General Worldwide activity:

1st: CISA to launch new cyber supply chain resource hub

Overview: The Cybersecurity and Infrastructure Security Agency is developing a new resource center for federal agencies to help address compliance issues associated with a wave of recent cyber supply chain risk management — or C-SCRM — and software security mandates. The hub will first be piloted by an initial set of agencies, though CISA plans to include a section for industry as part of a broader effort to expand information sharing across the public and private sectors, according to Shon Lyublanovits, the lead for the agency’s C-SCRM project management office. “We want to take some of the things coming from [the National Institute of Standards and Technology] and actually create practical checklists or guides to help with some of the compliance issues,” Lyublanovits said at FCW’s Supply Chain Workshop on Tuesday. Lyublanovits said that the goal of the new resource center is to help organizations operationalize C-SCRM practices and enhance their overall cyber hygiene. CISA is envisioning that the hub will eventually allow agencies and other stakeholders to conveniently explore practical C-SCRM information assets like pull-down templates, checklists, guides and other tools.

Breakdown: CISA has been a driving force recently, not only in responding to attacks with help but also creating new resources and tools for defenders to use in their fight against threat groups. This is another great move forward, with supply chain attacks becoming extremely high profile here in the last year and the ever-evolving case tied into SolarWinds with all the organizations effected just in one example. Hopefully this resource center can provide a wealth of solutions for both public and private organizations once it is fully up and running.

2nd: Killnet as a private military hacking company? For now, it’s probably just a dream

Overview: The pro-Moscow hacking group Killnet dropped a promo video in June for an upcoming short film that promised to delve into the world of Russian hacktivists. In the clip, a person behind the scenes violently smashes a radio and laptop with a hammer, interrupting a somber piano tune and the sounds of a news report. “You want peace? Kill first,” the person says. It’s a predictable message for the group, which has become a high-profile example of how hackers with political or social motivations can grab attention during times of conflict. Founded in October 2021, Killnet is known among the hacker community more for its provocative content than sophisticated attacks. The group initially offered for-hire distributed denial-of-service attacks, but gained global attention during the war in Ukraine when it claimed responsibility for cyberattacks targeting healthcare institutions in Western countries, dark web markets, and websites of U.S. and European government agencies.

Breakdown: So far Killnet has been a lot of bravado and has not had massive impact on the companies they have attacked. If this is any kind of real indication of change into the future, becoming a private hacking organization and getting backed by the Russian government, whether officially or unofficially, would be a major step up in threat levels for organizations worldwide on their target list. They have also made claims they are joining up to attack financial organizations with Anonymous Sudan and ReVIL. If any of these partnerships actually work out, we should be prepared to see a large escalation in their attack patterns and actual total impacts to targeted organizations.

3rd: New DOJ Cyber Unit Adds ‘Horsepower’ To Cybercrime Investigations

Overview: The U.S. government has announced a new unit that is dedicated to prosecuting nation-state threat actors and cybercriminals with the aim of more quickly disrupting the overall threat ecosystem. Over the past year, the Department of Justice (DoJ) has announced several charges, sanctions and disruptions targeting cybercriminals behind ransomware attacks, state-sponsored activity and more. The new National Security Cyber Section (NatSec Cyber), carved out within the DoJ’s National Security Division and led by Sean Newell, currently senior counsel to the Deputy Attorney General within the DoJ, would add more “horsepower and organizational structure” needed to support these investigations, said Assistant Attorney General Matthew Olsen. “NatSec Cyber prosecutors will be positioned to act quickly, as soon as the FBI or an IC partner identifies a cyber-enabled threat, and to support investigations and disruptions from the earliest stages,” said Olsen in a Tuesday announcement of the unit. A team of prosecutors fully dedicated to national security cybercriminal cases, which has the ability to move quickly and collaborate with different agencies across the government, will be key to NatSec Cyber’s success. Previous cases by the DoJ that have involved dismantling botnets, seizing illicit cryptocurrency funds from North Korean hackers and neutralizing Turla’s Snake intrusion tool have been fast paced and included technical and often classified information.

Breakdown: This is another big move forward on the defensive side from U.S. Government backed organizations, just as we saw in our first story this week with CISA. There is only so much that can be done from the nation state levels against other governments and their agents, with a lot of that weight being put directly on the DoJ. Hopefully like the CISA story, once this gets up to speed and running, we will see even more large-scale operations against threat actors worldwide. Sanctions are one real tool to use, but a dedicated team of full-time prosecutors backed with the full power of the U.S. Government should add to the general concerns of threat actors when doing a risk review on attacking organizations falling under U.S. laws and protections.

4th: Air National Guardsman indicted for leaking classified information

Overview: The Massachusetts Air National Guardsman accused of leaking highly classified military documents has been indicted on federal felony charges, the Justice Department said Thursday. Jack Teixeira faces six counts in the indictment of willful retention and transmission of national defense information. He was arrested in April on charges of sharing highly classified military documents about Russia’s war in Ukraine and other top national security issues in a chat room on Discord, a social media platform that started as a hangout for gamers. The stunning breach exposed to the world unvarnished secret assessments of Russia’s war in Ukraine, the capabilities and geopolitical interests of other nations and other national security issues. “As laid out in the indictment, Jack Teixeira was entrusted by the United States government with access to classified national defense information — including information that reasonably could be expected to cause exceptionally grave damage to national security if shared,” Attorney General Merrick B. Garland said in a statement announcing the indictment.

Breakdown: This is an extreme case considering the classified nature of much of the material that was leaked, but it is also a perfect case of insider threat and for security awareness discussions within all organizations, both public and private. Insider threats take many forms, with someone’s ego, attitude, and ability to access different sources of privileged information all creating a potential perfect storm with massive effects onto the affected organization.

5th: Police arrest suspect linked to notorious OPERA1ER cybercrime gang

Overview: Law enforcement has detained a suspect believed to be a key member of the OPERA1ER cybercrime group, which has targeted mobile banking services and financial institutions in malware, phishing, and Business Email Compromise (BEC) campaigns. The gang, also known as NX$M$, DESKTOP Group, and Common Raven, is suspected of having stolen between $11 million and $30 million over the last four years in more than 30 attacks spanning 15 countries across Africa, Asia, and Latin America. The suspect was arrested by authorities in Côte d’Ivoire in early June following a joint law enforcement action dubbed Operation Nervone with the help of AFRIPOL, Interpol’s Cybercrime Directorate, cybersecurity company Group-IB, and telecom carrier Orange.

Breakdown: We end this week with another win for the defenders with this arrest on a main member of a cybercrime group. This is also another great example of public and private organizations joining in with law enforcement agencies to attempt to put real consequences on the people willing to steal from financial services organizations. Moves like this again, as noted above, create real consequences, and attach real risk to the risk/reward discussions all criminals need to consider before committing this level of cybercrime.

Contact Us

contact@hunterstrategy.net

Our Website

Top five Cyber Threat Intel stories of the week: 07/03 to 07/07/2023