Search This Blog

Showing posts with label NATO. Show all posts

South Korea Joins NATO's Cyber Research Centre, Becomes First Asian Member

South Korean intelligence agency on Thursday said that South Korea has joined a cyber defense group under NATO (North Atlantic Treaty Organization), becoming its first Asian member community. ZDNet reports "South Korea had suffered numerous cyberattacks in the past with targets ranging from state-run nuclear research institutes to cryptocurrency companies, most of which were allegedly committed by North Korean hacking groups." 

According to National Intelligence Service (NIS), South Korea, along with Luxembourg and Canada, have been added to the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE), a think tank from Tallinn, Estonia. It supports member countries and NATO with cyber defense research, exercises, and training. CCDCOE was founded in 2008 by NATO countries, on behalf of Estonia's initiative, as a response to the country suffering intense cyberattacks done by Russia. 

With the inclusion of the three latest members, CCDCOE now has 32 members among which, 27 are sponsored members of NATO and 5 contributing members, which includes South Korea, which is not a part of NATO. NIS said that South Korea has been active since 2019 to become a member of CCDCOE to learn cyber defense expertise to safeguard the country's infrastructure backbone, and to plan out a global strategy. NIS is planning to send more staff to the center and increase the scope of joint training. Cyberattacks were making a massive impact on users and countries that need global cooperation to respond. 

South Korea will work alongside CCDCOE members to formulate a robust cyber defense system. "Even prior to becoming an official member of the center, South Korea had taken part in CCDCOE's large-scale, live-fire cyber defense exercise, Locked Shields, where thousands of experts from member nations and partners jointly defended a fictional country against simulated cyberattacks," says ZDNet.

 Bangladesh Cyber Incident Response Team has Issued a Warning About Malware Attacks Around Eid

 

Officials have warned of a possible cyber-attack on Bangladesh's financial and other key institutions' computer systems during the Eid vacations. According to a statement issued by the Digital Security Agency, the affected authorities must install or update anti-DDOS hardware and software. 

Officials believe the warning was sent by the government's specialized cyber-threat agency as a global cyberwar erupts in the Russia-Ukraine conflict, with NATO assisting the latter with arms support. 

The Bangladesh Computer Council's e-Government Computer Incident Response Team (BGD e-GOV CIRT) also recommends all key information facilities' internal systems be checked and monitored.

Following the current conflict between Ukraine and Russia, Tarique M Barkatullah, director (operations) of the Digital Security Agency and project director of the BGD e-GOV CIRT, stated “hackers from both sides are using important information infrastructures of different countries to spread botnets and malware and attack each other.” 

Botnets are computer networks infected with malware (such as computer viruses, key loggers, and other malicious code or malware) and remotely controlled by criminals, either for monetary gain or to launch assaults on websites or networks. 

BGD e-Gov CIRT discovered over 1400 IP numbers used in Russia after analyzing the warning message issued by the Russian Computer Security Incident Response Team. According to the CIA, hackers are using these IPs to spread propaganda and launch distributed denial of service (DDoS) operations. 

Tareq M Barkatullah, project director of BGD e-Gov CIRT, remarked in this reference: “The country's afflicted financial institutions and public service suppliers are being hampered in providing its usual services due to the exploitation of these IP-enabled Bangladeshi servers."

According to the Financial Express, Prof Dr. Md Salim Uddin, chairman of the executive committee of Islami Bank Bangladesh Limited (IBBL), several financial institutions have been targeted by cyber-attacks as a result of the current crisis between Ukraine and Russia.

IBBL is well-prepared to thwart any cyber-attack because it is always adopting new technological solutions. Among the internal systems, he emphasized strengthening cyber-security with new tech solutions and monitoring systems. To prevent all types of cyber threats, financial institutions should join an organization or platform to improve cooperation and integration. He further urges the government to expand collaboration and support in this area in order to combat rising cyber-threats in the future.

Hackers from China's 'Mustang Panda' were Utilizing New 'Hodur' Malware

 

Mustang Panda (a.k.a. Temp.Hex, HoneyMyte, TA416 or RedDelta), a China-based advanced persistent threat (APT), has been traced to an ongoing cyberattack campaign using a formerly undocumented variation of the PlugX remote access trojan on affected workstations mostly in and around Southeast Asia. For its similarities to another PlugX (aka Korplug) variation called THOR which surfaced in July 2021, slovak cybersecurity firm ESET termed the current version Hodur. 

Korplug is a proprietary virus used widely, it was initially uncovered in a 2020 investigation that looked into Chinese hackers' activities against Australian targets. Mustang Panda employs phishing lures with counterfeit papers to target European embassies, ISPs (Internet Service Providers), and research institutes in the most recent known campaign, according to cybersecurity firm ESET. "Anti-analysis measures and control-flow obfuscation are used at every level of the deployment process," the firm told.

