Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cyber espionage. Show all posts
Washington DC
conservative think tank cyber attack Cyber Attacks cyber espionage Cybersecurity donor information Heritage Foundation Investigation nation-state hackers Politico Republican politics Washington DC

US Think Tank Struck by Cyberattack

 

The Heritage Foundation, a prominent conservative think tank based in Washington, DC, revealed on Friday that it had fallen victim to a cyberattack earlier in the week. The attack, which occurred amid ongoing efforts to mitigate its effects, left the organization grappling with uncertainties regarding potential data breaches. 

Although the exact extent of the breach remained unclear, the foundation took proactive measures by temporarily shutting down its network to prevent further infiltration while launching an investigation into the incident.

Initial reports of the cyberattack surfaced through Politico, citing a Heritage official who speculated that the perpetrators behind the attack could be nation-state hackers. However, no concrete evidence was provided to substantiate this claim. Despite inquiries, Heritage spokesperson Noah Weinrich refrained from offering comments, both on Thursday via email and when approached by TechCrunch on Friday.

Founded in 1973, the Heritage Foundation has emerged as a significant force in conservative advocacy and policymaking, exerting considerable influence within Republican circles. Yet, its prominence also renders it a prime target for cyber threats, with think tanks often serving as lucrative targets for cyber espionage due to their close ties to government entities and policymaking processes. 

This incident marks another instance in which Heritage has faced cyber adversity, reminiscent of a 2015 attack that resulted in the unauthorized access and theft of internal emails and sensitive donor information.
Read more »
Human Vulnerability
Cyber Crime cyber espionage Digital Security Family Targeting Human Vulnerability

The Unseen Threat: How Chinese Hackers Target Family Members to Surveil Hard Targets

The Unseen Threat: How Chinese Hackers Target Family Members to Surveil Hard Targets

According to an indictment unsealed by American prosecutors, a Chinese hacking group known as APT 31, which is linked to China’s Ministry of State Security, has been targeting thousands of U.S. and Western politicians, foreign policy experts, academics, journalists, and democracy activists between 2015 and 2024. Their focus extends beyond the primary targets themselves; they also target family members of these individuals.

The Art of Subtle Intrusion

Hackers employ a more subtle and insidious method: targeting family members through carefully crafted emails. These messages don’t contain malicious attachments or overt phishing attempts. Instead, they include harmless tracking links that, when clicked, reveal a treasure trove of information about the recipient.

Imagine a journalist covering sensitive political topics. Her elderly mother receives an email seemingly from a distant relative, sharing family photos. Innocent enough, right? But that seemingly harmless click reveals the journalist’s location, her device details, and even her browsing habits. Armed with this reconnaissance, the hackers can then launch more direct attacks on her devices, infiltrating her digital life.

The Digital Age’s Achilles’ Heel

While this kind of targeting isn’t entirely unheard of, it remains relatively rare. The Chinese government’s efforts to control speech abroad increasingly rely on manipulating family relationships in creative ways. 

For instance, last year, the U.S. Department of Justice indicted over 40 individuals allegedly involved in a scheme by the Chinese Ministry of Public Security. This scheme used thousands of fictitious social media personas to attack and harass Chinese nationals living in the United States who had criticized the Chinese government.

The Family Connection

Why target family members? Because they are the soft underbelly of security. They are less likely to be tech-savvy, less cautious about clicking links, and more trusting of familiar faces. Moreover, family members often share devices, networks, and even passwords. By compromising one family member, the hackers gain a foothold in the entire network.

Consider a diplomat stationed abroad. His teenage daughter receives an email claiming to be from her school. She clicks the link, unknowingly granting access to her father’s encrypted communications. Suddenly, the diplomat’s confidential negotiations are exposed. The hackers have bypassed firewalls, encryption, and secure channels—all through a teenager’s curiosity.

The Broader Implications

This tactic isn’t limited to diplomats and journalists. It extends to academics, foreign policy experts, and even democracy activists. The hackers cast a wide net, ensnaring anyone connected to their primary targets. And it’s not just about surveillance; it’s about control and coercion.

Imagine a human rights activist whose elderly parents receive threatening emails. The message is clear: “Stop your activism, or your family suffers.” Suddenly, the stakes are higher. The activist’s fight for justice becomes a delicate balancing act between principles and protecting loved ones.

Read more »
State-sponsored Hackers
Cyber Crime cyber espionage FBI I-Soon State-sponsored Hackers

I-Soon Leak: Exposing China's Cyber Espionage

I-Soon Leak

In the dark caves of cyberspace, where secrets are traded like currency and digital shadows gamble, a recent leak of documents reveals that China's hacking community is not as advanced and systematic as it appears.

The leak is likely from a frustrated employee of Chinese cybersecurity company I-soon (Anxun in China), which tells a denting story of China's cyberespionage operations. It provides us with a backstage glimpse of China's hacking ecosystem.

Since 2010, China has leveled up its cyberespionage and cybertheft game to such extremes that FBI Chief Christopher Wray said that China's state-sponsored hackers outnumber U.S. cyber intelligence personnel 50-to-1.

The Players

I-Soon: The Contractor

I-Soon works for Chinese government agencies and private players. It has ties to China's major government contractors such as the Ministry of Public Security (police) and the Ministry of State Security (intelligence). I-Soon is a shadowy figure that plans campaigns crossing borders. Its weapons include zero-day exploits, sophisticated tools, and a diverse team of skilled hackers.

Targets: Foreign Networks to Dissidents

The leaked documents disclose I-Soon's wide range of surveillance. Their spying targets include both Chinese citizens and foreigners. The main targets are:

1. Foreign Networks: I-Soon's reach goes beyond Chinese borders. They hack foreign networks, steal sensitive info, and leave no digital stone untouched. Whether military intelligence, personal data, or corporate secrets, I-soon is involved in everything.

2. Political Dissidents: Regions like Hong Kong and Xinjiang are constantly under I-Soon's surveillance radar. The aim is to keep an eye on any form of dissent and opposition and inform the Chinese government.

The Exposed Data

Darkweb and Hacked Databases

I-Soon has vast databases of hacked info. These databases have stolen credentials, surveillance footage, and hacked emails. But where does it end? The hacked data is sold on the dark web. Chinese police are always on the lookout for this information, they buy these digital assets to improve their surveillance operations.

The Silent War

Cyberespionage is a war fought on an unseen battlefield. Contrary to traditional conflicts, there are no casualties or damage that can be seen in the open. However, cyber espionage destroys firewalls, lines of code are disrupted, and digital footprints disappear. A lot is at stake, economic dominance, national security, and ideological superiority.

