top of page

The CyberDiplomat Daily




Chinese Hacker group targeting Africa and Caribbean in cyber espionage campaign


A recent report by Check Point Research (CPR) revealed that a Chinese hacker group named Sharp Dragon has expanded its cyber espionage activities to target governmental organizations in Africa and the Caribbean. The group has evolved its tactics, using highly tailored phishing emails to deliver malware payloads like Cobalt Strike Beacon. They have also exploited 1-day vulnerabilities to compromise infrastructure, which they later use as Command and Control (C2) servers. Sharp Dragon has demonstrated increased caution in selecting their targets and broadening their reconnaissance efforts to identify high-value targets. They have also made changes in their tactics such as the adoption of Cobalt Strike Beacon as a payload and the compromise of servers using a vulnerability in the GoAnywhere platform. The expansion of Sharp Dragon's operations towards Africa and the Caribbean underscores the dynamic nature of cyber threats and highlights the importance of vigilant cybersecurity measures. CPR emphasizes the need for comprehensive protection against emerging threats, such as those provided by Check Point Harmony Endpoint.



Canadian Institutions Under Attack: Urgent Need for Cyber Safety Plan


Ottawa is dealing with a serious issue – cyber attacks on Canadian institutions. A recent incident involved a Russian hacking group targeting London Drugs. The hackers, known as LockBit, held sensitive data for ransom and later published it on the dark web. This breach poses significant risks, extending beyond mere embarrassment to potential life-threatening consequences. It's imperative for the federal government to respond with a multifaceted approach involving regulation, law enforcement, and diplomatic measures. Regulatory interventions are crucial to establish robust controls for the protection of private information. Law enforcement efforts need specialized expertise in digital crime to combat cyber threats effectively. Diplomatic engagements are vital in confronting the global nature of cyber crimes. It's essential to address this escalating threat with a comprehensive cyber safety plan to safeguard Canadian institutions and protect citizens' privacy.



Dark Web 'LinkedIn' sees cyber experts touting 'morally flexible' services to scammers


On the dark web's criminal version of 'LinkedIn', cyber professionals offer their skills for criminal gain, including creating phishing sites, malware, and scams for as little as $25 per hour. Some even offer "money-back guarantees and 24hr support" to help criminals get their scams off the ground. Last week, China was blamed for hacking the bank details of 27,000 military personnel in the UK. Amanda Finch, CEO of The Chartered Institute of Information Security (CIISec), explains that cyber experts are increasingly drawn to the quick pay offered on the dark web. Criminals are leveraging a range of skills available for hire, including developers, software engineers, and cyber professionals. Some voice actors offer their services to impersonate individuals for illegal activities. Mark*, a police officer with expertise in cybercrime, notes that these illicit advertisements have grown, especially during economic downturns. He emphasizes that these ads are often posted by university-educated professionals with valuable skills for hackers.



US expects to help other countries cope with more varied range of cyber attacks


The US Cyber Command expects a more diverse range of requests in 2024 from countries asking for help on cyber defence issues due to fast-evolving technology that makes it more challenging for them to keep up with the latest threats, its newly appointed chief said on June 1.“The number of different requests is probably more important to me (as a metric) than the number of operators,” General Timothy Haugh, commander of the US Cyber Command and director of the National Security Agency, said in an interview on the sidelines of the 21st Shangri-La Dialogue held in Singapore.



Japan, the United States, and South Korea, to carry out new training in multiple areas such as cyber, agreed at the defense ministers' meeting, strengthening cooperation with North Korea in mind


Defense Minister Minoru Kihara visited Singapore to attend the Asian Security Council (Shangri-La Dialogue). During the visit, he met with U.S. Defense Secretary Austin and South Korea's Defense Minister Shin Won-sik. The three ministers agreed to conduct new joint training, including cyber exercises, to strengthen cooperation in light of North Korea's nuclear and missile development. They discussed the regional situation, including North Korea's ballistic missile launches. Japan and South Korea agreed to resume defense authority exchanges and conduct joint desk exercises. Additionally, they plan to expand joint training to include cyber areas to improve coping skills. The Japan-U.S. Defense Ministers' Meeting confirmed cooperation on command and control review and joint development of defense equipment. The defense ministers of Japan, Australia, and South Korea discussed efforts to achieve a free and open Indo-Pacific. Mr. Kihara emphasized the importance of deepening cooperation on common issues.



