Search Results for “Jack Stubbs”


April 28, 2020
Joel Schectman, Christopher Bing, Jack Stubbs / Reuters

Joel Schectman, Christopher Bing, Jack Stubbs / Reuters  
Many Surveillance and Cyberintelligence Firms Are Marketing Repurposed Law Enforcement Hacking Tools to Track Coronavirus Infections and Enforce Quarantines

At least eight surveillance and cyberintelligence companies are attempting to sell repurposed surveillance and law enforcement hacking tools to track the coronavirus and enforce quarantines, based on documents and interviews Reuters obtained.  Among those companies identified by Reuters as marketing their hacking and surveillance software to countries around the globe are Intellexa, Verint, NSO Group, Rayzone Group, Cobwebs Technologies, Patternz, and Cellebrite. Israeli mobile phone hacking software company Cellebrite is offering its mobile phone hacking and surveillance capability to help authorities learn who a coronavirus sufferer may have infected.  According to a Cellebrite email pitch to the Delhi police force this month, authorities can siphon up coronavirus-positive patients’ location data and contacts, making it easy to “quarantine the right people.” Although the company sees this tracking as done with users’ consent, they also concede that police can use their tools to hack into confiscated devices. Cellebrite is also offering a version of its product line for use by healthcare workers to trace the spread of the virus that causes COVID-19, but says the tools can only be used with patient consent and can’t hack phones. Israel is the only country known to be testing a mass surveillance system pitched by the companies, asking NSO Group, one of the industry’s most prominent players, to help build its platform.

Related: Reuters, AppleInsider, iTnews – Security, MacDailyNews, CNBC Technology

Tweets:@jc_stubbs @howelloneill @bing_chris @bing_chris @bing_chris @bing_chris @bing_chris @joel_schectman @razhael @ron_deibert @ericgeller

Reuters: Tracing COVID-19
AppleInsider: Cellebrite pitching iPhone hacking tools as a way to stop COVID-19
iTnews – Security: Special Report: Cyber-intel firms pitch governments on spy tools to trace coronavirus
MacDailyNews: Cellebrite pitches governments iPhone spy tools for coronavirus contact tracing
CNBC Technology: Cyber-intel firms pitch governments on spy tools to trace coronavirus

@jc_stubbs: NEW: Company documents reviewed by Reuters show at least 8 cyber-intelligence firms, better known for selling hacking and surveillance tools, are now pitching coronavirus-tracking products to governments around the world https://reut.rs/2W6pTkP with @joel_schectman @Bing_Chris
@howelloneill: What's really weird about this is the governments refusing to name the tech they're buying here. There's no national security risk, coronavirus is not changing tactics because of surveillance. What's the justification for the lack of transparency?
@bing_chris: Cellebrite, a firm which gained fame for producing a iPhone hacking tool for law enforcement, .... has entered the coronavirus market. Now pitching a solution to hack phones of infected persons, emails reviewed by Reuters show https://reuters.com/article/us-health-coronavirus-spy-specialreport/special-report-cyber-intel-firms-pitch-governments-on-spy-tools-to-trace-coronavirus-idUSKCN22A2G1
@bing_chris: Cellebrite is not alone. Through source interviews and reviewing documents, Reuters found 8 companies playing in this domain: turning spy tools into coronavirus tracking platforms. They include: intelligence companies Verint, NSO, Intellexa, and others https://reuters.com/article/us-health-coronavirus-spy-specialreport/special-report-cyber-intel-firms-pitch-governments-on-spy-tools-to-trace-coronavirus-idUSKCN22A2G1
@bing_chris: We’re in a new world that some argue calls for novel surveillance methods. Several governments are considering bulk telco collection techniques to track infections and force quarantines: https://reuters.com/article/us-health-coronavirus-spy-specialreport/special-report-cyber-intel-firms-pitch-governments-on-spy-tools-to-trace-coronavirus-idUSKCN22A2G1
@bing_chris: But privacy advocates worry about an environment where intelligence firms expand their reach and product adoption. Sources tell us multiple projects are ongoing in Asia, South America and Europe. What could this mean after the virus subsides? https://reuters.com/article/us-health-coronavirus-spy-specialreport/special-report-cyber-intel-firms-pitch-governments-on-spy-tools-to-trace-coronavirus-idUSKCN22A2G1
@bing_chris: This is all happening while senior officials in multiple countries are opening the doors to telco-based mass surveillance solutions to combat the spread of the virus. He’s what that sounds like: https://reuters.com/article/us-health-coronavirus-spy-specialreport/special-report-cyber-intel-firms-pitch-governments-on-spy-tools-to-trace-coronavirus-idUSKCN22A2G1
@joel_schectman: NOW: Instead of tracking terrorists and criminals, Israeli spyware companies say want to help governments monitor coronavirus patients. http://reut.rs/3cWqhcp @Bing_Chris @jc_stubbs
@razhael: You’ve heard of the NSO Group’s effort to repurpose its surveillance solution for COVID-19 contact tracing. New reporting from @Reuters shows that it’s one of many cyber-intelligence companies retooling to take advantage of the coronavirus crisis. MicrobeMobile phone?
@ron_deibert: Special Report: Cyber-intel firms pitch governments on spy tools to trace coronavirus
@ericgeller: Great story by @joel_schectman, @Bing_Chris, and @jc_stubbs about how the coronavirus pandemic is exacerbating surveillance vendors' mission creep. https://reuters.com/article/us-health-coronavirus-spy-specialreport-idUSKCN22A2G1 As @HowellONeill points out, there's no need for secrecy here. Vendors should be held accountable.