The Impact

State-sponsored Cyberattack

I-Soon's operations highlight the murky relationship between state-sponsored cyber operations and private contractors. While the Chinese government shows it has no involvement, contractors like I-soon do their dirty work. The blurred lines between private and public actors create an environment where accountability doesn't exist.

Global Cybersecurity Awareness

The leak serves as a reminder to individuals, corporations, and nations to strengthen their digital defenses. Cybersecurity is a basic need for digital survival, it's not a luxury. Threat intelligence, encryption, and partnership across borders can be the defense against unknown cyber terror.

What have we learned?

The leak is only a glimpse into the dark world of cyberespionage, what we see is just the tip of the iceberg- the iceberg is hiding much more. I-Soon's leak is a wake-up call.

Read more »
United States
China Confidential Data Cyber Crime cyber espionage Data Leak United States

Former Google Employee Charged with Stealing AI Secrets

 

A former Google software engineer has been charged with stealing the company's artificial intelligence trade secrets while surreptitiously working for two Chinese companies, the Justice Department announced Wednesday. 

Linwei Ding, a Chinese national, was arrested in Newark, California, for four charges of federal trade secret theft, each punishable by up to ten years in prison. 

Attorney General Merrick Garland announced the case against Ding, 38, at an American Bar Association conference in San Francisco. Garland, along with other law enforcement leaders, has repeatedly warned about the threat of Chinese economic surveillance as well as the national security concerns posed by developments in artificial intelligence and other novel technologies.

“Today’s charges are the latest illustration of the lengths affiliates of companies based in the People’s Republic of China are willing to go to steal American innovation,” FBI Director Christopher Wray noted in a statement. “The theft of innovative technology and trade secrets from American companies can cost jobs and have devastating economic and national security consequences.” 

Google said it came to the conclusion that the employee had stolen "numerous documents" and had referred the case to law enforcement. 

“We have strict safeguards to prevent the theft of our confidential commercial information and trade secrets,” Google spokesman Jose Castaneda explained. “After an investigation, we found that this employee stole numerous documents, and we quickly referred the case to law enforcement. We are grateful to the FBI for helping protect our information and will continue cooperating with them closely.”

Artificial intelligence is the primary battleground for high-tech competitors, and who dominates can have far-reaching commercial and security repercussions. In recent weeks, Justice Department leaders have warned that foreign foes may use AI technologies to target the United States. 

Deputy Attorney General Lisa Monaco stated in a speech last month that the administration's multi-agency Disruptive Technology Strike Force would prioritise AI enforcement, and Wray told a conference last week that AI and other novel technologies had made it easier for attackers to try to interfere with the American political process. 

The indictment, unsealed Wednesday in the Northern District of California, alleges that Ding, who was hired by Google in 2019 and had access to sensitive information regarding the firm's supercomputing data centres, began uploading hundreds of files to a personal Google Cloud account two years ago. 

According to prosecutors, Ding was offered the post of chief technology officer at an early-stage technology business in China that advertised its use of AI technology and gave him a monthly salary of around $14,800, plus an annual bonus and company stock, just weeks after the theft started. The indictment says Ding travelled to China to attend investor meetings and seek funding for the company. 

In January, the FBI filed a search warrant at Ding's house and seized his electronic equipment, followed by an additional warrant for the contents of his personal accounts, which contained more than 500 distinct files of classified data that investigators claim he stole from Google.
Read more »
Network Security
cyber espionage Cyber Security Dark Web ISP Network Security

Hundreds of Network Operators' Credentials Compromised on Dark Web


Leaked creds of RIPE, APNIC, AFRINIC, and LACNIC are available on the Dark Web

After doing a comprehensive scan of the Dark Web, Resecurity discovered that info stealer infections had compromised over 1,572 customers of RIPE, the Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC). 

Included in this number are new artifacts and historical records discovered in January 2024 as a result of an examination of subterranean marketplaces and Command and Control (C2) servers. In light of the highly disruptive hack that occurred recently against telecom provider Orange España, the cybersecurity community should reconsider how it protects the digital identities of employees who work in network engineering and IT infrastructure management.

Victims whose credentials were revealed on the Dark Web by info stealers such as Azorult, Redline, Vidar, Lumma, and Taurus have been alerted by Resecurity. 

Cybersecurity experts were able to compile the following data using the feedback that was gathered:

  • 16% of respondents were already aware that their accounts had been compromised due to a malicious code infection, and they had made the required password changes and enabled two-factor authentication. 
  • The remaining 45% did not know about the compromised credentials and acknowledged that their password change had been successful.
  • 14% knew of the compromised credentials, however, they didn't activate 2FA until they were notified (statement received).
  • Twenty percent of respondents agreed that further investigation into the incident that compromised credentials was necessary.
  • Five percent of the recipients were unable to offer any comments.

Cyberespionage organizations active

It's noteworthy that the majority of network administrators (those found to have been infiltrated) who oversaw networks used email addresses registered with free services like Gmail, GMX, and Yahoo. 
Cyberespionage organizations that are intensely focused on particular targets, including network administrators and their social networks, may find great value in these facts. Finding out about their private emails might result in more advanced campaigns and increase the chances of successful reconnaissance.

Malicious actors do more than just steal credentials. If they have access to network settings, they might change current setups or add dishonest components, which could seriously damage company infrastructure. 

Unauthorized changes of this nature have the potential to cause serious service interruptions and security breaches, which emphasizes how important it is to protect digital assets with strong security procedures and increased awareness.

The gathered data might verify that personnel engaged in mission-critical IT administration and network engineering tasks are similarly susceptible to malicious programming. If their accounts are compromised, they could serve as "low-hanging fruit" for significant cyberattacks.

What are experts saying?

Resecurity's cybersecurity specialists have drawn attention to the growing threats posed by the Dark Web, where nefarious actors could take advantage of credential compromises held by network engineers, data center technicians, ISP/Telco engineers, IT infrastructure managers, and outsourcing firms that oversee networks for their corporate customers. 

Therefore, for highly skilled threat actors, this employee category represents a high-value target. Resecurity's Dark Web study highlighted the danger landscape by identifying several compromised network engineer credentials that could allow threat actors to access gateways.
Read more »
United States
cyber espionage Cyber Security Data Privacy Surveillance Bill United States

New Surveillance Reform Bill Raises Concerns Regarding Americans Data Privacy

 

Spies might be made out of regular employees at US companies if the recently proposed and approved legislation by the House Intelligence Committee greatly expands the federal government's surveillance powers, experts warn. 

