Posts Tagged ‘FireEye’

North Korean Hackers Hijack Computers to Mine Cryptocurrencies

January 2, 2018

Bloomberg

By Sam Kim

  • New hacking group linked to North Korea behind Monero mining
  • Hacking attacks focused primarily on financial gain in 2017
 No automatic alt text available.

North Korean hackers are hijacking computers to mine cryptocurrencies as the regime in Pyongyang widens its hunt for cash under tougher international sanctions.

A hacking unit called Andariel seized a server at a South Korean company in the summer of 2017 and used it to mine about 70 Monero coins — worth about $25,000 as of Dec. 29 — according to Kwak Kyoung-ju, who leads a hacking analysis team at the South Korean government-backed Financial Security Institute.

The case underscores the increasing appetite from cyber-attackers for digital currencies that are becoming a source of income for the Kim Jong Un regime. North Korea is accelerating its pursuit of cash abroad as the world tightens its stranglehold on its conventional sources of money with sanctions cutting oil supplies and other trade bans.

“Andariel is going after anything that generates cash these days,” said Kwak. “Dust gathered over time builds a mountain.”

The hackers may have seized other computers to mine cryptocurrencies and appear to prefer Monero because the currency is more focused on privacy and easier to hide and launder than bitcoin, Kwak said, citing the analysis of the server. Andariel was able to take control of the server undetected by its operator, he said.

How North Korea Built an Army of Hackers: QuickTake Q&A

A cryptocurrency can be earned if a complex mathematical problem is solved, but it requires high-powered computers that often only corporations can afford. Not every company spends as much on protecting their computers from hackers. Yapian, the owner of bitcoin exchange Youbit, said in December it would close after getting breached.

Like bitcoin, Monero uses a network of miners to verify its trades. But it mixes multiple transactions to make it harder to trace the origin of funds, and adopts “dual-key stealth” addresses that make it difficult to pinpoint recipients.

South Korean investigators are looking at North Korea among their suspects. The country’s hackers are increasing attacks on cryptocurrency exchanges in Seoul, security researcher FireEye Inc. said in September.

The U.S. has also blamed North Korea recently for the WannaCry ransomware attack that affected hundreds of thousands of computers globally in 2017. Hackers demanded bitcoin in exchange for unlocking the files they had coded with malware. North Korea denies any role in cyber crimes.

The majority of attacks from North Korean hackers in the past year have focused on financial gain rather than government secrets, according to researchers dealing with them. The shift of focus may accelerate this year as the UN is stepping up its efforts to cut the flow of funds used by the regime to fuel its nuclear arms development.

Read more about North Korean attacks on bitcoin exchanges
“North Korean threats meant attacks on the government and national defense, but now they are looming very large over the private sector,” Lee Dong-geun, chief analyst at the government-run Korea Internet Security Center in Seoul, said at a forum. “They are primarily after information for financial ends.”

Includes Video:

https://www.bloomberg.com/news/articles/2018-01-02/north-korean-hackers-hijack-computers-to-mine-cryptocurrencies

Advertisements

Introducing Force 47, Vietnam’s New Weapon Against Online Dissent

December 31, 2017

The country’s new cyber unit is tasked with finding and rebutting government critics on Facebook and other platforms

People check their phones at a bus stop in Hanoi in August. The Vietnamese government has been increasing its efforts to rein in the internet.Photo: Nguyen Huy Kham/Reuters
.

HANOI—On Christmas Day, Vietnam’s army unveiled its latest answer to the question of how to police the internet: a new, 10,000-strong cyber unit to trawl the web and counter any “wrongful opinions” about the communist state’s government.

Vietnamese leaders have wrestled with the web for years, nervous about the chaos they say the internet can unleash. The country’s president this summer warned that rumors and innuendo could weaken the foundations of the state.

Yet tens of thousands of small businesses rely on Facebook and other social-media platforms to reach their customers. Lobby groups warn that restricting access to the internet could damage one of Asia’s fastest-growing economies, which the government says grew 6.8% this year, the fastest pace in a decade.

“As many forces and countries are talking about a real war in cyberspace, [Vietnam] should also stand ready to fight against wrongful views in every second, minute and hour,” Gen. Nguyen Trong Nghia said Monday as he announced the new program, according to state media.

The Force 47 cyber unit, tasked with rebutting government critics on Facebook and other platforms, adds another layer to Hanoi’s efforts to rein in the internet.

In recent months, the country has increased the penalties for anyone using Facebook as a platform to attack the government. In November, a young blogger was given a seven-year prison sentence for “spreading propaganda against the state,” while a well-known environmentalist, Nguyen Ngoc Nhu Quynh, was handed a 10-year sentence on the same charges in June.

Amnesty International says Vietnam is holding at least 80 political prisoners. Internet security firms Volexity and FireEye says hackers allegedly aligned with Hanoi have installed malware on antigovernment websites to track who visits them.

Vietnam’s government previously has denied involvement in cyberattacks.

The country’s dissidents worry that more measures are coming.

Over glasses of draft pilsner and bowls of peanuts at a Hanoi bar, Nguyen Anh Tuyen, a translator and well-known blogger, described how the government is growing anxious over the spread of what he calls microprotests, organized through social media. These range from campaigns to stop Hanoi’s city government cutting down trees to demonstrations against China’s expansion into waters also claimed by Vietnam.

“The government worries that one day all these different protests will come together in one campaign against them,” noted Mr. Tuyen, who says he is regularly tailed by police and closely monitored.

In December, Hanoi suspended a new toll booth on a small local road in Cai Lay, deep in the south of the country, after truck drivers and other motorists used Facebook to organize protests.

Government officials didn’t respond to requests for comment.

Vietnamese blogger and environmentalist Nguyen Ngoc Nhu Quynh, pictured above at court in Nha Trang on Nov. 30, was sentenced to 10 years in prison for ‘spreading propaganda against the state.’ Photo: Vietnam News Agency/AFP/Getty Images

Vietnam has instructed businesses to boycott Facebook and Google’s YouTube as part of government efforts to encourage the companies to respond more quickly to its requests to remove critical content. A new draft law requiring firms such as Facebook and YouTube to set up representative offices and provide expensive new server systems in-country would make it easier for the state to pressure social-media platforms.

Vietnam’s Chamber of Commerce and Industry and the Asia Internet Coalition, which includes Facebook and Google as members, have criticized the draft law. They say it could undermine local businesses, which have profited from the boom in social media here in recent years.

Google, which said it has a global policy of complying with local laws, referred to the Asia Internet Coalition’s position. Facebook didn’t respond to requests for comment.

While Vietnam’s methods might be crude, internet policy experts say, they reflect moves under way elsewhere to tether the free-information ethos that characterized the early days of the web. Thailand has threatened to block Facebook if it doesn’t remove sensitive images of its new king, while China famously operates an extensive firewall. Facebook has been blocked there since 2009, replaced by homegrown social-media networks that authorities can more easily control.

“Governments are becoming much more aware that they have the leverage to control content that they don’t like on the internet, and they are pushing their authority,” said Daphne Keller at the Stanford Center for Internet and Society. “The era when people thought the internet was ungovernable is past, or is rapidly passing.”

Mai Khoi, a dissident musician known as the ‘Lady Gaga’ of Vietnam, has urged big tech companies to ‘protect the only space where people in Vietnam can speak freely.’ Above, she is seen speaking from a window of her home in Hanoi on Nov. 11.Photo: JENNY VAUGHAN/AFP/Getty Images

One problem for internet companies is finding enough people to assess government requests to remove information, people familiar with the situation say. YouTube recently blocked a clip from the Charlie Chaplin film “The Great Dictator,” which featured a strongly pro-democracy, antimilitary tone, at the request of Thailand’s military government. It later reversed course after determining the video didn’t violate any local laws.

As pressure mounts, Vietnamese activists are urging big tech companies to stand firm against what say are attempts to limit free speech and contain critics.

“We need you to guarantee that you will protect the only space where people in Vietnam can speak freely,” said Do Nguyen Mai Khoi, a singer and outspoken government critic. “You have a social responsibility to do this.”

https://www.wsj.com/articles/introducing-force-47-vietnams-new-weapon-against-online-dissent-1514721606

Handcuffed by sanctions, North Korea seeks cash via cyber theft

December 20, 2017

Some of the 7,000 hackers trained by Pyongyang pose as beautiful women on Facebook, strike online conversations and then send malicious ransom ware files

A man is reflected on a screen showing exchange rates of cryptocurrencies at an exchange in Seoul on December 20, 2017.
(AFP PHOTO / JUNG Yeon-Je)

A man is reflected on a screen showing exchange rates of cryptocurrencies at an exchange in Seoul on December 20, 2017. (AFP PHOTO / JUNG Yeon-Je)

SEOUL, South Korea (AFP) — The messages are alluring, the pictures are attractive. But the women seeking to beguile South Korean Bitcoin executives could actually be hackers from Pyongyang in disguise, experts warn.

In the face of sanctions over its banned nuclear and ballistic missile programs, the cash-strapped North is deploying an army of well-trained hackers with an eye on a lucrative new source of hard currency, they sa

Its cyber warfare abilities first came to prominence when it was accused of hacking into Sony Pictures Entertainment to take revenge for “The Interview,” a satirical film that mocked its leader, Kim Jong-Un.

But it has rapidly expanded from political to financial targets, such as the central bank of Bangladesh and Bitcoin exchanges around the world, with Washington this week blaming it for the WannaCry ransomware that wreaked havoc earlier this year.

Screenshot of a ransomware exploit (Courtesy)

And a South Korean crypto currency exchange shut down on Tuesday after losing 17 percent of its assets in a hacking — its second cyber attack this year — with the North accused of being behind the first.

According to multiple South Korean reports citing Seoul’s intelligence agency, North Korean hackers approach workers at digital exchanges by posing as beautiful women on Facebook, striking online conversations and eventually sending files containing malicious code.

They also bombard executives with emails posing as job seekers sending resumes — with the files containing malware to steal personal and exchange data.

Moon Jong-Hyun, director at Seoul cybersecurity firm EST Security, said the North had stepped up online honeytrap tactics targeting Seoul’s government and military officials in recent years.

“They open Facebook accounts and maintain the online friendship for months before backstabbing the targets in the end,” Moon told a cybersecurity forum, adding that many profess to be studying at a US college or working at a research think tank.

A computer screen at the Cboe Global Markets exchange (previously referred to as CBOE Holdings, Inc.) shows Bitcoin futures prices and trades on December 19, 2017 in Chicago, Illinois. (Scott Olson/Getty Images/AFP)

Simon Choi, director of Seoul cybersecurity firm Hauri, has accumulated vast troves of data on Pyongyang’s hacking activities and has been warning about potential ransomware attacks by the North since 2016.

The United States has reportedly stepped up cyberattacks of its own against Pyongyang.

But Choi told AFP, “The North’s hacking operations are upgrading from attacks on ‘enemy states’ to a shady, lucrative moneymaking machine in the face of more sanctions.”

Pyongyang’s hackers have shown interest in Bitcoin since at least 2012, he said, with attacks spiking whenever the crypto currency surges — and it has soared around 20-fold this year.

Illustrative: Staff monitoring the spread of ransomware cyberattacks at the Korea Internet and Security Agency (KISA) in Seoul, May 15, 2017. (AFP/ YONHAP)

US cybersecurity firm FireEye noted that a lack of regulations and “lax anti-money laundering controls” in many countries make digital currencies an “attractive tactic” for the North.

Crypto currencies, it said in a September report, were “becoming a target of interest by a regime that operates in many ways like a criminal enterprise.”

It documented three attempts by the North to hack into Seoul cryptocurrency exchanges between May and July as a way to “fund the state or personal coffers of Pyongyang’s elite.”

In October, Lazarus, a hacking group linked with the North, launched a malicious phishing campaign targeting people in the bitcoin industry with a fake but lucrative job offer, according to US cybersecurity firm Secureworks.

Hacking attacks targeting digital currencies are only the latest in the long list of alleged online financial heists by the North.

The North is blamed for a massive $81 million cyber-heist from the Bangladesh Central Bank (BCB) in 2016, as well as the theft of $60 million from Taiwan’s Far Eastern International Bank in October.

Map locates top 20 countries affected in the first hours of the global ransomware cyberattack in May 2017. (AP)

Although Pyongyang has angrily denied the accusations — which it described as a “slander” against the authorities — analysts say the digital footprints left behind suggest otherwise.

The attack on the BCB was linked to “nation-state actors in the North,” cyber security firm Symantec said, while the Taiwanese bank theft had some of the “hallmarks” of Lazarus, according to the British defense firm BAE Systems.

Proceeds from such actions are laundered through casinos in the Philippines and Macau or money exchanges in China, said Lim Jong-In, a cyber-security professor at Korea University in Seoul, making it “virtually impossible” to trace.

The global WannaCry ransomware attack in May infected some 300,000 computers in 150 nations, encrypting their files and demanding hundreds of dollars from their owners for the keys to get them back.

Experts say that young hacking talents are handpicked at school to be groomed at elite Kim Chaek University of Technology or Kim Il Sung Military University in Pyongyang, and now number more than 7,000.

This file photo taken on August 9, 2017, shows pedestrians walking past a huge screen in Tokyo displaying news footage of North Korean leader Kim Jong-Un. (AFP PHOTO / Kazuhiro NOGI)

They were once believed to be operating mostly at home or in neighboring China, but analysis by cyber security firm Recorded Future noted “significant physical and virtual North Korean presences” in countries as far away as Kenya and Mozambique.

FireEye CEO Kevin Mandia put the North among a quartet of countries — along with Iran, Russia and China — that accounted for more than 90 percent of cybersecurity breaches the firm dealt with.

Its hackers, he said, were “interesting to respond to and hard to predict.”

https://www.timesofisrael.com/handcuffed-by-sanctions-north-korea-seeks-cash-via-cyber-theft/

READ MORE:

Cyber Attacks “More Complex, Dangerous” Threaten Critical Infrastructure — Breached safety systems — Middle East nuclear, electrical, industrial infrastructure

December 17, 2017

REUTERS

 Image may contain: outdoor
The FireEye logo is seen outside the company’s offices in Milpitas, California, in 2014. | REUTERS

Hackers likely working for a nation-state recently breached safety systems at a critical infrastructure facility, in a watershed attack that halted plant operations, according to cyberinvestigators and the firm whose software was targeted.

FireEye Inc. disclosed the incident on Thursday, saying it had targeted Triconex industrial safety technology from Schneider Electric SE.

Schneider confirmed that the incident had occurred, and that it had issued a security alert to users of Triconex — which cyberexperts said is widely used in the energy industry, including at nuclear facilities and oil and gas plants.

FireEye and Schneider declined to identify the victim, industry or location of the attack. Cybersecurity company Dragos said the hackers targeted an organization in the Middle East, while a second firm, CyberX, said it believed the victim was in Saudi Arabia.

It marks the first report of a safety system breach at an industrial plant by hackers, who have in recent years placed increasing focus on breaking into utilities, factories and other critical infrastructure, cyberexperts said.

Compromising a safety system could let hackers shut them down in advance of attacking other parts of an industrial plant, potentially preventing operators from identifying and halting destructive attacks, they said. Safety systems “could be fooled to indicate that everything is okay,” even as hackers damage a plant, said Galina Antova, co-founder of cybersecurity firm Claroty.

“This is a watershed,” said Sergio Caltagirone, head of threat intelligence with Dragos. “Others will eventually catch up and try to copy this kind of attack.”

In the incident, hackers used sophisticated malware to take remote control of a workstation running a Schneider Electric Triconex safety shutdown system, then sought to reprogram controllers used to identify safety issues. Some controllers entered a fail-safe mode, which caused related processes to shut down and caused the plant to identify the attack, FireEye said.

FireEye believes the attackers’ actions inadvertently caused the shutdown while probing the system to learn how it worked, said Dan Scali, who led FireEye’s investigation. The attackers were likely conducting reconnaissance to learn how they could modify safety systems so they would not operate in the event that the hackers launched an attack that disrupted or damaged the plant, he said.

