Stealth Mango and Tangelo:
Lookout, an American mobile security firm based in San Francisco, has recently published a report claiming that a "group or individuals that are believed to belong to the Pakistani military "has developed and released a "set of custom Android and iOS surveillanceware tools we’re respectively calling Stealth Mango and Tangelo". The report says: "These tools have been part of a highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military". The countries affected by it include Afghanistan, India, Iraq, Pakistan and the United Arab Emirates, according to Lookout report.
Mango and Tangelo Spyware Targets. Source: Lookout |
The targets in Pakistan include members of the foreign diplomatic corps who have visited conflict zones, particularly parts of Balochistan, and Pakistani officials involved in internal corruption investigations.
The goal of the Lookout report is to sell their security software as obvious from their concluding summary below:
"Stealth Mango and Tangelo is yet another example among the numerous campaigns we have uncovered (Dark Caracal, ViperRAT, FrozenCell, etc.) where threat actors are developing in-house custom surveillanceware. The actor behind Stealth Mango has stolen a significant amount of sensitive data from compromised devices without the need to resort to exploits of any kind. The actors that are developing this surveillanceware are also setting up their own command and control infrastructure and in some cases encountering some operational security missteps, enabling researchers to discover who the targets are and details about the actors operating it that otherwise are not as easily obtained. Relevant data has already been shared with the appropriate authorities. Lookout customers are protected against Stealth Mango and Tangelo and have been for several months since the beginning of the investigation."
Amnesty International Allegations:
Amnesty International has alleged that attackers are using fake online identities and social media profiles to "ensnare Pakistani human rights defenders online and mark them out for surveillance and cybercrime". The report titled "Human Rights Under Surveillance: Digital Threats against Human Rights Defenders in Pakistan" claims that Diep Saeeda, a Lahore-based human rights activist, has been targeted by a "network of individuals and companies based in Pakistan that are behind the creation of some of the tools seen in surveillance operations used to target individuals in Pakistan".
Amnesty says that "over the course of several months, Amnesty International used digital forensic techniques and malware analysis to identify the infrastructure and web pages connected to online attacks on human rights activists in Pakistan". "Amnesty International’s Technology and Human Rights team has been able to trace these attacks to a group of individuals based in Pakistan".
Proliferation of Hacking Tools:
In 2017, Wikileaks revealed that the American intelligence agency CIA has "lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized "zero day" exploits, malware remote control systems and associated documentation." The Wikileaks noted that that "the CIA made these systems unclassified".
Wikileaks said: "In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of "Vault 7" — the CIA's weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems — the agency has little legal recourse".
It appears that the CIA's "hacking arsenal" is now being modified and used by many state and non-state actors to carry out hacking and surveillance of their targets around the world. The proliferation of cyber hacking tools appears to be a lot easier than the proliferation of the nuclear weapons technology.
Summary:
A report by American mobile security software vendor Lookout claims that individuals and groups connected to the Pakistani military are using spyware and malware tools on targets in Afghanistan, Pakistan, India and UAE. Amnesty International alleges that Pakistan intelligence agencies are "network of individuals and companies based in Pakistan that are behind the creation of some of the tools seen in surveillance operations used to target individuals in Pakistan".
Many intelligence agencies are turning to the use of smartphone malware and spyware for the purpose of hacking and surveillance. The list of such agencies includes but not limited to US CIA, NSA, Mossad, RAW, MI6, ISI and others. Global proliferation of cyber hacking tools appears to have been accelerated when the US CIA lost control of its hacking tools including malware, viruses and trojans.
Related Links:
Haq's Musings
South Asia Investor Review
Pakistan Operation Arachnophobia
Social Media Tribalism
Revolution in Military Affairs: Cyberweapons and Robots
Cyber Warfare
Pakistani-American Founder of Fireeye Cyber Firm
Pakistan Boosts Surveillance to Fight Terror
Pakistan's Biometric Registration Database
Operation Zarb e Azb Launch
Ex Indian Spy Documents RAW's Successes in Pakistan
Intelligence Failures in Preventing Daily Carnage in Pakistan
What If Musharraf Had Said NO to US After 911?