The legislation, called H.R. 6611 or the "HPSCI bill," is said to be aimed at updating Section 702 of the FISA Amendments Act of 2008. Section 702 was enacted to empower the National Security Agency (NSA) to intercept data related to suspected terrorists abroad. Such surveillance, however, has resulted in the widespread acquisition of domestic data as well. Without a warrant, agencies such as the FBI used data gathered under 702 to target Americans. Rep. Mike Turner (R-Ohio) and Rep. Jim Himes (D-Conn.) introduced the bill, which was approved by committee on December 7. 

Elizabeth Goitein, co-director of the non-profit Brennan Centre for Justice's Liberty and National Security Programme, was among many who raised concerns about the so-called reform after a section representing "the biggest expansion of surveillance inside the United States since the Patriot Act" was discovered. 

“Through a seemingly innocuous change to the definition of ‘electronic service communications provider,’ the bill vastly expands the universe of U.S. businesses that can be conscripted to aid the government in conducting surveillance,” Goitein stated. 

Currently, Section 702 allows the government to compel businesses with direct access to communications—like emails, phone calls, or texts—to share data. However, Goitein notes that under Section 504 of the HPSCI bill, any organisation having access to devices that store or transfer communications would likewise have to abide by requests for surveillance. 

“Hotels, libraries, coffee shops, and other places that offer wifi to their customers could be forced to serve as surrogate spies,” Goitein continued. “They could be required to configure their systems to ensure that they can provide the government access to entire streams of communications.” 

Goitein went on to say that even a repairman trying to fix your home internet router might be forced into spying on you. 

The bill's advocates have vehemently denied that Section 504 would be enforced so loosely. Senator Mike Lee (R-Utah), however, even criticised the bill on his meme account. “If this bill were to pass, and you went to McDonald’s and used the McDonald’s wifi service, the NSA could go to McDonald’s and obtain that wifi data—without a warrant,” Lee wrote. 

Goitein claims that despite the sponsors of the bill's assurances, the government's past performance shows that it cannot be trusted with such authority.
Read more »
State Sponsored Hackers
cyber espionage lazarus malware Malware loader State Sponsored Hackers

North Korean Links: Lazarus Group Strikes Again. This time via Unpatched Software Flaws


North Korean hackers spreading malware through legit software

North Korean hackers are spreading malware by exploiting known flaws in genuine software. The Lazarus group targets a version of an undisclosed software product for which vulnerabilities have been documented and solutions are available in a new campaign discovered by Kaspersky researchers.

Despite the vulnerabilities being disclosed and patched, the new advanced persistent threat campaign attacking companies globally used known flaws in a previous version of an unnamed software to encrypt web connection via digital certificates.

Threat actors used software to gain entry points

According to Kaspersky, hackers from the Lazarus group exploited the insecure software and used it as an entry point to breach organizations and encrypt web communication using digital certificates.

North Korea uses "cyber intrusions to conduct both espionage and financial crime in order to project power and finance both their cyber and kinetic capabilities," according to research by Google's Mandiant threat intelligence department. 

UN alleges North Korean links

Under Kim Jong Un's leadership, the DPRK is linked with a variety of state-sponsored hacking teams both at home and abroad that collect espionage on allies, opponents, and defectors, as well as hack banks and steal cryptocurrency. The UN has earlier accused North Korea of using stolen assets to fund the country's long-range missile and nuclear weapons programs, as well as enticing the country's officials.

To control the victim, hackers used SIGNBT malware and the infamous LPEClient tool, which experts have seen in attacks targeting defense contractors, nuclear engineers, and the cryptocurrency sector, and which was discovered in the infamous 3CX supply chain attack. "This malware acts as the initial point of infection and plays a crucial role in profiling the victim and delivering the payload," said experts.

According to Kaspersky, the developers of the unknown software previously became a target to Lazarus. According to the report, this repeated breach indicates a determined and persistent threat actor with the likely goal of compromising important source code or interfering with the software supply chain.

A deep look into the malware

According to Kaspersky experts, in mid-July, they noticed an increasing number of attacks on many victims utilizing the prone software, and they discovered post-exploitation activity within the genuine software's processes.

To establish and maintain efforts on hacked machines, the threat actor used a variety of techniques, including the development of a file called ualapi.dll in the system folder, which is loaded by default by the spoolsv.exe process at each system boot. According to the experts, Lazarus hackers also built registry entries to run genuine files for the purpose of malicious side-loading, assuring a durable persistence mechanism.

Lazarus used that malware loader to spread additional malware to the victim computers, such as LPEClient and credential dumping applications. The tool allows in extracting victim data as well as downloading additional payloads from a remote server for activation in memory.

As previously stated by the experts, it now uses advanced tactics to improve secrecy while preventing detection, such as deactivating user-mode syscall hooking and restoring system library memory parts.

Read more »
threat report
cyber espionage Cyber Security Cyber Warfare Nation-State Attacks threat report

Microsoft Warns of Rise in Global Cyberespionage Operations

 

Government-sponsored cyberespionage campaigns and data operations are on the rise, and not just as a result of hacker spies deployed by typical suspects Russia and China.

So warns Microsoft in its annual Digital Defence Report, which evaluates nation-state and criminal behaviour recorded from July 2022 to June 2023. 

Ransomware attacks naturally draw attention due to their visible and immediate impact, but governments are doubling down on stealthy cyberespionage operations behind the scenes. 

"Nation states are becoming increasingly sophisticated and aggressive in their cyberespionage efforts, led by highly capable Chinese actors focused on the Asia-Pacific region in particular," Tom Burt, Microsoft's corporate vice president for customer security and trust, stated in an introduction to the report. 

Based on Microsoft's report, the US was the subject of the most cyberattacks last year, followed by Israel and Ukraine. It witnessed an increase in activity last spring that targeted Western organisations, of which 46% were based in NATO states, particularly the U.S., the United Kingdom, and Poland. 

The United States' intelligence agencies have frequently warned that Russia, China, Iran, and North Korea pose the greatest internet risks to national security and allies. According to Microsoft, the scale and sophistication of activities linked to each of those countries continues to improve, and their efforts to steal information and alter narratives target both adversaries and allies. 

"Russian intelligence agencies have refocused their cyberattacks on espionage activity in support of their war against Ukraine, while continuing destructive cyberattacks in Ukraine and broader espionage efforts," Burt wrote in a blog post. 

