espionage

The hackers behind the cyberespionage attacks on Google and more than 30 other companies three years ago are still going strong and seem to have a steady stream of weapons in their arsenal in the form of rare unpatched vulnerabilities known as zero-days, Symantec researchers said today.

The group has used exploits for four zero-day vulnerabilities in attacks over the past few months against targets across a variety of industries, including energy, aeronautics, and financial, and particularly manufacturers of components sold to defense contractors, the security provider said in a blog post.

"This group is focused on wholesale theft … Read more

H.D. Moore wasn't taking chances.

During the spring of 2009, the information specialist traveled to Shanghai on a work trip. For a computer, though, he carried only a stripped down Netbook that he modified using a trick even James Bond would have admired. He sawed off the end of one of the laptop case screws and mashed a small bit of a crushed Altoids mint into the hole before putting the screw back in. After leaving it in his hotel room for a few hours, he came back to find that the powder had disappeared. Something had caused … Read more

What's up with all the malware aimed at the Middle East?

For the second time in two weeks a virus outbreak has been reported at an energy company in that region. Qatari liquified natural gas producer RasGas said its corporate network and Web site were down after getting hit by a virus on Monday. Earlier this week the Saudi Aramco oil company confirmed that its network was hit by a virus two weeks ago, shutting down 30,000 workstations. Neither company identified the virus, but in at least one of the cases it is believed to be malware known … Read more

SHENZHEN, China --Chen Lifang is a bit flummoxed.

Chen is a board member and senior vice president at Huawei, the giant telecommunications gear maker based here. She's digesting news that broke a day earlier that the U.S. House Intelligence Committee has increased the pressure it's putting on the company to disclose details about its ties to the Chinese government. The bombshell came in the form of a letter, released to the media, from the committee's chairman and the ranking Democrat to Huawei founder and Chairman Ren Zhengfei.

Really, the letter was more of an 11-page laundry … Read more

Gauss, a new "cyber-espionage toolkit," has emerged in the Middle East and is capable of stealing sensitive data such as browser passwords, online banking accounts, cookies, and system configurations, according to Kaspersky Lab. Gauss appears to have come from the same nation-state factories that produced Stuxnet.

According to Kaspersky, Gauss has unique characteristics relative to other malware. Kaspersky said it found Gauss following the discovery of Flame. The International Telecommunications Union has started an effort to identify emerging cyberthreats and mitigate them before they spread.

In a nutshell, Gauss launched around September 2011 and was discovered in June. … Read more

LAS VEGAS -- Researchers have uncovered a huge amount of malware and registered domains being used by criminals linked to China who are conducting cyber-espionage on a wide range of government, industry, and human rights activists.

The growing menace from these "Advanced Persistent Threats" is detailed in a report unveiled today called "Chasing APT." In an interview at the Black Hat security conference here, Joe Stewart, director of malware research at Dell Secureworks Counter Threat Unit, said that over the last 18 months he's been monitoring attacks designed to steal data from organizations around the … Read more

LAS VEGAS -- With all the intensity and sincerity of a drill sergeant rallying his troops to war, former FBI Executive Assistant Director Shawn Henry urged hackers to do their part to fight the biggest cybermenace out there: cadres of unknown attackers infiltrating government and corporate networks to steal data and potentially do worse.

"I implore all of you to be committed to your cause, because the stakes are too high. And I believe our failure to step up is a failure to society," Henry, wearing a business suit and sporting a shaved head, told the crowd during … Read more

The U.S. and Israel developed and carried out the Flame virus attacks on Iran, according to a new report.

The Washington Post reports, citing sources, that Flame was the brainchild of the U.S. National Security Agency, the Central Intelligence Agency, and Israel's military. The focus of the malware was to surreptitiously map and monitor Iran's networks to deliver sustained intelligence to the government organizations. That information could then be used for other attacks.

"This is about preparing the battlefield for another type of covert action," an intelligence official told the Washington Post. "Cyber-collection … Read more

The mysterious Flame malware used domain names registered with fake names to communicate with infected computers in the Middle East for at least four years, researchers said today.

Someone began creating the 86 domains and more than 24 IP addresses that host the command-and-control (C&C) servers as early as 2008, using fake identities and addresses in Austria and Germany to register them with GoDaddy and others, Roel Schouwenberg, senior researcher at Kaspersky Lab, said in a Web conference with reporters this morning. He speculated that stolen credit cards were used for the transactions.

The IP addresses point to … Read more