The U.S. government and private cybersecurity firms have issued public warnings over the past few years about attempts by hackers from nations including Iran, North Korea and Russia and others to attack companies that run critical infrastructure plants, in what they say are primarily reconnaissance operations.

CyberX Vice President Phil Neray said his firm found evidence that the malware was deployed in Saudi Arabia, which could suggest that Iran may be behind the attack.

Security researchers widely believe that Iran was responsible for a series of attacks on Saudi Arabian networks in 2012 and 2017 using a virus known as Shamoon.

Schneider provided Reuters with a customer security alert, dated Wednesday, which said it was working with the U.S. Department of Homeland Security to investigate the attack.

Image result for U.S. Department of Homeland Security, signs, signage

“While evidence suggests this was an isolated incident and not due to a vulnerability in the Triconex system or its program code, we continue to investigate whether there are additional attack vectors,” the alert said.

Department of Homeland Security spokesman Scott McConnell said the agency was looking into the matter “to assess the potential impact on critical infrastructure.”

The malware, which FireEye has dubbed Triton, is only the third type of computer virus discovered to date that is capable of disrupting industrial processes.

The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program.

The second, known as Crash Override or Industroyer, was found last year by researchers who said it was likely used in a December 2016 attack that cut power in Ukraine.

https://www.japantimes.co.jp/news/2017/12/15/world/crime-legal-world/hackers-invade-safety-system-halt-mideast-plant-operations-watershed-cyberattack/#.WjY3tt-nGUk

Why Trump is sticking with Obama’s China hacking deal

November 8, 2017
Donald Trump and Xi Jinping are pictured. | AP Photo

 

The hacking agreement is not expected to be a major talking point when President Donald Trump meets on Wednesday in Beijing with Chinese President Xi Jinping (right). | Saul Loeb/Pool Photo via AP/File

President Donald Trump has broken with a host of Obama-era international agreements, from the Trans-Pacific Partnership to the Paris climate pact — but he’s showing every sign of sticking with a 2015 hacking accord with China.

Last month, the Trump administration quietly reaffirmed the agreement, which Republicans had initially greeted with skepticism. And business groups, cyber researchers and international policy experts say they see little reason for Trump to cancel the deal, especially as he’s pressing for China’s cooperation in curbing North Korea’s increasingly bellicose cyber and nuclear programs.

The hacking agreement is not expected to be a major talking point when Trump meets on Wednesday in Beijing with Chinese President Xi Jinping, whose country remains one of the most skilled and aggressive operators in cyberspace.

China appears to be largely complying with the 2015 deal, in which both countries pledged not to steal trade secrets from each other for the benefit of their domestic companies. That has helped calm the friction that once reigned between Washington and Beijing over cyber disputes, leaving Trump free to press his complaints with China on issues such as its protectionist regulations and unfavorable trade balance with the U.S.

“Having the cyber accord that we have helps to narrow the issues in dispute,” said Luke Dembosky, who worked on the 2015 U.S.-China cyber pact as a senior Justice Department official. “We need every bit of goodwill we can muster between our two countries on issues like North Korea. And we should, as a country, capitalize on the breakthrough that was achieved in fall of 2015.”

Perhaps most surprisingly to some, the deal has had its intended effect: Chinese-backed cyber theft of American trade secrets has dropped roughly 90 percent since the September 2015 accord, according to two leading digital security firms. Before then, analysts estimated that the thefts were costing the U.S. hundreds of billions of dollars a year.

“We saw the level of that activity drop off a cliff,” said Chris Porter, the chief intelligence strategist at FireEye, which closely tracks major Chinese-linked hacking groups. “At or near zero levels.”

Those same researchers, though, caution that Chinese hacking tactics may have mutated in recent months, once again threatening American businesses through means that push the boundaries of the 2015 accord.

The Trump administration has not made strong public statements either way regarding the U.S.-China cyber pact despite jointly pledging with China in October to continue implementing the deal.

“President Trump believes strongly in protecting intellectual property rights, which are a key part of a fair and reciprocal trade policy,” White House spokesman Marc Raimondi said via email. “We will be closely monitoring [China’s] adherence to both the letter and the spirit of the commitment.”