China is still a significant player, concentrating particularly on gathering intelligence - particularly from U.S. defence and vital sectors, as well as Taiwan and even its own partners - and conducting influence operations, Microsoft reported.

Beijing additionally "deploys a vast network of coordinated accounts across dozens of platforms to spread covert propaganda" that targets Chinese speakers worldwide and occasionally spreads anti-American narratives, the report further reads. The nation's influence operations also emphasise "promoting a positive image of China through hundreds of multilingual lifestyle influencers."

There is ample evidence that Russia is using cyberespionage more frequently. Western intelligence authorities continue to issue warnings that the real scope of such operations is still unknown because they are intended to be stealthy and at times highly targeted. Long-term attacks might not be seen right away. 

The White House blamed the Russian Foreign Intelligence Service, or SVR, for the SolarWinds supply chain attack, which involved the injection of a Trojan into the Orion software updater. It's possible that the effort started in September 2019, but it wasn't discovered until December 2020, giving the SVR months to secure covert access to a number of extremely sensitive systems. 

Microsoft reports that nominal allies attack one another while conducting cyber operations and acquiring intelligence. Despite the meeting between Russian President Vladimir Putin and North Korean hereditary dictator Kim Jong Un last month, Pyongyang continues to carry out Moscow-centered espionage activities, with a particular emphasis on "nuclear energy, defence, and government policy intelligence collection." 

The threat from criminal groups continues to rise in addition to the risk from nation-state organisations. "Ransomware‐as‐ a-service and phishing-as-a-service are key threats to businesses, and cybercriminals have conducted business email compromise and other cybercrimes, largely undeterred by the increasing commitment of global law enforcement resources," Burt added.
Read more »
VSSE
Alibaba Belgian Intelligence cyber espionage Cyber Security Threat Intelligence VSSE

Belgian Intelligence Service are Scrutinising Alibaba For Possible Spying

 

The Veiligheid van de Staat (VSSE), the state security agency of the European country, is concerned about "possible espionage" at Alibaba's logistics base at a Belgian airport. 

Belgian intelligence officials have been keeping an eye on Cainiao, Alibaba's logistics division, at the cargo airport in Liège for any signs of spying or other types of espionage concerning shipments made for Beijing, as first reported by the Financial Times. 

The VSSE is eager to "detect and fight against possible spying and/or interference activities carried out by Chinese entities, including Alibaba," according to a statement issued to media outlets. 

Alibaba was unable to respond to our inquiries concerning the current scenario. "We strongly deny the allegations... based on prior conjecture," a spokesperson for the mega-corp told CNN earlier. Cainiao complies with all rules and regulations in the countries where it operates."

Cainiao will be floated and spun out by the Chinese e-commerce and cloud giant within the next six to twelve months.

According to the FT, which cited "people familiar with the matter," the VSSE is worried about software systems that compile private economic data.

The VSSE informed the newspaper that China "has the intent and capability to use this data for non-commercial purposes" since China's national intelligence law forces Chinese organisations to share information with the government. 

The logistics facility, which became operational in 2021, mostly deals with products that European customers have ordered through the online marketplace AliExpress. We believe that there is concern that Beijing, through Alibaba, may discover what sort of items are being shipped through the facility or potentially interfere with people's goods.

Cainiao apparently wants to increase the size of its airport warehouses by more than three times, from 30,000 square metres to 100,000 square metres. The negotiations between Alibaba and Belgium to host the logistics centre, according to Belgium's law minister Vincent Van Quickenborne, took place in "a previous century" and that "times of naiveté have changed." 

The espionage fears coincide with new warnings from Western nations about Chinese espionage and data theft. 

Chinese spies are believed to have broken into Outlook and Exchange Online accounts hosted by Microsoft over the summer and stolen more than 60,000 emails belonging to US government personnel.

US and Japanese government agencies issued a warning late last month that Beijing's spies might be lurking in Cisco routers and using that access to collect organisations' IP and other sensitive data. 

In the meantime, FBI Director Christopher Wray has frequently warned that China has 50 cybercriminals for each infosec operative employed by the agency. However, China reversed course and claimed that the US had broken into Huawei systems and stolen data going all the way back to 2009.
Read more »
Middle East
APT34 Covert Attacks cyber espionage Iran hackers malware Middle East

Iranian APT34 Employs Menorah Malware for Covert Operations

 

In a recent cyber espionage operation, suspected Iranian hackers infected their targets with the newly discovered Menorah Malware, according to a report released on Friday. 

APT34, also known as OilRig, Cobalt Gypsy, IRN2, and Helix Kitten, is believed to have its headquarters in Iran. Since at least 2014, it has targeted Middle Eastern nations, primarily concentrating on governmental institutions and companies in the finance, oil, chemical, and telecommunications industries. 

Researchers from Trend Micro claim that in August, the hackers infected targets suspected to be headquartered in Saudi Arabia with the Menorah malware via a series of phishing emails.

The malware designed by the group is intended for cyber espionage; it has the ability to download files to the system, run shell commands, and upload particular files from a compromised device.

The SideTwist backdoor, which the organisation had previously utilised, is said to be similar to the new malware created by APT34. But the new version is more complex and more difficult to spot. 

“APT34 is in continuous-development mode, changing up and trying which routines and techniques will work,” the researchers explained. 

A tiny portion of data regarding the victims targeted by APT34 was discovered by Trend Micro during the investigation. They impersonated the Seychelles Licensing Authority in their phishing emails by using a fake file registration form.

According to the investigation, the target victim was probably based in Saudi Arabia because this document included price information in Saudi Arabian currency. 

APT34 has a history of taking part in prominent cyberattacks on numerous targets in the Middle East. A government official in Jordan's foreign ministry was the target of Saitama's backdoor last year. The gang attacked a number of Middle Eastern banks in 2021. 

“This group operates with a high degree of sophistication and seemingly vast resources, posing a significant cybersecurity challenge regionally and beyond,” the researchers added. "Organisations should regularly alert their staff to the numerous techniques that attackers use to target systems, confidential information, and personal information."
Read more »
Technology
Aerospace APT Cyber Crime cyber espionage Cyber Intelligence Cyber Spying Cyberattacks CyberCrime Cybersecurity FBI FireEye Hackers Technology

Cyber Spying Seems to be the Predominant Goal of North Korean Hackers

 


According to a new study, an increasingly sophisticated North Korean cyber-espionage unit is using its skills to carry out spying operations on the aerospace and defense industries. 

As per an updated report released by a cyber-intelligence company, North Korean hackers are no longer viewed as sole criminals who commit cybercrimes motivated by financial gain and break into cryptocurrency exchanges. According to the report, instead of focusing on cyber espionage and data collection, they focus more on information collection. 

