Evidence shows BellTroX InfoTech Services, aka Dark Basin or Mercenary.Amanda, targeted government officials, celebrities, non-profit organizations, advocacy groups, journalists, investors, and large and small corporations in a hacking spree that is believed to be under investigation by U.S. law enforcement.
News erupted this week proclaiming the enigmatic hacker, Guccifer 2.0, accidentally dropped his VPN connection, revealing his secret identity. According to Daily Beast, his true IP address was revealed while he visited a social media site – and it tracked directly to Russia’s GRU headquarters. That’s akin to Batman forgetting to put on his mask or locking the door to the bat-cave. Could it happen? Sure. But not likely.
The following was released to the general public on January 6, 2017 by the DNI (Director of National Intelligence). In short, the release accuses Russia of attempting to influence the US's 2016 election using a persona known as Guccifer 2.0 to release stolen (hacked) documents via Wikileaks. Regular readers will not be surprised by the findings as I drew this same conclusion in this article a few weeks ago.
The first thought for anyone who has examined the Mirai codebase is how well the application was coded. The second thought is how easy it would be to disable. Being a C&C server inherently means you can control the Mirai botnet with it - even to the point of shutting it down – permanently.
Offering bounties worth thousands, even millions of dollars, bug bounties pay hackers to report vulnerabilities. The process is pretty simple. The hacker sends the vulnerability report to the company, the company patches the vulnerably, the bounty paid, and finally, the vulnerability disclosed. Everyone wins. Usually.
Forget running Kali in a virtual machine (well, at least put it aside for a while). The Windows 10 Anniversary Update includes a whack new feature - Windows Subsystem for Linux or WSL. Using the new LxssManager service, WSL lets you run a full-featured Ubuntu Linux subsystem on Windows 10.
It’s a draft title Task Order Request for Cyberspace Operations Support Services in support of United States Cyber Command (USCYBERCOM). Oh, brother. That means the U.S. has bungled their cybersecurity so badly they’re now willing to outsource, and trust, this critical national security task to an outside contractor. Even a partner outside of the U.S. if they’re trusted status.
After conclusion of a four-year probe, contractors who worked on U.S. military code are being fined a combined $12.75 million. As it turns out, some contractors outsourced coding tasks to Russian. No words can convey the level of stupidity here (hey, let's get Al-Qaeda to build US airplanes!).
I love the Russians. I know, strange to hear that from an American in modern day with a new “cold war” (seemingly) beginning to gain steam. Let’s say, I respect them. Their hackers in particular. Their response to a cyberattack is to launch a full-on offensive attack against the attacker, quite a different response from the Chinese who tend to just block attackers, or the Americans, who never even notice an attack is taking place.
Both Kaspersky and Symantec released reports this week pointing out the increase in attacks by Wild Neutron (aka Jripbot, Morpho, or Butterfly). WN had gone mostly dormant (or undetected?) since 2013 after hitting Apple, Facebook, Twitter, and Microsoft using zero-day Java exploits (seeded in the hacked forums of various websites) and the OSX/Pintsized Mac OS X or Windows Jiripbot backdoor.
A Pastebin dump attributed to Guardians of Peace (GOP) was released a few hours ago followed by the purported screenplay for the upcoming movie The Interview. In the dump, the GOP continued to harp on their Christmas Day threat while including an invite to the public for special “requests”. The dump included another little surprise too – a threat to anyone who attends The Interview movie.