April 22, 2020
Jack Stubbs, Raphael Satter / Reuters

Jack Stubbs, Raphael Satter / Reuters  
Vietnam’s APT32 Has Tried to Compromise Email Accounts of China’s Ministry of Emergency Management, Government of Wuhan, Underscoring COVID-19’s Intelligence Priority

A Vietnamese government-backed hacking group known as APT32 has tried to compromise the personal and professional email accounts of staff at China’s Ministry of Emergency Management and the government of Wuhan, the Chinese city at the center of the global coronavirus pandemic, researchers at FireEye report. The attackers targeted a small group of people with emails that included tracking links to notify the hackers when they were opened and planned to send further emails with malicious attachments containing a virus called METALJACK that would give them access to their victims’ computers. FireEye’s Mandiant threat intelligence unit believes the attacks speak to the illness being an intelligence priority among nations.

Related: FireEye

Tweets:@jc_stubbs @razhael @cglyer @johnhulquist


May 8, 2020
Jack Stubbs, Christopher Bing / Reuters

Jack Stubbs, Christopher Bing / Reuters  
Iran’s Charming Kitten Hacking Group Has Targeted Staff at Drugmaker Gilead Sciences as the Company Races to Develop COVID-19 Treatment

Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences in recent weeks as the company races to develop a COVID-19 treatment, an antiviral drug called remdesivir, according to publicly-available web archives reviewed by Reuters and three cybersecurity researchers. A fake email login page designed to steal passwords was sent in April to a top Gilead executive involved in legal and corporate affairs according to an archived version of a website that searches for malicious links. The hacking infrastructure and the targeted phishing campaign used in the attempt to compromise the Gilead executive’s email account has previously been used in cyberattacks by a group of suspected Iranian hackers known as “Charming Kitten.” Iran has denied any involvement in the hacking effort.

March 23, 2020
Raphael Satter, Jack Stubbs, Christopher Bing / Reuters

Raphael Satter, Jack Stubbs, Christopher Bing / Reuters  
Hackers Tried to Break into World Health Organization as Agency Comes Under Two-Fold Increase in Cyberattacks

Elite hackers tried to break into the World Health Organization earlier this month, part of what a senior agency official said was a more than two-fold increase in cyberattacks. WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear, and the effort was unsuccessful. Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity, brought the attempted WHO break-in to Reuters’ attention. He picked up on the activity around March 13 when a group of hackers he had been following activated a malicious site mimicking the WHO’s internal email system. The same malicious web infrastructure belonging to a hacking group known as DarkHotel had also been used to target other healthcare and humanitarian organizations in recent weeks, although it’s unclear if DarkHotel is connected to the WHO hacking.

