Cyber Spying, Digital Theft & Espionage

Uploaded on 2019-12-20 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Cyber spying, digital theft and  espionage are about obtaining secret information without the permission and knowledge of the holder of the information. This data is taken from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using proxy servers, cracking techniques and malware software.

A group of ecurity researchers callled Malware HunterTeam have recently encountered a new macOS malware sample believed to be the work of the North Korean group of hackers known as Lazarus. The threat has a very low detection rate and comes with capabilities that allow it to retrieve a payload from a remote location and run it in memory, making the forensic analysis more difficult.

Another recent study of cyber espionage activities shows that more than 200 unique families of malware have been used to eavesdrop on corporate and government employees, including attacks on the Japanese government.

These malware spies have formed  armies of nefarious hackers from around the world who use cyber warfare for economic, political, or military gain. 

These deliberately recruited and highly valued cybercriminals have the technical know-how to shut down anything from government infrastructures to financial systems or utility resources. They have influenced the outcome of political elections, created havoc at international events, and helped companies succeed or fail.

Many of these attackers use advance persistent threats (APTs) as their modus operandi to stealthily enter networks or systems and remain undetected for years and years.

These state-based threat actor teams are comprised of computer programmers, engineers, and scientists that form military and intelligence agency hacking clusters. They have tremendous financial backing and unlimited technological resources that help them evolve their techniques rapidly.

More than 200 unique families of malware have been used to eavesdrop on corporate and government employees, including attacks on the Japanese government, according to the results of a study of cyber-espionage activities released on July 25.
Unlike the massive botnets used by cyber-criminals to steal cash, such as the Gameover Zeus botnet, the espionage botnets typically consist of hundreds of compromised computers rather than tens or hundreds of thousands.

Most of the activity traces back to China, but some spying does not, including espionage carried out by a private security company that advertised "ethical" hacking courses, according to Dell Secureworks, which carried out the investigation. They identified  over 1,100 domain names used in the attacks and registered by online spies.

The Secureworks researchers identified many of the domains by finding suspicious domains and, when possible, registering them as they expired. He then listened for signs of botnet activity, an activity known as "sinkholing." 

Tapping this communication channel allowed Dell Secureworks to peer into the botnet's operation, including who had been infected. Stewart identified the malware into families based on the code and the network traffic each produced. Among the botnet activities caught in Stewart's sinkholing efforts were multiple attacks on Japanese targets, including government ministries, universities, municipal governments, trade organizations, think tanks, the manufacturing industry and the media.

Another sinkhole identified a relatively unknown piece of malware known as Elirks, which uses the Plurk microblogging service to communicate with its network of compromised computers. The attackers also used the service to post the current location of the command-and-control server, so that nodes ready to exfiltrate data can identify themselves and allow their controllers to log in. At least a dozen Plurk accounts were actively being used to communicate with infected systems, Stewart said in the report.

While not every company is in danger of becoming a target of cyber-spies, attackers tend to use the same techniques, much of it spread via carefully crafted email messages and targeted attacks.

Attacks aimed at stealing classified information from government agencies or trade secrets from corporations are also on the rise. Since Google outed Chinese hackers in a massive operation against some three-dozen U.S. and multinational companies, evidence has grown of widespread China-sanctioned espionage against governments, industry and human-rights groups.

China is not alone, however. Other countries-most notably the United States-have also used programs to infiltrate sensitive networks, steal information and interfere with other nations' activities. The US government has disclosed that it was responsible  for developing Stuxnet and used it as an attack method on Iran's nuclear weapond program.

eWeek:         CarbonBlack:           Bleeping Computer

You Might Also Read:

Spyware Website Taken Down:

Malware – The Hateful Eight:

 

« AI Market Forecast To Be Worth $190b By 2025
Cyber Security Talent Crunch - 3.5m Jobs Vacant »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

SCIPP International

SCIPP International

SCIPP’s courses are based on internationally recognized best business practices for security awareness, for both technical and non-technical staff and to comply with regulatory mandates.

J2 Software

J2 Software

J2 Software is a leading African Information Security and ICT business providing information security, governance, risk and compliance solutions.

Romanian Accreditation Association (RENAR)

Romanian Accreditation Association (RENAR)

RENAR is the national accreditation body for Romania. The directory of members provides details of organisations offering certification services for ISO 27001.

Phoenix Cybersecurity

Phoenix Cybersecurity

Phoenix Cybersecurity Services and Managed Security Services help clients just like you take full advantage of leading cybersecurity technologies and industry best practices.

Polestar Industrial IT

Polestar Industrial IT

Polestar work on both sides of the IT & OT divide. Network, Data & Asset Security is our priority. Polestar installations are robust and resilient and comply with the appropriate security.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

Frontal

Frontal

Frontal is a specialized unit in Blockchain and Web3.0 cybersecurity. Securing Digital Assets, Cryptocurrency, DeFi, Blockchain and Web3.0 ecosystem.

ClearSky Cyber Security

ClearSky Cyber Security

ClearSky cyber security provides cyber solutions, focused on threat intelligence services, mainly for the financial sector, critical infrastructure, public sector and the pharma sector.

Walacor

Walacor

Walacor’s secure data platform represents the next generation of secure data and blockchain storage with a trust-first approach that revolutionizes enterprise data, and database management systems.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.

Datos Insights

Datos Insights

Datos Insights is a leading global provider of insights, data, and advisory services to the financial services, insurance, and retail technology industries.