Pakistani Computer Scientist Fights Terror
Pakistani Killer Drones to Support Anti-Terror Campaign
3G 4G Rollout Spurs Data Services Boom in Pakistan
15 comments:
Cyber technology has brought a new era of Intelligence gathering and spying.Every country has to be ready to tackle it successfully for its own safety !
Pakistan’s first-ever Cyber Security Centre launched
Aims to develop tools and technologies to protect cyberspace, sensitive data and local economy from the cyber-attacks
https://gulfnews.com/news/asia/pakistan/pakistan-s-first-ever-cyber-security-centre-launched-1.2225435
Pakistan government’s Cyber Security Centre has been inaugurated at Air University in Islamabad to deal with cyber security challenges in the digital age.
-------------
Faaiz Amir informed that Air University is also commencing a four year BS cyber security programme, which is designed to develop modern cyber security skills and apply them to manage computers, systems, and networks from cyber-attacks. The programme would increase the awareness and knowledge about cyber security in Pakistani students, he added.
------------
Cyber security encompasses technologies, processes and controls that are designed to protect systems, networks and data from cyber attacks. Pakistan’s Cyber Security Centre aims to develop advanced tools and research technologies to protect Pakistan’s cyberspace, sensitive data, and local economy from the cyber-attacks.
The headquarter of the National Centre for Cyber Security will be based at Air University Islamabad with labs at different universities of Pakistan including Bahria University Islamabad, National University of Science and Technology (NUST), Information Technology University Lahore (ITU), Lahore University of Managment Sciences (LUMS), University of Peshawar, University of Engineering and Technology Peshawar, University of Nowshera, Pakistan Institute of Engineering and Applied Sciences (PIEAS), NED University Karachi, University of Engineering and Technology Lahore and University of Engineering and Technology Taxila.
Cyber-attackspose an enormous threat to the national economy, defence and security, National Security Adviser, Nasser Khan Janjua, earlier said.
After repeated calls from experts to secure the cyber space, Pakistan government has finally launched the centre to protect the cyberspace, sensitive data, and local economy from the cyber-attacks.
Last week, country’s National Counter Terrorism Authority (NACTA) also established a cyber security wing on modern lines to evolve cyber security strategies and to meet emerging cyber terrorism threats.
https://gpinvestigations.pri.org/how-north-korean-hackers-became-the-worlds-greatest-bank-robbers-492a323732a6
How North Korean hackers became the world’s greatest bank robbers
Patrick Winn May 16
Asia correspondent for PRI and GlobalPost Investigations• RFK Award Winner • Author of HELLO, SHADOWLANDS, available on
The Reconnaissance General Bureau, North Korea’s equivalent to the CIA, has trained up the world’s greatest bank-robbing crews. In just the past few years, RGB hackers have struck more than 100 banks and cryptocurrency exchanges around the world, pilfering more than $650 million. That we know of.
It was among the greatest heists against a United States bank in history and the thieves never even set foot on American soil.
Nor did they target some ordinary bank. They struck an account managed by the Federal Reserve Bank of New York, an institution renowned for its security.
In vaults 80 feet below the streets of Manhattan, the bank holds the world’s largest repository of gold. Many of these gold bars belong to foreign governments, which feel safer storing their gold inside well-defended bunkers in America than at home.
By the same token, overseas governments also store cash with the Fed. But this is cash in the 21st-century sense: all ones and zeroes, not smudgy bills. The bank holds vast foreign wealth on humming servers wired up to the internet.
That’s what the thieves went after in February 2016: nearly $1 billion, sitting in a Fed-run account. This particular account happened to belong to Bangladesh. Having already hacked into the servers of the Bangladesh Central Bank, the criminals waited until a Friday — a day off in many Muslim-majority nations, Bangladesh included.
Then they started draining the account.
Posing as Bangladesh Central Bank staff, the hackers sent a flurry of phony transfer requests to the Fed totaling nearly $1 billion. The Fed started zapping cash into accounts managed by the thieves overseas, most of them in the Philippines. Much of the money was quickly pulled out as cash or laundered through casinos.
From there, the trail goes cold.
The hackers didn’t get the full billion they desired. Most of the bogus requests were caught and canceled by suspicious personnel. But they did end up with an amazing score: $81 million.
