Forced offline, many in Myanmar turn to the dark web
Three days after the military initiated the coup, a letter from Myanmar’s Ministry of Communications and Information said Facebook would be shut down due to “people who are troubling the country’s stability” using the platform to spread “fake news and misinformation.” The following day, the military extended the ban to other platforms, including Twitter and Instagram. And one day after that, the military initiated a nationwide internet outage. In what’s become a typical response to authoritarian crackdowns, Myanmar citizens have turned to the dark web to bypass new censorship measures, hide internet traffic from the military regime, and communicate with family both inside and out of the country….
CrowdStrike co-founder Dmitri Alperovitch on his new policy accelerator that’s all about action
Over the last ten years, Dmitri Alperovitch had a front-row seat to some of the biggest cybersecurity incidents and investigations, including the 2014 Sony Pictures hack attributed to North Korea and the 2015 and 2016 data breach involving the Democratic National Committee, which was carried out by Russian government hackers. It was a little surprising, then, when Alperovitch left his position last year as chief technology officer of CrowdStrike—a company he co-founded in 2011 and now has a market capitalization of more than $42 billion—to launch a type of organization that normally sits on the sidelines: a think tank….
Google: A mysterious hacking group used 11 different zero-days in 2020
A mysterious hacking group has deployed at least 11 zero-day vulnerabilities as part of a sustained hacking operation that took place over the course of 2020 and targeted Android, iOS, and Windows users alike, one of Google’s security teams said today. The attacks, which took place across two separate time windows —in February and October 2020, respectively— relied on luring users on malicious sites that redirected victims to exploit servers.
Finland pins Parliament hack on Chinese hacking group APT31
Finnish officials formally blamed today a group of Chinese state-sponsored hackers known as APT31 for a cyber-attack that breached the Finnish Parliament’s internal IT systems last year. The attack, which took place in the fall of 2020, also resulted in attackers gaining access to the email accounts of some members of Parliament, officials said in December 2020, when they discovered and publicly disclosed the intrusion.
Chinese cyberspies go after telco providers, 5G secrets
A Chinese cyber-espionage group has shifted operations from targeting Vatican officials and Catholic organizations to telecom providers across Asia, Europe, and the US. The group, known in the cybersecurity community as Mustang Panda or RedDelta, has been targeting employees of telecom companies since last fall, as a gateway inside organizations, with the end goal of stealing 5G-related information.
A hacking group is hijacking Microsoft Exchange web shells
A hacking group is piggybacking on the work of other threat actors and is hijacking web shells planted on unpatched Microsoft Exchange servers, including backdoors installed by Chinese cyberspies. The “hijacking activity” is related to the recently disclosed ProxyLogon vulnerabilities.
Chinese universities connected to known APTs are conducting AI/ML cybersecurity research
At least six major Chinese universities with previous connections to government-backed hacking groups have been conducting research on the intersection of cybersecurity and machine learning. These universities have past connections to Chinese hacking groups, which have often recruited operators from the staff or student base, which the CSET team sees as an informal partnership.
Attacks on Exchange servers expand from nation-states to cryptominers
The ongoing mass exploitation campaign targeting Microsoft Exchange email servers has expanded in less than a week to include attacks from multiple nation-state hacking groups and cybercrime operations alike. The attacks —first disclosed last week by Microsoft— are related to four vulnerabilities that security researchers are calling ProxyLogon.
Microsoft and Fireeye Detail New Malware Used by SolarWinds Hackers
Cybersecurity firms Microsoft and FireEye have published separate reports today detailing new malware strains they have linked to the threat actor that compromised software firm SolarWinds and its customers in a supply chain attack in 2020. Three new malware strains have been discovered in total, per the Microsoft report. The FireEye report details only one malware family…
Microsoft: Chinese APT Targeted Exchange Servers With Four Zero-Days
Technology giant Microsoft released emergency security updates today for its Exchange email server to patch four zero-day vulnerabilities that were exploited by a Chinese state-sponsored hacking group. Named Hafnium, Microsoft said the group has a history of targeting internet-facing servers as an entry point into its targets’ internal networks….