Attacking the Heart of the German Industry

For a number of years now, a group of professional hackers has been busy spying on businesses all over the world: Winnti. Believed to be controlled by China. For the first time, in a joint investigation, German public broadcasters BR and NDR are shedding light on how the hackers operate and how widespread they are.

This investigation starts with a code: daa0 c7cb f4f0 fbcf d6d1. If you know what to look for, you’ll find Winnti. Hackers who have been spying on businesses all over the world for years. A group, presumably China-based, has honed in on Germany and its DAX corporations. For the first time ever, BR and NDR reporters have successfully analyzed hundreds of the malware versions used for that unsavory purpose. The targets: At least six DAX corporations, the stock-listed top companies of the German industry.

Winnti is a highly complex structure that is difficult to penetrate. The term denotes both a sophisticated malware and an actual group of hackers. IT security experts like to call them digital mercenaries. Since at least 2011, these hackers have been using malware to spy on corporate networks. Their mode of operation: to collect information on the organizational charts of companies, on cooperating departments, on the IT systems of individual business units, and on trade secrets, obviously.

Asked about the group an IT security expert who has been analyzing the attacks for years replies, tongue in cheek: “Any DAX corporation that hasn’t been attacked by Winnti must have done something wrong.” A high-ranking German official says: “The numbers of cases are mind-boggling.” And claims that the group continues to be highly active—to this very day. The official’s name will remain undisclosed, as will names of the more than 30 people whom we were able to interview for this article: Company staff, IT security experts, government officials, and representatives of security authorities. They are either not willing or not allowed to speak frankly. But they are allowed to reveal some of their tactics.

This allows us to find the software and to figure out for ourselves how the attackers work. Thanks to the help received from the informers, we, the reporters, are able to get on to the group. Part of their trail is the following code: daa0 c7cb f4f0 fbcf d6d1.

👉🏼 Read the full story without ads n shit:
https://rwtxt.lelux.fi/blackbox/attacking-the-heart-of-the-german-industry

#hacker #china #winnti #attack #spionage #cyberattack #cyberspionage #BASF #Siemens #Henkel
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Kazakhstan's HTTPS Interception

This post describes our analysis of carrier-level HTTPS interception ordered by the government of Kazakhstan.

The Kazakhstan government recently began using a fake root CA to perform a man-in-the-middle (MitM) attack against HTTPS connections to websites including Facebook, Twitter, and Google. We have been tracking the attack, and in this post, we provide preliminary results from our ongoing research and new technical details about the Kazakh interception system.

👉🏼 Read more:
https://censoredplanet.org/kazakhstan

#kazakhstan #HTTPS #interception #websites #MitM #tracking #attack #research #analysis #facebook #twitter #google
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Attack against supercomputers

More than 10 high-performance data centers were hacked, including the one in the city of Garching (Germany). They are used for research on Covid-19 therapies, but those affected suspect other motives behind the attacks.

Dieter Kranzlmüller cannot explain what the hacker wanted. "Someone broke in and manipulated the system. But we don't know exactly what he did," says the head of the Leibniz computer centre in Garching near Munich. The high-performance computer SuperMUC-NG is located there. Kranzlmüller's team had to take it off the Internet this week after a hacker had gained access to the system. The Cybercrime Department of the Bavarian State Office of Criminal Investigation is investigating.

The case has shaken the research community, which depends on the expensive machines for its investigations. They are scattered internationally, but can no longer access the computers online. According to Kranzlmüller, in addition to Garching, more than ten high-performance computer centres in different countries are affected, including those in Freiburg, Stuttgart and Jülich. A "serious problem right across the academic community", is what those responsible for the super computer Archer in Edinburgh call it.

Read more 🇩🇪:
https://www.computerbase.de/2020-05/sicherheitsprobleme-europaeische-rechenzentren-supercomputer/

https://www.sueddeutsche.de/digital/supercomputer-hacker-garching-corona-1.4909397

#attack #hacker #hacked #supercumputers #datacenter #research
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Real-Time Passive Sound Recovery from Light Bulb Vibrations

Spies Can Listen to Your Conversations by Watching a Light Bulb in the Room

You might not believe it, but it's possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there—visible from a window—and measuring the amount of light it emits.

A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover full sound from a victim's room that contains an overhead hanging bulb.

The findings were published in a new paper by a team of academics—Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici and Boris Zadov—from the Israeli's Ben-Gurion University of the Negev and the Weizmann Institute of Science, which will also be presented at the Black Hat USA 2020 conference later this August.

The technique for long-distance eavesdropping, called "Lamphone," works by capturing minuscule sound waves optically through an electro-optical sensor directed at the bulb and using it to recover speech and recognize music.

https://www.nassiben.com/lamphone

PDF:
https://ad447342-c927-414a-bbae-d287bde39ced.filesusr.com/ugd/a53494_443addc922e048d89a664c2423bf43fd.pdf

👉🏼 Read more:
https://thehackernews.com/2020/06/lamphone-light-bulb-spy.html

#spy #cybersecurity #lightbulb #blackhat #sidechannel #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Anonymous Tweets U.S. Hit by Major DDoS Attack on June 15

Following a massive cell phone service outage that affected hundreds of thousands of T-Mobile, AT&T, Verizon and Sprint customers on Monday, the hacktivist group Anonymous tweeted that it was a result of a “major DDoS attack.” The companies affected and authorities have not confirmed the claim.

DDoS, short for Distributed Denial of Service, is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Attackers target a wide variety of important resources, from banks to news websites, flooding the sites with too much information to operate and causing a major challenge to people wanting to publish or access important information.

Anonymous tweeted out a digital map that appeared to show the various types of attacks happening between America and the rest of the world on Monday.

The U.S. is currently under a major DDoS attack. https://t.co/7pmLpWUzUp pic.twitter.com/W5giIA2Inc

— Anonymous (@YourAnonCentral) June 15, 2020

👉🏼 Read more:
https://heavy.com/news/2020/06/anonymous-ddos-attack-cell-service-outage/

#anonymous #usa #ddos #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Australian Government and businesses hit by massive cyber attack from ‘sophisticated, state-based actor’

Australia is currently being hit with a massive cyber attack by a foreign government, Prime Minister Scott Morrison has revealed.

In an urgent press conference called this morning in Canberra, Mr Morrison said the ongoing, "large-scale" hack was being executed by a “sophisticated, state-based cyber actor”.

“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure,” Mr Morrison told reporters.

“We know it is a sophisticated, state-based cyber actor because of the scale and nature of the targeting and the tradecraft used. Regrettably, this activity is not new. Frequency has been increasing.”

Mr Morrison said the Australian Cyber Security Centre has been “actively working with targeted organisations to ensure that they have appropriate technical mitigations in place and their defences are appropriately raised”.

Asked which nation was suspected to be behind the attack, Mr Morrison said the “threshold for public attribution on a technical level is extremely high” and that Australia “doesn't engage lightly in public attributions”.

https://www.news.com.au/technology/online/hacking/australian-government-and-private-sector-reportedly-hit-by-massive-cyber-attack/news-story/b570a8ab68574f42f553fc901fa7d1e9


#australia #gov #attack

Tutanota - We are under another DoS attack and working on mitigating this already. We apologize for this inconvenience.

👀 👉🏼 https://twitter.com/TutanotaTeam/status/1295456582956994567

#tutanota #ddos #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Stealing Data With CSS: Attack and Defense

Summary: A method is detailed - dubbed CSS Exfil - which can be used to steal targeted data using Cascading Style Sheets (CSS) as an attack vector. Due to the modern web's heavy reliance on CSS, a wide variety of data is potentially at risk, including: usernames, passwords, and sensitive data such as date of birth, social security numbers, and credit card numbers. The technique can also be used to de-anonymize users on dark nets like Tor. Defense methods are discussed for both website operators as well as web users, and a pair of browser extensions are offered which guard against this class of attack.

