‘Criminal contract hackers’: China, Iran and Russia have more high-tech


Rogue governments are increasingly outsourcing criminals to take cyber attacks across the boundless realm of cyberspace to wreak havoc across the United States and the world.

China, Iran, Russia, and other foreign enemies have contracted hackers, used advanced spyware technology, and used social media platforms as a tool to facilitate espionage.

According to a senior Biden administration official, the United States and its allies blamed “criminal contract hackers” working for China’s Ministry of State Security (MSS) for the Microsoft Exchange attack, which compromised tens of thousands of computers.

The Ministry of Justice also indicted four Chinese nationals, allegedly three MSS officers, for the malicious cyber campaign that recruited hackers through various universities in Hainan and elsewhere in China.

“Such universities not only assist the MSS in identifying and recruiting hackers and linguists to infiltrate and steal from the computer networks of targeted entities, including their colleagues at many foreign universities, but also staff at a Hainan-based university in Hainan. has helped support and manage it. Xiandun is a front company, including payroll, benefits and a mailing address.”

Chinese Foreign Ministry spokesman Zhao Lijian dismissed the US government and its allies’ condemnations as “baseless accusations” in a message on Twitter that instead accuses the US of being “the world’s largest ‘hacking empire’.

China is not the only malicious actor outsourcing its cyber efforts. Facebook said it observed a group of hackers in Iran outsourcing malware development to several different cybercriminal gangs.

Facebook’s Mike Dvilyanski and David Agranovich said Mahak Rayan Afraz, an information technology company in Tehran with alleged ties to the Islamic Revolutionary Guard Corps, said “the malware used by Iranian hackers exploiting Facebook within a broader cross-platform context.” He said he had developed some of it. Cyber ​​espionage operation.”

On Facebook’s blog last week, hackers used custom-built malware tools and shared links to malicious Microsoft Excel spreadsheets that allow the malware to profile the victim’s machine. Facebook said the hackers targeted “military personnel and companies in the defense and aerospace industry primarily in the US and to a lesser extent in the UK and Europe”.

Similarly, Google recently revealed that Russian hackers are using LinkedIn messages to target government officials using Apple devices. Google’s Threat Analysis Group described the hackers as “possibly a Russian government-backed actor,” and Google said it was the same actor that other cybersecurity experts had linked to a Russian Foreign Intelligence Service (SVR) group that the US government blamed. SolarWinds computer network management software hack.

The outsourcing of cyber warfare is not limited to governments using academics to detect skilled hackers or commercial enterprises made up of former regime officials. In some cases, authoritarian regimes rely on off-the-shelf tools and technology to track and disrupt their goals.

Israeli tech and spyware firm NSO Group has sold a product called Pegasus that can access a smartphone user’s messages, camera and microphone without taking any action from the victim, according to Project Pegasus, released on Sunday. More than 80 journalists and 17 media outlets from 10 countries organized by Forbidden Stories news agency.

According to Amnesty International’s Security Lab, which provides technical support to the Pegasus Project, widespread and ongoing illegal surveillance is conducted by Pegasus users.

The technical team said they observed that cyber attackers exploited an iPhone 12 using the latest operating system software from Apple at the time the report was published.

“The Pegasus attacks detailed in this report and its appendices are from 2014 to July 2021,” said Amnesty International’s Security Lab report. “This includes so-called ‘zero-click’ attacks that do not require any interaction from the target. Zero-click attacks have been observed since May 2018 and continue to this day.”

NSO Group denied various allegations in the news of journalists and organizations participating in the Pegasus Project.

“We would like to emphasize that NSO is selling. [its] The NSO group said on its website on Sunday that the technologies were handed over to law enforcement and intelligence agencies of overseen governments with the sole purpose of saving lives by preventing acts of crime and terrorism.

It has been difficult for the US to track who created and used the tools in cyber attacks

Last week, the digital presence of the cybercriminal gang REvil has visibly dwindled. REvil has used a business model that relies on developers and affiliates implementing cyberattacks, which can make it difficult for victims to properly identify their attackers.

According to a senior Biden administration official, federal agents are monitoring the dark web to better understand changes involving REvil, but they do not expect cybercriminals to turn off their activities like a light switch.

Sign up for Daily Newsletters


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *