Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Friday July 17 2020, @04:44AM   Printer-friendly
from the 'accidentally' dept.

MFA

Iranian Spies Accidentally Leaked Videos of Themselves Hacking:

When security researchers piece together the blow-by-blow of a state-sponsored hacking operation, they're usually following a thin trail of malicious code samples, network logs, and connections to faraway servers. That detective work gets significantly easier when hackers record what they're doing and then upload the video to an unprotected server on the open internet. Which is precisely what researchers at IBM say a group of Iranian hackers did.

[...] The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims.

[...] But the videos nonetheless represent a rare artifact, showing a first-hand view of state-sponsored cyberspying that's almost never seen outside of an intelligence agency.

"We don't get this kind of insight into how threat actors operate really ever," says Allison Wikoff, a senior analyst at IBM X-Force whose team discovered the videos. "When we talk about observing hands-on activity, it's usually from incident response engagements or endpoint monitoring tools. Very rarely do we actually see the adversary on their own desktop. It's a whole other level of 'hands-on-keyboard' observation."


Original Submission

Related Stories

Chinese Malware Removed From SOHO Routers After FBI Issues Covert Commands 15 comments

https://arstechnica.com/security/2024/01/chinese-malware-removed-from-soho-routers-after-fbi-issues-covert-commands/

The US Justice Department said Wednesday that the FBI surreptitiously sent commands to hundreds of infected small office and home office routers to remove malware China state-sponsored hackers were using to wage attacks on critical infrastructure.

The routers—mainly Cisco and Netgear devices that had reached their end of life—were infected with what's known as KV Botnet malware, Justice Department officials said.

[...] "To effect these seizures, the FBI will issue a command to each Target Device to stop it from running the KV Botnet VPN process," an agency special agent wrote in an affidavit dated January 9. "This command will also stop the Target Device from operating as a VPN node, thereby preventing the hackers from further accessing Target Devices through any established VPN tunnel.

[...] The takedown disclosed Wednesday isn't the first time the FBI has issued commands to infected devices without the owners' knowledge ahead of time. In 2021, authorities executed a similar action to disinfect Microsoft Exchange servers that had been compromised by a different China-state group tracked as Hafnium.

[...] In 2018, researchers reported that more than 500,000 SOHO routers had been compromised by sophisticated malware dubbed VPNFilter. The mass hack was later revealed to be an operation by a Russian-state group tracked as Sofacy. In that event, the FBI issued an advisory urging people to restart their routers to remove any possible infections. The agency also seized a domain used to control VPNFilter.

[...] This month's takedown comes as the Chinese government has stepped up attacks in recent years to compromise routers, cameras, and other network-connected devices to target critical infrastructure. warned of the trend in May last year. Researchers in the private sector have issued similar warnings.

Previously on SoylentNews:
Backdoored Firmware Lets China State Hackers Control Routers With "Magic Packets" - 20230930
Microsoft Comes Under Blistering Criticism for "Grossly Irresponsible" Security - 20230805
Malware Turns Home Routers Into Proxies for Chinese State-Sponsored Hackers - 20230518
US Warns of Govt Hackers Targeting Industrial Control Systems - 20220415
State Hackers Breach Defense, Energy, Healthcare Orgs Worldwide - 20211111
Microsoft Exchange Server Zero Day Hack Roundup - 20210316
Breached Water Plant Employees Shared Same Password, No Firewall - 20210211
Iranian Spies Accidentally Leaked Videos of Themselves Hacking - 20200716
Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App, Researchers Say - 20200215
Microsoft Takes Court Action Against Fourth Nation-State Cybercrime Group - 20191231

"state actors" search on SoylentNews for even more: https://soylentnews.org/search.pl?threshold=0&query=state+actors


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Friday July 17 2020, @05:25AM

    by Anonymous Coward on Friday July 17 2020, @05:25AM (#1022781)

    Which spies are we talking about here? Ones working in Iran for the US? They just executed a few of them, apparently exposed for bad OpSec.

  • (Score: 0, Disagree) by Anonymous Coward on Friday July 17 2020, @05:38AM (4 children)

    by Anonymous Coward on Friday July 17 2020, @05:38AM (#1022785)

    Don't these people have any bit of self respect? Call yourselves "X-Force?"

    • (Score: 2) by c0lo on Friday July 17 2020, @10:25AM (1 child)

      by c0lo (156) Subscriber Badge on Friday July 17 2020, @10:25AM (#1022824) Journal

      Don't these people have any bit of self respect? Call yourselves "X-Force?"

      You remember that for quite time the IBM's policy was to fire the expensive oldies and, over time, "rejuvenate" their workforce?

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    • (Score: 0) by Anonymous Coward on Friday July 17 2020, @11:44AM

      by Anonymous Coward on Friday July 17 2020, @11:44AM (#1022856)

      "Yeah I work at IBM"
      "No I don't do COBOL!"

      Conversation goes onto other topics.

    • (Score: 2) by Freeman on Friday July 17 2020, @03:56PM

      by Freeman (732) on Friday July 17 2020, @03:56PM (#1022938) Journal

      Guess who pays them.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
  • (Score: 0) by Anonymous Coward on Friday July 17 2020, @09:07PM

    by Anonymous Coward on Friday July 17 2020, @09:07PM (#1023077)

    There, fixed that for you.

    ~childo

(1)