A group of bad actors connected to potentially criminal activities on the internet has been identified by Google analysts as an advanced persistent threat (APT) or as a group of cybercriminals linked to activities that might be considered criminal. 

In its report, FireEye, a US-based security firm that keeps track of cyber-attackers around the world, examines the threat from North Korean hackers called APT37 (Reaper) and claims to have found that the group uses malware to infiltrate computer networks at home and abroad. This group has been active in the past but has now migrated to an advanced persistent threat. 

Yet another  report published exclusively by Foreign Policy, authored by private cyber-intelligence company Recorded Future, identifies espionage as the primary motivation behind North Korea's cyber program, which experts attribute to a desire for economic advantage. 

Recorded Future says over 14 years there have been 273 cyberattacks associated with state-sponsored groups in North Korean society. Over 70% of the respondents stated that they were motivated primarily by the desire to collect information about government entities and countries in neighboring Asia, as well as to use their skill sets to commit high-profile cryptocurrency heists. 

It is clear from the report that Pyongyang intends to gain a better understanding of how its adversaries think. This is done by providing the country with "insight into how its adversaries think" as well as knowledge about technologies that could benefit the North in the event of a conflict. Government agencies are usually the targets of this type of attack, followed by cryptocurrency exchanges, media outlets, financial institutions, defense institutions, and nongovernmental organizations as the next most frequent targets. 

Unlike many other countries, North Korea's government seems much more interested in finding out what other nations think of them and how they can improve. It only takes them a minute or two to gather information that can help them develop nuclear and ballistic missile technology. They steal money to fund their regime. 

According to Anne Neuberger, deputy national security adviser for cyber and emerging technologies under President Biden, North Korea is unique in how it views and uses cryptocurrency. This is because it employs cyber operations to finance its nuclear arsenal. About half of the regime's missile program is financed by cryptocurrency and cyber heists. 

The group's cyber operation targets Japan, Vietnam, and the Middle East as part of its efforts. By attempting to steal secret information from companies and organizations involved in chemical, electronics, manufacturing, aerospace, automotive, healthcare, and other sectors, it is attempting to steal valuable information.

In recent years, North Korean hackers have been reported to have stolen billions of dollars from cryptocurrency exchanges around the world. The greatest threat of this year has so far been the high-profile attacks on exchanges, which have targeted Estonia and California so far. 

There has been an increasing number of instances in which North Korea has been linked to attacks beyond crypto, as well as smaller, more disruptive attacks across the globe, starting with the crippling of Sony Pictures just under a decade ago that put its cyber capabilities in the spotlight. After that, Bangladesh's central bank was hacked, which compromised the Swift global financial transfer system used by the United Kingdom to transfer money, and the National Health Service of the United Kingdom was crippled following the hack. 

Nevertheless, Haszard and his coworkers found that a substantial majority of North Korea's cyber activities are directed at domestic targets to which they do not have access.  

According to the report, 83 percent of the attacks for which spatial information is available occurred in Asia, where the majority of the attacks were targeted. There were 29 countries where attacks took place, most of them being in the immediate neighborhood of South Korea, where almost 65 percent of the targets were located North Korean attacks accounted for 8.5 percent of countries, while only three percent of countries were responsible for more than three percent of total North Korean attacks. 

A study by Recorded Future revealed that Lazarus, the biggest and most prominent group of hackers connected to the authoritarian regime, tends to target global targets but is not the most frequent perpetrator of cyberattacks in the world. A group known as Kimsuky targets Asian governments and civil organizations. This accounts for more than one-third of the group's attacks.

U.S. law enforcement agencies say kinky hackers pose as South Korean journalists. They exchange emails with their targets to set up interviews before sending them a link or document embedded with malware. This is the result of their scam. 

It is believed that the malware, known as BabyShark, can provide hackers with access to the devices and communications of those victims. It was found in a joint cybersecurity advisory published earlier this month by the FBI, National Security Agency, and South Korean authorities that Kimsuky actors had also been known to configure a victim's email account so that all emails were automatically forwarded to another account controlled by them. 

North Korea is increasingly focusing on cyber espionage and information collection to gain an advantage over its adversaries. This raises concerns about its intentions and capabilities in cyberspace. Despite this, the report also confirms that North Korea has demonstrated enhanced flexibility when conducting large-scale disruptions of critical infrastructure or engaging in ransomware campaigns compared to opposing adversaries with cyber capabilities like Russia and China.
Read more »
US Firms
Chinese Hackers cyber espionage Cyber Security Cyber Warfare US Firms

Chinese-Sponsored Hacking Group Targeting Critical U.S. Infrastructure, Microsoft Claims

 

The employment of hackers to gather intelligence data is prevalent in practically every nation on earth. Intelligence organisations like the Fancy Bear and Equation Group are used by both the US and Russia. 

Microsoft Corp. stated last week that Volt Typhon was "pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises." Concern over the relationship between China and the US on Taiwan immediately arose after this statement. Pacific-wide cyberattacks may result from disputes between the US and China.

What precisely is a Volt Typhoon? 

A suspected hacker organisation goes by the name of "Volt Typhoon." The gang is thought to have China's support. The Volt Typhoon is reported to be capable of both digital sabotage and intelligence gathering. 

Is the Volt Typhoon a genuine threat to the infrastructure of the United States, or is it merely a new network of digital spies? 

Potential threats 

The American infrastructure is thought to be seriously threatened by the Volt Typhoon. The following are potential risks to the group: 

Espionage concerns: Spying is a concern for experts. In the midst of tensions over Taiwan, experts believe Volt Typhoon is a group of hackers ready to attack the American infrastructure. 

The assessment of Microsoft is given a "moderate confidence" rating, which denotes that the idea is plausible and backed by reliable sources but is not yet fully supported. Few experts believe there is any proof of sabotage planning, despite the fact that many researchers have discovered and evaluated the group's many elements.

According to Marc Burnard and Secureworks, the Volt Typhoon currently appears to be designed to steal data from organisations that hold information about the U.S. government or military.

Volt Typhoon is known as the "Bronze Silhouette" by Secureworks, and according to Marc Burnard, its primary function is espionage. 

Sneaky storm: Almost all cyber spies try to hide their tracks; Microsoft and other analysts believe Volt Typhoon was a quiet operator who camouflaged its activity by passing it through hijacked network equipment such as residential routers. These are well-planned wiped proof of intrusion from the victim's logs. 

