Editor’s Note: Updated to include information from AlienVault on the attacks. – PFR 3/20/2013 Destructive cyber attacks against media outlets and banks in South Korea have ratcheted up tensions on the Korean Peninsula, with charges that the government of reclusive North Korea was behind the hacks. According to a report in South Korea’s Yonhap News Agency, the attacks began at 2:00PM local time in South Korea and affected the computer networks of three broadcasters and two banks. Broadcasters KBS, MBC and YTN all reported that their computer networks were “halted” at that time. Shinhan Bank and Nonghyup made similar reports to the National Police Agency (NPA), according to Yonhap. Unlike past distributed denial of service (DDoS) attacks that are believed to have been launched by the DPRK against the South, the latest incursions come at a time of extreme military tension on the peninsula, and caused damages to South Korean […]
APT
D.C. Insider Site NationalJournal.com Serving Malware
Watering hole -style attacks are all the rage these days, as our recent coverage on the attacks against Facebook and Twitter suggest. That makes us look askance at any report of a web site compromise – especially at a site that’s known to serve an audience that’s of interest to sophisticated, nation-state backed hacking crews. That’s why it caught our attention this week that the web site for the DC-insider magazine The National Journal (nationaljournal.com) was found serving malware. According to a blog post by Anup Ghosh at the security firm Invincea, The National Journal’s Web site was serving up attacks to visitors of the site on Tuesday. The discovery was surprising, as the magazine acknowledged an earlier compromise on February 28th and said that it had since secured its site. That National Journal, part of The Atlantic Media Company, is widely read within Washington D.C.’s political circles. It […]
Obama Lays Down The Law On Cyber Espionage
The Obama Administration on Wednesday released a report detailing new Administration measures to protect U.S. trade secrets and intellectual property. The report: “Administration Strategy on Mitigating the Theft of U.S. Trade Secrets” (PDF) establishes a new foundation for cooperation between the U.S. government and the private sector. It comes just days after a bombshell, 60-page report by the security firm Mandiant that described the activities of “APT1” – a hacking group that Mandiant claims is actually a cyber warfare unit of China’s People’s Liberation Army (PLA). In a post on the Whitehouse blog, the Administration said the Strategy is a continuation of Obama Administration policy to protect U.S. companies from the theft of trade secrets. Under the new Strategy, the Administration will take a “whole government” approach, using diplomatic pressure via the State Department, coordinated, international legal pressure through the Department of Justice and FBI. The U.S. will tap the […]
Report Exposes Links Between Chinese Govt., Hacking Group
If you read one story today (besides this one, of course!) it should be The New York Times’ write-up of a just-released, 60-page report (PDF) on a Chinese hacking group known as APT1 by the security firm Mandiant. At a one level, the report doesn’t tell us anything we didn’t already know: APT1 is a professional, hacking crew that operates from within China and with the full knowledge and support of the Chinese Government. Most of us already suspected that. The report is worth reading for the depths of Mandiant’s research into APT \1 and the revelations of just how close the ties are to the Chinese government and, particularly, the People’s Liberation Army (PLA). Specifically: Mandiant is able to parse the findings of around 150 intrusions it has analyzed that are attributable to APT 1 – which is probably some small fraction of all the attacks the group has carried out. […]
Are Mobile App Developers Prey In A Massive Watering Hole Attack?
Say you’re a “bad guy” and what you really want to do is compromise the systems of some high value targets – like software developers working a prominent, Silicon Valley firms like Facebook and Twitter. Breaking through the front door isn’t easy – these companies mostly have the technology chops to protect their networks and employees. Phishing e-mails are also a tough sell: the developer community is heavy on Apple Mac systems and – besides – application developers might be harder to phish than your average Fortune 500 executive. A better approach might be to let your prey come to you – attacking them passively by gaining control of a trusted third party web site – a so-called “watering hole.” That’s a scenario that has played out in a number of recent, high profile attacks, such as the so-called “VoHo” attacks documented by Symantec and RSA. It may also be […]
