Anna Ribeiro’s Post

Unpopular Fact: Email Security isn't simply resolved by using DMARC, as demonstrated by North Korean spear-phishing campaigns. How? They skillfully configure domains with DMARC that closely mimic legitimate ones, such as using "c0mpany.com" instead of "company.com," misleading users into believing the emails are from their own trusted domains. This tactic shows that DMARC only functions effectively with honest participants. Additionally, the advanced AI analysis features for email security announced at #RSAC2024 aren't sufficient on their own. Effective use of AI or ML in email security first requires verification that the email originates from a legitimate user. Without this preliminary step, detection models are at risk of being compromised by volumetric attacks. The only way to fully address this problem is through stringent email verification, or nonrepudiation, which ensures the authenticity of an email sender with complete efficacy. We do that starting at $1 per account, annually. Bottom line: It’s been 24 years since Y2K, it’s fair to say any company that hasn’t solved this problem by now, doesn’t have the answer. Stop throwing your money away on inefficient email security solutions. 🤷♂️

#DPRK🇰🇵 Kimsuky actors are exploiting weak DMARC policies to conceal sophisticated spearphishing attempts. Malicious cyberactors have utilized weak #DMARC policies to conduct campaigns posing as legitimate journalists, academics, or experts in East Asian affairs. Successful attempts can give access to targets' private documents and communications to benefit North Korean interests. The #FBI, National Security Agency, U.S. Department of State, and our partners released a #CybersecurityAdvisory to identify cleverly disguised attempts and effectively mitigate against Kimsuky's operations. https://lnkd.in/dTRmVJXN

🔍 Chinese Hackers Charged in Major Cyber Espionage Plot The U.S. Department of Justice (DoJ) has unsealed indictments against seven Chinese nationals involved in a sophisticated hacking group. Their targets? A wide array of U.S. and foreign entities, including critics, journalists, businesses, and political officials. Here’s the lowdown: 1️⃣ Scope of Attack: These hackers orchestrated a years-long scheme to infiltrate critical pieces of America’s infrastructure. Their victims included White House officials, U.S. senators, defense contractors, journalists, and technology companies. 2️⃣ Malicious Emails: The group sent over 10,000 malicious emails, often disguised as legitimate news articles from prominent outlets or journalists. When recipients opened these emails, hidden tracking links transmitted sensitive information, including location, IP addresses, and network details, back to the hackers. 3️⃣ Sanctions and Front Company: The Department of Treasury slapped sanctions on Wuhan Xiaoruizhi Science and Technology Co., Ltd., a front company used by China’s Hubei State Security Department. This company was linked to cyberattacks carried out by the hacking group known as “Advanced Persistent Threat 31” (APT31). 4️⃣ High-Profile Attacks: Two of the indicted individuals, Zhao Guangzong and Ni Gaobin, were behind notable cyber-attacks, including a spear-phishing operation against the U.S. Naval Academy and the U.S. Naval War College’s China Maritime Studies Institute. 5️⃣ Intimidation Tactics: The case underscores the lengths to which the Chinese government will go to target and intimidate critics, even launching cyber operations that threaten the national security of the United States and its allies. Stay vigilant! 🛡️💻 For more information on this news story, check out the article here ⬇ https://lnkd.in/gFNt4g7Z #intigrow #china #apt31 #hackers #cybersecurity #cyberwarfare #nationstate #nationstateactors #cyberattack #whitehouse #doj #thehackernews #espionage #cyberespionage

In a joint federal cybersecurity advisory, the Federal Bureau of Investigation (FBI) Bureau of Investigations, U.S. Department of State, and National Security Agency warned that the North Korean military intelligence agency, Kimsuky, is hacking email system vulnerabilities to “collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting North Korean interests by gaining illicit access to targets’ private documents, research, and communications.” Kimsuky cyber actors are exploiting “improperly configured DNS Domain-based Message Authentication, Reporting and Conformance (DMARC) record policies to conceal social engineering attempts,” the warning states. North Korean cyber actors are exploiting non-updated email authentication processes to implement “spearphishing campaigns posing as legitimate journalists, academics, or other experts in East Asian affairs with credible links to North Korean policy circles.” We might have mentioned DNS Tampering and Abuse over the last several years... #WhitethornShield FBI Cyber Division The White House GCHQ National Cybersecurity Coordination Center (NCSCC) #DNS