Related: DataBreaches.net, PYMNTS.com, Slashdot, Boing Boing, The Hill: Cybersecurity, Business Insider

Tweets:@bing_chris @bing_chris @bing_chris @bing_chris


May 5, 2020
Jack Stubbs, Christopher Bing / Reuters

Jack Stubbs, Christopher Bing / Reuters  
NCSC and CISA Warn That Chinese, Iranian and Russian Hackers Are Targeting Pharmaceutical Companies, Research Groups, and Local Governments to Steal Information About Coronavirus Containment Efforts

Britain’s National Cyber Security Centre (NCSC) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a joint statement that state-backed hackers had targeted pharmaceutical companies, research organizations, and local governments to steal valuable information about efforts to contain the new coronavirus outbreak. Although neither government organization said which foreign adversaries are involved, one U.S. official and one UK official said the warning was in response to intrusion attempts by suspected Chinese and Iranian hackers, as well as some Russian-linked activity.

Related: Daily Mail, ZDNet, Mirror, Cyberscoop, Bleeping Computer, The Hill: Cybersecurity, Meritalk, City A.M. – Technology, iNews, Cyber News Group, Infosecurity Magazine, The Sun, Homeland Security Today, NCSC

Tweets:@CISAGov

Daily Mail : Cybersecurity agencies warn of criminals targeting…
ZDNet: Security warning: State-backed hackers are trying to steal coronavirus research
Mirror: Hackers targeting coronavirus health workers in the UK and US, officials warn
Cyberscoop: State-linked hacking continues amid race for coronavirus treatments, US and UK agencies warn
Bleeping Computer : Nation-state hackers are targeting COVID-19 response orgs
The Hill: Cybersecurity: Authorities warn that hackers are targeting healthcare and essential services
Meritalk : US, UK Issue Cyber Warning to Healthcare Organizations – MeriTalk
City A.M. – Technology: Rival states launch cyber attacks on UK and US coronavirus labs
iNews : Coronavirus: ‘Clear evidence’ cyber criminals are targeting healthcare organisations tackling Covid-19 – iNews
Cyber News Group: ‘Bad State Actors’ attempting to steal Coronavirus research, outlines UK NCSC
Infosecurity Magazine: State Hackers Target UK Unis for #COVID19 Vaccine Research
The Sun: Scammers from hostile states and cyber criminals trying to hack UK agencies to steal secrets and research, Raab says
Homeland Security Today: CISA, NCSC Warn That APT Groups Target Healthcare and Essential Services
NCSC: Cyber warning issued for key healthcare organisations in UK and USA

@CISAGov: We partnered with @NCSC UK to expose how password spraying is another tactic used by malicious actors to access accounts and compromise credentials of healthcare and essential services sector: http://cisa.gov/news/2020/05/0


January 27, 2020
Jack Stubbs, Christopher Bing, Joseph Menn / Reuters

Jack Stubbs, Christopher Bing, Joseph Menn / Reuters  
Sweeping DNS Hijacking Attacks Targeting at 30 Organizations in Europe and the Middle East Believed to Instigated by Turkish State-Backed Hackers, Sources

Sweeping cyberattacks targeting at least 30 organizations, including government ministries, embassies and security services as well as companies and other groups, in Europe and the Middle East are believed to be the work of state-backed hackers acting in the interests of the Turkish government, according to two British officials and one U.S. security official. Among the victims are Cypriot and Greek government email services and the Iraqi government’s national security advisor, as well as Albanian state intelligence and civilian organizations in Turkey. The attacks, which began at least as early as 2018, involve DNS hijacking techniques, which entail intercepting internet traffic to victim websites, potentially enabling hackers to obtain unauthorized access to the networks of government bodies and other organizations. The attribution to Turkish hackers is based on the identities and locations of the victims, which included governments of countries that are geopolitically significant to Turkey; similarities to previous attacks that they say used infrastructure registered from Turkey; and information contained in confidential intelligence assessments that the sources declined to detail.

