules and could neither confirm nor deny the questions posed by the organisation.

Wintego did not respond to requests for comment on the research findings, Haaretz said.

Israel’s defence exports body declined to comment on whether it had approved sales to Indonesia.

It told Amnesty the sale of cyber surveillance systems was authorised only for government entities for “anti-terror and law enforcement purposes”.

The United States blacklisted NSO in 2021 over concerns its phone-hacking technology had been used by foreign governments to “maliciously target” political dissidents, journalists and activists. The designation makes it harder for US companies to do business with it.

Candiru and Intellexa are also subject to the US’s trade control rules.

In March, the US imposed sanctions on Intellexa for “developing, operating, and distributing commercial spyware technology used to target Americans, including US government officials, journalists, and policy experts”.

Check out our Latest News and Follow us at Facebook

Original Source

Bombs and viruses: The shadowy history of Israel’s attacks on Iranian soil | Israel War on Gaza News

EXPLAINER

From cyberattacks and assassinations to drone strikes, Israel-linked plots have targeted Iran and its nuclear programme for years.

Israel’s leaders have signalled that they are weighing their options on how to respond to Iran’s attack early Sunday morning, when Tehran targeted its archenemy with more than 300 missiles and drones.

Iran’s attack, which followed an Israeli strike last week on the Iranian consulate in Damascus, Syria, that killed 13 people was historic: It was the first time Tehran had directly targeted Israeli soil, despite decades of hostility. Until Sunday, many of Iran’s allies in the so-called axis of resistance — especially the Palestinian group Hamas, the Lebanese group Hezbollah, Yemen’s Houthis and armed groups in Iraq and Syria — were the ones who launched missiles and drones at Israel.

But if Israel were to hit back militarily inside Iran, it wouldn’t be the first time. Far from it.

For years, Israel has focused on one target within Iran in particular: the country’s nuclear programme. Israel has long accused Iran of clandestinely building a nuclear bomb that could threaten its existence — and has publicly, and frequently, spoken of its diplomatic and intelligence-driven efforts to derail those alleged efforts. Iran denies that it has had a military nuclear programme, while arguing that it has the right to access civil nuclear energy.

As Israel prepares its response, here’s a look at the range of attacks in Iran — from drone strikes and cyberattacks to assassinations of scientists and the theft of secrets — that Israel has either accepted it was behind or is accused of having orchestrated.

Assassinations of Iranian scientists

  • January 2010: A physics professor at Tehran University, Masoud Ali-Mohammadi, was killed through a remote-controlled bomb planted in his motorcycle. Iranian state media claimed that the US and Israel were behind the attack. The Iranian government described Ali-Mohammadi as a nuclear scientist.
  • November 2010: A professor at the nuclear engineering faculty at Shahid Beheshti University in Tehran, Majid Shahriari, was killed in a car explosion on his way to work. His wife was also wounded. The president of Iran at the time, Mahmoud Ahmadinejad, blamed the United States and Israel for the attacks.
  • January 2012: Mostafa Ahmadi Roshan, a chemical engineering graduate, was killed by a bomb placed on his car by a motorcyclist in Tehran. Iran blamed Israel and the US for the attack and said Ahmadi Roshan was a nuclear scientist who supervised a department at Iran’s primary uranium enrichment facility, in the city of Natanz.
  • November 2020:Prominent nuclear scientist Mohsen Fakhrizadeh was killed in a roadside attack outside Tehran. Western and Israeli intelligence had long suspected that Fakhrizadeh was the father of an Iranian nuclear weapons programme. He was sanctioned by the United Nations in 2007 and the US in 2008.
  • May 2022: Colonel Hassan Sayyad Khodaei of the Islamic Revolutionary Guard Corps (IRGC) was shot five times outside of his home in Tehran. Majid Mirahmadi, a member of Iran’s Supreme National Security Council, alleged the assassination was “definitely the work of Israel”.