👀 👉🏼 Want to check if you are vulnerable?
https://www.mike-gualtieri.com/css-exfil-vulnerability-tester

💡 👉🏼 Want to protect yourself?

👉🏼 Install the Chrome plugin:
https://chrome.google.com/webstore/detail/css-exfil-protection/ibeemfhcbbikonfajhamlkdgedmekifo

👉🏼 Install the Firefox plugin:
https://addons.mozilla.org/en-US/firefox/addon/css-exfil-protection

👀 👉🏼 Methods of Exploitation and Proof of Concept
https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense

#css #attack #defense #exploitation #vulnerability
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

How to stop the onion denial (of service)

As you might have heard, some onion services have been experiencing issues with denial-of-service (DoS) attacks over the past few years.

The attacks exploit the inherent asymmetric nature of the onion service rendezvous protocol, and that makes it a hard problem to defend against. During the rendezvous protocol, an evil client can send a small message to the service while the service has to do lots of expensive work to react to it. This asymmetry opens the protocol to DoS attacks, and the anonymous nature of our network makes it extremely challenging to filter the good clients from the bad.

For the past two years, we've been providing more scaling options to onion service operators, supporting more agile circuit management and protecting the network and the service host from CPU exhaustion. While these don't fix the root problem, they provide a framework to onion service operators to build their own DoS detection and handling infrastructure.

Even though the toolbox of available defenses for onion service operators has grown, the threat of DoS attacks still looms large. And while there is still a bunch of smaller-scale improvements that could be done, we believe that this is not the kind of problem that a parameter tweak or small code change will make it disappear. The inherent nature of the problem makes us believe that we need to make fundamental changes to address it.

In this post, we would like to present you with two options that we believe can provide a long-term defense to the problem while maintaining the usability and security of onion services.

The intuition to keep in mind when considering these designs is that we need to be able to offer different notions of fairness. In today's onion services, each connection request is indistinguishable from all the other requests (it's an anonymity system after all), so the only available fairness strategy is to treat each request equally -- which means that somebody who makes more requests will inherently get more attention.

The alternatives we describe here use two principles to change the balance: (1) the client should have the option to include some new information in its request, which the onion service can use to more intelligently prioritize which requests it answers; and (2) rather than a static requirement in place at all times, we should let onion services scale the defenses based on current load, with the default being to answer everything.

👀 👉🏼 https://blog.torproject.org/stop-the-onion-denial

#tor #onion #DoS #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

New Zealand stock exchange hit by cyber attack for second day

Trading halted again, one day after overseas DDoS bombardment that forced stock market to shut down

New Zealand’s stock market has been interrupted by an apparent overseas cyber attack for the second day running.

The Wellington-based NZX exchange went offline at 11.24am on Wednesday and although some connectivity was restored for investors, some trading was halted.

The NZX said it had experienced “network connectivity issues” and that the NZX main board, NZX debt market and Fonterra shareholders market were placed on halt.

However it then announced that those areas would resume trading with the rest of the market at 3pm on Wednesday.

https://www.theguardian.com/technology/2020/aug/26/new-zealand-stock-exchange-hit-by-cyber-attack-for-second-day

#NewZealand #NZ #Stock #Exchange #cyber #attack #DDOS

Iranian hackers pose as journalists

IT agents of Iran pose as journalists and conduct "interviews" to gain the trust of their victims. The attackers learn from North Korea.

State hackers of Iran pose as Farsi-speaking journalists of Deutsche Welle and the US weekly Jewish Journal. For their false identities, the attackers set up nice LinkedIn accounts. They also pick up the phone and call their victims via WhatsApp, ostensibly to conduct interviews or prepare an alleged webinar in which the victim is supposed to be the keynote speaker.

