Russia hacked hundreds of Western, Asian companies: security firm

A U.S. cybersecurity firm says it has gathered evidence that the Russian government spied on hundreds of American, European and Asian companies, the first time Moscow has been linked to cyber attacks for alleged economic – rather than political – gains.

According to the firm, CrowdStrike, the victims of the previously unreported cyber espionage campaign include energy and technology firms, some of which have lost valuable intellectual property.

CrowdStrike declined to go into detail about those losses or to name any victims, citing confidentiality agreements related to its investigation.

Officials with the Russian Interior Ministry could not be reached for comment early on Wednesday in Moscow.

“These attacks appear to have been motivated by the Russian government’s interest in helping its industry maintain competitiveness in key areas of national importance,” Dmitri Alperovitch, chief technology officer of CrowdStrike, told Reuters on Tuesday evening.

Cybersecurity researchers have in the past said that China’s government was behind cyber espionage campaigns against various corporations dating back as far as 2005, but China has vehemently denied those allegations. Alperovitch said this is the first time the Russian government has been linked to cyber intrusions on companies.

Governments have been using computer networks to spy on each other for more than 30 years in the type of surveillance programs conducted by virtually every nation, according to CrowdStrike. It is only in the past decade that some nations have started using cyber espionage as a platform for gaining data to help promote their national economic interests, according to Alperovitch.

CrowdStrike has been following the activities of the Russian group of hackers, which it dubbed “Energetic Bear,” for two years. The firm believes the Russian government is behind the campaign because of technical indicators, as well as analysis of the targets chosen and the data stolen, according to Alperovitch.

“We are very confident about this,” he said. Victims include European energy companies, defense contractors, technology companies and government agencies, according to the CrowdStrike report.

Manufacturing and construction firms in the United States, Europe and Middle East as well as U.S. healthcare providers were also cited as targets in the report that was posted on the web early on Wednesday morning, here

CrowdStrike described the activities of the Energetic Bear hackers in its annual cyber threat report, released on Wednesday. It also documented attacks by hacking groups in China and Iran and described the activities of the activist Syrian Electronic Army.

Alperovitch, who is of Russian ethnic origin and now lives in the Washington, D.C., area, is an expert on cyber espionage who rose to prominence while working for McAfee Inc. While there he managed a team of researchers who produced a landmark January 2010 report that described how Chinese hackers had launched an unprecedented series of attacks known as “Operation Aurora” on Google Inc and dozens of other companies.

In 2012, he co-founded CrowdStrike, which collects intelligence about the activities of hacking groups around the world and sells software to thwart such attacks.

He told Reuters that the data his firm has obtained about Energetic Bear suggests that authorities in Moscow have decided to start using cyber espionage to promote Russia’s national economic interests.

“They are copying the Chinese play book,” he said. “Cyber espionage is very lucrative for economic benefit to a nation.”

Source : Reuters

About these ads

Dalai Lama’s China website hacked, infects others: Kaspersky

The Chinese-language website of the Tibetan government-in-exile, whose spiritual head is the Dalai Lama, has been hacked and infected with viruses.

Experts at computer security company Kaspersky Lab warned that the Central Tibetan Administration (CTA) site had been compromised.

It is believed the malicious software could be used to spy on visitors.

Technical evidence suggests the hackers carried out previous cyber-attacks on human rights groups in Asia.

Dalai Lama's Chinese website hacked and infected

Dalai Lama’s Chinese website hacked and infected

Tibet.net is the official website of the CTA, which is based in Dharamshala, northern India.

The organisation’s spiritual leader is the 14th Dalai Lama, who fled Tibet in 1959 after a failed anti-Chinese uprising, and set up a government-in-exile. China considers the Dalai Lama a separatist threat.

Constant threat

Kaspersky says the CTA website has been under constant attack from the same group of hackers since 2011, but previous breaches have been quietly identified and repaired before attracting significant attention.

Other Tibetan organisations, such as the International Campaign for Tibet, have also been targeted.

Kaspersky Lab researcher Kurt Baumgartner says the hackers used a method known as a “watering-hole attack”.

A security bug in Oracle’s Java software might have been exploited, giving hackers a “back door” into browsers’ computers.

“This is the initial foothold,” Mr Baumgartner said. “From there they can download arbitrary files and execute them on the system.”

Kaspersky’s education manager Ram Herkanaidu said the discovery of the attack came after an “email account of a prominent Tibetan activist was hacked“.

Mr Herkanaidu added: “The likely actors behind the sustained campaign against Tibetan sites are Chinese speaking, as in many cases we have seen log files written in Chinese.”

NSA performed over 61K hacking operations around the world

NSA whistleblower Edward Snowden came out of hiding to speak with a Chinese newspaper today, claiming that the U.S. is also using its recently revealed surveillance tactics against China. According to an interview Snowden gave to the South China Morning Post, the U.S. government has preformed over 61,000 “hacking operations” in countries across the globe. He also believes hundreds of those missions targeted the Chinese mainland as well as Hong Kong, where Snowden is currently hiding.

NSA performed over 61K hacking operations

NSA performed over 61K hacking operations

He has been in hiding since releasing a slide deck to the Washington Post outlining a government surveillance program called PRISM. Snowden came out a few days later, saying he worked as a defense contractor for the NSA and had access to such information. After that, he disappeared, only resurfacing today to make these comments. According to the slide deck he released, PRISM is a data collection program set up to collect information from a number of top tech companies including Facebook, Google, Microsoft, Apple, and others.

Snowden explained to the SCMP that these individual company requests aren’t the only way the NSA gets data. “We hack network backbones — like huge Internet routers, basically — that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” he told the publication. To those who criticize his choice to make a safe haven of Hong Kong, he explained that he intends to fight for his rights there, and that the Chinese city which was under British rule under 1997.

US Companies blame China for hacking

The allegations of hacking between the U.S. and China have once again come into the spotlight. Recently the American Chamber of Commerce in China conducted their annual survey and found that more than one fourth of the U.S. companies who own major operations in China have responded that they have suffered data theft of intellectual property or trade secrets at the hand of cyber attackers in China. Well, this is not the first time such allegations have arisen between the two countries that are already having tense relations because of this particular issue.

US Companies blame China for hacking

US Companies blame China for hacking

While more than twenty six percent of the companies interviewed in the American Chambers survey responded in the affirmative to hacking, the troublesome fact is 95 percent of the companies feel that the situation is not likely to improve in the near future. The chamber commented in their study that
“Over 40 per cent of respondents say the risk of a data breach is actually increasing, “This poses a substantial obstacle for businesses in China, especially when considered alongside the concerns over [intellectual property rights] enforcement and de facto technology transfer requirements.”

U.S. Representative Dutch Ruppersberger recently commented that US companies suffered losses worth more than $300 billion last year as a result of intellectual property theft, with the majority of losses being the result of hacking by the Chinese. In fact, U.S. President Barack Obama along with other senior officials like Thomas Donilon, who is the national security advisor, have publicly called on the Chinese government to stop sponsoring hacking attacks on U.S. companies with the intent of stealing trade secrets.

Moreover, a report by Mandiant Labs, a major security vendor last year also accused the Chinese military of having a special operations unit to which they referred as the Advanced Persistent Threat (APT) and that it was the most harmful of all such operations.

While on a visit to the Chinese capital recently, Jack Lew, the US Treasury secretary got down the Chinese leaders and discussed the matter of cyber security and state sponsored cyber attacks at great lengths with them, referring to it as “a very serious threat to our economic interests”.

Beijing on the other hand, has maintained its usual stand of denying any involvement whatsoever in any hacking related activity and retorted with saying that it is itself a victim of hacking attacks which originated from the U.S. A spokesperson for the Chinese Foreign Ministry, Hong Lei called the accusations baseless and without any proof, and the survey by the American chamber, “a completely irresponsible action”. Hong said that “We hope the relevant side doesn’t politicize financial and trade problems, does not exaggerate the so-called issue of online leaks and does more conducive things for China and the United States,”.

Well, whatever the case might be, but there is no denying the fact that the business confidence levels of the U.S. companies in China is dropping fast and the survey is just an example of that and these escalated levels of tension could be detrimental to the trade relations between the two countries.

Chinese hackers infiltrate Indian Defence Research Organisation

The premier defence research organization in India i.e. the Defence Research and Development Organisation (DRDO) has been hacked, if media reports are to be believed and the attack is believed to have been carried out by Chinese hackers sponsored by the state. This report has spread like wildfire and created quite a stir in the country with many people in the government demanding a detailed probe into the matter. The incident depicts the audacity of the state sponsored Chinese hackers who have repeatedly hacked many sensitive organizations. A probe has been ordered into the case by the government.

Chinese hackers infiltrate Indian Defence Research Organisation

Chinese hackers infiltrate Indian Defence Research Organisation

Media reports are rife with speculation that the hackers managed to access and pilfer many sensitive security documents. This is because the files related to Cabinet Committee on Security (CCS), which is the highest body in India entitled to making security decisions, were found on a server in Guangdong in China.

The attack was brought to notice during early March this year after the top technical intelligence agency National Technical Research Organisation (NTRO) joined hands with private cyber security agencies and uncovered a file called “army cyber policy”. Apparently, the file was pre engineered by the hackers so as to spread across the systems and hack the email accounts of DRDO scientists. Moreover, the e-tickets of the DRDO scientists from February when they travelled to Delhi were also found on the server in China along with a huge number of documents relating to the CCS. Also a series of documents pertaining to the R&D on communication programs and surface-to-air missiles by another DRDO organization based in Hyderabad i.e. the Defence Research and Development Lab (DRDL).

Security agencies also found documents of the deals made between the DRDO and Bharat Dynamics Ltd. which is a defense PSU dealing in the design of missies and related components. Another set of files about the economic negotiations with a France based missile manufacturing company were also uncovered.

Surprisingly, despite all the above mentioned evidence, the spokesperson for DRDO Mr. Ravi Kumar Gupta has commented that no breach has taken place in their organization and no computer systems were compromised. According to Gupta, “As per available information, no incidence of breach of security of the DRDO’s computers has come to notice,” and he further added that “Appropriate measures are in place for safety and security of computer systems,”

However, when Defense Minister Mr. A.K. Antony was questioned about the given security breach at DRDO, he replied that “Intelligence agencies are investigating the matter at this stage and I do not want to say anything else.” He did not answer whether any information had been compromised as a result of the breach or not. According to a Defense Ministry Official, “The minister has asked Defence Secretary Shashikant Sharma to inquire into the reports of the DRDO’s computers being hacked and submit a report to him at the earliest,”

Well, this is not the first time that the critical defense setup of the country has been targeted by hackers. But it seems that the Chinese hackers are yet to give up on their espionage activities across the world, and India is just their latest target.

Hackers turn China security report into Trojans

Hackers create malicious versions of a report released by Mandiant which linked cyberattacks to the Chinese army, but the IT security vendor says its system is not breached.

Hackers have tampered with the security report by a leading U.S. security vendor Mandiant, which incidentally discussed implicated Chinese army in the cyber attack on many leading U.S. companies and other Western organizations. The report which was released last week obviously made headlines around the world and made many shocking revelations about the role of the Chinese state in using cyber technology to further their espionage and other activities etc. So the hackers decided to turn the tables on them and they tagged the report file with a little souvenir of a malware of their own to the file such that a report which accused the Chinese of attacking others became a weapon for their use itself.

Hackers turn China security report into Trojans

Hackers turn China security report into Trojans

The digital report, which is about 60 pages long, was tagged with a Trojan or malicious software which allows the hackers to control the infected computers once the file is downloaded and accessed by users. These tainted files come with an email that was sent by the hackers as part of their spearphishing campaign. As per a blog post by Symantec, the corrupted files have been used as “bait” by hackers by embedding a virus called Trojan.Pidief into fake reports which are disguised as PDF files and open a blank PDF document upon opening, which unleashes the malware while remaining unknown to the users. The malware has been designed to exploit the vulnerability in Adobe Acrobat known as Reader Remote Control Execution vulnerability. The email containing the fake report comes from a media organization is in Japanese language along with the PDF attachment containing the malware. 

Moreover, there have been reports of a second spearphishing campaign, according to Kaspersky Lab ThreatPost : The first phishing attacks are using a file named “Mandiant_APT2_Report.pdf“, a slight variation of the real report name, which uses the APT1 moniker that the computer security firm applies to the specific crew of Chinese attackers discussed in the document. The other spear-phishing attack is using a document named “Mandiant.pdf” as its bait, and the malware used in that attack calls back to a C&C server based in Korea, also at a dynamic DNS provider.”

The first phishing mails were sent from somewhere in Korea to target Japanese organizations, but the second campaign is more obscure in its whereabouts and targets.

The report by Mandiant, which raised strong evidence for the role in Chinese army in sponsoring cyber attacks, including a video has left little to the imagination of anyone.  The report mentioned a unit of Chinese government known as Unit 61938 responsible for the hacking attacks to which the report referred to as Advanced Persistent Threats (APT) which have been functional for many years now.  Mandiant has developed this report over quite some period and have documented more than 150 attacks perpetrated by the APT groups.

The Chinese Ministry of Defence has refuted all such allegations of industrial espionage. However, the U.S, Government has recently decided to up their cyber security. Well, this seems the only solution at present but the government must aim for increasing education and awareness about such attacks to effectively curb this problem.