Israel’s cyberattacks on Iran

  • June 2010:The Stuxnet virus was found in computers at the nuclear plant in Iran’s Bushehr city, and it spread from there to other facilities. As many as 30,000 computers across at least 14 facilities were impacted by September 2010. At least 1,000 out of 9,000 centrifuges in Iran’s Natanz enrichment facility were destroyed, according to an estimate by the Institute for Science and International Security. Upon investigation, Iran blamed Israel and the US for the virus attack.
  • April 2011: A virus called Stars was discovered by the Iranian cyberdefence agency which said the malware was designed to infiltrate and damage Iran’s nuclear facilities. The virus mimicked official government files and inflicted “minor damage” on computer systems, according to Gholamreza Jalali, the head of Iran’s Passive Defense Organization. Iran blamed Israel and the US.
  • November 2011: Iran said it discovered a new virus called Duqu, based on Stuxnet. Experts said Duqu was intended to gather data for future cyberattacks. The Iranian government announced it was checking computers at main nuclear sites. The Duqu spyware was widely believed by experts to have been linked to Israel.
  • April 2012: Iran blamed the US and Israel for malware called Wiper, which erased the hard drives of computers owned by the Ministry of Petroleum and the National Iranian Oil Company.
  • May 2012: Iran announced that a virus called Flame had tried to steal government data from government computers. The Washington Post reported that Israel and the US had used it to collect intelligence. Then-Israeli Vice Prime Minister Moshe Yaalon did not confirm the nation’s involvement but acknowledged that Israel would use all means to “harm the Iranian nuclear system”.
  • October 2018: The Iranian government said that it had blocked an invasion by a new generation of Stuxnet, blaming Israel for the attack.
  • October 2021: A cyberattack hit the system that allows Iranians to use government-issued cards to purchase fuel at a subsidised rate, affecting all 4,300 petrol stations in Iran. Consumers had to either pay the regular price, more than double the subsidised one, or wait for stations to reconnect to the central distribution system. Iran blamed Israel and the US.
  • May 2020: A cyberattack impacted computers that control maritime traffic at Shahid Rajaee port on Iran’s southern coast in the Gulf, creating a hold-up of ships that waited to dock. The Washington Post quoted US officials as saying that Israel was behind the attack, though Israel did not claim responsibility.

Israel’s drone strikes and raids on Iran

  • January 2018: Mossad agents raided a secure Tehran facility, stealing classified nuclear archives. In April 2018, Israeli Prime Minister Benjamin Netanyahu announced that Israel discovered 100,000 “secret files that prove” Iran lied about never having a nuclear weapons programme.
  • February 2022: Former Israeli Prime Minister Naftali Bennett admitted in an op-ed published in The Wall Street Journal in December 2023, that Israel carried out an attack on an unmanned aerial vehicle, and assassinated a senior IRGC commander in February of the previous year.
  • May 2022: Explosives-laden quadcopter suicide drones hit the Parchin military complex southeast of Tehran, killing an engineer and damaging a building where drones had been developed by the Ministry of Defence and Armed Forces. IRGC Commander Hossein Salami pledged retaliation against unspecified “enemies”.
  • January 2023: Several suicide drones struck a military facility in central Isfahan, but they were thwarted and caused no damage. While Iran did not immediately place blame for the attacks, Iran’s UN envoy, Amir Saeid Iravani, wrote a letter to the UN chief saying that “primary investigation suggested Israel was responsible”.
  • February 2024: A natural gas pipeline in Iran was attacked. Iran’s Oil Minister Javad Owji alleged that the “explosion of the gas pipeline was an Israeli plot”.

Check out our Latest News and Follow us at Facebook

Original Source

US firm AT&T says data of 73 million customers leaked on ‘dark web’ | Telecommunications News

At least 7.6 million existing AT&T account holders and 65.4 million former users hit by the breach, the company says.