Invisible cyber attacks cause 35 times "low cost" damage in 10 years


On the evening of May 10, there was a failure that made it difficult to connect to systems such as JR East's ticket sales site and transportation IC service "Mobile Suica", and it took about 5 hours to restore. "We have received reports that we recognize it as a cyber attack and are consulting with the Metropolitan Police Department." On the 14th, Minister of Land, Infrastructure, Transport and Tourism Tetsuo Saito expressed a sense of crisis in the situation that exposed the weak points of the aorta of the metropolitan area.



Alle Server Down Massiver Cyber-Angriff legt CDU lahm


There has apparently been a significant cyber attack on the CDU. This is reported by the Bielefelder Nachrichtenprotal NW.de, citing CDU Secretary General Catsen Linnemann. Linnemann commented at an event of the Junge Union NRW at Paderborn/Lippstadt Airport. The attack on the Konrad-Adenauer-Haus was "eklatant," said Linnemann. He did not give details, but all servers are down. The Office for the Protection of the Constitution and BMI are involved.



Serious cyber attack on CDU: Now the Office for the Protection of the Constitution is investigating


The Ministry of the Interior has confirmed a serious cyber attack on the CDU's network. The extent of the damage and the identity of the attacker are currently unknown. The CDU's IT infrastructure was partially taken offline as a precaution, but the website cdu.de remained accessible. The party sees the attack as a threat to its interests and is committed to investigating it without being intimidated. Cooperation with German security authorities and external experts is underway, with investigations initiated by the Office for the Protection of the Constitution and the Federal Office for Information Security.



NATIONAL CYBER DIRECTORATE WARNS OF WEAKNESS IN CHECK POINT PRODUCTS


The National Cyber Directorate calls on Israeli organizations to immediately install the latest updates for products make by the Check Point cybersecurity giant. “A serious security weakness (a flaw in the technology that allows cyber attacks to be carried out through it) that was recently discovered in the remote connection technology (VPN) made by Check Point exposes organizations that use the product to attacks,” the directorate says in a statement “According to information received by the directorate, the weakness is already being used around the world to carry out cyberattacks and the fear is that organizations in Israel that have not implemented the latest security update for the product will also be attacked very soon,” the statement reads.



Vic gov to consolidate cyber security buying power


The Victorian government will seek economies of scale in the way it buys cyber security tools and services, via a new whole-of-government sourcing arrangement. State purchase contracts contain a list of approved technologies and suppliers, and are intended to maximise the state’s buying power and reduce risk by negotiating contract terms and conditions with the suppliers in advance. A Department of Government Services (DGS) spokesperson told iTnews that the cyber security state purchase contract "is the first of its kind in Australia.”



Cyber Attack Destroyed 600,000 Routers In The U.S.


An unidentified hacking group conducted a large-scale cyberattack on a U.S. telecommunications company in 2023, reportedly causing the disabling of over 600,000 internet routers. According to a recent report from Lumen Technologies' Black Lotus Labs, the attack, known as "Pumpkin Eclipse," took place between October 25 and 27, 2023, affecting three router models issued by the internet service provider (ISP): ActionTec T3200, ActionTec T3260, and SagemcomF5380. The incident affected over 600,000 small office/home office (SOHO) routers belonging to a single ISP, with 49% of all modems being taken offline. Lumen's analysis identified "Chalubo," a remote access trojan (RAT) first documented by Sophos in October 2018, as the primary payload responsible for the attack. The malware deleted elements of the routers' operational code, effectively making them inoperable. The researchers believe that the threat actor used a feature in Chalubo to execute Lua script functionality on the infected devices, which permanently overwrote the router firmware. Lumen did not provide details on who was behind the attack or how the firmware update was shipped to all affected customers.




0 views0 comments

Recent Posts

See All

Comments


bottom of page