Hodur is based on PlugX, a remote access tool that "allows remote users to steal data or take control of impacted systems without authorization. It can copy, move, rename, execute, and delete files, as well as log keystrokes and fingerprint the infected system." The infections end with the implementation of the Hodur backdoor on the infected Windows host, irrespective of the phishing lure used. 

As formerly stated, the campaign begins simply, with the group phishing its targets using current events. Proofpoint identified it using a NATO diplomat's email address to send out.ZIP and.EXE files labeled "Situation at the EU Borders with Ukraine" last month. If a victim accepts the bait, a legitimate, properly signed executable prone to DLL search-order hijacking will be delivered. Russia, Greece, Cyprus, South Africa, Vietnam, Mongolia, Myanmar, and South Sudan are the countries targeted in this campaign. 

ESET claims to have sampled sophisticated custom loaders as well as new Korplug (Hodur) versions still using DLL side-loading but has considerably more robust obfuscation and anti-analysis techniques across the infection chain. The side-loading custom DLL loader uses a digitally-signed genuine executable, in this case, a SmadAV file, and leverages a known flaw. Except for one, which loads the new Korplug variation, the loader's many functions are all fake. 

As it is a Chinese actor with a history of pursuing higher political espionage purposes, the scope of its targeting should be rather consistent.

Cyberattack on NATO Can Trigger Collective Defense Issue

 

Cyberattack on a NATO member State can incite Article 5, the collective defense clause, said a NATO official on Monday, amid threats that disturbance in cyberspace related to Russia's invasion of Ukraine could reach out to other countries. The military alliance since the beginning has made it clear that a cyberattack attack could entice the clause, however, such a scenario is mostly considered hypothetical. Allie also acknowledges that the effect of special malicious activities (Cybersecurity) in some situations can be considered an armed attack. 

"These are things that have been in hypothetical discussion for a decade, but because we've not come to any universal conclusion on what those standards should be, what level of attribution is needed, we're kind of in a very grey area," said U.S. Senate Intelligence Committee Chairman Mark Warner. As per officials, they will not speak about the seriousness of cyberattack, in triggering a collective response. Any action includes economic and diplomatic sanctions, conventional forces, and cyber measures. 

It all depends on the seriousness of the attack. To check if a cyberattack meets the set threshold of an attack that is large enough to enable Article 5 is decided by the NATO allies. The US and Britain have been alarmed about possible cyberattacks ok Ukraine which can lead to global consequences. For instance, a harmful virus was made to attack Ukranian networks which later spread to other areas. 

Another concern among cybersecurity experts is that Russia can work along with gangs that operate via malicious software, for instance, the infamous US colonial pipeline incident which happened last year. "According to Reuters "Mark posed the hypothetical case of a Russian cyberattack on Ukraine that impacts NATO member Poland, triggering power outages that result in hospital patients dying or knocking out traffic lights, causing fatal road accidents involving U.S. troops deployed there."

Ukraine: DDoS Attacks on State Websites Continue

 

Since February 23, some Ukrainian government websites have been subjected to DDoS attacks: web resources of the Ministry of Defense, the Verkhovna Rada of Ukraine, the Ministry of Foreign Affairs and others have suffered interruptions. 

The Insider publication (the organization is included in the list of foreign agents by the Ministry of Justice of Russia), referring to the data of the independent cyber analyst Snorre Fagerland, stated that the hacker group ART23 (Fancy Bear), which is attributed to links with the Main Intelligence Directorate of the Russian Federation, was behind the attacks. 

However, Igor Bederov, head of the Information and Analytical Research Department at T.Hunter, called this statement a provocation. "The investigation of a cyberattack (attribution) is a long and complex process that cannot be carried out from beginning to end in hours. Analysis of hacker software and malicious code is always a long and painstaking process," Mr. Bederov said. 

According to him, even if traces leading to Fancy Bear were indeed found, it's still impossible to say that this particular group was behind the attack. Mr. Bederov thinks that other hackers could have also taken advantage of the malware previously used by Fancy Bear. It's possible because hacker tools are openly resold on the Darknet. 

"Primary attribution is based on matching the hacker code used in today's attack with the code used in yesterday's attack, as well as special characters specific to a language group. This approach is fundamentally wrong, because the code can be stolen or bought, and the linguistic features can be imitated," said the expert. 

Mr. Bederov also noted that within the framework of pro-state activity, mainly Chinese groups like to engage in substitution of attribution. In addition, according to him, the NATO cyber intelligence center located in Tallinn was previously noticed for the substitution of attribution. 