Personal information belonging to millions of past and present AT&T customers has been leaked online, including Social Security numbers (SSNs), passcodes and contact details, the multinational company says.

In a statement on Saturday, the telecommunication network – the largest in the United States – said a recently discovered dataset on the “dark web” contained information for about 7.6 million current AT&T account holders and 65.4 million former users, totalling about 73 million affected accounts.

It is not known if the breach “originated from AT&T or one of its vendors”, the company said.

“To the best of our knowledge, the compromised data appears to be from 2019 or earlier and does not contain personal financial information or call history,” the statement added.

All 7.6 million existing account holders whose sensitive personal information was compromised were set to be notified about the breach AT&T. The company said it had already reset passcodes and was investigating the incident.

In addition to passcodes and SSNs, the hacked data possibly included email and mailing addresses, phone numbers and birth dates, AT&T added.

Reports of the breach first surfaced on a hacking forum nearly two weeks ago. It is unclear if the leak is linked to a similar breach in 2021 that was widely reported but that AT&T did not acknowledge.

A hacker at the time claimed to have access to data of 70 million AT&T customers, including their names, addresses, phone numbers, SSNs, and date of birth.

Auction data on a hacking forum revealed the hacker attempted to sell the stolen information for thousands of dollars.

“If they assess this and they made the wrong call on it, and we’ve had a course of years pass without them being able to notify impacted customers” then it’s likely the company will soon face class action lawsuits, cybersecurity expert Troy Hunt told The Associated Press news agency.

Troy, the creator of Have I Been Pwned? – a website that alerts subscribers to data breaches – said in a blogpost at least 153,000 of his customers were affected.

The Dallas-based company faced challenges earlier in February after an outage temporarily knocked out mobile phone service for thousands of users.

AT&T blamed the incident on a technical coding error, not a malicious attack. Other networks were also affected, but AT&T appeared to be the hardest hit.



Check out our Latest News and Follow us at Facebook

Original Source

New Zealand says Chinese ‘state-sponsored’ group hacked parliament | Cybersecurity News

New Zealand Foreign Minister Winston Peters says alleged cyberattack ‘unacceptable’

New Zealand has accused Chinese state-sponsored hackers of infiltrating parliament, joining the United States and United Kingdom in accusing Beijing of malicious cyberactivity.

New Zealand Foreign Minister Winston Peters said on Tuesday that the cyberattack was “unacceptable” and his country’s concerns had been conveyed directly to Beijing.

“Foreign interference of this nature is unacceptable, and we have urged China to refrain from such activity in future. New Zealand will continue to speak out – consistently and predictably – where we see concerning behaviours like this,” Peters said.

Peters, who last week met with Chinese Foreign Minister Wang Yi, said New Zealand and China shared a “significant and complex relationship”.

“We cooperate with China in some areas for mutual benefit,” he said. ”At the same time, we have also been consistent and clear that we will speak out on issues of concern.”

New Zealand’s Government Communications Security Bureau (GCSB) said earlier that its National Cyber Security Centre discovered that a state-backed hacking group known as “APT40” had compromised computers linked to the parliamentary network in 2021.

“The NCSC provided extensive support to the victim organisations to reduce the impact of the compromise and delivered advice to other organisations potentially at risk by association,” GCSB Director-General Andrew Clark said in a statement.

“Analysis of the tactics and techniques used by the actor enabled us to confidently link the actor to a People’s Republic of China (PRC) state-sponsored group known as APT40. This link has been reinforced by analysis from international partners of similar events in their own jurisdictions.”

A spokesperson for the Chinese Embassy in New Zealand said the allegations were “groundless and irresponsible.”

“We have never, nor will we in the future, interfere in the internal affairs of other countries, including New Zealand. Accusing China of foreign interference is completely barking up the wrong tree,” the spokesperson said.

New Zealand’s allegations come after the US and the UK on Monday announced sanctions against a Chinese company and two individuals accused of orchestrating a cyber-espionage operation targeting millions of people, including lawmakers, voters and prominent Beijing critics.