When Xi visited the White House in 2015, cyber tensions were at an all-time high between the two countries. It was widely believed that Beijing’s cyber spies had been behind the devastating theft that spring of more than 20 million sensitive U.S. government security clearance background-check files. And business groups were imploring the Obama administration to punish China over what they said was a pervasive hacking campaign to steal America’s trade secrets and erode the country’s competitive advantage, costing the U.S. up to $400 billion a year.

But instead of slapping Beijing with sanctions, Obama and Xi announced a mutual vow to end the type of theft that was enraging U.S. business leaders. Republicans — and even some Democrats — were immediately dubious that the diplomatic route would have any tangible effect on China’s behavior. And notably, the deal did not require either side to stop traditional cyber espionage, such as the theft of the U.S. background-check records.

However, just over two years later, the pact has held.

There has been a “massive reduction” in Chinese intrusions of American companies, said Dmitri Alperovitch, co-founder of the digital security firm CrowdStrike, which is working on a report analyzing China’s digital behavior since the agreement.

And it has allowed the two countries to focus more on their trade relationship, making it “a remarkable success” from that perspective, said Porter, of FireEye. “It shows that diplomacy can be used to reduce the cyber threat to Americans.”

Those who worked on the deal also believe it played a broader role in stabilizing U.S.-China relations and set a rare precedent for the international community on cyber norms, which have been notoriously difficult to pin down.

“These are two of the, if not the two, world leaders on cyber issues,” said Dembosky, now a partner at the law firm Debevoise and Plimpton. “So for them to reach any agreement on matters of cyberspace … has huge ripple effects in the international community in a positive way.”

China did not give up its expansive cyber efforts, though. Instead, the country shifted its focus to regional targets, training its digital spies on dissidents in Tibet and Hong Kong, as well as political, military and economic targets across Asia, CrowdStrike’s Alperovitch said. According to FireEye’s Porter, Chinese hackers were able to pilfer intellectual property — from other nations, like Japan — that was largely comparable to what they had been getting in the U.S.

At the same time, Xi was also restructuring his military. The increasingly powerful leader wanted to consolidate the country’s cyber army and rein in government-linked hackers moonlighting as rogue digital actors, a process FireEye detailed in a June 2016 report.

And there are recent signs that Beijing may be testing the limits of its 2015 promises.

In mid-2016, FireEye noticed that one prominent suspected Chinese hacking group had resurfaced, catching it infiltrating a U.S. information technology services firm in a likely attempt to gain access to the firm’s clients. Porter said FireEye had also discovered Beijing-linked hackers spying on corporate executives, giving them access to inside information that might eventually come in handy for Chinese investors looking to purchase an American firm or Chinese companies bidding on a U.S. project.

It’s unclear whether either strategy would technically violate the narrow terms of the 2015 agreement.

“I do think that it’s still too early to call victory here,” Alperovitch said.

Still, cyber watchers say that Trump should stick with the deal.

The U.S. gave up almost nothing in inking the agreement, they note, as it already had a long-established commitment to not steal corporate secrets for domestic economic gain. Plus, the deal established law enforcement channels to swap details on cybercrime, a valuable tool given China’s proximity to North Korea’s increasingly assertive cyber army. Researchers believe Pyongyang was behind a global malware outbreak earlier this year that froze tens of thousands of computer networks, costing businesses hundreds of millions of dollars. South Korea has also blamed its northern neighbor for the digital theft of war plans.

China may have enabled North Korea’s hacking operations by providing network bandwidth or even physical space for Pyongyang’s digital warriors, according to studies and media reports. Details are thin on what assistance China may currently provide.

“China may well be in a position to be able to provide information about North Korean cyber activities,” said Samir Jain, who helped craft the U.S.-China cyber deal as a senior director for cyber policy at the National Security Council. “To the extent that the Chinese can provide information about those actors or about servers or other infrastructure being used by North, then that would all be helpful.”

The White House also doesn’t appear eager to rock the boat over any possible noncompliance with the 2015 deal. A White House blog post about Trump’s upcoming visit to Beijing mentioned only the North Korea situation and “China’s unfair trade practices.”