Tweets:@jc_stubbs @saffronsec @Bing_Chris @Bing_Chris @Bing_Chris @Bing_Chris @Bing_Chris @Bing_Chris @Bing_Chris @Bing_Chris

@jc_stubbs: NEW: a cyber-espionage campaign that has attacked organisations across Europe and the Middle East for the last two years is believed to be the work of hackers acting in the interests of the Turkish government, sources tell me, @josephmenn and @Bing_Chris
@saffronsec: First public reporting on attribution for DNS hijacking activity tracked as SeaTurtle, from @jc_stubbs and co. Likely originating from a Turkish government agency.
@Bing_Chris: A massive cyber espionage campaign, which we found so spooked US intelligence that it changed how the government handles DNS registration, was the work of hackers aligned with the Turkish government
@Bing_Chris: The operation, known within the cyber research community as “SeaTurtle,” exploited weaknesses in DNS to hack hundreds of high profile victims, including entire foreign intelligence agencies. Notable victims also included a human rights group negotiating a ceasefire in Syria.
@Bing_Chris: We first began hearing word about how big a deal this hack was from our sources after a great report by @TalosSecurity . Our sources told us the hackers had gained access giving them the ability to intercept ALL INTERNET TRAFFIC going to several countries in the Middle East
@Bing_Chris: Other high profile ? victims included: the email services for the entire government of Cyprus, the Freemason group in Turkey, a key undersea cable provider situated in Cyprus which routes large portions of the internet throughout the Middle East
@Bing_Chris: We try to be very transparent about how we know what we know since this is an arena ripe for misdirection and confusion. (If you’re interested in learning more about Turkish hacking ops I would suggest checking our their MIT) https://reuters.com/article/us-cyber-attack-hijack-exclusive-idUSKBN1ZQ10X
@Bing_Chris: The hijacking was aimed at huge amounts of traffic flowing through Albania, Greece, Iraq, and Cyprus.. all countries which are of high geopolitical interest to Turkey for various reasons. ? occurred at a time when Turkey was launching numerous kinetic military strikes in Syria
@Bing_Chris: There was a lot of detail I wish we could have jammed into this story, but alas... if you want to talk about SeaTurtle or have any additional info let me know (full contact info in bio)
@Bing_Chris: If you'd like to read about why SeaTurtle matters (and enjoy far better writing than my own) - try this piece by @a_greenberg: "Cyberspies Hijacked the Internet Domains of Entire Countries" https://wired.com/story/sea-turtle-dns-hijacking/ Which outlines the initial Talos research very well.


June 26, 2019
JACK STUBBS, JOSEPH MENN and CHRISTOPHER BING / Reuters

JACK STUBBS, JOSEPH MENN and CHRISTOPHER BING / Reuters  
Years-Long ‘Cloud Hopper’ Hacking Campaign Tied to Chinese Government Hit Eight of World’s Largest Technology Service Providers, Attacks Emanated to Waves of Clients

Eight of the world’s biggest technology service providers were hacked by teams of spies connected to the Chinese Ministry of State Security in an elaborate and years-long campaign called Cloud Hopper, a Reuters investigation discovered. Cloud Hopper was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud. At that time, prosecutors described an elaborate operation that victimized multiple Western companies but stopped short of naming them, although Reuters was able to identify two of them, Hewlett Packard Enterprise and IBM. The remaining six companies are Fujitsu, Tata Consultancy Services, NTT Data, Dimension Data, Computer Sciences Corporation and DXC Technology. Waves of clients of these eight companies were also victims, including Ericsson, Sabre, and shipbuilding company Huntington Ingalls Industries, although it is impossible to say how many clients of the service providers were compromised.

Related: New York Post, CBC, Kyiv Post, GlobalNews.ca, Slashdot, IT Pro, CRN

Tweets:@georgevhulme @Bing_Chris


June 27, 2019
Christopher Bing, Jack Stubbs, Joseph Menn / Reuters

Christopher Bing, Jack Stubbs, Joseph Menn / Reuters  
Hackers From Western Spy Agencies Broke Into Russia’s Yandex to Deploy Rare Regin Malware to Spy on Developers, Sources

Hackers working for Western intelligence agencies broke into Russian Internet search company Yandex, known as “Russia’s Google,” in late 2018 deploying a rare type of malware called Regin in an attempt to spy on user accounts in the company’s research and development unit, four people with knowledge of the matter told Reuters. Regin has been known to be used by intelligence agencies in the Five Eye countries, which is composed of the United States, Britain, Australia, New Zealand, and Canada. The sources said the hackers appeared to be searching for technical information that could explain how Yandex authenticates user accounts, which could help spy agencies impersonate a Yandex user and access their private messages. Yandex spokesman Ilya Grabovsky acknowledged the attack but said it had been neutralized at an early stage and caused no damage.