UK Deputy Prime Minister Oliver Dowden said cyberattacks in 2021 and 2022 had targeted the Electoral Commission and UK parliamentary accounts, including three MPs who are members of the Inter-Parliamentary Alliance on China.

New Zealand Defence Minister Judith Collins, who is responsible for the GCSB, said her country stood with its international partners in condemning China’s state-backed malicious cyberactivity.

“This collective response from the international community serves as a timely reminder to all organisations and individuals to have strong cybersecurity measures in place,” Collins said.

Check out our Latest News and Follow us at Facebook

Original Source

Android 15 Could Offer a Boost to Two-Factor Authentication Security to Keep User Data Safe: Report

Android 15 is still under development, but on Friday, February 16, Google released the first Developer Preview of the upcoming operating system. The tech giant said that the new Android software will largely focus on security, and a new report claims to have found three new ways it will make your smartphone and your sensitive data more secure. According to it, Android 15 will be able to better protect the notifications that arise from two-factor authentications (2FA) so that a malicious app or malware cannot access it to steal user data.

According to a report by Android Authority’s Mishaal Rahman, Android 15 will be implementing new ways to cover the gaps left behind by its predecessors. Currently, most two-factor authentication methods for social media profiles, emails, and banking apps use SMS to send a one-time password (OTP). However, there is a risk if a malicious third-party app can read this notification and use it to hack into sensitive data or get into your banking apps and steal money.

To reduce the risk, Google has already begun placing strings of codes in the current edition of the OS. The report found a line of code in the Android 14 QPR3 Beta 1 update that mentions a new permission named RECEIVE_SENSITIVE_NOTIFICATIONS. This permission comes with a higher protection level and can only be given to apps that Google personally verifies. The exact role of this permission is not known but given its naming, it appears to deal with a special category of notifications that will not be accessible for third-party apps to read.

The report highlights that it is likely aimed at 2FA-related notifications. The belief comes from a separate string of code found by Rahman, which points to an under-development platform feature, to which the permission is tied. The feature is named NotificationListenerService and it is an API that lets apps read or take action on notifications. A general use case would be how many apps ask for access to notifications to auto-fill OTP when creating a new account. However, once this API becomes active (it isn’t in the Android 14 build), this will get more difficult.

This API will require the user to enter Settings and then manually grant permission to apps before they can be turned active, the report highlights. Such stringent measures are likely for two-factor authentication. However, even in the second case, it cannot be said for sure.

Rahman found a third hint that likely ties all the developments together. A new flag was seen in the codes labelled OTP_REDACTION. It redacts OTP notifications on the lock screen of the smartphone. Google currently does not use this flag, but the report suggests it can be made active with Android 15. All three separate developments point towards protecting OTP notifications from third-party apps, which makes it likely that the tech giant will use these to protect financial and other important apps that may contain sensitive information.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

iPhone Devices Under Threat as New iOS Trojan That Targets Facial Recognition Data Reported

iPhone devices are being targeted by a rare trojan called GoldDigger, a cybersecurity firm has reported. The malware is part of a cluster of aggressive banking trojans that have been affecting users in the Asia-Pacific (APAC) region. The earlier spotted malware group was only affecting Android users, but a new version has now been unearthed that specifically targets iOS and steals facial recognition data and other sensitive information from devices. This development is rare since Apple is known to be proactive in releasing security patches for its operating system.

Cybersecurity firm Group-IB was behind the discovery of the iOS trojan. The group has been tracking it since October 2023, when it first found a new variant of Android malware and named it GoldDigger. The malicious programme was found to be a banking trojan that steals financial information and targets banking apps, e-wallets, and crypto-wallets. It was first spotted in Vietnam but later identified as a cluster that was affecting the entire APAC region.

In its findings, the group noted that “a new sophisticated mobile Trojan specifically aimed at iOS users, dubbed GoldPickaxe.iOS by Group-IB” has been discovered. The malware is capable of stealing facial recognition data, identity documents, and can even intercept SMS.

The cybersecurity group also claimed that the threat actors behind the GoldDigger malware likely take advantage of face-swapping AI tools to create deepfakes based on the Face ID data. Then, using a combination of identity documents, access to SMS, and Face ID data, the hacker behind the programme can gain access to the victim’s iPhone and their banking apps. The threat actors then make repeated bank transactions to steal the victim’s money. As per Group-IB, this method of monetary theft was previously unseen.

It was reported that the malware was earlier distributed through the TestFlight app, which lets developers beta-test new features before rolling them out, however, it was quickly removed by Apple. Now, it is being spread through a multi-level social engineering technique which involves tricking the victims into installing a Mobile Device Management (MDM) profile.

The trojan is suspected to be connected with an organised Chinese-speaking cybercrime group and is mainly affecting Vietnam and Thailand. There is a possibility that it might spread to other regions as well. The cybersecurity group stated that it has informed Apple about the trojan, and it is likely that the iPhone maker is already in the process of creating a fix.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Microsoft Employee Emails Hacked by Russia-Linked ‘Midnight Blizzard’ Group, Company Says

Microsoft said a Russian-linked hacking group attacked its corporate systems, getting into a “small number” of email accounts, including those of senior leadership and employees who work in cybersecurity and legal. The company said it’s acting immediately to fix older systems, which will probably cause some disruption.

The hacking group doesn’t appear to have accessed customers’ systems or Microsoft servers that run outward-facing products, the software giant said Friday in a blog post. Microsoft also has no evidence the group, named Midnight Blizzard, got into source code or artificial intelligence systems.

“We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes,” the company said. “This will likely cause some level of disruption.”

The group that Microsoft deemed responsible, also known as “Nobelium,” is a sophisticated nation-state hacking group that the US government has tied to Russia. The same group previously breached SolarWinds, a US federal contractor, as part of a massive cyber-espionage effort against US federal agencies.

The company said hackers beginning in November used a “password spray” attack to infiltrate its systems. That technique, sometimes known as a “brute force attack,” typically involves outsiders quickly trying multiple passwords on specific user names in order to try breaching targeted corporate accounts.

In this case, in addition to the accessed accounts, the attackers also took emails and attached documents. Microsoft said it detected the hack on January 12, adding that the company is still notifying employees whose emails were accessed.

Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency, said government officials are “closely coordinating with Microsoft to gain additional insights into this incident and understand impacts so we can help protect other potential victims.”

Microsoft technology has frequently been the target of major hacking campaigns.

The US Cyber Safety Review Board, which reports to the Department of Homeland Security, is already assessing a 2023 intrusion against Microsoft Exchange Online that the company attributed to China-linked hackers. That breach enabled the hack of senior US officials’ email accounts and has prompted growing concerns about cloud computing security. Microsoft said in September it identified five different errors in how its systems that have “been corrected.”

In an interview with Bloomberg in 2023 following that breach, Jen Easterly, director of the agency that manages the board, suggested that Microsoft should “recapture the ethos” of what Microsoft co-founder Bill Gates called “trustworthy computing” in 2002, when he instructed employees to focus on security over adding new features.

“I absolutely positively think they have to focus on ensuring their products are both secure by default and secure by design, and we are going to continue to work with them to urge them to do that,” Easterly said of Microsoft.

In November, Microsoft said it was overhauling how it protects its software and systems after a series of high-profile hacks. Now the company said it must pick up the pace on changes, particularly to older systems and products.

“For Microsoft, this incident has highlighted the urgent need to move even faster,” the company said Friday.

© 2024 Bloomberg LP

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Indian journalists targeted by Israeli spyware again: What do we know? | Freedom of the Press News

A new forensic investigation by Amnesty International and The Washington Post has shown the use of the Israeli Pegasus spyware, likely by the Indian government, to surveil high-profile Indian journalists. A report detailing the findings was published on Thursday. Here is what we know.