Indeed, those “unfair trade practices” are where industry leaders’ concerns now lie. They worry that new Chinese cybersecurity regulations could force foreign technology companies to hand over software for “security” reviews before being allowed to enter China’s booming market. Trump recently ordered the U.S. trade representative to investigate the issue, setting up a potential showdown with Beijing on trade.

“We are at risk of a trade war,” Dembosky said. “It may be a cold trade war, but it’s certainly getting much hotter. If we don’t reach some understanding with China on the processes — and the fairness of the processes on both sides for evaluating these risks — then both counties will suffer.”

Eric Geller contributed to this report. 

https://www.politico.com/story/2017/11/08/trump-obama-china-hacking-deal-244658

 

North Korea gets second web connection via Russian firm

October 5, 2017

AFP

© AFP | A North Korea woman sits at a computer in Pyongyang

SEOUL (AFP) – A state-owned Russian company has opened up a second internet connection for North Korea which could strengthen Pyongyang’s cyber capabilities and undermine US efforts to isolate the regime, security experts said.

The activation of the new line from TransTeleCom was first detected Sunday by analysts at Dyn Research, which monitors global internet connectivity.

The new connection supplements the existing link provided by China Unicom, which has almost exclusively routed North Korean internet traffic since 2010.

The additional line gives Pyongyang “significantly more resilience against attacks on their network infrastructure,” said Bryce Boland, the chief technology officer in the Asia-Pacific for cybersecurity firm FireEye.

The Washington Post reported earlier that the US Cyber Command had carried out attacks against hackers in North Korea aimed at cutting off their access to the Internet.

The operation ended Saturday, the report said.

North Korea has a 6,800-strong unit of trained cyberwarfare specialists, according to Seoul’s defence ministry, and has been accused of launching high-profile cyberattacks including the 2014 hacking of Sony Pictures.

But with only one internet provider to rely on, the regime has often found itself vulnerable to external cyberattacks against its own network infrastructure.

North Korea suffered several internet connection failures — some which lasted for hours — shortly after the Sony attack, which many suspected to be a US retaliation.

With the alternate route from Russia, “the possibility of disconnecting North Korea from the Internet just became much more difficult,” Boland said.

N. Korea hackers ‘suspected of stealing bitcoins’

September 12, 2017

AFP

© AFP/File | Experts suspect North Korean hackers of trying to steal bitcoins and other virtual currencies

SEOUL (AFP) – North Korea is suspected of intensifying cyber-attacks to steal virtual currency in order to obtain funds and avert tightening sanctions, according to security experts.North Korean hackers have mounted attacks on at least three South Korean cryptocurrency exchanges since May, security researcher FireEye said in a report Monday.

The attacks include an apparently successful one when four wallets at Seoul-based exchange Yapizon were compromised.

Local news reports said that in May Yapizon had more than 3,800 bitcoins worth $15 million stolen — although FireEye said there were no clear indications of North Korean involvement in that case.

South Korea’s opposition Bareun Party lawmaker Ha Tae-Kyung, who has followed North Korean hacking attempts, said it had apparently stolen more than 90 billion won ($80 million) from South Korea through hacking attacks in the four years to June, including cyber-attacks on ATMs.

“North Korea has set its sights on the so-called next generation financial markets, including virtual currencies, pin-tech and blockchains,” he told journalists last week.

“Alongside the UN-imposed sanctions, international cooperation is also required to curb the North’s cyber-hacking which can be used to finance its nuclear and missile programmes”, he said.

South Korea has become one of the world’s busiest trading hubs for cryptocurrencies, with Seoul-based Bithumb ranking as the world’s largest exchange for the ethereum virtual currency.

In June Bithumb was hit by cyber attacks, possibly linked to the North, in which information about 30,000 customers was leaked.

Some 160 customers are preparing a class action suit against Bithumb, claiming they lost around $10 million in total.

North Korean actors used “spearphishing” attacks targeting the personal email accounts of employees at digital currency exchanges, FireEye said in its report published Monday.