Related: CNBC Technology, Slashdot, CNET News, Techradar, The Register – Security,  ARN, Security – Computing, Deccan Chronicle

Tweets:@josephmenn


October 21, 2019
Jack Stubbs / Reuters

Jack Stubbs / Reuters  
Russian Hacking Group Turla Masquerades as Iranian State Hackers to Expand Its Attacks in at Least 20 Different Countries

Highlighting the danger of wrongly attributing cyberattacks, the Russian hacking group known as Turla, which has been accused by Estonian and Czech authorities of operating on behalf of Russia’s FSB security service, has in fact used Iranian state hacker tools and computer infrastructure to successfully hack in to organizations in at least 20 different countries over the last 18 months, according to two advisories published the UK’s National Cyber Security Centre and the U.S. NSA. The group was active in the Middle East but also targeted organizations in Britain. The attacks, aimed across 35 countries, are masqueraded to appear as if they come from Iranian hacking group APT 34, but they do not.

Related: National Cyber Security Centre, National Cyber Security Centre, Financial Times, ZDNet, News Agency UNIAN, BBC News, News 112.international, Daily Mail, UPI.com, ABC News: U.S., Forbes, Haaretz.com, News from EUobserver,  iTnews – Security, Silicon UK, The Register – Security, SecurityWeek, City AM,  Security Affairs, Techerati, Kyiv Post, AP Breaking News, NDTV Gadgets360.com, City A.M. – Technology, US-CERT Current Activity, ABC News: U.S., Homeland Security Today, Security Affairs, Homeland Security Today, BleepingComputer.com, iTnews – Security, Security News | Tech Times, Cyber Security Review, Cyberscoop, Security Affairs, NS Tech, Reuters: World News, Kyiv Post, AP Breaking News, Silicon UK, UPI.com, Daily Mail, iTnews – Security, Reddit-hacking, SecurityWeek, DataBreachToday.com, ZDNet, The Hill: Cybersecurity, SC Magazine, News 112.international, The Register – Security, DataBreaches.net

Tweets:@RIdT @JuliaDavisNews @thehellu @JasonMBrodsky @shashj @JohnHulquist @zachdorfsman @EllieGeranmayeh @likethecoins @saffronsec @KateOflaherty @tonyromm @EllieGeranmayeh @shanvav @RonDeibert @jc_stubbs