What does the report say?

The report, published by Amnesty’s Security Lab, found continued use of the software to target high-profile Indian journalists including a journalist who had also previously been a victim of attacks of the same spyware.

Founding editor of The Wire, Siddharth Varadarajan, and South Asia editor at the Organized Crime and Corruption Report Project (OCCRP), Anand Mangnale, were among those recently targeted using Pegasus spyware on their iPhones. The latest attack was identified in October this year.

On October 31, Apple, the manufacturer of iPhones  issued notifications to users worldwide who may have been targeted by “state-sponsored” attacks. Out of the users warned, over 20 were opposition leaders and journalists in India.

These included firebrand opposition legislator Mahua Moitra. Known for her sharp questions in parliament, Moitra was recently expelled over an allegation of misconduct after she had repeatedly raised questions about alleged benefits handed by the government to the Adani Group, a business house widely seen as close to Prime Minister Narendra Modi.

Amnesty was able to find an attacker-controlled email address used to target Mangnale, who was working on a story about an alleged stock manipulation by a large multinational conglomerate in India at the time of the attack. It is currently unclear whether the attempted target succeeded in breaking into and compromising Mangnale’s phone.

The Washington Post article about the investigation said that Mangnale’s phone was attacked within 24 hours of reaching out to the tycoon Gautam Adani.

The same email address was used to target Varadarajan on October 16. There is also no indication as to whether this attack was successful so far.

These attacks come just months before India’s national elections, in which a broad coalition of opposition parties is taking on Modi’s Bharatiya Janata Party (BJP).

When has Pegasus been used to attack Indian journalists before?

Amnesty previously discovered that Varadarajan’s phone was targeted and infected by Pegasus in 2018. His devices were analysed by a committee established by the Indian Supreme Court in 2021. The investigation was concluded in 2022 and its findings were not publicised.

“The court noted, however, that the Indian authorities ‘did not cooperate; with the technical committee’s investigations,” said the Amnesty report.

In 2021, leaked documents showed that the spyware was used against over 1,000 Indian phone numbers as New Delhi was accused of using Pegasus to surveil journalists, opposition politicians and activists. This list was shared with news outlets by Amnesty and Paris-based journalism non-profit, Forbidden Stories.

What is Pegasus and how exactly does it work?

Pegasus is a spyware that was developed by Israeli cyber-arms and intelligence company – Niv, Shalev and Omri (NSO) Group Technologies. It was launched in August 2016. NSO claims that the spyware is only used by governments and official law enforcement agencies to help with rescue operations and curb criminal or terrorist activity.

If a phone is attacked by Pegasus, the phone can turn into a surveillance device, allowing Pegasus to access text messages, phone calls, photos and videos. It can also access the phone’s camera, location and microphone, recording audio or video without the phone’s owner knowing.

Early versions of the spyware targeted users through phishing attacks. This means a malicious link was sent to targets through emails or text messages. If the targets clicked on the link, the spyware would be installed on their phones.

However, the technology has advanced since then and now Pegasus can be installed without the target having to click a malicious link. Instead, it can infect a device through what are known as “zero-click” attacks. This is done by exploiting vulnerabilities in phones’ operating systems that even the developers are unaware of.

Encrypted applications such as WhatsApp are not only compromised but are now being used to infect devices with the spyware. In 2019, WhatsApp confirmed that its platform was used to send malware to more than 1,400 phones, including several Indian journalists and human rights activists.

Users would get a WhatsApp call and the software would be installed on their phone even if they didn’t pick up the call. On iPhones, the iMessage software has also been used.

Due to the rapid advancements in the technology, it has become harder to detect the presence of Pegasus through telltale signs. While it is unlikely for regular phones to be under threat, phones belonging to activists and high-profile journalists are under threat of being surveilled through the spyware.