Earlier it was reported that DDoS attacks on the website of the Ministry of Defense of Ukraine could have been deliberately set up by the United States. Earlier, Viktor Zhora, Deputy Chairman of the State Service for Special Communications and Information Protection of Ukraine, said that the government of Ukraine is ready for the scenario of forced destruction of secret data on servers. According to him, the authorities do not want to take risks and are not going to leave documentation and detailed information about the population of Ukraine to the enemy. 

He also said that if Russia gets access to government passwords, Ukrainian specialists "will quickly block access to hacked accounts."

NATO's Cloud Platform Hacked

 

The SOA & IdM platform is utilized by NATO and is classified as secret. It was used to conduct various critical functions inside the Polaris programme. The North Atlantic Treaty Organization (NATO), commonly known as the North Atlantic Alliance, is an intergovernmental military alliance made up of 30 European and North American countries. 

The organization is responsible for carrying out the North Atlantic Treaty, which was signed on April 04, 1949. NATO is a collective defense organization in which NATO's independent member states commit to defending each other in the event of an external attack. NATO's headquarters are in Haren, Brussels, Belgium, and Allied Command Operations' headquarters is near Mons, Belgium. 

Polaris was developed as part of NATO's IT modernization effort and uses the SOA & IdM platform to provide centralized security, integration, and hosting information management. The military alliance classified the platform as a secret because it performs multiple key roles. 

According to the hackers, they used a backdoor to make copies of the data on this platform and attempted to blackmail Everis. They went even further, making jokes about handing over the stolen material to Russian intelligence. 

Paul Howland, Polaris Program Officer explained the benefits of the program: “This project has the potential to be a game-changer in how NATO will develop and deploy its operational services in the future. It will drive innovation and reduce costs. Operational by ensuring a much greater reuse of deployed capacities". 

The hackers who carried out the attack said they had no idea they could take advantage of a flaw in the NATO platform at first. Furthermore, they concentrated solely on Everis' corporate data in Latin America, despite NATO's announcement that it was ready to respond to a cyber-attack. One of the secure NATO systems was among Everis' subsidiaries, much to their astonishment. 

After analyzing the company and discovering documents connected to drones and military defense systems, the hackers continued stealing more data from Everis networks. They justified their actions by claiming that they were not "for peace on earth and in the cyber world" when they slowed the development of the Polaris programme. The hackers sought a ransom of XMR 14,500 from Everis in exchange for not linking the company's identity to the LATAM Airlines data breach. They've also demanded this money in exchange for not revealing any NATO data.

Japan Ups Its Cyber-Warfare Game; Becomes a Member of NATO.

p

Cautiously judging China for possible cyber threats, on December 2, Japan in actuality became a new contributor in NATO’s cyber-security war strategies by becoming a member.

Up till 2018, only an observer, Japan moved up its status in the field of “cyber-warfare”.

The Defense Ministry of Japan reportedly mentioned that it has very little experience when it comes to international exercises. There are several things and issues they need to work on, the language barrier being on the list.

The Cyber defenses Japan had to offer so far have always been a matter of criticism compared especially with those of the western nations which made them wonder about any possible cyber-suffrage that could be caused.

China’s infamous cyber-history includes several hacker organizations that are clearly blossoming. From attacks on the government to corporate servers, they’ve done it all.

Reportedly, China is feared to have massive cyber-attack efficacies to match that of Russia’s and that’s what’s causing the U.S and the other European countries to lose sleep.

Pondering over data breaches, Washington has urged other nations to shun Chinese-made telecommunication gear for their “fifth-generation wireless infrastructure”.

The NATO’s Cyber Coalition has its command center in Estonia and proposes one of the world’s greatest exercises of its type. It’s in full swing, with participants like Ukraine, the European Union, and the U.S. totaling up to over 30.

As part of the cyber-security exercise, the “Cyber Coalition” drills model situations that vary from “state compromised computer systems” to the role of cyber-attacks in cross-border battles and even defense against virtual enemies.

Cyber Space Is Now A New Domain?


All the member countries of The North Atlantic Treaty Organization (NATO) are confident that all the member countries would retaliate if even a single member country is under cyber-attack.

The member countries include European countries, the US and Canada.

According to Article 5 of the founding treaty of NATO, “a collective defence commitment” could be made under the above circumstances. The article hasn’t been provoked since the 9/11 attack.

Per sources, “Cyber-space” has been designated as a domain which shall be defended and operated effectively like land, sea and air.

NATO hasn’t made such claims for the first time. The “Wannacry ransomware” attack which had wreaked havoc in the UK and NHS didn’t get the support of the Article 5.

There is no doubting the fact that considering an attack on one country as an attack on other countries too will be a herculean task when it comes to implementation.

The aspects and dimensions of an attack when it comes to cyber-crime and cyber-space are way different and abstract as compared to other forms of war.

Countries like Russia and Ukraine have been a part of such debates for quite some time now and there is no resolving and finding out the actual dimensions of an “attack”.