The culprits of this heist are loyal to one of the most impressive organized crime syndicates in the world. They don’t work for the Triads, nor the Sinaloa Cartel, nor Sicily’s Cosa Nostra. They are agents of the Reconnaissance General Bureau (or RGB), which is headquartered in Pyongyang. This is North Korea’s equivalent to the CIA.
Like the CIA, North Korea’s RGB is steeped in clandestine overseas plots: assassinations, abductions and lots of spying. But it is perhaps better understood as a mash-up between the CIA, the KGB and the Yakuza.
What distinguishes the bureau is its entrepreneurial streak — one with a distinctly criminal bent.
For decades, North Korea has been beleaguered by Western sanctions and barred from global markets. This has prodded the regime to seek revenue in darker realms that are beyond the law. These black-market enterprises have included heroin production, printing bogus $100 bills and counterfeiting name-brand cigarettes.
But all of those rackets have now been totally eclipsed by hacking. The bureau has trained up the world’s greatest bank-robbing crews, a constellation of hacking units that pull massive online heists.
These thieves also have one distinct advantage over other syndicates: They are absolutely confident that they’ll never be charged. So it goes when your own country sponsors your criminal mischief.
This is a new phenomenon, according to US intelligence officials. “A nation state robbing banks … that’s a big deal. This is different,” says Richard Ledgett. He was, until his recent retirement, the deputy director of the National Security Agency.
Afghan diplomats in Pakistan targeted by 'state-backed hackers'
By Secunder Kermani
BBC News, Islamabad
http://www.bbc.com/news/world-asia-44250769
Afghan diplomats in Pakistan have been warned they are believed to be victims of "government-backed" digital attacks trying to steal their email passwords.
Afghan embassy sources told the BBC two staff members and a generic account received alerts from Google this month.
Last week Amnesty International detailed attempts to install malware on computers and phones of activists critical of Pakistan's military.
The army did not comment on allegations intelligence services were to blame.
After the Google warning alerts were sent out, another Afghan diplomat's email account was hacked and made to send out emails, without his knowledge, containing suspicious attachments.
The emails purported to contain photographs of rallies by protesters known as the Pashtun Protection Movement (PTM). In fact the attachments appear to contain malicious files, although it was not possible to download and examine them.
The PTM movement has accused the Pakistani military of committing human rights abuses in the country's fight against terrorism. Protests have been non-violent but controversial due to their unusually direct criticism of the Pakistani intelligence services.
Why were the emails sent?
Supporters of the Pakistani military have accused the PTM of working on behalf of the Afghan intelligence services - the two countries regularly accuse each other of working to undermine the other's security.
A source in the Afghan embassy told the BBC he was concerned that recipients of the emails sent out from the diplomat's account could believe the Afghan embassy was linked to the movement.
The email was sent to addresses publicly linked to a number of political figures in Pakistan. They include a former information minister, and a former law minister.
It was also sent to a former senator from a Pashtun nationalist party, Bushra Gohar. Ms Gohar told the BBC: "I know for a fact that all my accounts are being observed… this is condemnable."
She added: "Parliament needs to form a committee and look into what is going on."
Have there been other cyber-attacks?
An employee of the Afghan embassy and a former member of staff were also both targeted by a fake Facebook profile linked to cyber-attacks.
A report by Amnesty International released last week revealed that the profile, "Sana Halimi", had repeatedly sent malware to a human rights activist in Lahore.
One of the Afghan embassy staff members befriended by "Sana Halimi" told colleagues "she" had engaged him in conversation pretending to be an Afghan woman from the city of Herat.
fghan diplomats in Pakistan targeted by 'state-backed hackers'
By Secunder Kermani
BBC News, Islamabad
http://www.bbc.com/news/world-asia-44250769
The Facebook account also befriended a number of other human rights activists. One told the BBC it had messaged him in a "flirtatious" manner.
In a report released last week, mobile security company Lookout documented "Sana Halimi" sending out malware via Facebook Messenger on at least two occasions.
The incidents form part of an investigation they carried out into the successful hacking of devices by a team they describe as "likely" being run by the Pakistani military. Their report examined around 30GB of stolen data, a significant part of which appeared to have been taken from Afghan officials.
Who was 'Sana Halimi'?
The BBC has learnt that the pictures of "Sana Halimi" were in fact stolen from the social media accounts of a 21-year-old chef in Lahore called Salwa Gardezi with no connection to Afghanistan.