Is India suppressing freedom of speech?

Many journalists’ bodies and rights groups have warned that press freedom has dwindled under the Modi government, with several journalists arrested.

India has fallen to 161st in the World Press Freedom Index from 150th last year, its lowest ever. The Modi government rejects this index and questions its methodology, arguing that India has a free press.

In early October, Indian police carried out raids against dozens of reporters, arresting Prabir Purkayastha, editor of the independent and critical NewsClick website. Many other reporters from NewsClick had their devices and homes searched.



Check out our Latest News and Follow us at Facebook

Original Source

India targeted high-profile journalists with Pegasus spyware: Amnesty | Cybersecurity News

Investigation shows journalists in India face ‘threat of unlawful surveillance’ along with other ‘tools of repression’.

India’s government has used the highly invasive Pegasus spyware to target high-profile journalists, according to a new investigation by Amnesty International and The Washington Post.

The findings, published on Thursday, noted India’s repeated use of Pegasus against journalists, including one who was previously a victim of an attack using the same spyware.

Created by Israeli firm NSO Group, Pegasus can be used to access a phone’s messages and emails, peruse photos, eavesdrop on calls, track locations and even film the owner with the camera.

Watchdogs have documented widespread use of the spyware – which NSO says is only sold to governments or security agencies – against journalists and activists in dozens of countries, including India.

Amnesty said journalists Siddharth Varadarajan, founding editor of digital media outlet The Wire, and Anand Mangnale, South Asia editor at The Organized Crime and Corruption Reporting Project (OCCRP), had been targeted with the spyware on their iPhones, with the latest identified case in October 2023.

“Increasingly, journalists in India face the threat of unlawful surveillance simply for doing their jobs, alongside other tools of repression including imprisonment under draconian laws, smear campaigns, harassment and intimidation,” said Donncha O Cearbhaill, the head of Amnesty’s Security Lab.

“Despite repeated revelations, there has been a shameful lack of accountability about the use of Pegasus spyware in India which only intensifies the sense of impunity over these human rights violations.”

Amnesty said its Security Lab recovered evidence from Mangnale’s device that a zero-click exploit designed to covertly install Pegasus was sent to his phone.

A zero-click exploit refers to malicious software that allows spyware to be installed on a device without the user needing to click on a link.

‘Unlawful attack’

In October, Apple issued a new round of threat notifications globally to iPhone users who may have been targeted by “state-sponsored attackers”. More than 20 journalists, and opposition politicians in India were reported to have received the notifications.

Mangnale’s phone was targeted at a time when he was working on a story about an alleged stock manipulation by a large multinational conglomerate in India, Amnesty said.

The OCCRP published an investigation in August into the financial dealings of Indian tycoon Gautam Adani, a key ally of Indian Prime Minister Narendra Modi.

Mangnale told the AFP news agency that he was targeted “within hours” of sending questions to the Adani Group on behalf of the OCCRP.

Varadarajan – who was previously hacked with Pegasus spyware in 2018 – suggested to The Washington Post that he had been targeted for leading opposition to the detention of a prominent news publisher in New Delhi.

India’s government did not immediately respond to questions about the investigation.

In 2021, New Delhi was accused of using Pegasus to surveil journalists, opposition politicians and activists, with leaked documents showing the spyware had been used against more than 1,000 Indian phone numbers.

“Targeting journalists solely for doing their work amounts to an unlawful attack on their privacy and violates their right to freedom of expression. All states, including India, have an obligation to protect human rights by protecting people from unlawful surveillance,” Amnesty’s O Cearbhaill said.

Activists say press freedom in the world’s biggest democracy has suffered during Modi’s tenure. India has fallen 21 spots to 161 out of 180 countries in the World Press Freedom Index, compiled by Reporters Without Borders, since he took office in 2014.

Check out our Latest News and Follow us at Facebook

Original Source

Exit mobile version