• chevron_right

      How the FBI pwned Turla, a Kremlin jewel and one of world’s most skilled APTs

      news.movim.eu / ArsTechnica · Wednesday, 10 May, 2023 - 12:43

    How the FBI pwned Turla, a Kremlin jewel and one of world’s most skilled APTs

    Enlarge (credit: Getty Images)

    FBI officials on Tuesday dropped a major bombshell: After spending years monitoring exceptionally stealthy malware that one of the Kremlin’s most advanced hacker units had installed on hundreds of computers around the world, agents unloaded a payload that caused the malware to disable itself.

    The counter hack took aim at Snake, the name of a sprawling piece of cross-platform malware that for more than two decades has been in use for espionage and sabotage. Snake is developed and operated by Turla, one of the world's most sophisticated APTs, short for advanced persistent threats, a term for long-running hacking outfits sponsored by nation states.

    Inside jokes, taunts, and mythical dragons

    If nation-sponsored hacking was baseball, then Turla would not just be a Major League team—it would be a perennial playoff contender. Researchers from multiple security firms largely agree that Turla was behind breaches of the US Department of Defense in 2008 , and more recently the German Foreign Office and France’s military . The group has also been known for unleashing stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations.

    Read 14 remaining paragraphs | Comments

    • chevron_right

      Microsoft issues emergency patches for 4 exploited 0days in Exchange

      Dan Goodin · news.movim.eu / ArsTechnica · Tuesday, 2 March, 2021 - 22:00

    The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

    Enlarge (credit: Getty Images )

    Microsoft is urging customers to install emergency patches as soon as possible to protect against highly skilled hackers who are actively exploiting four zeroday vulnerabilities in Exchange Server.

    The software maker said hackers working on behalf of the Chinese government have been using the previously unknown exploits to hack on-premises Exchange Server software that is fully patched. So far, Hafnium, as Microsoft is calling the hackers, is the only group it has seen exploiting the vulnerabilities, but the company said that could change.

    “Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Microsoft Corporate Vice President of Customer Security & Trust Tom Burt wrote in a post published Tuesday afternoon . “Promptly applying today’s patches is the best protection against this attack.”

    Read 6 remaining paragraphs | Comments

    index?i=d8pZZrv1KPM:cv7rZMuBGOE:V_sGLiPBpWUindex?i=d8pZZrv1KPM:cv7rZMuBGOE:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Facebook says hackers backed by Vietnam’s government are linked to IT firm

      Dan Goodin · news.movim.eu / ArsTechnica · Friday, 11 December, 2020 - 19:43

    Stylized photo of desktop computer.

    Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images )

    Facebook said it has linked an advanced hacking group widely believed to be sponsored by the government of Vietnam to what's purported to be a legitimate IT company in that country.

    The so-called advanced persistent threat group goes under the monikers APT32 and OceanLotus. It has been operating since at least 2014 and targets private sector companies in a range of industries along with foreign governments, dissidents, and journalists in South Asia and elsewhere. It uses a variety of tactics, including phishing, to infect targets with fully featured desktop and mobile malware that’s developed from scratch. To win targets’ confidence, the group goes to great lengths to create websites and online personas that masquerade as legitimate people and organizations.

    Earlier this year, researchers uncovered at least eight unusually sophisticated Android apps hosted in Google Play that were linked to the hacking group . Many of them had been there since at least 2018. OceanLotus repeatedly bypassed Google’s app-vetting process, in part by submitting benign versions of the apps and later updating them to add backdoors and other malicious functionality.

    Read 9 remaining paragraphs | Comments

    index?i=znWw8LsMios:OIz1Wlj7MTg:V_sGLiPBpWUindex?i=znWw8LsMios:OIz1Wlj7MTg:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA