Posted by Avik Sarkar
On 12/13/2013 01:23:00 am
Researchers At FireEye Found -Chinese Hackers Snitching Europeans Before G20 Summit
Story of cyber espionage by Chinese hackers used
to remain one of most highest pick of breakneck. Yet again
another breathtaking issue of eavesdropping by Chinese hackers
get spot light, when California-based renounced computer
security firm FireEye Inc have figured out that a group of Chinese hackers eavesdropped on the computers of five European foreign ministries
before last September's G20 Summit, which was dominated by the Syrian crisis.
From the detailed analysis we came to know that the hackers
have infiltrated the ministries' computer networks by sending emails to
staff containing tainted files with titles such as
"US_military_options_in_Syria," which sells virus fighting technology
to companies. Whenever the targeted recipients opened those documents,
they loaded malicious code on to their personal computers. Researchers of
FireEye said that they were able to monitor the "inner workings"
of the main computer server used by the hackers to conduct their reconnaissance
and move across compromised systems for about a week in the late August. But
suddenly they lost access to the hackers after they moved to another server
shortly before the G20 Summit in St. Petersburg, Russia.
Though the company has
declined in open press to identify the nations whose ministries were hacked,
although it said they were all members of the European Union. But FireEye
informed the FBI about the whole issue in details. FireEye also confirmed
that the hackers where from China, but they did not find evidence which may
link those hackers to the Chinese government. Not surprisingly and obviously
like earlier the Chinese government has distanced itself from any claim that it
might have hacked foreign governments for data. FireEye also successfully
monitor several dozen hacking groups operating in China, most of which they
suspect of having ties to the government. The firms also suspect the hacking
groups of stealing intellectual property for commercial gain.
The researchers had
been following the hackers behind the Syria-related attack for several years,
but this is the first time the group's activities have been publicly
documented. The company calls the group "Ke3chang," after the name of
one of the files it uses in one of its pieces of malicious software. "The
theme of the attacks was U.S. military intervention in Syria," said
FireEye researcher Nart Villeneuv.
On
reaction Chinese Foreign Ministry spokesman Hong Lei said- "U.S.
internet companies are keen on hyping up the so-called hacker threat from
China, but they never obtain irrefutable proof, and what so-called evidence
they do get is widely doubted by experts. This is neither professional nor
responsible,"
While
talking in this story of Chinese eavesdropping, I also want to dig some
points from decent parts where we all became very habituated of seeing Europe
& U.S. countries blaming China for engaging cyber attacks; and China also
do the same for accusing U.S. like vice versa. I am reviving your memories
of last few years where If you look at the
story of major cyber attacks of this year we will find that the name of China
has been involved several times for engaging cyber attacks
against several high profile websites and organization of U.S.
including New
York Times, Twitter, NBC and
so on. And if you refresh our memory then then we will find
the scenario of big cyber attack and espionage by Chinese
hackers have been spotted
several times. In 2012 Chinese hackers had breached Telvent's corporate network &
gained control of US
Power Grid. Also in the middle of last year, we have seen that Chinese
hackers have broken into Indian Navy's Computer System & stolen
sensitive data. Few months before this hack, Tokyo based
computer security firm Trend Micro confirmed that Chinese hackers were responsible
for biggest cyber-espionage in India, Japan & Tibet.
Also the director of National
Security Agency (NSA) General Keith Alexander confirmed that
hackers from China was responsible for the serious attack on one of the leading
IT security & cyber security company RSA. Also
in 2011 China was responsible behind the attack on US Chamber of Commerce, Satellite System of U.S, Nortel Network & so on. But few days
ago National Computer Network Emergency Response Coordination Center of China
(CNCERT/CC), China's primary computer security monitoring network claimed that
China fallen victim of one of biggest cyber attacks originated from US, Japan
& South Korea. We must have to say that this statement is truly irrelevant. Cyber crime investigator
have found that China was directly responsible for the hack into Japan's Biggest Defense Contractor Mitsubishi, Japan Aerospace Exploration Agency (JAXA) & Parliament of Japan. In case of South Korea
more than 13 Million of MapleStory players data has been
stolen, there also hackers from China was responsible.
Before I conclude, I request you to closely look at the above mentioned stories, you will find China majorly responsible for eavesdropping & security breach. On the same side China also been effected by the same way. So in conclusion, we cant put a full stop in this chain of cyber attacks, hacking & eavesdropping, as it comes from both end. So this exciting episode will be continued like it does. If you want to stay updated then don't forget to stay tuned with VOGH.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 8/30/2012 01:39:00 am
0-day Vulnerability Found in Java Spotted in the Wild
Yet another 0-day vulnerability found by FireEye's Malware Intelligence Lab that affects all the latest version of Java , including the current Java 7 update 6, are also vulnerable to the hole that is already being exploited in the wild. With the publication of a vulnerability notice by the US-CERT and warnings from the German BSI (Federal Office for Information Security), the best advice for all users is to disable Java applets in their browsers on all operating systems. The vulnerability can be exploited when a user visits a specially crafted web site and can be used to infect a system with malware. The code to exploit the problem is already available on the internet, making its use for infecting systems very likely. There is no patch available for the flaw so it is essential that users disable the Java plugins used by their browsers. Instructions for the various browsers can be found below:
Several security firms have already declared that, this newly found Java exploit had been added to Blackhole, a popular hacker's tool that bundles numerous exploits and tries each in turn until it finds one that will work against a personal computer. "Exploit code for the Java vulnerabilities has been added to the most prevalent exploit kit out there, Blackhole," said Websense in a short post on its company blog. The addition of the exploit to Blackhole was cited by FireEye researcher Atif Mushtaq in a similar blog entry yesterday as the basis for a spike in attacks. "After seeing the reliability of this attack, I have no doubt in my mind that within hours the casualties will be in the thousands," said Mushtaq.
-Source (The-H, CW)
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
Posted by Avik Sarkar
On 7/21/2012 02:58:00 am
C&C Servers of World's Third Largest Spam Botnet "Grum" Been Knocked Down
Researcher get another big success by taking down two of the command and control(C&C) servers belong to the world's largest spam botnet named "Grum". Though this is not complete victory, as there are still two other C&C servers are currently working actively, but researchers are very much optimistic that the volume of spam will drop this take down.
Atif Mushtaq, senior staff scientist at security firm FireEye, said in a blog post that the botnet known as Grum drew its last dying breath on Wednesday, after six servers in Ukraine and one in Russia were shut down. In a tense faceoff with whitehats, the botnet operators had deployed those servers following the disconnection earlier this week of separate servers in the Netherlands and Panama. Faced with the threat of losing a 100,000-computer network that generated an estimated 18 billion spam messages a day, the Grum operators were desperately trying to transition to those machines when they stopped working.
"Grum's takedown resulted from the efforts of many individuals," Mushtaq wrote. "This collaboration is sending a strong message to all the spammers: 'Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonalds, or sell hotdogs, but don't send us spam." We would also like to give you reminder that, this year Microsoft closed two C&C server of Zeus, another dangerous botnet. Also researcher from different parts of the world have unveiled the mystery of few other botnets like Bredolab, Rustock, Duqu and so on.
SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