National Cyber Security Centre: UK and US intelligence exposes Turla group attack
National Cyber Security Centre: Advisory: Turla group exploits Iranian APT to expand coverage of victims
Financial Times: Russian cyberattack unit ‘masqueraded’ as Iranian hackers, UK says
ZDNet: Russian APT Turla targets 35 countries on the back of Iranian infrastructure
News Agency UNIAN: Hacking the hackers: Russian group hijacked Iranian spying operation, officials say – media
BBC News: Russian hackers cloak attacks using Iranian group
News 112.international: Russian group hijacked Iranian spying operation, officials say
Daily Mail: British spooks expose Russian-based cyber hacking gang Turla, that targeted UK organisation
UPI.com: U.S., British officials: Russian group targets Iranian hackers to spy on 35 nations
ABC News: U.S.: US: Russian hackers use Iranians to mask their identities
Forbes : NSA And NCSC Warning: Russian Hackers Disguised As Iranian Spies Attacked 35 Countries
Haaretz.com: Russian hackers hijacked Iranian cyber-espionage operation, officials say
News from EUobserver: [Ticker] Report: Russian hackers used Iranian cover to attack UK
iTnews – Security: NSA and GCHQ say Russians government hackers hijacked Iranian hackers
Silicon UK: Russian Cyber-Spies ‘Hijacked Iranian Attack Infrastructure’
The Register – Security: Iran? More like Ivan: Brit and US spies say they can see through Turla hacking group’s facade
SecurityWeek: US, UK: Russian Hackers Hijacked Iranian Malware, Infrastructure
City AM : Hacked off: Russian cyber criminals hack Iranian hackers
Security Affairs: UK/US investigation revealed that Russian Turla APT masqueraded as Iranian hackers
Techerati: UK and US accuse Russian hackers of disguising themselves as Iranian spies to attack 35 countries
Kyiv Post: Associated Press: Russian hackers use Iranians to mask their identities
AP Breaking News: US: Russian hackers use Iranians to mask their identities
NDTV Gadgets360.com: Russian Group Hijacked Iranian Spying Operation, Officials Say
City A.M. – Technology: Hacked off: Russian cyber criminals hack Iranian hackers
Threatpost: Turla Compromises, Infiltrates Iranian APT Infrastructure
US-CERT Current Activity: NSA and NCSC Release Joint Advisory on Turla Group Activity
ABC News: U.S.: US: Russian hackers use Iranians to mask their identities
Homeland Security Today: Russian Hackers Cloak Attacks Using Iranian Group
Security Affairs: UK/US investigation revealed that Russian Turla APT masqueraded as Iranian hackers
Homeland Security Today: Russian Hackers Cloak Attacks Using Iranian Group
BleepingComputer.com: Russian Hackers Use Iranian Threat Group’s Tools, Servers as Cover
iTnews – Security: NSA and GCHQ say Russian government hackers hijacked Iranian hackers
Security News | Tech Times: Russian Cyber-Espionage Group Turla Masquarades As Iranian Hacker Group In Attacks To More Than 35 Countries
Cyber Security Review: Russian APT Turla targets 35 countries on the back of Iranian infrastructure
Cyberscoop : Russian hackers have been mooching off existing OilRig infrastructure
Security Affairs: UK/US investigation revealed that Russian Turla APT masqueraded as Iranian hackers
NS Tech: Russia’s Turla hackers used Iranian cyber weapons to “mask identity”, says NCSC
Reuters: World News: Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
Kyiv Post: Associated Press: Russian hackers use Iranians to mask their identities
AP Breaking News: US: Russian hackers use Iranians to mask their identities
Silicon UK: Russian Cyber-Spies ‘Hijacked Iranian Attack Infrastructure’
UPI.com: U.S., British officials: Russian group targets Iranian hackers to spy on 35 nations
Computing : Russian hackers hijacked Iranian cyber-attack infrastructure to launch attacks on the UK
Daily Mail: British spooks expose Russian-based cyber hacking gang Turla, that targeted UK organisation
iTnews – Security: NSA and GCHQ say Russians government hackers hijacked Iranian hackers
NS Tech: Russia’s Turla hackers used Iranian cyber weapons to “mask identity”, says NCSC
iTnews – Security: NSA and GCHQ say Russian government hackers hijacked Iranian hackers
Reddit-hacking: Russian hacker group hacks Iranian hacker group to use their resources to hack the US and UK
SecurityWeek: US, UK: Russian Hackers Hijacked Iranian Malware, Infrastructure
Forbes : NSA And NCSC Warning: Russian Hackers Disguised As Iranian Spies Attacked 35 Countries
DataBreachToday.com: Russian Hackers Coopted Iranian APT Group’s Infrastructure
ZDNet: Russian APT Turla targets 35 countries on the back of Iranian infrastructure
The Hill: Cybersecurity: Russia-backed hacking group uses Iranian tools to attack Middle East targets
SC Magazine: Russian Turla group masqueraded as Iranian hackers in attacks | SC Media
News 112.international: Russian group hijacked Iranian spying operation, officials say
The Register – Security: Iran? More like Ivan: Brit and US spies say they can see through Turla hacking group’s facade
DataBreaches.net: Russian cyberattack unit ‘masqueraded’ as Iranian hackers, UK says