They frequently use tax-themed lures and deployed malware and variants linked to the North Koreans who are suspected of being behind intrusions into global banks in 2016, FireEye said.

“It should be no surprise that cryptocurencies, as an emerging asset class, are becoming a target of interest by a regime that operates in many ways like a criminal enterprise”, it said.

Vietnam’s President Calls for Tougher Internet Controls — “Going Chinese”

August 20, 2017

HANOI — Vietnam’s president called on Sunday for tougher controls on the internet in the face of dissidents who are using it to criticize the ruling Communist Party, and to combat threats to cybersecurity.

Vietnam’s government has stepped up a crackdown on activists this year, but despite the arrest and sentencing of several high profile figures, there has been little sign of it silencing criticism on social media.

President Tran Dai Quang made the call in an article published on the government website.

Image result for no freedom of speech, tape over mouth, photos

He said hostile forces had used the internet to organize offensive campaigns that “undermined the prestige of the leaders of the party and the state, with a negative impact on cadres, party members and people”.

Quang said Vietnam needed to pay greater attention to controlling online information, especially on social networks, and needed an effective solution “to prevent news sites and blogs with bad and dangerous content”.

Quang’s own standing had been the subject of internet rumor and gossip in recent days because he has been largely absent from the public eye.

Vietnam has intensified crackdowns on both government critics and officials accused of corruption since security-minded conservatives gained greater sway within the Communist Party early last year.

Vietnam is in the top 10 countries for Facebook users by numbers and Google’s YouTube is also a popular platform.

Quang also highlighted threats to cybersecurity, saying Vietnam was under increasing attack by criminals seeking information and state secrets, and attempting to carry out acts of sabotage.

Thousands of computers in Vietnam were affected by the WannaCry virus in May.

In a report three months ago, security company FireEye said hackers working on behalf of the Vietnamese government had broken into the computers of multinationals in the country. Vietnam forcefully rejected the accusation.

(Reporting by Mi Nguyen; Writing by Matthew Tostevin; editing by David Stamp)

Image result for tape over mouth, photos, Hong Kong

Vietnam-linked hackers likely targeting Philippines over South China Sea dispute: FireEye — State-sponsored hacker groups involved

May 27, 2017

Reuters

Hackers linked with Vietnam’s government are likely targeting Philippine state agencies to gather intelligence related to the maritime dispute in the South China Sea, cybersecurity company FireEye (FEYE.O) said on Thursday.

Vietnam’s government was not immediately available for comment – though it has regularly dismissed similar allegations in the past. The Philippines’ foreign ministry told Reuters it would look into the report.

FireEye said the hackers, called APT32, had attacked a Philippine consumer products corporation and a Philippine technology infrastructure firm in 2016, alongside other companies, some doing business in Vietnam.

The attackers were also targeting Philippine government agencies, FireEye’s chief technology officer for Asia Pacific, Bryce Boland, added in a media briefing.

“This is presumably in order to gain access to information about military preparation and understanding how the organizations within the government operate in order to be better prepared in case of potentially military conflict,” Boland said.

“There are overlapping claims between Vietnam and the Philippines over some islands in the South China Sea and it is quite likely that intelligence gathering is starting around that,” Boland said.

APT stands for advanced persistent threat, a term often used to describe state-sponsored hacker groups.

“We believe all of the activities of APT32 are aligned to the interests of the Vietnamese government,” Boland said.

The Philippines, Vietnam, China, Malaysia, Taiwan and Brunei contest all or parts of the South China Sea, through which about $5 trillion in ship-borne trade passes every year.

Vietnam’s foreign ministry said this month the government of did not allow any form of cyber attacks against organizations or individuals.

“All cyber attacks or threats to cyber security must be condemned and severely punished in accordance with regulations and laws,” spokeswoman Le Thi Thu Hang said, responding to similar accusations.

Philippines foreign ministry spokesman Robespierre Bolivar said on Thursday the government took hacking allegations very seriously.

“Any credible information received will be investigated and addressed as necessary,” he said in a text message.

(Reporting by Karen Lema; Additional reporting by Mai Nguyen in HANOI; Editing by Nick Macfie and Andrew Heavens)