Saturday May 25, 2019
Home Lead Story New Breed of ...

New Breed of Nation-state Hackers Keep Governments on Their Toes

APT33 has targeted organisations – spanning multiple industries – headquartered in the US, Saudi Arabia and South Korea

0
//

Cyber attacks are growing exponentially and the threat of data breaches now loom over both government and private enterprises owing to new nation-state hackers coming to the fore.

North Korea leads the race in harbouring such groups for cyber warfare.

North Korea’s hacking branch is known as “Bureau 121” which is behind several high-profile cyber attacks, including the most famous “Wannacry” ransomware attack.

The “WannaCry” began in May 2017 as a global cyber attack which targeted computers by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.

The attack was estimated to have affected more than 200,000 computers across 150 countries including in India – with damages running into millions of dollars.

They were also responsible for a massive data leak at Sony Pictures in 2014.

Cyber security firm FireEye pays special attention to advanced persistent threats (APT) groups that receive direction and support from an established nation state.

Cyberattacks
An employee works near screens in the virus lab at the headquarters of Russian cybersecurity company Kaspersky Labs in Moscow, July 29, 2013. VOA

Like other attackers, APT groups try to steal data, disrupt operations or destroy infrastructure. Unlike most cyber criminals, APT attackers pursue their objectives over months or years.

“APT38” is another North Korean regime-backed threat group responsible for conducting the largest observed cyber heists.

Although APT38 shares malware development resources and North Korean state sponsorship with a group referred to by the security community as “Lazarus”, APT38’s financial motivation, unique toolset, and tactics, techniques and procedures (TTPs) are distinct enough for them to be tracked separately from other North Korean cyber activity, says FireEye.

“APT38” has conducted operations in over 16 organisations in at least 11 countries.

High-profile organisations in engineering, transportation and defence industries, particularly with links to the maritime sector, are being targeted by China-based “APT 40”. The group has been active since at least January 2013.

“Anonymous” is another known hacking group. Starting operations in 2003, they initially hacked into smaller social networking sites.

On August 9, 2014, Michael Brown Jr., an 18-year-old African American man, was fatally shot by Ferguson police officer Darren Wilson in the city of Ferguson, Missouriin the US.

“Anonymous” shut down Ferguson City Hall’s Internet following the shooting. In 2011, they took down the PlayStation Network and stole user data.

cyberattack
Image source: wordpress.com

Fancy Bear is a hacking group associated with the Russian government and appears to support its cyber warfare activities.

“Despite being one of the most disruptive hackers in the world, Fancy Bear almost never takes credit for their own work,” say media reports.

When it comes to Middle Eastern hacker groups with destructive capabilities, many think of the suspected Iranian group that previously used SHAMOON – aka Disttrack – to target organizations in the Persian Gulf.

Also Read- Windows 10 OS Now Running on More Than 800 mn Devices, Says Microsoft

“However, over the past few years, we have been tracking a separate, less widely known suspected Iranian group with potential destructive capabilities, whom we call APT33,” says FireEye.

The analysis reveals that APT33 is a capable group that has carried out cyber espionage operations since at least 2013 “at the behest of the Iranian government”.

APT33 has targeted organisations – spanning multiple industries – headquartered in the US, Saudi Arabia and South Korea. (IANS)

Next Story

US Lawmakers Seek Probe to Control the Spread of Hacking Tools Sold Globally

The bill is expected to be voted on by the full appropriations committee in the coming weeks before going onto the full House

0
hacking
A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, on July 29, 2017. VOA

U.S. lawmakers are pushing legislation that would force the State Department to report what it is doing to control the spread of U.S. hacking tools around the world.

A bill passed in a House of Representatives’ appropriations subcommittee on Tuesday said Congress is “concerned” about the State Department’s ability to supervise U.S. companies that sell offensive cybersecurity products and know-how to other countries.

The proposed legislation, released on Wednesday, would direct the State Department to report to Congress how it decides whether to approve the sale of cyber capabilities abroad and to disclose any action it has taken to punish companies for violating its policies in the past year.

National security experts have grown increasingly concerned about the proliferation of U.S. hacking tools and technology.

hacking
National security experts have grown increasingly concerned about the proliferation of U.S. hacking tools and technology. Pixabay

The legislation follows a Reuters report in January which showed a U.S. defense contractor provided staff to a United Arab Emirates hacking unit called Project Raven. The UAE program utilized former U.S. intelligence operatives to target militants, human rights activists and journalists.

State Department officials granted permission to the U.S. contractor, Maryland-based CyberPoint International, to assist an Emirate intelligence agency in surveillance operations, but it is unclear how much they knew about its activities in the UAE.

Under U.S. law, companies selling cyber offensive products or services to foreign governments must first obtain permission from the State Department.The new measure was added to a State Department spending bill by Dutch Ruppersberger, a Democrat from Maryland and member of the House Appropriations Committee.

Ruppersberger said in an emailed statement he had been “particularly troubled by recent media reports” about the State Department’s approval process for the sale of cyberweapons and services.

CyberPoint’s Chief Executive Officer Karl Gumtow did not respond to a request for comment. He previously told Reuters that to his knowledge, CyberPoint employees never conducted hacking operations and always complied with U.S. laws.

hacking
Rep. Dutch Ruppersberger, D-Md. questions U.S. Ambassador to the UN Nikki Haley as she testifies on Capitol Hill in Washington, Tuesday, June 27, 2017. VOA

The State Department has declined to comment on CyberPoint, but said in an emailed statement on Wednesday that it is “firmly committed to the robust and smart regulation of defense articles and services export” and before granting export licenses it weighs “political, military, economic, human rights, and arms control considerations.”

ALSO READ: Huawei Warns Ban on 5G Technology would Harm American Workers

Robert Chesney, a national security law professor at the University of Texas, said the Reuters report raised an alarm over how Washington supervises the export of U.S. cyber capabilities.

“The Project Raven (story) perfectly well documents that there is reason to be concerned and it is Congress’ job to get to the bottom of it,” he said. The bill is expected to be voted on by the full appropriations committee in the coming weeks before going onto the full House. (VOA)