China, on the other hand, has consistently denied any involvement in the Volt Typhoon cyberattack. However, Beijing has been preparing documentation of cyberespionage efforts for more than two decades. Spying has become a major emphasis in the recent decade, since Western experts have linked breaches to specific units of the People's Liberation Army. US law enforcement has indicted a slew of Chinese operatives with eavesdropping on US secrets. 

According to Secureworks in a blog post, the Volt Typhoon's interest in operational security may stem from the US claims, as well as increased pressure from Chinese leaders to refrain from scrutinising cyberespionage acts. 

Mitigation tips

In line with Microsoft's research on Volt Typhoon, spotting an activity that exploits standard sign-in channels and system binaries necessitates behavioural monitoring, and remediation necessitates shutting or resetting credentials for compromised accounts. In these circumstances, Microsoft recommends that security operations teams investigate the activities of compromised accounts for any dangerous actions or exposed data.
Read more »
SolarWinds Attack
Cyber Attacks cyber espionage Russia-Ukraine War Russian Hackers SolarWinds Attack

Russian SolarWinds Attackers Launch New Wave of Cyber Espionage Attacks

 

Russian intelligence has once more employed hacker outfit Nobelium/APT29 as part of its ongoing invasion of Ukraine, this time to spy on foreign ministries and diplomats from NATO-member states as well as additional targets in the European Union and Africa. 

The time also coincides with a wave of attacks against Canadian infrastructure that are thought to have a Russian connection. 

The possible targets of the espionage campaign were alerted to the threat on April 13 by the Polish Military Counterintelligence Service and the CERT team in Poland, along with indicators of compromise. The organisation known by Microsoft as Nobelium, also known by Mandiant as APT29, is not new to the game of nation-state espionage; it was responsible for the infamous SolarWinds supply chain attack over three years ago. 

The Polish military and CERT alert said that APT29 is now back with a completely new set of malware tools and reported marching orders to infiltrate the diplomatic corps of nations that support Ukraine. 

APT29 returns with fresh orders

According to the Polish notice, the advanced persistent threat (APT) always starts its attack with a clever spear-phishing email. 

"Emails impersonating embassies of European countries were sent to selected personnel at diplomatic posts," authorities explained. "The correspondence contained an invitation to a meeting or to work together on documents." 

The recipient would next be instructed to follow a link or download a PDF in order to view the ambassador's calendar or obtain meeting information. Both actions would direct the targets to a malicious website that was loaded with the threat group's "signature script," which the report refers to as "Envyscout".

"It utilizes the HTML-smuggling technique — whereby a malicious file placed on the page is decoded using JavaScript when the page is opened and then downloaded on the victim's device," Polish officials added. "This makes the malicious file more difficult to detect on the server side where it is stored." 

The malicious site also informs its victims through a message that they downloaded the right file. 

"Spear-phishing attacks are successful when the communications are well written, use personal information to demonstrate familiarity with the target, and appear to come from a legitimate source," Patrick Harr, CEO of SlashNext, stated. "This espionage campaign meets all of the criteria for success." 

For instance, one phishing email claimed to be from the Polish embassy. The Polish authorities also noticed that the Envyscout programme had been modified three times using better obfuscation techniques during the period of the observed campaign. 

The organisation, once infiltrated, employs modified versions of the Snowyamber downloader, Halfrig, which has Cobalt Strike as embedded code, and Quarterrig, which shares code with Halfrig, according to the Polish alert. 

In light of this and other Russian espionage activities, governments, diplomats, international organisations, and non-governmental organisations (NGOs) should be on high alert. 

Along with warnings from Polish cybersecurity authorities, Canadian Prime Minister Justin Trudeau has recently spoken out publicly about a recent wave of cyberattacks linked to Russia that targeted Canadian infrastructure. These attacks included denial-of-service assaults on the websites of Hydro-Québec, an electric utility, his office, the Port of Québec, and Laurentian Bank. According to Trudeau, Canada's backing for Ukraine is a factor in the cyberattacks. 

Although there was no harm to Canada's infrastructure, Sami Khoury, the director of the Canadian Centre for Cyber Security, emphasised during a news conference last week that "the threat is real.""You must protect your systems," said Khoury, "if you run the critical systems that power our communities, provide Internet access to Canadians, provide health care, or generally operate any of the services Canadians can't live without." "Watch your network traffic. Implement mitigations."
Read more »
SYS01 Campaign
APT10 cyber espionage Evasion Tactics malware SYS01 Campaign

How the SYS01 Campaign Uses Multiple Evasion Tactics to Avoid Detection in Cyber Espionage


Multiple Malware Families: The Primary Evasion Tactic of the SYS01 Campaign

In the world of cybersecurity, it is not uncommon for attackers to use multiple tactics to evade detection and carry out their malicious activities. The SYS01 campaign is a prime example of this. This campaign is known for using multiple attack evasion tactics to stay under the radar and avoid detection. In this blog post, we will explore the various tactics used by the SYS01 campaign and how they contribute to the campaign's success.

Firstly, let's understand what the SYS01 campaign is. The SYS01 campaign is a cyber espionage campaign that has been active since at least 2013. The campaign primarily targets government and military organizations in Southeast Asia, specifically in the Philippines, Taiwan, and Vietnam. The attackers behind the campaign are believed to be a Chinese state-sponsored group known as APT10.

One of the primary attack evasion tactics used by the SYS01 campaign is the use of multiple malware families. Rather than relying on a single malware family to carry out their attacks, the attackers use a variety of different malware families. This makes it much more difficult for defenders to detect and block the attacks, as they need to be aware of and able to detect multiple different types of malware.

Unseen and Unheard: The Use of Fileless Malware and Steganography

Another tactic used by the SYS01 campaign is the use of file-less malware. Fileless malware is a type of malware that does not rely on files or executables to carry out its activities. Instead, it operates entirely in memory, making it much more difficult to detect and remove. The attackers behind the SYS01 campaign use file-less malware to avoid leaving a trail of evidence on the victim's system.

The SYS01 campaign also uses steganography to conceal its activities. Steganography is the practice of hiding information within another file, such as an image or document. The attackers use steganography to hide their malware within benign files, making it more difficult for defenders to detect the malware.

In addition to these tactics, the SYS01 campaign also uses advanced obfuscation techniques to make their malware more difficult to analyze. For example, the attackers may use code obfuscation techniques to make it more difficult for analysts to understand the code and how it works. They may also use encryption to protect the malware from the analysis.

