SoylentNews is people
SoylentNews
State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China
Here's a timely reminder that email isn't the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.
This particular ruse, while crude and simplistic, preys on the curiosity of recipients who may be enticed into popping the CD into a computer. According to a non-public alert shared with state and local government agencies by the Multi-State Information Sharing and Analysis Center (MS-ISAC), the scam arrives in a Chinese postmarked envelope and includes a "confusingly worded typed letter with occasional Chinese characters."
Please insert in election computer.
Also at TechCrunch and Engadget.
(Score: 0) by Anonymous Coward on Tuesday July 31 2018, @04:07PM (4 children)
A wise man once said: "It could be Russia. But it could also be China. It could also be lots of other people."
PROFF111!!1
(Score: 2) by DannyB on Tuesday July 31 2018, @04:42PM (3 children)
I was thinking about that. But got distracted.
I wonder how many of these CDs have malware specifically targeted at voting systems?
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by takyon on Tuesday July 31 2018, @04:57PM (2 children)
Might not be for anything specific. If you can infect one agency, you could use the info gained to do convincing phishing attacks on other targets.
However, we don't know that these discs were sent by the government or govt-backed groups. It could just be a lackluster attempt by criminals (who couldn't be arsed to type up a proper-looking letter or obfuscate the country of origin).
Damn, where can one get paid to copyedit Engrish for cybercriminals?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by DannyB on Tuesday July 31 2018, @05:10PM
Use a sophisticated approach. First, like Stuxnet, spread, but deactivate the payload if the host computer is not the type of equipment you're looking for.
Eventually a replicated copy might make it onto an interesting computer. Then the "payload" actually turns out to be only a "scout". Scan the system further, be sure it really is what you want. That it doesn't have defenses that will give the really good tricks away. If everything seems okay, then phone home and get the real payload -- now that the scout is sure there aren't any hardware debuggers, etc.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2) by realDonaldTrump on Tuesday July 31 2018, @07:27PM
China, very tough competitor. Very smart cookies. 22 million accounts were hacked in this country by China. Obama's Office of Personal Management, his OPM. That one was a biggie. Obama didn't want to say China, I'm saying China. It was China, folks. Big hacking job out of China.