Newsletters

The South Korean National Police Agency says that a North Korean hacking group known as Kimsuky has breached the email accounts of former government officials.

The Kimsuky campaign took place between April and August of last year and targeted 150 current and former South Korean government officials, professors, and defense and national security experts.

Police officials say Kimsuky operators successfully lured nine individuals on phishing pages and stole their login credentials for Google and Naver accounts.

The Australian Signals Directorate (ASD), Australia's signals intelligence and cyber organisation, has opened up to an ABC documentary about a number of its offensive cyber operations.

One of them was "Operation Valley Wolf", ASD's cyber contribution to the safe passage of partner troops through the Tigris river valley to Mosul, then under Islamic State (IS) control. The broad outlines of this operation have been described before, but the documentary provides more colour and detail.

ASD studied IS's electronic communications, which included the use of a variety of encrypted messaging apps including Surespot, Wickr, WhatsApp and Telegram. It used an implant, "Light Bolt", that could be deployed to IS devices without user interaction and three different denial-of-service payloads that would disrupt internet access: "Rickrolling", "Care Bear" and "Dark Wall". These payloads all cut internet access, but with different degrees of permanence.

Microsoft has identified the threat actor behind the recent exploitation of MOVEit file-transfer servers as our "old friend," the Clop cybercrime group.

Clop itself confirmed its involvement in the attacks in responses to email inquiries sent to Reuters and BleepingComputer reporters.

If the name sounds familiar, this is the same Russian cybercrime group that has previously exploited vulnerabilities in FTA Accellion and Fortra GoAnywhere, two other popular file-transfer appliances.

Communications platform Twilio will automatically reconfigure customer accounts in a crackdown against SMS traffic pumping schemes.

The company will block customers from sending SMS messages to countries the user has no previous history, and the country is known to be a source of SMS traffic pumping schemes.

The change will occur in three weeks, on June 21, 2023, according to emails Twilio has sent customers.

Russia's FSB intelligence service claims to have uncovered a US intelligence operation that hacked the Apple smartphones of "diplomatic missions and embassies in Russia."

The operation allegedly targeted thousands of devices, including the devices of Russian citizens and diplomatic representatives from NATO countries, the post-Soviet bloc, Israel, China, and South Africa.

The attacks exploited a vulnerability in Apple smartphones.

Reports that a state-sponsored PRC cyber actor could be pursuing capabilities to disrupt US critical infrastructure are causing a stir.

This eye-catching nugget is contained within a Microsoft report about a group it calls Volt Typhoon. Microsoft thinks, with "moderate confidence", that Volt Typhoon's campaign is "pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises".

The statement actually feels a bit out of place in the report as it doesn't contain any evidence that backs up the assessment. The report says that Volt Typhoon "typically focuses on espionage and information gathering", although it has "targeted critical infrastructure organisations in Guam and elsewhere in the United States". Microsoft says that in this campaign, affected organisations "span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors".

An Iranian hacktivist group calling itself "Uprising till Overthrow" has breached the Iranian President's Office and has leaked a large collection of classified documents.

According to a press release posted on the website of exiled opposition party MEK, the group claims to have taken control of more than 120 servers and over 1,300 computers inside the President's Office internal network.

The group claims to have had full control over the entire network, to the point they were able to decrypt classified material and encrypted communications from the past several years.

The Python Software Foundation has taken several actions to improve the security and privacy of the official Python Package Index (PyPI) following a series of incidents over the past few weeks.

Plans are currently underway to enable two-factor authentication (2FA) for PyPI accounts and to reduce the instances where the PyPI portal needs to store a user's IP address.

All accounts that maintain a Python library on the PyPI portal must set a 2FA method by the end of the year or have their access to some PyPI features limited.

Microsoft and the NSA have discovered a new Chinese APT group targeting critical infrastructure organizations in the United St.

Named Volt Typhoon, the group has been active since mid-2021 and has gone under the radar due to a focus on stealth in its intrusions.

Operators rely almost exclusively on living-off-the-land and hands-on-keyboard techniques to avoid detection.

Revelations that the FBI improperly used data collected for foreign intelligence under Section 702 of the Foreign Intelligence Surveillance Act (FISA) are fueling doubts about whether the authority will be renewed before it expires at the end of the year.

The news of the FBI searches is contained in a declassified court opinion released by the Director of National Intelligence. The opinion, issued in April of last year by the Foreign Intelligence Surveillance Court (FISC), describes the FBI as having a "pattern of broad, suspicionless queries that are not reasonably likely to retrieve foreign intelligence or evidence of crime".

Section 702 allows US intelligence agencies to compel service providers to help conduct targeted surveillance of foreigners outside the US and has been described by US officials as the "crown jewel" of US surveillance programs. The Section 702 amendment was motivated in part by terrorist use of US email service providers in the early 2000s.