Category Archives: russia

Nation-state actors from Russia, China, Iran, and North Korea target Canada

Canada Centre for Cyber Security warns of risks related to state-sponsored programs from China, Russia, Iran, and North Korea.

A report published by the Canadian Centre for Cyber Security, titled “National Cyber Threat Assessment 2020,” warns of risks associated with state-sponsored operations from China, Russia, Iran, and North Korea.

The report is based on both classified and unclassified sources and identifies current cyber threats and the likelihood that they will occur, and how Canadians could be affected.

“The second iteration of our unclassified assessment notes that the number of cyber threat actors is increasing, and they are becoming more sophisticated, that cybercrime will almost certainly continue to be the cyber threat most likely to affect Canadians and that Ransomware attacks will almost certainly continue to target large enterprises and critical infrastructure providers.” reads the report.

China, Russia, Iran, and North Korea are developing cyber capabilities to disrupt key Canadian critical infrastructure, including electricity supply.

Nation-state actors linked to the above countries pose the greatest strategic threats to Canada and according to the report, they will continue to attempt to steal Canadian intellectual property, especially related to COVID-19.

Threat actors are carrying out cyber espionage campaigns and online influence campaigns.

“The most sophisticated capabilities belong to state sponsored cyber threat actors who are motivated by economic, ideological, and geopolitical goals,” the center said.

“We assess that almost certainly the state-sponsored programs of China, Russia, Iran, and North Korea pose the greatest state-sponsored cyber threats to Canadian individuals and organizations,” continues the report.

“However, many other states are rapidly developing their own cyber programs, benefiting from various legal and illegal markets to purchase cyber products and services.”

The report also states that other states are rapidly building their cyber capabilities, for this reason the Canadian Government believes that state-sponsored hacking will continue to target Canadian businesses, academia, and governments.

“Defending Canada against cyber threats and related influence operations requires addressing both the technical and social elements of cyber threat activity. Cyber security investments will allow Canadians to benefit from new technologies while ensuring that we do not unduly risk our safety, privacy, economic prosperity, and national security.” concludes the report. “We approach security through collaboration, combining expertise from government, industry, and academia. Working together, we can increase Canada’s resilience against cyber threats.”

Pierluigi Paganini

(SecurityAffairs – hacking, nation state hacking)

The post Nation-state actors from Russia, China, Iran, and North Korea target Canada appeared first on Security Affairs.

Nation-State Attackers Actively Target COVID-19 Vaccine-Makers

Three major APTs are involved in ongoing compromises at pharma and clinical organizations involved in COVID-19 research, Microsoft says.

Smashing Security podcast #204: Green buttons, Olympic attacks, and… an apology

There's been a cybersecurity goof in the wake of the US presidential elections, the US fingers the hackers responsible for disrupting the Winter Olympics in South Korea, and we take a long hard look at long hard legal mumbojumbo... All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jack Rhysider from Darknet Diaries.

‘Ghostwriter’ Influence Campaign: Unknown Actors Leverage Website Compromises and Fabricated Content to Push Narratives Aligned With Russian Security Interests

Mandiant Threat Intelligence has tied together several information operations that we assess with moderate confidence comprise part of a broader influence campaign—ongoing since at least March 2017—aligned with Russian security interests. The operations have primarily targeted audiences in Lithuania, Latvia, and Poland with narratives critical of the North Atlantic Treaty Organization’s (NATO) presence in Eastern Europe, occasionally leveraging other themes such as anti-U.S. and COVID-19-related narratives as part of this broader anti-NATO agenda. We have dubbed this campaign “Ghostwriter.”

Many, though not all of the incidents we suspect to be part of the Ghostwriter campaign, appear to have leveraged website compromises or spoofed email accounts to disseminate fabricated content, including falsified news articles, quotes, correspondence and other documents designed to appear as coming from military officials and political figures in the target countries.

This falsified content has been referenced as source material in articles and op-eds authored by at least 14 inauthentic personas posing as locals, journalists and analysts within those countries. These articles and op-eds, primarily written in English, have been consistently published to a core set of third-party websites that appear to accept user-submitted content, most notably OpEdNews.com, BalticWord.com, and the pro-Russian site TheDuran.com, among others, as well as to suspected Ghostwriter-affiliated blogs.

Some of these incidents and personas have received public attention from researchers, foreign news outlets, or government entities in Lithuania and Poland, but have not been tied to a broader activity set. Others have received little attention and remain relatively obscure. Mandiant Threat Intelligence has independently discovered several Ghostwriter personas and identified additional incidents involving some of those personas previously exposed.

We believe the assets and operations discussed in this report are for the first time being collectively tied together and assessed to comprise part of a larger, concerted and ongoing influence campaign.

Read the report today to learn more.

Ransomware attack on Garmin thought to be the work of ‘Evil Corp’

Russian cybercrime gang is believed to be responsible for taking Garmin services offline

A ransomware attack that took the GPS and smartwatch business Garmin entirely offline for more than three days is believed to have been carried out by a Russian cybercriminal gang which calls itself “Evil Corp”.

Garmin began to restore services to customers on Monday morning, after being held hostage for a reported ransom of $10m, although some services were still operating with limited functionality.

Ransomware is the most common form of criminal malware currently in use. Targets are commonly infected through malicious emails, which may trick them into downloading and running the software, or through exploiting vulnerabilities in other software such as Adobe Flash. When the ransomware program is activated, it encrypts the user’s hard drive with a single use encryption key, before flashing up a message asking for ransom, typically in the form of a payment in the cryptocurrency Bitcoin.

Related: Garmin down: how to still get your activities on to Strava

Continue reading...