@RIdT: A highly significant move by NSA & GCHQ >>> “By gaining access to the Iranian infrastructure, Turla [likely FSB] was able to use APT34's ‘command and control’ systems to deploy its own malicious code, GCHQ and the NSA said in a public advisory”
@JuliaDavisNews: Russian cyberattack unit ‘masqueraded’ as Iranian hackers, UK says Turla group hijacked the tools of an Iran unit to lead attacks against 35 countries
@thehellu: #Turla started timidly by deploying #Oilrig tools in computers they had previously owned themselves, then scanned IP addresses looking for Oilrig ASPX shells, and ended up fully compromising Oilrig C2 servers to get victims as well as Oilrig operators data https://ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims
@JasonMBrodsky: New: A Russian cyber espionage unit, Turla group, has hacked Iranian hackers, Oilrig, to lead attacks in more than 35 countries. Would note this comes despite reports that #Iran & #Russia signed cybersecurity cooperation agreements in recent years. #OOTT
@shashj: “The so-called Turla group, which has been linked with Russian intelligence, allegedly hijacked the tools of Oilrig, a group widely linked to the Iranian government, according to a two-year probe by the UK’s National Cyber Security Centre”
@JohnHulquist: Turla has been piggybacking on APT34. @juanandres_gs will be insufferable today.
@zachdorfsman: This is a pretty incredible disclosure from GCHQ--and a window into both Russian prowess and a future where assigning attribution is going to become more fraught.
@EllieGeranmayeh: UK claims “Russian hacking group dubbed “Turla”, which has been linked to Russia’s FSB agency, hacked into Iranian servers to mask attacks against more than 35 different countries [mostly in the Middle East] over the last 18 months”.
@likethecoins: As you read this, don't overlook that attribution is tough: it's an assessment. "the weight of evidence" = words of uncertainty. As always, read analysis with an eye toward evidence presented and realize that good analysts can reach different conclusions. #CTI
@saffronsec: Everyone is fixating on Snake hijacking OilRig infra and access to Iranian C&Cs, which was known. The real story is the claim that Nautilus and Neuron are Iranian tools-using P2P and named pipes for comms-far beyond what we've seen from Iranian capability https://ncsc.gov.uk/news/turla-group-exploits-iran-apt-to-expand-coverage-of-victims
@KateOflaherty: #ICYMI on @Forbes today The US and UK have accused Russian hackers of disguising themsleves as Iranian APTs to perform cyberattacks on as many as 35 countries. Crazy stuff. With superb insight from @PhilipIngMBE
@tonyromm: Facebook also reveals it took down small networks of Iranian, Russian-linked accounts that violated policies. The Russia network "showed some links to the Internet Research Agency (IRA)"
@EllieGeranmayeh: UK claims “Russian hacking group dubbed “Turla”, which has been linked to Russia’s FSB agency, hacked into Iranian servers to mask attacks against more than 35 different countries [mostly in the Middle East] over the last 18 months”.
@shanvav: Russian-linked hackers known as the Turla group have been mooching off of Iranian hackers’ tools and infrastructure for years now (OilRig’s) to run their own attacks, and the @NSAGov and @NCSC are calling it out. Story on @CyberScoopNews
@RonDeibert: Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
@jc_stubbs: Our final update on the Turla/APT34 mash-up special that was yesterday ???? Worth noting: some of the tradecraft had already been uncovered but not scale of the operation. @NCSC/@NSAGov say 35 countries targeted in this way, confirmed victims in 20(!) of those


May 2, 2019
Jack Stubbs / Reuters

Jack Stubbs / Reuters  
’10KBlaze’ Exploits Are Targeting 50,000 Misconfigured SAP NetWeaver Installations, Enable Hackers to Steal and Modify ‘Business Critical’ Information

Exploits known as “10KBLAZE” are targeting administrative misconfigurations of SAP NetWeaver installations, including S4/HANA, researchers at security firm Onapsis report. The misconfigurations enable a hacker to steal anything that sits on a company’s SAP systems and also give them the ability to modify any information there. SAP sells “business critical” software that allows companies to track customer and business interactions. NetWeaver is a technology platform that integrates a variety of business processes into an SAP environment. An estimated 50,000 companies are exposed to the 10KBLAZE exploits as a result of the vulnerabilities. SAP issued proper configuration instructions for the installations in 2009 and 2013 but about 90% of the vulnerable SAP systems have not followed the advice.