New research shows link between espionage malware, Black Hat SEO, and RSA attackers.
Anonymous: 10 Facts About The Hacktivist Group
(click image for larger view and for slideshow)
New research appears to raise questions over the conventional wisdom that pure nation-state cyberspies rarely dabble in traditional financial cybercrime. Dell SecureWorks Wednesday shared details of a complex study it conducted of two families of espionage malware that have infected government ministry computers in Vietnam, Brunei, Myanmar, Europe, and at an embassy in China.
Joe Stewart, director of malware research for SecureWorks counter threat unit research team, and his team dug into the domains shared by these malware families, which appear to have been registered by an individual whose physical address they traced to a P.O. box in the fictional location of "Sin Digoo," California.
The domains were registered under the names of "Tawyna Grilth" and "Eric Charles" with a specific Hotmail address during 2004 and 2011. Malware samples using the Tawyna Grilth domains are tied to advanced persistent threat (APT) activity, according to SecureWorks. But the researchers also found that "Tawnya's" domain hosted a Black Hat search engine optimization service.
"I can't see the same person as a spy by night and an SEO [attacker] by day. But could the two worlds combine?" Stewart says.
Stewart says since the same person registered these domains over the years, he or she could possibly have been freelancing for a nation-state organization or dabbling in Black Hat SEO on the side. But there was indeed a connection.
"He's got domains used for espionage. That's not to say he's the one hacking into those governments and companies. But he seems to have registered those domains," Stewart says. The researchers found that the attacker had also written an attack tool, but they can't prove he's using it or providing it to others.
Just how the cyberespionage and Black Hat SEO activities are related or not is unclear, he says. "We can only speculate from there."
Published: 2015-08-27 The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.
Published: 2015-08-27 The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows remote attackers to modify data or cause a denial of service, or execute arbitrary code, via unspecified vectors.
Published: 2015-08-26 The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to pin...
Published: 2015-08-26 HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403.
Published: 2015-08-26 HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.