Warning: Undefined array key "rbname" in /data/rantburg.com/www/pgrecentorg.php on line 14
Hello !

China-Japan-Koreas

U.S. imposes sanctions on North Korean hacking groups blamed for global attacks

2019-09-14

[REUTERS] The U.S. Treasury on Friday announced sanctions on three North Korea ...hereditary Communist monarchy distinguished by its truculence and periodic acts of violence. Distinguishing features include Songun (Army First) policy, which involves feeding the army before anyone but the Dear Leadership, and Juche, which is Kim Jong Il's personal interpretation of Marxism-Leninism, which he told everybody was brilliant. In 1950 the industrialized North invaded agrarian South Korea. Twenty-one countries of the United Nations eventually contributed to the UN force opposing the invasion, with the United States providing around 90% of the military personnel. Seventy years later the economic results are in and it doesn't look good for Juche... n hacking groups it said were involved in the "WannaCry" ransomware attacks and hacking of international banks and customer accounts. It named the groups as Lazarus Group, Bluenoroff, and Andariel and said they were controlled by the RGB, North Korea’s primary intelligence bureau, which is already subject to U.S. and United Nations ...an organization originally established to war on dictatorships which was promptly infiltrated by dictatorships and is now held in thrall to dictatorships... sanctions. The action blocks any U.S.-related assets of the groups and prohibits dealings with them. The Treasury statement said any foreign financial institution that knowingly facilitated significant transactions or services for them could also be subject to sanctions. "Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs," said Sigal Mandelker, Treasury under secretary for Terrorism and Financial Intelligence. "We will continue to enforce existing U.S. and U.N. sanctions against North Korea and work with the international community to improve cybersecurity of financial networks." The United States has been attempting to restart talks with North Korea, aimed at pressing the country to give up its nuclear weapons. The talks have been stalled over North Korean demands for concessions, including sanctions relief.

Link

China-Japan-Koreas

Group says North Korea hackers stealing hundreds of millions from banks

2018-10-04

[IsraelTimes] North Korea’s nuclear and missile tests have stopped, but its hacking operations to gather intelligence and raise funds for the sanction-strapped government in Pyongyang may be gathering steam. US security firm FireEye is raising the alarm over a North Korean group that it says has stolen hundreds of millions of dollars by infiltrating the computer systems of banks around the world since 2014 through highly sophisticated and destructive attacks that have spanned at least 11 countries. It says the group is still operating and poses "an active global threat." It is part of a wider pattern of malicious state-backed cyber activity that has led the Trump administration to identify North Korea ‐ along with Russia, Iran and China ‐ as one of the main online threats facing the United States. Last month, the Justice Department charged a North Korean hacker said to have conspired in devastating cyberattacks, including an $81 million heist of Bangladesh’s central bank and the WannaCry virus that crippled parts of Britannia’s National Health Service.

Link

-Lurid Crime Tales-

How US authorities tracked down the North Korean hacker behind WannaCry

2018-09-07

[Zednet] US authorities put together four years worth of malware samples, domain names, email and social media accounts to track down one of the Lazarus Group hackers. On September 6, the US Department of Justice formally charged a North Korean programmer for some of the biggest cyber-attacks in recent years. According to a 179-page DOJ indictment, the US believes that Park Jin Hyok, a 34-year-old North Korean, is one of the many individuals behind a long string of malware attacks and intrusions, such as: - The WannaCry ransomware outbreak of 2017; - Attempts of hacking US defense contractor Lockheed Martin in 2016; - The 2016 Bangladesh Central Bank cyber-heist; - The breach at Sony Pictures Entertainment in 2014; - Breaches at US movie theatre chains AMC Theatres and Mammoth Screen in 2014; - A long string of hacks of South Korean news media organizations, banks, and military entities across several years, and; - Hacks of banks all over the world from 2015 through 2018. Also: Free, easy to use, and available to anyone: The powerful malware hiding in plain sight on the open web The DOJ says Park was an active member of a government-sponsored hacking team known in the private cyber-security sector as the Lazarus Group. But in reality, officials say, he was also a government employee working for a government-owned company named Chosun Expo Joint Venture (Chosun Expo hereinafter). Investigators say that Chosun Expo was founded as a joint venture between the South and North Korean governments, and was meant to be an e-commerce and lottery website. South Korean officials pulled out of the deal, but the North Korean government continued to manage the company through various individuals, branching out in different online services, such as online gaming and gambling. The company had offices in North Korea and China, and Park was sent to work for many years in the company's Chinese office in the city of Dalian. There, investigators said he worked under titles of "developer" and "online game developer," listing the ability to code in Java, JSP, PHP, Flash, but also Visual C++, the language in which most Lazarus Group malware was written in. Link to Federal Indictment found here.

Link

China-Japan-Koreas

North Korean hackers behind $81m cyber theft from Bangladesh Bank

2018-02-15

[Dhaka Tribune] Hackers from North Korea pulled off one of the biggest cyber heists in history when they stole $81 million from Bangladesh’s central bank, America’s top spymaster told politicians on Tuesday. National Intelligence Director Dan Coats told Senate Select Committee on Intelligence that North Korea poses a major threat to cybersecurity globally and the US in particular. Criminals from the hermit state developed and launched the WannaCry ransomware in May 2017, judging from technical links to previously identified North Korean cyber tools, tradecraft, and operational infrastructure, he said. "We also assess that these actors conducted the cyber theft of $81 million from the Bangladesh Bank in 2016," Coats said when testifying on the assessment of the intelligence committee on worldwide threats. Hackers broke into Bangladesh Bank computers and issued fake payment orders tricking the Federal Reserve Bank of New York into paying out $101 million to accounts in Sri Lanka and the Philippines. Bangladesh has managed to recover parts of the money. Its central bank says it will sue Manila-based Rizal Commercial Banking Corporation from where the money disappeared.

Link

China-Japan-Koreas

WannaCry ransom notice analysis suggests Chinese link

2017-05-31

[BBC] New analysis suggests Chinese-speaking criminals may have been behind the WannaCry ransomware that affected thousands of organizations worldwide. Researchers from Flashpoint looked at the language used in the ransom notice. They said the use of proper grammar and punctuation in only the Chinese versions indicated the writer was "native or at least fluent" in Chinese. The translated versions of the ransom notice appeared to be mostly "machine translated". The WannaCry ransom note could be displayed in 28 different languages, but only the Chinese and English versions appeared to have been written by humans. The English text also used some unusual phrases such as: "But you have not so enough time". The WannaCry cyber-attack infected more than 200,000 computers in 150 countries, affecting government, healthcare and private company systems. The UK's National Crime Agency, the FBI and Europol are investigating who was responsible for the ransomware. Some earlier analysis of the software had suggested criminals in North Korea may have been behind it. But the Flashpoint researchers noted the Korean-language ransom note was a poorly translated version of the English text. "It was only really the Chinese and the English versions that appeared to be written by someone that understood the language," said cyber-security expert Prof Alan Woodward from the University of Surrey. "The rest appeared to come from Google Translate. Even the Korean." Prof Woodward noted that the people behind the ransomware had not attempted to retrieve the money victims had paid in Bitcoin, and added it was likely they were keeping a low profile. "I actually think they've run for the hills," he told the BBC. "Their so-called command and control system, the thing that controls quite a lot of the software, has all been turned off. "They know that so many people are watching them now and that following the money could lead to their downfall. I suspect if they've got any sense at all they'll leave it well alone."

Link

-Lurid Crime Tales-

Over 98% of All WannaCry Victims Were Using Windows 7

2017-05-27

And 100 percent of them were using the most insecure network disk sharing protocol on the planet, Server Mount Block Protocol AKA Common Internet File System (CIFS) Protocol [BLEEPINGCOMPUTER] Numbers released by Kaspersky Lab on Friday reveal that over 98% of all documented WannaCry infections were running versions of the Windows 7 operating system. Out of all Windows 7 users, the worst hit were users running Windows 7 64-bit edition, accounting for more than 60% of all infections. The second and third most targeted OS versions were Windows Server 2008 R2, and Windows 10, respectively. So! XP wasn't to blame after all The statistics come to disprove popular belief that WannaCry hit mostly Windows XP machines. "The Windows XP count is insignificant," said Costin Raiu, director of Global Research and Analysis Team at Kaspersky Lab. To infect all these computers, the WannaCry ransomware used an SMB worm that spread on its own to new computers that ran vulnerable SMB services. That SMB worm was powered by an exploit named ETERNALBLUE. The exploit is part of a collection of hacking tools a group of hackers calling themselves The Shadow Brokers have stolen from the NSA and leaked online in April 2017.

Link

China-Japan-Koreas

North Korea's Unit 180, the cyber warfare cell that worries the West

2017-05-22

[AlAhram] North Korea's main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyber attacks, according to defectors, officials and internet security experts. North Korea has been blamed in recent years for a series of online attacks, mostly on financial networks, in the United States, South Korea and over a dozen other countries. Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry "ransomware" cyber attack that infected more than 300,000 computers in 150 countries this month. Pyongyang has called the allegation "ridiculous".

Link

-Lurid Crime Tales-

French team finds way to unlock computers infected with WannaCry virus as ransom deadline looms

2017-05-20

[Telegraph] French researchers have found a way to save Windows files encrypted by the WannaCry virus, racing against a deadline as the ransomware threatens to start locking up victims' computers first infected a week ago. WannaCry, which started to sweep round the globe last Friday and has infected more than 300,000 computers in 150 nations, threatens to lock out victims who have not paid a sum of $300 to $600 (£230 to £460) within one week of infection. A loose-knit team of security researchers scattered across the globe have revealed they have collaborated to develop a workaround to unlock the encryption key for files hit in the global attack, which several independent security researchers have confirmed. But the researchers said their solution would only work in certain conditions, namely if computers had not been rebooted since becoming infected and if victims applied the fix before WannaCry carried out its threat to lock their files permanently. Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning all affected PCs. The group includes Adrien Guinet, who works as a security expert, Matthieu Suiche, who is an internationally known hacker, and Benjamin Delpy, whose day job is at the Banque de La Belle France. Wanakiwi was quickly tested and shown to work on Windows 7 and older Windows versions XP and 2003, Suiche said, adding that he believed the hastily developed fix also works with Windows 2008 and Vista, meaning all affected PCs. "This is not a perfect solution," Suiche said. "But this is so far the only workable solution to help enterprises to recover their files if they have been infected and have no back-ups" which allow users to restore data without paying black-mailers. As of Wednesday, half of all internet addresses corrupted globally by WannaCry were located in China and Russia, with 30 and 20 percent of infections, respectively, according to data supplied by threat intelligence firm Kryptos Logic. By contrast, the United States accounts for 7 percent of WannaCry infections while Britannia, La Belle France and Germany each represent just 2 percent of worldwide attacks, Kryptos said. Only 309 transactions worth around $94,000 appear to have been paid into WannaCry blackmail accounts, seven days after the attack began - just under one in 1,000 of the estimated victims. In a box the Telegraph asks whether WannaCry can be removed without paying, and answers: Yes, by using advanced anti-malware software. The malware can also be removed manually with a computer in "safe mode", however security experts warn this runs the risk of damage to a PC as users must go through sensitive system files in order to find and isolate files created by the Wanna Decryptor software.

Link

-Signs, Portents, and the Weather-

British IT expert, 22, who lives with his parents reveals how he stopped the global cyber attack that wreaked havoc on the NHS as he warns he is already fighting hackers trying to unleash a NEW threat

2017-05-14

[DailyMail] UK blogger, 22, 'accidentally' found method to block spread of cyber attack He found way to register virus as a website which caused a 'kill switch' But the cyber expert warned a group of hackers are trying to sabotage the fix Update from Ynet at 11:30 a.m. EDT: Friday's cyber attack hit 200,000 victims in at least 150 countries and that number could grow when people return to work on Monday, the head of the European Union ...the successor to the Holy Roman Empire, only without the Hapsburgs and the nifty uniforms and the dancing... 's police agency said on Sunday. Cyber security experts say the spread of the virus dubbed WannaCry - "ransomware" which locked up computers in car factories, hospitals, shops and schools in several countries - has slowed, but that any respite might be brief. Europol Director Rob Wainwright told ITV's Peston on Sunday programme the attack was unique in that the ransomware was used in combination with "a worm functionality" so the infection spread automatically.

Link

Warning: Undefined property: stdClass::$T in /data/rantburg.com/www/pgrecentorg.php on line 132
-9 More