Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Hacking Attack. Show all posts

Hackers Attack Apple Prior to Launch Event, Demand Ransom

 

On the day when Apple was ready to declare a new series of products at its Spring Load Event, there happened a leak from an unexpected quarter. The infamous cybercrime gang REvil took the responsibility for stealing data and schematics from Apple's supplier 'Quanta computer' relating unreleased products. The gang also threatened to sell the data to the highest bidder if the target failed to pay a ransom of $50 Million. For the credibility of the attack, the hackers release caches of docs relating to upcoming MacBook Pros. iMac schematics have also been added since the last attacks. 

The suspenseful timing and links to Apple raise controversy about the attack. However, it is also a reflection towards the rising no of disturbing ransomware incidents that appear today. Hackers have evolved through years of developing their mass data encryption techniques to log targets out of their own devices. Presently, these gangs are more focused towards data theft and extortion as their primary means of attacks, while demanding hefty ransoms in the process. 

"Our team is negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands. We recommend that Apple buy back the available data by May 1," said REvil in the stolen data post. Since the start, ransomware attacks have involved capturing the victim's device, encrypting files, and then demanding ransom through simple transactions, in return for providing the decryption key. 

Now, however, hackers have moved towards a unique approach, along with encrypting the files, they steal files and threaten to leak them, this gives them leverage over their victim, assuring ransom payment. Even if the victim recovers his data, the risk of a hacker leaking his data still persists. The Wired reports, "and in the past couple of years, prominent ransomware gangs like Maze have established the approach. Today incorporating extortion is increasingly the norm. And groups have even taken it a step further, as is the case with REvil and Quanta, focusing completely on data theft and extortion and not bothering to encrypt files at all."

Kaspersky Discovered Purple Lambert to be a Part of the CIA

 

Kaspersky Lab, a cybersecurity company, has uncovered a new malware that analysts believe is linked to the US Central Intelligence Agency. Multiple antivirus providers obtained a series of malware samples in February 2019, according to Kaspersky experts, some of which cannot be linked to the operation of established APT classes. There were no parallels between these malware strains and malware affiliated with other APT classes.

Although an initial investigation revealed no common code with any previously-known malware samples, Kaspersky recently re-analyzed the files and discovered that “the samples have intersections with coding patterns, style, and techniques that have been used in different Lambert families,” according to the company. Lamberts is Kaspersky's internal codename for tracking CIA hacking operations.

Kasperksy has dubbed this new malware cluster Purple Lambert due to the shared similarity between these recently found samples and previous CIA malware. The malware samples seem to have been collected seven years earlier, in 2014, according to Purple Lambert metadata. Although Kaspersky has not seen any of these samples in the wild, it believes Purple Lambert samples were “most certainly deployed in 2014 and probably as late as 2015.”

“Although we have not found any shared code with any other known malware, the samples have intersections of coding patterns, style and techniques that have been seen in various Lambert families. We therefore named this malware Purple Lambert.” states the APT trends report Q1 2021 published by Kaspersky. “Purple Lambert is composed of several modules, with its network module passively listening for a magic packet. It is capable of providing an attacker with basic information about the infected system and executing a received payload. Its functionality reminds us of Gray Lambert, another user-mode passive listener. Gray Lambert turned out to be a replacement of the kernel-mode passive-listener White Lambert implant in multiple incidents. In addition, Purple Lambert implements functionality similar to, but in different ways, both Gray Lambert and White Lambert.” 

While the Lambert APT (also known as the Longhorn APT) has been present since at least 2008, the first samples were discovered in 2014. The group is extremely advanced, and it has penetrated organisations all over the world with a sophisticated cyberattack network that can hack both Windows and Mac systems. The researchers discovered and studied numerous backdoors and hacking methods that make up the cyberespionage group's arsenal over the years.

The website of the Echo of Moscow radio station reported a two-week hacker attack


For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been hacked.

According to Sergey Buntman, First Deputy Editor-in-Chief of Echo, the radio station technically and actually proved that there are attacks not only on the Echo of Moscow website but also on the Echo office, and on computers, computer and Internet communications. Because of this, part of the telephone service is also affected.

"We asked for help wherever we could, both technical, political, and law enforcement agencies. We linked these attacks with certain information, programs. Law enforcement agencies, as I understand it, are now searching for the source of the attacks," said Alexey Venediktov, Editor-in-Chief of Echo.

He said that two weeks ago, powerful hacker attacks began. Their peculiarity was that they attacked not only the site but also the communication channels of Echo of Moscow when programs were broadcast with presenters who are located remotely," explained Venediktov.

In addition, office computers were unexpectedly attacked, due to which Echo Moscow could not receive news from news agencies. "It is very important that they attack Internet communication channels, including from the satellite from which our regional partners receive the signal. These are very experienced, very powerful DDoS attacks. As experts tell us, very large structures have such capabilities," he said, adding that the radio station's specialists have already learned to repel all these attacks.

However, according to Venediktov, the radio station is losing subscribers and advertisers. The Editorial Board drew the attention of the shareholders to this fact, and "the shareholders are worried".