The Art of Obfuscation: How the SYS01 Campaign Makes Malware Analysis More Difficult

Another evasion tactic used by the SYS01 campaign is the use of spear-phishing attacks. Spear-phishing is a targeted phishing attack that is designed to trick a specific individual into providing sensitive information or installing malware. The attackers behind the SYS01 campaign use spear-phishing attacks to target specific individuals within their target organizations, making it more difficult for defenders to detect the attacks.

Finally, the attackers behind the SYS01 campaign use command-and-control (C2) servers that are difficult to detect and block. C2 servers are used by attackers to communicate with their malware and control it remotely. The SYS01 campaign uses C2 servers that are located in countries that have lax cybersecurity laws and regulations, making it more difficult for defenders to block the traffic to these servers.

In conclusion, the SYS01 campaign is a prime example of how attackers use multiple tactics to evade detection and carry out their malicious activities. The campaign uses multiple malware families, fileless malware, steganography, obfuscation techniques, spear-phishing attacks, and difficult-to-detect C2 servers to avoid detection and stay under the radar. Defenders need to be aware of these tactics and have the tools and knowledge to detect and block them to protect their organizations from these types of attacks.

Read more »
U.S. military
cyber espionage Cyber Security cyber threat cybersecurity guidelines Hacking Nuclear Industry Nuclear Laboratories U.S. government U.S. military

U.S. Nuclear Facilities Witnesses Hacking and Espionage Threats


A cybersecurity company has discovered a North Korean hacking group that illicitly obtained nearly 100 gigabytes of data over the course of a months-long intrusion. Regulators started to look into Tuesday’s cyberattack on the financial trading group ION. 

Reportedly, the hackers targeted U.S. nuclear facilities, considered one of the most strictly regulated facilities in the U.S. Despite these protections, hackers are however driven to them due to the potential for espionage and other criminal activities. 

A Chinese spy balloon over Montana, which is a site of multiple nuclear missile silos, is the most recent alleged spying threat. President Biden has been advised by military advisors to not shoot the balloon down. NBC News was the first to report on the incident. 

Brig. Gen. Patrick Ryder, a Pentagon spokesperson says “the U.S. government acted immediately to prevent against the collection of sensitive information, once it spotted the balloon.” 

According to Ryder, the U.S. government has seen a similar pattern of behavior for "several years." Similar balloons had previously been spotted over Hawaii and Guam, which are home to U.S. military facilities, says a U.S. intelligence official. 

On Thursday, Leaders from two House committees requested the Energy Department to provide them with documents pertaining to cyberattacks by alleged Russian threat actors targeting U.S. national nuclear laboratories. 

According to a Reuters article from last month, James Pearson and Chris Bing, Russian hackers known as Cold River targeted nuclear scientists at Brookhaven, Argonne, and Lawrence Livermore laboratories last summer. 

“Although it is unclear whether the attempted intrusions were successful, it is alarming that a hostile foreign adversary targeted government labs working on scientific research critical to the national security and competitiveness of the United States,” Reps. James Comer (R-Ky.), chair of the Oversight and Accountability panel, and Frank D. Lucas (R-Okla.), chair of the Science, Space, and Technology Committee, wrote in a letter seeking communications between agencies, labs, and contractors[…] "Hackers who got into the U.S. nuclear command and control system could, theoretically, “trigger a false alarm, making us think that Russian nuclear weapons were on their way” 

The report indicated the president to take a decision on whether to launch a strike in counter, says former White House cybersecurity adviser Richard Clarke in a video for the nonprofit Nuclear Threat Initiative last year. 

State of Defense by the U.S. Government 

The Biden administration has been attempting to impose minimal security requirements on other industries, but the nuclear industry is already among the most regulated, along with the financial services sector and defense contractors. In a recent interview, a White House representative who requested anonymity to speak more openly about the subject said that the NRC “has really strict rules.” 

The NRC initially installed cybersecurity protocols in place in the early 2000s. Under the existing regulations, nuclear power plant operators were required to submit security plans to the agency for approval. This summer, more cybersecurity guidelines for fuel cycle facilities are anticipated from the NRC. Less regulation impacts the security of American nuclear weapons than the NSA's ability to safeguard them. 

According to a 2019 study by the agency's inspector general, the NRC is required to change its approaches to cybersecurity inspections at nuclear plants in order to emphasize more on monitoring performance. The report also stated that “the inspection program faces future staffing challenges because demographic and resource constraints work against optimal staffing.” 

The NNSA “and its contractors have not fully implemented six foundational cybersecurity risk practices in its traditional IT environment,” according to a report from the Government Accountability Office from last year. The nuclear weapons IT environments and NNSA's operational technology environments "have not fully implemented these practices,”  it stated.  

Read more »
Ukraine
China cyber espionage Cyber Security CyberCrime Hacking Iran Iran government Opportunistic Cybercrime Russia State Sponsored Hackers Ukraine

Cybersecurity in 2023: Russian Intelligence, Chinese Espionage, and Iranian Hacktivism


State-sponsored Activities 

In the year 2022, we witnessed a number of state-sponsored cyber activities originating from different countries wherein the tactics employed by the threat actors varied. Apparently, this will continue into 2023, since government uses its cyber capabilities as a means of achieving its economic and political objectives. 

Russian Cyber Activity will be Split between Targeting Ukraine and Advancing its Broader Intelligence Goals 

It can be anticipated that more conflict-related cyber activities will eventually increase since there is no immediate prospect of an end to the conflict in Ukraine. These activities will be aimed at degrading Ukraine's vital infrastructure and government services and gathering foreign intelligence, useful to the Russian government, from entities involved in the war effort. 

Additionally, organizations linked to the Russian intelligence services will keep focusing their disinformation campaigns, intelligence gathering, and potentially low-intensity disruptive attacks on their geographical neighbors. 

Although Russia too will keep working toward its longer-term, more comprehensive intelligence goals. The traditional targets of espionage will still be a priority. For instance, in August 2022, Russian intelligence services used spear phishing emails to target employees of the US's Argonne and Brookhaven national laboratories, which conduct cutting-edge energy research. 

It is further expected that new information regarding the large-scale covert intelligence gathering by Russian state-sponsored threat actors, enabled by their use of cloud environments, internet backbone technology, or pervasive identity management systems, will come to light. 

China Will Continue to Prioritize Political and Economic Cyber Espionage 

It has also been anticipated that the economic and political objectives will continue to drive the operation of China’s intelligence-gathering activities. 

The newly re-elected president Xi Jinping and his Chinese Communist Party will continue to employ its intelligence infrastructure to assist in achieving more general economic and social goals. It will also continue to target international NGOs in order to look over dissident organizations and individuals opposing the Chinese government in any way. 