Ms Gardezi is a close relative of a prominent political commentator, Ayesha Siddiqa, known for her work critiquing the Pakistani military. It is not clear if her photographs were used because of this connection.
Ms Gardezi said she had only realised her pictures had been copied from her Facebook and Instagram accounts after a BBC article on the malware attacks last week. She told the BBC it was "shocking" her images had been used in this way, and that she had "no connection" to political work at all.
She added that she is planning to lodge a complaint with Pakistan's Federal Investigations Agency as she is concerned she could wrongly be mistaken as being linked to the cyber attackers.
"I want to clear my image," she said.
Journalist Warns Cyber Attacks Present A 'Perfect Weapon' Against Global Order
https://www.npr.org/2018/06/19/621338178/journalist-warns-cyber-attacks-present-a-perfect-weapon-against-global-order
DAVIES: A cyber Pearl Harbor some people would say.
SANGER: Yes, Dave, exactly. That's the concept of a cyber Pearl Harbor, which is something we don't see coming. And that's the reason that people get so unhappy when they read headlines - and I've written many of these stories - that the Russians or the Iranians or someone have placed implants in our utility grid, our other computer systems, so that they would be able to go turn off computer systems at any moment. And we know right now, for example, that the Department of Homeland Security has warned of a very extensive amount of malware, which is essentially what an implant is, that's in the American utility grid. The problem here is we don't see this the same way when someone's doing it to us than when we're doing it to someone, right?
So we hear that the Russians have put implants in our grid, and we say, oh, my goodness, somebody is getting ready to go turn off the power at any moment of conflict. When we do the same to other countries - and believe me; the National Security Agency and its military sidekick, the United States Cyber Command, does put these implants in other foreign systems and probably has tens if not hundreds of thousands of them in - we say, well, we're just preparing the battlefield. We're using them for monitoring. But the fact of the matter is it's sort of like the port that a doctor puts in your body if you're being treated for cancer or something like that. The doctor can use it to monitor what's going on, but he can also use it to inject something if they decide to treat you. And that's the problem with the cyber age. You never know what that implant is there for.
DAVIES: Right. I mean, obviously, to conduct the kind of disabling cyberattack that would shut down a lot of a country's infrastructure, you have to have done a lot of work beforehand. I want to be clear about this. Are we saying that we know that there are implants in our power grid which would enable the Russians or someone else to take it down?
SANGER: We know that there are implants in our power grid. Interesting question is, if somebody made use of it, how good would it be at taking it down? And that's why for the electric utility industry and for the financial industry, they've invested a huge amount in redundancy and resilience so that if you lose some set of power plants, you could contain it, route around it and be able to pick up and go on. And you just don't know until things happen how well your adversary has wired your system to take everything down. And as you said, this takes a lot of time. The United States spent years getting inside the Iranian centrifuges at Natanz and even then had to keep working on the software to improve it. The North Koreans, when they went into Sony Pictures in 2014 in retaliation for the release of a really terrible movie called "The Interview" that envisioned the assassination of Kim Jong Un, the same friendly Kim Jong Un we all saw in Singapore the other day - when the North Koreans went in, they went in in early September of 2014. They didn't strike until around Thanksgiving because it took all that time just to map out the interconnections of the electrical system, of the computer system, and when they did strike, it was devastating. They took out 70 percent of Sony's computer servers and hard drives.
Journalist Warns Cyber Attacks Present A 'Perfect Weapon' Against Global Order
https://www.npr.org/2018/06/19/621338178/journalist-warns-cyber-attacks-present-a-perfect-weapon-against-global-order
DAVIES: This is FRESH AIR. And we're speaking with New York Times national security correspondent David Sanger. His new book is "The Perfect Weapon: War, Sabotage And Fear In The Cyber Age."
You write about how active China has been in using cyberweapons to gather information about U.S. activities. And it's fascinating that our own intelligence services, the National Security Agency, has been using Chinese equipment to get into - to implant our stuff into their equipment. So when it's shipped all around the world, we can find out about people all over the world. And you have a fascinating description of meeting with a private cyber investigator, Kevin Mandia, who looked into Chinese hacking. Tell us about that.
SANGER: Well, the remarkable thing about the Chinese is that they've operated differently than the Russians, the Iranians and the North Koreans. By and large, they have not done destructive hacks. So far, they haven't tried to get in our voting system the way the Russians did. They haven't tried to go blow up computer systems the way the North Koreans did. But they have done the most extensive cyber espionage programs. And the great example here was the Office of Personnel Management. OPM could be the world's most boring federal bureaucracy. It's literally the record-keeper for all of the U.S. government.
And when people would go off to get their security clearances, they would fill out these very lengthy forms that the government wonderfully calls the SF86. And this is more, Dave, than just your name and Social Security number and a couple of credit card numbers. This is the list of every foreigner you ever knew. This is the list of your kids, your parents, your spouse. This is listing everybody with whom you've ever had a relationship - both a licit or an illicit relationship. So it's a blackmailer's dream, as you can imagine. It's all of your medical history. It's all of your financial history.
And how well was this protected by the U.S. government? The Office of Personnel Management, following a mandate from Congress not to get too many expensive cloud services if they could use unused government computer space, took most of this data and put it in the Department of the Interior's computer systems, where they had the same great protections we have on, say, bison migration in Yellowstone. And the Chinese came in. They figured out where the data was located. They discovered that it was unencrypted. I mean, when you talk to your bank over your iPhone, it's an encrypted conversation. This data was unencrypted. They sucked it all up, usually at night. They encrypted it and sent it back to China. And by the time the U.S. government figured this out - and Kevin Mandia was among those who helped everybody figure this out - the U.S. government had lost 21 million files, more than 5 million fingerprints.
Journalist Warns Cyber Attacks Present A 'Perfect Weapon' Against Global Order
https://www.npr.org/2018/06/19/621338178/journalist-warns-cyber-attacks-present-a-perfect-weapon-against-global-order
DAVIES: And tell us about this private cyber investigator Kevin Mandia. There was this building in China where a lot of this activity was going on - and the level of information he was able to get.
SANGER: So the building is near the Shanghai airport. And it's a big, bland, white office tower. And it is the home of Unit 61398, which is a PLA cyber unit.
DAVIES: People Liberation Army - the Chinese Army.
SANGER: The People's Liberation Army Cyber Unit. And the way that people began to understand what was happening was - Mr. Mandia, who ran a company called Mandiant that's since been merged up with FireEye, which he now runs, began to track the attacks that this unit was doing to steal intellectual property in the United States whether it was, you know, F-35 designs or other industrial designs and then turn them over to state-run Chinese firms. The hackers who would come in would sit at their computer terminals, and, unbeknownst to them, Mandiant would turn the cameras on those computers back on. So you could see them working.
And they would come in at like 8:30 in the morning. They would check sports scores. They would send a few notes to their girlfriends. A couple of them would look at a little bit of porn. You know, they would be reading newspaper articles. 9 o'clock would come. They'd start hacking into American sites. Lunchtime, they're back to sending notes to the girlfriends. They're back to checking their sports scores. I mean, it was such an interesting picture of the life of a young Chinese hacker.
DAVIES: David Sanger is a national security correspondent for The New York Times. His book about cyberwarfare is called "The Perfect Weapon." After a break, he'll take us inside the Russian hack of the Democratic National Committee, and we'll talk about President Trump's initiative to curb North Korea's nuclear program. Also, rock critic Ken Tucker reviews Father John Misty's new album. I'm Dave Davies. And this is FRESH AIR.
#Turkey's STM will organize training in #cybersecurity and #infornation #tech at #Pakistan Air #University; organize international conferences; give consultancy to research projects and support infrastructure for National Cyber Security Center at Air Uni. https://www.armyrecognition.com/ideas_2018_news_official_show_daily/ideas_2018_stm_signs_dou_for_pakistan_cyber_security.html
At IDEAS 2018, a Document of Understanding (DoU) was signed by STM and Pakistan Air University under the leadership of the Presidency of Defence Industries (SSB) of the Presidency of Rebuplic of Turkey. With this agreement, STM will provide significant solutions in integrated cyber security, big data and IT domains.
STM SavunmaTeknolojileriMühendislikveTicaret A.Ş. expands its business in Pakistan. Following the cooperation in naval programs under the leadership of the Presidency of Defence Industries, it now moves to different areas.
