Posted June 20, 2018
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
Information Security Risk
“Hackers linked to the Chinese government stole 614 gigabytes of highly-sensitive data from a US Navy contractor, including plans related to a supersonic anti-ship missile meant to be usable by 2020. The unnamed contractor worked for the US Navy’s underwater weapons R&D center based in Newport, Rhode Island.”
“A top US intelligence official warned football fans traveling to Russia for the World Cup that their phones and computers could be hacked by Moscow’s cyber spies. William Evanina, Director of the National Counterintelligence and Security Center, said that in Russia, even people who believe they are too unimportant to be hacked can be targeted. “Anyone traveling to Russia to attend the World Cup should be clear-eyed about the cyber risks involved,” Evanina said in a statement. “If you’re planning on taking a mobile phone, laptop, PDA, or other electronic devices with you — make no mistake — any data on those devices (especially your personally identifiable information) may be accessed by the Russian government or cybercriminals.” Evanina, in charge of the agency that assesses and counters the threat to the United States from foreign espionage, said that people attending the World Cup, which begins on Thursday, should leave behind any devices they can do without. For devices they take with them, they should remove the battery when it is not in use, he said.”
“A hacker gained access to the GitHub account of the Syscoin cryptocurrency and replaced the official Windows client with a version containing malware. The poisoned Syscoin Windows client contained Arkei Stealer, a malware strain specializing in dumping and stealing passwords and wallet private keys. Syscoin developers are now warning Syscoin users who downloaded version 184.108.40.206 of the Syscoin client between June 9-13th 2018 that their systems might be infected with malware.”
“A China-linked cyber espionage group has targeted a national data center in Central Asia and experts believe the goal is to conduct watering hole attacks on the country’s government websites. The threat actor is tracked as LuckyMouse, Emissary Panda, APT27 and Threat Group 3390. The group has been active since at least 2010, targeting hundreds of organizations around the world, including U.S. defense contractors, financial services firms, a European drone maker, and the U.S.-based subsidiary of a French energy management company. Researchers at Kaspersky Lab recently identified a new attack carried out by this actor. The security firm spotted the campaign in March 2018, but believes it was launched in the fall of 2017. Cyberattacks sponsored by the Chinese government infiltrated a U.S. Navy contractor’s computer, allowing digital thieves to access sensitive data related to secret Navy projects on a submarine anti-ship missile. The information stolen was stored on the contractor’s unclassified network despite being “highly sensitive nature.” 614 gigabytes of material on a closely held project known as Sea Dragon were taken. Contracted for the military organization Naval Undersea Warfare Center, Sea Dragon aims to develop a supersonic anti-ship missile for use on U.S. submarines.”