Daily NCSC-FI news followup 2019-12-31

Ghosts in the Clouds: Inside Chinas Major Corporate Hack

www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061 A Wall Street Journal investigation has found that the attack was much bigger than previously known. It goes far beyond the 14 unnamed companies listed in the indictment, stretching across at least a dozen cloud providers, including CGI Group Inc. Tieto Oyj, a major Finnish IT services company; and International Business Machines Corp (IBM). Article behind paywall

Microsoft on ottanut haltuunsa hakkeriryhmän käyttämiä verkkotunnuksia ryhmän arvellaan toimivan Pohjois-Koreasta käsin

yle.fi/uutiset/3-11138983 Tietotekniikkajätti Microsoft on ottanut haltuun kymmenittäin hakkeriryhmän käyttämiä verkkotunnuksia. Thallium-hakkeriryhmä käytti verkkotunnuksia arkaluontoisten tietojen varastamiseen esimerkiksi valtioiden virastojen, ajatushautomoiden, kansalaisoikeusjärjestöjen ja yliopistojen työntekijöiltä.. See also:

blogs.microsoft.com/on-the-issues/2019/12/30/microsoft-court-action-against-nation-state-cybercrime/

BRONZE PRESIDENT Targets NGOs

www.secureworks.com/research/bronze-president-targets-ngos BRONZE PRESIDENT is a likely People’s Republic of China (PRC)-based targeted cyberespionage group that uses both proprietary and publicly available tools to target NGO networks.

Daily NCSC-FI news followup 2020-03-22

Remote working safety and security www.kaspersky.com/blog/remote-work-security/34258/?utm_source=rss&utm_medium=rss&utm_campaign=remote-work-security That makes sense: If companies are to continue functioning, and if your job is location-neutral, staying home reduces the likelihood of catching and transmitting the coronavirus while letting you continue doing your job. Honeypot – Scanning and Targeting Devices & Services isc.sans.edu/forums/diary/Honeypot+Scanning+and+Targeting+Devices+Services/25928/ I was curious this week to see […]

Daily NCSC-FI news followup 2020-06-28

Journalist’s phone hacked by new invisible’ technique: All he had to do was visit one website. Any website www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html The white iPhone with chipped paint that Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him. Microsoft quietly created a Windows 10 File Recovery tool, […]

Daily NCSC-FI news followup 2020-04-06

DarkHotel hackers use VPN zero-day to breach Chinese government agencies www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/ Chinese security-firm Qihoo 360, which detected the intrusions, said the hackers used a zero-day vulnerability in Sangfor SSL VPN servers, used to provide remote access to enterprise and government networks. Attacks Simultaneously Exploiting Vulnerability in IE (CVE-2020-0674) and Firefox (CVE-2019-17026) blogs.jpcert.or.jp/en/2020/04/ie-firefox-0day.html On 8 January […]