The signing ceremony was held with the participation of Mustafa Murat Åžeker, SSB Vice President; Murat Ä°kinci, STM General Manager; Air Vice Marshal Faaiz Amir, Vice Chancellor of Pakistan Air University; and officials. The agreement will increase the cyber security capabilities of Pakistan Air University, which sets up cyber security strategies of Pakistan and is responsible for the establishment of Pakistan’s National Center of Cyber Security (NCCS).
STM will organize special training and internship programs in cyber security and IT for Pakistan Air University students and faculty; organize international conferences and workshops; give consultancy to research projects in graduate programs; and support the infrastructure for the establishment of the National Cyber Security Center (NCCS) at the university. This agreement aims to increase the national cyber security capabilities of the friendly country Pakistan thanks to STM's integrated cyber security efforts and capabilities.
#Israeli #Cybersecurity Firm NSO Accused Of Helping #Saudis Spy On #Khashoggi. #Israel is actually involved in NSO in that Israeli government officials have to give the OK to let it sell its products abroad. This company has faced a lot of controversy. https://n.pr/2ANSZea
DANIEL ESTRIN, BYLINE: Hi.
MARTIN: Tell us more about these allegations, and what do we know about the Saudi dissident making them?
ESTRIN: His name is Omar Abdulaziz. He tells a very compelling story. He's a social media activist. He's a critic of the Saudi royal family. He lives in Montreal. And in his lawsuit, he says Saudi officials in Canada met him in May, told him Crown Prince Mohammed bin Salman was unhappy with his activism. They asked him to come to the Saudi consulate for further discussion, and he declined. And he says that he and Jamal Khashoggi started working together on an initiative to organize a group of Twitter activists against the Saudi regime. And then this dissident got a text message with a link, supposedly a DHL package delivery, and he clicked on the link and later, a Canadian group, Citizen Lab, said it believed that he fell victim to a cellphone spyware from an Israeli-based company, NSO. He spoke with NPR's Shannon Van Sant, and he said he thinks the Saudis intercepted his Whatsapp text messages with Khashoggi, and that was a deciding factor that led to his death. Here's what he said.
OMAR ABDULAZIZ: For sure, the conversations between us played a major role in what happened to Jamal. And they found out what we were working on and what are these projects and why Jamal was behind them.
MARTIN: What do we know about this company that makes the spyware?
ESTRIN: NSO is its name. It's a very secretive company. It doesn't have a website. It was founded by three Israelis. Their first names form the initials NSO. And there are Israeli reports that the company recently sold its spyware technology to Saudi officials. The company defends itself. It says its products are only sold to governments and to law enforcement to fight terrorism and crime, but Israel is actually involved in this company in that Israeli government officials have to give the OK to let it sell its products abroad. This company has faced a lot of controversy. Mexican human rights activists and others say Mexican government officials hacked into their phones using this company's spyware - same accusations from a human rights activist in the United Arab Emirates. Amnesty International also says the software was used against one of its employees, and Amnesty is accusing Israel of allowing the spyware to be sold to regimes that violate human rights.
MARTIN: Well, considering the company's connections to the Israeli government, is the suit likely to go anywhere?
ESTRIN: It seems like it's more of a symbolic lawsuit, Rachel, to draw public attention to this issue. I think it's going to be hard to prove these claims in court, and the Israeli Defense Ministry has constantly defended its vetting of NSO technology sales abroad. And I should add that Israel is not the only place in the world where companies are developing spyware technology, but it is - Israel is a big player in the field.
MARTIN: And presumably, Saudi officials aren't weighing in on whether or not they actually bought this technology, confirming any connection.
ESTRIN: They're not, and it's very interesting. Saudi and Israeli ties are kind of under the radar, but this may be an example of some of those ties.
#American software security firm #Symantec believe #Chinese did not steal the code used in #NSA's hacking tools but captured it from NSA's attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away. #China
https://nyti.ms/2H0Oekx
Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.
Based on the timing of the attacks and clues in the computer code, researchers with the firm Symantec believe the Chinese did not steal the code but captured it from an N.S.A. attack on their own computers — like a gunslinger who grabs an enemy’s rifle and starts blasting away.
The Chinese action shows how proliferating cyberconflict is creating a digital wild West with few rules or certainties, and how difficult it is for the United States to keep track of the malware it uses to break into foreign networks and attack adversaries’ infrastructure.
The losses have touched off a debate within the intelligence community over whether the United States should continue to develop some of the world’s most high-tech, stealthy cyberweapons if it is unable to keep them under lock and key.
The Chinese hacking group that co-opted the N.S.A.’s tools is considered by the agency’s analysts to be among the most dangerous Chinese contractors it tracks, according to a classified agency memo reviewed by The New York Times. The group is responsible for numerous attacks on some of the most sensitive defense targets inside the United States, including space, satellite and nuclear propulsion technology makers.
Now, Symantec’s discovery, unveiled on Monday, suggests that the same Chinese hackers the agency has trailed for more than a decade have turned the tables on the agency.
Some of the same N.S.A. hacking tools acquired by the Chinese were later dumped on the internet by a still-unidentified group that calls itself the Shadow Brokers and used by Russia and North Korea in devastating global attacks, although there appears to be no connection between China’s acquisition of the American cyberweapons and the Shadow Brokers’ later revelations.
But Symantec’s discovery provides the first evidence that Chinese state-sponsored hackers acquired some of the tools months before the Shadow Brokers first appeared on the internet in August 2016.
Repeatedly over the past decade, American intelligence agencies have had their hacking tools and details about highly classified cybersecurity programs resurface in the hands of other nations or criminal groups.
--------------------
The N.S.A. used sophisticated malware to destroy Iran’s nuclear centrifuges — and then saw the same code proliferate around the world, doing damage to random targets, including American business giants like Chevron. Details of secret American cybersecurity programs were disclosed to journalists by Edward J. Snowden, a former N.S.A. contractor now living in exile in Moscow. A collection of C.I.A. cyberweapons, allegedly leaked by an insider, was posted on WikiLeaks.
India’s Gandhi and Pakistan’s Khan tapped as targets in Israeli NSO spyware scandal - Tech News - Haaretz.com
https://www.haaretz.com/israel-news/tech-news/.premium-india-s-gandhi-and-pakistan-s-khan-tapped-as-israeli-nso-spyware-targets-1.10012729
Prominent Indian politician Rahul Gandhi and Pakistani Prime Minister Imran Khan were selected as potential targets of the Israeli-made Pegasus spyware program by clients of the NSO Group cyberespionage firm, a global investigation can reveal Monday.
Additional potential targets included Pakistani officials, including a number once associated with Pakistani leader Khan. They also included Kashmiri separatists, leading Tibetan religious figures and even an Indian supreme court judge. Khan did not respond to a request for comment from the Washington Post.
Gandhi, who said he changes phones every few months to avoid being hacked, said in response: “Targeted surveillance of the type you describe, whether in regard to me, other leaders of the opposition or indeed any law-abiding citizen of India, is illegal and deplorable.
According to an analysis of the Pegasus Project records, more than 180 journalists were selected in 21 countries by at least 12 NSO clients. The potential targets and clients hail from Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, Azerbaijan, Togo and Rwanda.
----------
India is Israel’s biggest arms market, buying around $1 billion worth of weapons every year, according to Reuters. The two countries have grown closer since Modi became Indian prime minister in 2014, widening commercial cooperation beyond their longstanding defense ties. Modi became the first sitting Indian leader to visit Israel in July 2017, while former Prime Minister Benjamin Netanyahu held a state visit to India at the start of 2018
Mr. Modi has used the Israeli spyware to not only spy on his critics at home but also his perceived enemies abroad. Pakistani Prime Minister Imran Khan is among the most prominent targets of the Modi government's cyber attacks, according to a recently released Project Pegasus report. The Indian government has neither confirmed nor denied the report. The focus of the report is the use of the Israeli-made spyware by about a dozen governments to target politicians, journalists and activists. The users of the Pegasus software include governments of Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, Azerbaijan, Togo and Rwanda.
http://www.riazhaq.com/2022/01/ny-times-modi-bought-israeli-pegasus.html
Ignite Conducts Karachi Qualifier Round of Digital Pakistan Cybersecurity Hackathon 2022
https://propakistani.pk/2022/12/02/ignite-conducts-karachi-qualifier-round-of-digital-pakistan-cybersecurity-hackathon-2022/
Ignite National Technology Fund, a public sector company with the Ministry of IT & Telecom, conducted the qualifier round of Digital Pakistan Cybersecurity Hackathon 2022 in Karachi on 1st December 2022 after conducting qualifier rounds at Quetta and Lahore.
