Tuesday January 21, 2020
Home Lead Story New Breed of ...

New Breed of Nation-state Hackers Keep Governments on Their Toes

APT33 has targeted organisations – spanning multiple industries – headquartered in the US, Saudi Arabia and South Korea

0
//
Representational image.

Cyber attacks are growing exponentially and the threat of data breaches now loom over both government and private enterprises owing to new nation-state hackers coming to the fore.

North Korea leads the race in harbouring such groups for cyber warfare.

North Korea’s hacking branch is known as “Bureau 121” which is behind several high-profile cyber attacks, including the most famous “Wannacry” ransomware attack.

The “WannaCry” began in May 2017 as a global cyber attack which targeted computers by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

The attack was estimated to have affected more than 200,000 computers across 150 countries including in India – with damages running into millions of dollars.

They were also responsible for a massive data leak at Sony Pictures in 2014.

Cyber security firm FireEye pays special attention to advanced persistent threats (APT) groups that receive direction and support from an established nation state.

Cyberattacks
An employee works near screens in the virus lab at the headquarters of Russian cybersecurity company Kaspersky Labs in Moscow, July 29, 2013. VOA

Like other attackers, APT groups try to steal data, disrupt operations or destroy infrastructure. Unlike most cyber criminals, APT attackers pursue their objectives over months or years.

“APT38” is another North Korean regime-backed threat group responsible for conducting the largest observed cyber heists.

Although APT38 shares malware development resources and North Korean state sponsorship with a group referred to by the security community as “Lazarus”, APT38’s financial motivation, unique toolset, and tactics, techniques and procedures (TTPs) are distinct enough for them to be tracked separately from other North Korean cyber activity, says FireEye.

“APT38” has conducted operations in over 16 organisations in at least 11 countries.

High-profile organisations in engineering, transportation and defence industries, particularly with links to the maritime sector, are being targeted by China-based “APT 40”. The group has been active since at least January 2013.

“Anonymous” is another known hacking group. Starting operations in 2003, they initially hacked into smaller social networking sites.

On August 9, 2014, Michael Brown Jr., an 18-year-old African American man, was fatally shot by Ferguson police officer Darren Wilson in the city of Ferguson, Missouriin the US.

“Anonymous” shut down Ferguson City Hall’s Internet following the shooting. In 2011, they took down the PlayStation Network and stole user data.

cyberattack
Image source: wordpress.com

Fancy Bear is a hacking group associated with the Russian government and appears to support its cyber warfare activities.

“Despite being one of the most disruptive hackers in the world, Fancy Bear almost never takes credit for their own work,” say media reports.

When it comes to Middle Eastern hacker groups with destructive capabilities, many think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf.

Also Read- Windows 10 OS Now Running on More Than 800 mn Devices, Says Microsoft

“However, over the past few years, we have been tracking a separate, less widely known suspected Iranian group with potential destructive capabilities, whom we call APT33,” says FireEye.

The analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013 “at the behest of the Iranian government”.

APT33 has targeted organisations – spanning multiple industries – headquartered in the US, Saudi Arabia and South Korea. (IANS)

Next Story

Hackers Use Data Protection Websites to Hack User Data: Study

In any possible scenario - be it the absence of the SSN or entering the correct existing SSN - the website alerts mistakes and offers to sell a temporary one for the $9 price

0
Hackers
Experts at cybersecurity firm Kaspersky detected this new online fraud scheme where Hackers urge users to buy 'temporary US social security numbers' worth around $9 each. Pixabay

In a unique online fraud, hackers are tricking people into thinking that they own compensation after being victims of personal data frauds, and under the pretext of offering them money, are fleecing them, a new report said on Monday.

Experts at cybersecurity firm Kaspersky detected this new online fraud scheme where scammers urge users to buy ‘temporary US social security numbers’ worth around $9 each.

Victims were found in Russia, Algeria, Egypt and the UAE as well as other countries.

The scheme involves a website allegedly owned by the Personal Data Protection Fund, founded by the US Trading Commission.

The fund issues compensation to those who may have been subject to a personal data leak and is available to citizens from any country in the world.

For those interested, the site offers to check whether user data has ever been leaked.

For this, one needs to provide their specific surname, first name, phone number, and social media accounts.

Once this has been done, an alert is shown indicating that the user has experienced a leak, which can include data such as photos, videos, and contact information, entitling the user to compensation of thousands of dollars.

Hackers
In a unique online fraud, hackers are tricking people into thinking that they own compensation after being victims of personal data frauds, and under the pretext of offering them money, are fleecing them. Pixabay

“However, fraudsters do not just ask for a user to enter a bank card number and wait for the payment to be credited; users inevitably need to offer their own social security numbers,” the report noted.

In any possible scenario – be it the absence of the SSN or entering the correct existing SSN – the website alerts mistakes and offers to sell a temporary one for the $9 price.

Upon agreement, the victim is redirected to this payment form in Russian or English with the purchase price specified in rubles or dollars, respectively. The specific form depends on the victim’s IP address, the experts noted.

“The scammers themselves are most likely Russian speakers, as suggested by the request for payments in rubles, plus the suspicious similarity of the scheme to other easy money offers that regularly tempt residents of Russia and the CIS (Commonwealth of Independent States),” said Tatyana Sidorina, Security expert at Kaspersky.

The e-bait in those schemes varies — giveaways, surveys, secret retirement savings, even a part-time job as a taxi dispatcher — but they tend to be in Russian (as are some of the preceding links).

The bottom line is always the same: the juicy promise of quite a bit of easy money, followed by a demand to pay for an inexpensive service, be it a commission, a ‘securing’ payment, or a temporary SSN.

Hackers
“However, Hackers do not just ask for a user to enter a bank card number and wait for the payment to be credited; users inevitably need to offer their own social security numbers,” the report noted. Pixabay

“The new scheme is quite a topical one and is related to offering compensation for data leaks. Once some organizations have started to pay users, fraudsters decided there is a monetary opportunity for them as well,” Sidorina added.

ALSO READ: People with Inadequate Food Access Likely to Die Prematurely: Study

In order to stay protected from the potential risks of online fraud, do not trust payment offers, use trusted resources and utilize a reliable security solution, said the researchers. (IANS)