Tag: China

New Clues In Sony Hack Point To Insiders, Away from DPRK

A strong counter-narrative to the official account of the hacking of Sony Pictures Entertainment has emerged in recent days, with the visage of the petulant North Korean dictator, Kim Jong Un, replaced by another, more familiar face: former Sony Pictures employees angry over their firing during a recent reorganization at the company. Researchers from the security firm Norse allege that their investigation of the hack of Sony has uncovered evidence that leads, decisively, away from North Korea as the source of the attack. Instead, the company alleges that a group of six individuals is behind the hack, at least one a former Sony Pictures Entertainment employee who worked in a technical role and had extensive knowledge of the company’s network and operations. [Read Security Ledger coverage of the hack of Sony Pictures Entertainment.] If true, the allegations by Norse deal a serious blow to the government’s account of the incident, which placed the blame squarely on […]

Continue Reading

The Moral of Sony? Stop Doing Attribution

The hack of Sony Pictures Entertainment, which first came to light on November 24th, devolved this week into a chaotic international “whodunnit” with conflicting reports attributing the incident to everything from the government of North Korea to the government of China to global hacktivist group Anonymous to disgruntled Sony employees. For sure: those attributing the attack to hacking crews within the military of the Democratic Peoples Republic of Korea (DPRK) had their argument bolstered by reports in the New York Times and elsewhere claiming that the U.S. government now believes that the DPRK, under the leadership of Kim Jong Un, was responsible for the devastating hack. Officials at Sony Pictures Entertainment clearly believe the connection is credible, ordering the cancellation of the release of the Sony Pictures film The Interview following threats of violence on theaters showing the film. That acceded to a key demand of the hackers, who have used the […]

Continue Reading

Malicious or Obnoxious? Chinese Mobile Vendor CoolPad Uses Secret Backdoors

CoolPad, an up-and-coming Chinese mobile phone maker, is shipping high-end, Android smart phones with so-called “back door” access built into the phone’s software. That, according to research by the firm Palo Alto Networks. Palo Alto researchers Claud Xiao and Ryan Olson released a report identifying the suspicious remote access software, which they dubbed “CoolReaper” on Wednesday. According to the report, the so-called “backdoor” program was shipped with stock operating systems (or ROMs) used by Coolpad’s “high end” phones in China and Taiwan. The software, which appears to have been created and managed by Coolpad, runs on top of the Android operating system and allows the company to remotely manage the phone independent of the wishes of its owner: pushing applications to the device without the user’s consent or notification, wiping data and applications, sending over-the-air (or OTA) updates to the phone, transmitting device data and sending arbitrary phone calls and SMS […]

Continue Reading

Research Exposes Attacks on Military, Diplomats, Executives

Researchers from Blue Coat Systems said on Wednesday that they have identified an online attack framework that is being used in highly targeted attacks on executives in industries like oil, finance and engineering as well as military officers, diplomats and government officials. The attacks are designed to steal sensitive information and Blue Coat, in a report, said that the attackers went to extreme lengths to cover their tracks: routing all communications between the hackers and the compromised systems they controlled through a “convoluted network of router proxies and rented hosts” in countries like South Korea. The framework, dubbed “Inception” is global in scope, but appears to have started out targeting individuals in Russia. Attacks spread via phishing e-mail messages that contained malicious attachments, including key logging tools and remote access Trojan horse programs, BlueCoat said. The company has released a full report on the incident, which can be found here. (PDF) [Read more Security Ledger coverage […]

Continue Reading

FBI: Destructive Malware Used Korean Language Packs

In a first, the F.B.I has issued a warning to U.S. businesses to be on the lookout for destructive malware that was used in an attack last week on Sony Pictures Entertainment. The FBI issued a five-page “FLASH” warning to security professionals at U.S. companies to warn them of the new malware. A copy of the warning viewed by The Security Ledger revealed that the malware deployed a number of malicious modules, including a version of a commercial disk wiping tool on target systems. Samples of the malware obtained by the FBI contained configuration files created on systems using Korean language packs. The use of Korean could suggest a link to North Korea, though it is hardly conclusive. It does appear that the attack was targeted at a specific organization. The malware analyzed by the FBI contained a hard coded list of IP addresses and computer host names. Media reports have linked the malware to the […]

Continue Reading
1 17 18 19 20 21 29