The Cybersecurity Hackathon aims to improve the cybersecurity readiness, protection, and incident response capabilities of the country by conducting cyber drills at a national level and identifying cybersecurity talent for public and private sector organizations.
Dr. Zain ul Abdin, General Manager Ignite, stated that Ignite was excited about organizing Pakistan’s 2nd nationwide cybersecurity hackathon in five cities this year. The purpose of the Cyber Security Hackathon 2022 is to train and prepare cyber security experts in Pakistan, he said.
Speaking on the occasion, Asim Shahryar Husain, CEO Ignite, said, “The goal of the cybersecurity hackathon is to create awareness about the rising importance of cybersecurity for Pakistan and also to identify and motivate cybersecurity talent which can be hired by public and private sector organizations to secure their networks from cyberattacks.”
“There is a shortage of 3-4 million cybersecurity professionals globally. So this is a good opportunity for Pakistan to build capacity of its IT graduates in cybersecurity so that they can boost our IT exports in future,” he added.
Chief guest, Mohsin Mushtaq, Additional Secretary (Incharge) IT & Telecommunication, said, “Digital Pakistan Cybersecurity Hackathon is a step towards harnessing the national talent to form a national cybersecurity response team.”
“Ignite will continue to hold such competitions every year to identify new talent. I would like to congratulate CEO Ignite and his team for holding such a marathon competition across Pakistan to motivate cybersecurity students and professionals all over the country,” he added.
Top cybersecurity experts were invited for keynote talks during the occasion including Moataz Salah, CEO Cyber Talents, Egypt, and Mehzad Sahar, Group Head InfoSec Engro Corp, who delivered the keynote address on Smart InfoSec Strategy.
Panelists from industry, academia, and MoITT officials participated in two panel discussions on “Cyber Threats and Protection Approaches” and “Indigenous Capability & Emerging Technologies” during the event.
The event also included a cybersecurity quiz competition in which 17 teams participated from different universities. The top three teams in the competition were awarded certificates.
41 teams competed from Karachi in the Digital Pakistan Cybersecurity Hackathon 2022.
The top three teams shortlisted after the eight-hour hackathon were: “Team Control” (Winner); “Revolt” (1st Runner-up); and “ASD” (2nd Runner-up).
These top teams will now compete in the final round of the hackathon in Islamabad later this month.
Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS
https://thehackernews.com/2024/06/pakistan-linked-malware-campaign.html
Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018.
The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin.
The cybersecurity attributed the intrusion to an adversary it tracks under the moniker Cosmic Leopard (aka SpaceCobra), which it said exhibits some level of tactical overlap with Transparent Tribe.
"Operation Celestial Force has been active since at least 2018 and continues to operate today — increasingly utilizing an expanding and evolving malware suite — indicating that the operation has likely seen a high degree of success targeting users in the Indian subcontinent," security researchers Asheer Malhotra and Vitor Ventura said in a technical report shared with The Hacker News.
GravityRAT first came to light in 2018 as a Windows malware targeting Indian entities via spear-phishing emails, boasting of an ever-evolving set of features to harvest sensitive information from compromised hosts. Since then, the malware has been ported to work on Android and macOS operating systems, turning it into a multi-platform tool.
Subsequent findings from Meta and ESET last year uncovered continued use of the Android version of GravityRAT to target military personnel in India and among the Pakistan Air Force by masquerading it as cloud storage, entertainment, and chat apps.
Cisco Talos' findings bring all these disparate-but-related activities under a common umbrella, driven by evidence that points to the threat actor's use of GravityAdmin to orchestrate these attacks.
Cosmic Leopard has been predominantly observed employing spear-phishing and social engineering to establish trust with prospective targets, before sending them a link to a malicious site that instructs them to download a seemingly innocuous program that drops GravityRAT or HeavyLift depending on the operating system used.
GravityRAT is said to have been put to use as early as 2016. GravityAdmin, on the other hand, is a binary used to commandeer infected systems since at least August 2021 by establishing connections with GravityRAT and HeavyLift's command-and-control (C2) servers.
Post a Comment