The recent revelations regarding the Chinese Communist Party's (CCP) extensive cyber operations, as exposed through the unauthorized leak of documents from I-Soon, a private security contractor linked to China’s top policing agency, alongside the intensified scrutiny of Chinese bloggers in exile, underscore a grave and escalating threat of the CCP's transnational repression and cyberspace terrorism. These incidents collectively unveil a sophisticated and far-reaching strategy employed by the CCP to extend its authoritarian reach globally, leveraging advanced cyber capabilities to surveil, intimidate, and influence beyond its geographical confines. The leaked documents from I-Soon reveal a startling inventory of cyber espionage tools used to target not just Chinese citizens but also foreign governments and dissidents globally, highlighting Beijing’s intent to control and monitor dissenting voices and ethnic minorities, particularly those from regions like Hong Kong and Xinjiang. This leak is profoundly significant, revealing the CCP's efforts to manipulate social media narratives, hack overseas networks, and surveil dissidents internationally, showcasing a pervasive state surveillance apparatus that transcends borders. Simultaneously, the plight of Chinese bloggers in exile, who report that their followers are being interrogated by Chinese police, signals a brazen extension of China’s censorship and control, effectively silencing critical voices even outside its territory. This method of intimidation not only infringes on the right to free expression but also exemplifies the lengths to which the CCP will go to maintain its narrative dominance and suppress dissenting viewpoints globally. The implications of these revelations are profound and multifaceted. Firstly, they demonstrate the CCP’s commitment to exporting its authoritarian model through digital means, challenging the norms of international law and human rights. Secondly, the incidents underscore the need for a robust international response to counter the CCP's global surveillance and influence operations, advocating for strengthened cybersecurity defenses and international cooperation to safeguard digital freedom and integrity. HRiC's Executive Director, Fengsuo Zhou, notes that the CCP’s cyber tactics, originally designed to target domestic dissenters, are now being repurposed to potentially target anyone of interest, including influential figures and governmental entities worldwide. 'This adaptability of tactics underscores the CCP’s capacity for what can essentially be termed as cyberspace terrorism, reflecting a universal threat that could undermine the principles of sovereignty, privacy, and freedom of expression on a global scale,' said Zhou. #cyberattack #ccp https://lnkd.in/e3PKcnxW

Several Ukrainian media outlets attacked by Russian hackers. Why it matters: 1. The weekend's attack on major Ukrainian news outlets by Russian hackers, including the spread of misinformation about the situation in Avdiivka, emphasizes the significant role of cybersecurity in conflict situations and its potential to disrupt the information flow and skew public opinion. 2. The incident also showcases the persistent threat to media outlets as primary targets in information warfare, underlining the need for robust cyber defenses within these organizations to prevent the propagation of disinformation. 3. As these cyber incidents often go unreported, there's a pressing need for transparent reporting mechanisms and stronger international regulations against state-sponsored cyber-attacks that threaten the integrity of information and press freedom. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/euSwmcCf

Cyber-attacks linked to Chinese intelligence agencies are increasing in capability and frequency as they seek to test foreign government responses, analysts have warned in the wake of revelations about a mass hacking of UK data. On Tuesday, the UK and US governments accused hacking group Advanced Persistent Threat 31 (APT 31), backed by China’s government spy agency, of conducting a years-long cyber-attack campaign, targeting politicians, national security officials, journalists and businesses. The UK said the hackers had potentially gained access to information on tens of millions of UK voters held by the Electoral Commission, as well as for cyber-espionage targeting lawmakers who have been outspoken about threats from China. Both the US and UK governments announced sanctions against linked Chinese companies and individuals. #ChineseSpyAgencies #CyberSecurityThreat #PelionCyberSecurity #DataBreach #CyberAttack #SecurityAnalysis #CyberSecurityTrends

🚨 U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation 🔒 The U.S. Department of Justice (DoJ) on Monday uncovered allegations against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. Their crimes entail testing and exploiting the malware used to conduct the intrusions, managing the attack infrastructure, and conducting surveillance of specific U.S. entities. The campaigns are designed to advance China's economic espionage and foreign intelligence objectives. They are alleged to be linked to Wuhan XRZ, a front company that's believed to have conducted several malicious cyber operations for the Ministry of State Security (MSS). The U.K. and the U.S. had announced a reward of up to $10 million for information that could lead to identification or whereabouts of people associated with APT31, also levied sanctions against Wuhan XRZ for endangering national security and for targeting parliamentarians across the world. China rejected the accusations, describing them as completely fabricated and amounting to malicious slanders. A spokesperson for the Chinese embassy in Washington D.C. told the BBC News the countries have made groundless accusations. Foreign Ministry Spokesperson Lin Jian said that the origin-tracing of cyberattacks is highly complex and sensitive. When investigating and determining the nature of cyber cases, one needs to have adequate and objective evidence, instead of smearing other countries when facts do not exist, still less politicize cybersecurity issues. Regards, CYBER SPACE #cybersecurity #cybercrime #China #USA

In recent cybersecurity news, Ukrainian news agencies have fallen victim to a ghostwriting attack spearheaded by Russian hackers, known as Gamaredon. This ‘Ghostwriter’ disinformation campaign involved the hackers compromising the news agencies' websites and publishing false articles that painted Ukraine negatively in the diplomatic scene, especially in relation to their Western allies. Threat intelligence and cybersecurity firm, Mandiant, reported that this was not the first time Gamaredon had targeted Ukrainian entities, attempting to undermine the country's international relationships and political standing with malicious cyber activities. This assault is regarded as a unique event, as it marks one of the few cases where disruptive cyber operations were used explicitly for driving geopolitical narratives. #CyberSecurity #RussianHacking #DisinformationCampaign

Is the doxing working? They have a rather LARGE workforce. U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation By The Hacker News; 26 Mar 2024 The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin, Weng Ming, Cheng Feng, Peng Yaowen, Sun Xiaohui, Xiong Wang, and Zhao Guangzong. The suspected cyber spies have been charged with conspiracy to commit computer intrusions and conspiracy to commit wire fraud in connection with a state-sponsored threat group tracked as APT31, which is also known as Altaire, Bronze Vinewood, Judgement Panda, and Violet Typhoon (formerly Zirconium). The hacking collective has been active since at least 2010. https://lnkd.in/dJn4TBad