China-based threat actors will also be targeting high-tech company giants that operate in or supply industries like energy, manufacturing, housing, and natural resources as it looks forward to upgrading the industries internally. 

Iranian Government-backed Conflicts and Cybercrimes will Overlap 

The way in which the Iranian intelligence services outsource operations to security firms in Iran has resulted in the muddled difference between state-sponsored activity and cybercrime. 

We have witnessed a recent incident regarding the same with the IRGC-affiliated COBALT MIRAGE threat group, which performs cyber espionage but also financially supports ransomware attacks. Because cybercrime is inherently opportunistic, it has affected and will continue to affect enterprises of all types and sizes around the world. 

Moreover, low-intensity conflicts between Iran and its adversaries in the area, mainly Israel, will persist. Operations carried out under the guise of hacktivism and cybercrime will be designed to interfere with crucial infrastructure, disclose private data, and reveal agents of foreign intelligence. 

How Can Organizations Protect Themselves from Opportunistic Cybercrime?

The recent global cyber activities indicate that opportunistic cybercrime threats will continue to pose a challenge to organizational operations. 

Organizations are also working on defending themselves from these activities by prioritizing security measures, since incidents as such generally occur due to a failure or lack of security controls. 

We have listed below some of the security measures organizations may follow in order to combat opportunistic cybercrime against nations, states, and cybercrime groups : 

  • Organizations can mitigate threats by investing in fundamental security controls like asset management, patching, multi-factor authentication, and network monitoring. 
  • Maintaining a strong understanding of the threat landscape and tactics utilized by adversaries. Security teams must also identify and safeguard their key assets, along with prioritizing vulnerability management. 
  • Traditional methods and solutions, such as endpoint detection and response, are no longer effective in thwarting today's attacks, so it is crucial to thoroughly monitor the entire network, from endpoints to cloud assets. However, in order to identify and effectively address their most significant business concerns, and prioritize threats in order to combat them more efficiently.  

Read more »
User Security
cyber espionage Cyber Security data security Russian Spies Sever HAck User Security

Top Cybersecurity News Stories of the Week

 

Data breaches have been a worry ever since Elon Musk invested $44 billion in Twitter and fired a sizable portion of the workforce. Now it appears that a security incident from before Musk's takeover is giving people trouble. This month, information about the release by hackers of a database containing 200 million email addresses and links to Twitter handles that was most likely gathered between June 2021 and January 2022. The sale of the data could put anonymous Twitter accounts at risk and subject the company to more regulatory scrutiny. 

With the launch of a new anti-censorship tool, WhatsApp hopes to assist Iranians in getting around restrictions placed on the messaging app by their government. The business has made it possible for users to access WhatsApp through proxies and get around government censorship. The tool is offered everywhere.

Another cybersecurity company this month disclosed that it had observed the Russian cyberespionage group Turla using cutting-edge new hacking techniques in Ukraine. The group, which is thought to be affiliated with the FSB intelligence agency, was observed riding other hacker groups' dormant USB infections. The command-and-control servers of outdated malware were taken over by Turla after they registered their expired domains. But that’s not all. 

Here is the latest security news that you may have missed. 

Slack suffers a new year data breach 

Slack published a fresh security update to its blog on December 31 as millions of people were getting ready for the start of 2023. The organisation claims in the post that it discovered a "security issue involving unauthorised access to a subset of Slack's code repositories." It discovered that an unidentified threat actor had started stealing Slack employee tokens on December 27 and using them to access the company's external GitHub repository and download some of its code. Slack's disclosure states that the hacker did not access customer data and that there is no need for action on the part of users. "When we were made aware of the incident, we immediately invalidated the stolen tokens and started investigating the potential impact to our customers," it adds. 

According to cybersecurity journalist Catalin Cimpanu, the incident is similar to a security incident that occurred on December 21 and was disclosed by the authentication company Okta. Okta disclosed that its code repositories had been accessed and copied just before Christmas. The incident was quickly found and reported by Slack. Slack's security disclosure didn't appear on its regular news blog, as noted by Bleeping Computer.

Additionally, the company added code to prevent search engines from including it in their results in some regions of the world. After a bug exposed hashed passwords for five years in August 2022, Slack compelled password resets. 

Police Face Recognition Used Once More to Arrest the Wrong Man 

A Black man in Georgia was imprisoned for nearly a week after police allegedly used a face recognition match that wasn't accurate. In a theft case they were looking into, Louisiana police used technology to obtain an arrest warrant for Randal Reid. "I've never spent a day in Louisiana in my life. I was then informed that it was for theft. Reid told the local news outlet Nola, "I don't steal, so I haven't been to Louisiana either.

A detective "took the algorithm at face value to secure a warrant," according to the publication, and little is known about how Louisiana police use face recognition technology. None of the systems' names have been made public. But this is merely the most recent instance of face recognition technology being misused to make erroneous arrests. While the use of face recognition technology by the police has rapidly expanded across US states, studies have repeatedly shown that it more frequently misidentifies women and people of colour than white men.

User ID mandatory for pornographic websites in Louisiana 

A recent Louisiana law requires pornographic websites to confirm the ages of users from the state to confirm they are older than 18. A website must use age verification, according to the law, if there is 33.3 percent or more pornographic content there. The largest pornographic website in the world, PornHub, now offers users the chance to link their government-issued ID, such as a driver's licence, through a third-party service to demonstrate that they are of legal age. Although PornHub claims that it does not gather user data, the move has sparked concerns about surveillance. 

Countries all over the world are passing laws requiring visitors to porn sites to show they are old enough to view the explicit content. If the measures are not implemented, lawmakers in France and Germany have threatened to block pornographic websites. Because age verification systems were lacking, Twitter began to censor German producers of adult content in February 2022. Similar age-checking initiatives were attempted in the UK between 2017 and 2019, but failed due to admins' confusion, design flaws, and concerns over data breaches.

Russian spies expelled from Europe 

By its very nature, the world of spies is shrouded in secrecy. Nations send agents into other nations to collect intelligence, find other resources, and sway events. However, sometimes these spies are discovered. More Russian spies in Europe have been found and expelled from countries since Russia's full-scale invasion of Ukraine in February 2022. Since 2018, known instances of Russian spies operating in Europe have been compiled in a new database from open-source researcher @inteltakes. The database includes information on 41 exposed spies, including their nationality, occupation, and the service they were recruited by, whenever available.
Read more »
Subscribe to: Posts (Atom)