👀 👉🏼 🇬🇧 The Kittens Are Back in Town 3 (PDF)
https://www.clearskysec.com/wp-content/uploads/2020/08/The-Kittens-are-Back-in-Town-3.pdf

👀 👉🏼 🇬🇧 Operation ‘Dream Job’
https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf

👀 👉🏼 🇩🇪 https://www.heise.de/newsticker/meldung/Iranische-Hacker-geben-sich-als-Journalisten-aus-4881027.html

#iran #hacker #agents #attack #journalists #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Ransomware attack halts Argentinian border crossing for four hours

Argentina's official immigration agency, Dirección Nacional de Migraciones, suffered a Netwalker ransomware attack that temporarily halted border crossing into and out of the country.

While ransomware attacks against cities and local agencies have become all too common, this may be a first known attack against a federal agency that has interrupted a country's operations.

According to a criminal complaint published by Argentina's cybercrime agency, Unidad Fiscal Especializada en Ciberdelincuencia, the government first learned of the ransomware attack after receiving numerous tech support calls from checkpoints at approximately 7 AM on August 27th.

https://www.bleepingcomputer.com/news/security/ransomware-attack-halts-argentinian-border-crossing-for-four-hours/

#South #America #Argentina #ransomware #attack

Your digital privacy is under attack. Can anything be done to protect it?

A committee from the Council of Europe is concerned with the use of technology for mass surveillance programs.

Intelligence services around the world should be kept in check by an international body with the power to make sure governments don't misuse personal data for surveillance purposes, said the Council of Europe's data protection committee chairs in a joint statement.

Countries should agree at an international level on the extent to which the surveillance carried out by intelligence services can be authorized and under which conditions, recommended the committee. The agreement should come as a legal tool that could be enforced independently by a data protection body that is yet to be created.

The European human rights organization said that calls for better data protection at an international level are especially relevant in times of crisis, when circumstances provide governments with an opportunity to lawfully restrict citizens' privacy rights.

👀 👉🏼 https://www.zdnet.com/article/your-digital-privacy-is-under-attack-can-anything-be-done-to-protect-it

👀 👉🏼 Better protecting individuals in the context ofinternational data flows (PDF):
https://rm.coe.int/statement-schrems-ii-final-002-/16809f79cb

#digital #privacy #attack #data #flows #thinkabout #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Crypto crime - KuCoin: Hackers steal 150 million US dollars from Bitcoin stock exchange

The Bitcoin exchange KuCoin has become the victim of a hacker attack. According to estimates, 150 to 200 million US dollars disappeared. Most of the money is said to have already been recovered.

The Bitcoin exchange KuCoin has announced that it became the victim of a hacker attack on September 26. Mainly Bitcoin (BTC), Ether (ETH) and ERC 20 tokens were acquired by the attackers on their raid. The exchange did not explicitly comment on the amount of damage and reassured that it was a small part of the exchange's total capital. According to external estimates, however, crypto-values of 150 to 200 million US dollars (USD) were apparently lost in the process.

👀 👉🏼 https://nitter.net/kucoincom/status/1309689557206491137

👀 👉🏼 🇩🇪 https://www.btc-echo.de/kucoin-hacker-stehlen-150-millionen-us-dollar-von-bitcoin-boerse/

#KuCoin #bitcoin #exchange #hacker #hacked #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Ransomware Hits Healthcare Provider UHS, Shuts Down Hospital IT Systems

Although Universal Health Services largely runs behavioral healthcare facilities, it also operates some emergency care centers, potentially putting patients' lives at risk.

A ransomware attack appears to have taken down all IT systems at Universal Health Services (UHS), which operates 400 hospitals and behavioral health facilities in the US and the UK.

UHS employees began reporting problems on Monday via Reddit; the attack has been shutting down computers at various hospitals, forcing them to turn away patients, they say.

One UHS employee based in Arizona told PCMag that the disruption has been blamed on ransomware infecting hospital systems. “Everything is down. No access to any computer at all," the employee said. The hospital has only recently managed to restore the phone system.

“I believe we are turning patients away,” the employee added. “We have been doing everything on paper charts. What gets me is we had no downtime protocols in place. It’s all been improv.”

