Connect with us

Norwegian authorities accused Chinese hackers of cyberattacks on IT systems

Published

on

The authorities linked the 2018 attacks to the cybercriminal group APT31.

Based on technical evidence gathered by Norway’s central intelligence services, the country’s government blamed Chinese cybercriminals for attacking government centers in 2018. This was reported by the Norwegian television and radio company NRK.

A subsequent investigation by the Norwegian national security agency PST (Politiets Sikkerhetstjeneste) also concluded that the same “international threat actors” were responsible for both the hacking of government centers and the malware attack on the private company Visma in the same year.

Hackers tried to gain access to classified information concerning the national intelligence and security services of Norway. Experts failed to establish whether the attackers were able to steal classified information.

Information obtained from the IT networks of government centers included logins and passwords associated with administrative officers working in various government agencies related to defense, national security and emergency preparedness.

“In this particular case, we have intelligence that links the cyberattacks to the cybercriminal group APT31. APT31 is also associated with Chinese intelligence services, ”said PST counterintelligence chief Hanne Blomberg.

Norway’s central intelligence services also suspect that Chinese hackers are responsible for a cyberattack on the information systems of the Storting (Norwegian parliament) on March 10, 2021. According to information security experts, the cybercriminals exploited vulnerabilities in the Storting e-mail system, in particular, in Microsoft Exchange mail servers.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Security

HackerOne Expands Open Source Vulnerability Scanning Program

Published

on

Open source projects eligible for the HackerOne reward program include Ruby, Ruby on Rails, RubyGems, Curl, Electron, Django, Nginx, and OpenSSL.

HackerOne Community announced on expanding the program for searching for vulnerabilities in open source projects. The initiative is part of the ongoing Internet Bug Bounty program.

Open source projects eligible for the HackerOne reward program include Ruby, Ruby on Rails, RubyGems, Curl, Electron, Django, Nginx, and OpenSSL. For vulnerabilities found in these projects, HackerOne will pay from $ 300 to $ 5000, depending on the severity of the bug. Payment will be made as follows. Four-fifths of the awards will immediately go to the researcher who discovers the problem. The fifth part of the award will be given to the developer who is engaged in the open source project in the direction that affects the new vulnerability. He will receive payment from HackerOne after he releases a patch against the vulnerability.

“Open source software is used in almost all modern digital infrastructure. Currently, an average, solid, not very rich application uses 528 different open source components. Critical vulnerabilities discovered in 2020 existed by the time of discovery for an average of about two years , and the application development companies did not have access and the ability to eliminate the identified deficiencies of the components used, “the company said in a press release.

Along with HackerOne, participating partners are organizations that rely on open source for software supply chains and other critical digital infrastructure – Elastic, Facebook, Figma, GitHub, Shopify, and TikTok.

Continue Reading

Security

Vice Society ransomware attacked a network of medical facilities in California

Published

on

The ransomware said that they do not care who to attack, and they will not make exceptions for hospitals.

United Health Centers, a California-based network of medical facilities, was subjected to a ransomware cyberattack that disrupted all of its centers and leaked patient data.

United Health Centers has 21 public health centers in California counties such as Fresno, Kings and Tulare.

On August 31 of this year, BleepingComputer learned from an informed source from the information security community that United Health Centers’ medical facilities suffered from an attack by the Vice Society cyber ransomware group, as a result of which they had to turn off their entire network and IT systems and start restoring files from backup copies. However, representatives of United Health Centers did not comment on this information in any way.

This week, the Vice Society released files allegedly stolen in the August attack on United Health Centers. They contain sensitive information, including about beneficiary patients, financial records, test results and examinations. However, the organization remains silent.

The Vice Society is a relatively new cyber ransomware group that began operations in June this year. 20% of the companies published on its leak sites are related to the healthcare industry.

When asked by BleepingComputer why the group allows them to attack hospitals, the Vice Society responded as follows:

“Why not?

They always keep our confidential data clear. You, me and everyone else go to hospitals, give them our passports, talk about health problems, etc., and they don’t even try to protect our data. They receive millions from the state. Are they stealing this money?

The US President has given large sums of money to protect government networks, and where is this protection? Where is our defense?

If the IT department doesn’t want to do their job, we’ll do ours, and we don’t care if it’s a hospital or a university. “

Continue Reading

Security

The data of those wishing to take out a loan from Sovcombank got into the public domain

Published

on

The announcement of the sale of the Sovcombank customer database appeared on the darknet on September 20.

The questionnaires contain the full name, phone number, passport data, type of loan, address, marital status, contacts of relatives, place of work, position and income. The database also includes the responses of citizens to a call from a bank specialist. The bank said that in 2020 they identified an employee of an external call center who illegally copied loan applications. He was found guilty of divulging bank secrets and was sentenced to two years probation. During the investigation, the ex-employee of Sovcombank published an advertisement for the sale of data in his telegram channel, according to the organization. After that, Sovcombank again turned to the police: the department of the Ministry of Internal Affairs in Dagestan opened a criminal case on disclosing bank secrets and illegal access to protected computer information, and then transferred it to the regional department of the FSB. The case has now been sent to court. Now the stolen base is publicly available. …

Continue Reading

Most Popular