BleepingComputer reports that a notorious ransomware strain known as Ryuk appears to be behind the attack, which has encrypted computers across the UHS network, making them impossible to access.

https://www.pcmag.com/news/ransomware-hits-healthcare-provider-uhs-shuts-down-hospital-it-systems

#US #ransomware #attack #hospital

VoltPillager: Researchers Compromise Intel SGX With Hardware-Based Undervolting Attack

Security researchers out of the University of Birmingham have crafted another attack against Intel Software Guard Extensions (SGX) when having physical motherboard access and using their "VoltPillager" hardware device they assembled for about $30 USD.

Two years ago Plundervolt was widely publicized for compromising Intel's SGX security by manipulating the CPU frequency/voltage as able to through software interfaces. By carefully undervolting the Intel CPUs when executing enclave computations they were able to ultimately compromise the integrity of SGX.

The impact of Plundervolt was already limited as typically the software needs root/administrative rights to access the CPU voltage/frequency MSRs or other kernel interfaces for manipulating them. But in response to Plundervolt, motherboard vendors began offering options to allow disabling voltage/frequency interface controls on their systems. Following Plundervolt, security researchers at the University of Birmingham in the UK began exploring a hardware-based attack on SGX.

https://www.phoronix.com/scan.php?page=news_item&px=VoltPillager-HW-Undervolt

#research #VoltPillager #undervolting #attack #intel #sgx
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

The Great Firewall of...America? WTZ!

This past week on Feb 2 - Feb 7, 2021 a massive attack was conducted on encrypted services, particular VPN's. VPN traffic was throttled to near unusability.

Basically in 2021, the Great Firewall of the USA was turned on. And then abrubtly turned off.

Purpose of the action was unknown. No party stepped up to acknowledge and aside from me, no one has stepped up to call any Internet Provider of their egregious action against privacy minded people.

Why did this attack happen?
Why did the attack stop?

https://www.youtube.com/watch?v=38za1LYj2XQ&t=1

#usa #greatfirewall #firewall #internet #attack #privacy #thinkabout #video
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Computer giant Acer hit by $50 million ransomware attack

Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.

Acer is a Taiwanese electronics and computer maker well-known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and earned $7.8 billion in 2019.

Yesterday, the ransomware gang announced on their data leak site that they had breached Acer and shared some images of allegedly stolen files as proof.

https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack

#acer #ransomware #attack
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Texas man charged with planning to blow up Amazon data center in Virginia

The Wichita Falls man was arrested Thursday after receiving a fake bomb from an FBI undercover employee.

The FBI arrested a Texas man Thursday on charges of hatching a plan to blow up an Amazon data center in Virginia.

Seth Aaron Pendley, 28, of Wichita Falls was taken into custody Thursday after receiving what he thought was a bomb from a like-minded person, but it was actually a dud provided by an FBI undercover employee.

Court documents say Pendley came to the FBI’s attention after agents received a tip that he was posting alarming statements on a forum popular with militia groups, mymilitia.com. He began communicating through an encrypted messaging app with another person, who told the FBI that Pendley planned to use plastic explosives to attack the tech company’s data centers “to kill about 70% of the internet.”

https://www.nbcnews.com/politics/justice-department/texas-man-charged-planning-blow-amazon-data-center-virginia-n1263663

http://telegra.ph/Texas-Man-Charged-With-Intent-to-Attack-Data-Centers-04-09

via www.justice.gov

#usa #virginia #amazon #DeleteAmazon #datacenter #attack #fbi
📡 @nogoolag 📡 @blackbox_archiv

CIA's Heart Attack Gun

Former CIA employee Mary Embree discusses the infamous heart attack gun. The weapon was first made public during the Church Committee hearings in 1975. Very lethal & untraceable, using this weapon a murder is made to look natural. No doubt the CIA has been using this weapon and has most likely improved upon it since the 70's.

clip of the 1975 Church Committee at 4:57

https://youtu.be/Uwy56QTV4cs

#cia #Heart #Attack #Gun