News

The infamous APT1 cyberespionage crew is diminished but not defeated following its public exposure three months ago. Cyber Squared, another threat intelligence firm, reported a month ago that APT1 was still in business. However, at the time it said there was no discernible difference in the group’s implant technologies or command and control capabilities. The group’s target selection process also remained unaltered, according to Cyber Squared.

China, China, China: New data and intelligence is shedding more light on just how bold and pervasive Chinese cyberespionage activity is today. “I was personally part of the camp that thought these guys would change significantly” after the Mandiant report was published, says Rich Barger, chief intelligence officer with Cyber Squared, which last week unveiled new evidence of the group targeting the defense and aerospace community using many of the same techniques and command-and-control (C&C) capabilities as before.

The widely feared Chinese cyber-espionage crew known as APT1 is back in business two month after a high profile report that lifted the lid off its activities, according to security researchers. Cyber Squared has been tracking numerous Chinese cyber espionage threat groups within ThreatConnect.com and crowd-sourcing threat intelligence with nearly 400 global security researchers. All signs suggest that “Comment Crew” and other Chinese APT threat groups are still conducting exploitation operations. In fact, there has been little change detected within “Comment Crew” operations.

Speaking of which, security start-up Cyber Squared on Thursday reported that the “Comment Crew” also known as “APT1″ is back in action. You may recall this spy gang with ties to the Chinese military grabbed headlines a couple of months ago when forensics firm Mandiant released a detailed report of how the gang’s day-to-day activities.

Register to attend Cyber Squared’s Threat Intelligence quarterly update webinar. Spend your lunch hour with our intelligence team on Wednesday, April 17th as they review noteworthy events, case studies, and ThreatConnect updates from the first quarter.

Security company Cyber Squared reported this week how three Chinese political activists in and outside of the country were sent tweets from Twitter that contained links to two compromised websites.

Researchers at Cyber Squared, an Arlington, Va.-based security company, published their findings this week. The links in the tweets, analyst Wes Hurd wrote, led to a Tibet WordPress blog and a Chinese-language forum; both served up Adobe Flash exploits used in the past to attack aerospace companies as well as an online payroll provider.

Cyber Squared Sykipot research was mentioned in this Alienvault Labs blog post. In the post, Alienvault Labs exposes several campaigns and new versions of the backdoor they have used to access the compromised systems.

Cyber-espionage crews have been targeting the lucrative medical and life science industries using custom malware and spear-phishing, according to new research. Security intelligence firm Cyber Squared said that at least three distinct groups have targeted the industry for more than two years since 2010. It has posted a blog post [2] exposing some of the techniques and tradecraft of cyberspies targeting the life science sector. A single drug can cost up to $1bn to develop, the security bods note.

Multiple gangs of Chinese cyberespionage hackers are now targeting the healthcare and medical/life sciences industries. Most every industry is fair game for cyberespionage these days — so it’s no surprise that the healthcare and medical industry would come up on the list — but, to date, it has been a field more abused by cybercriminals motivated by medical identity theft and other financial fraud.

Cyber Squared, for one, has built openness into its business model. The security start-up recently launched ThreatConnect.com, an online exchange where some 150 security researchers and 45 organizations convene around the clock to share data and brainstorm.

Shanghai hackers APT1 – outed this month in a high-profile report that linked them to the Chinese military – may not be China’s top cyber-espionage team despite its moniker. Security experts say the team is more prolific than leet.

The Chinese military hacking group that has stolen huge amounts of data from U.S. organizations is one of some 20 active cyberspying groups engaging in comparable data theft and espionage.

Identifying the groups behind attacks is still a dicey proposition, but security firms are collecting more information on attackers’ techniques and their infrastructure.

Recent hack attacks on the New York Times and the Wall Street Journal may be simply the most prominent out of a wider series of assaults against western media firms, according to a cyber-security intelligence firm.

Originally posted on lastwatchdog.com – The recent network breaches of the New York Times and Wall Street Journal may be the tip of the iceberg. At least six separate Chinese hacking groups, steeping in Advanced Persistent Threat, or APT tactics, are likely responsible for targeting US, UK, Australian, Canadian, Korean and Philippine media organizations, says Adam Vincent, CEO of security startup Cyber Squared, which runs the ThreatConnect intelligence-sharing exchange.

Bloomberg cites Project Enlightenment in their story on Cyber Espionage from China. Read the story or click here to read a summary and download the case study.

July 12, 2012, Cyber Squared Inc. is a prime contractor on the SEAPORT Enhanced (SEAPORT-e) multiple award contract from the Naval Surface Warfare Center (NSWC) in Dahlgren, VA. Click here to read more.

Washingtonian story on Cyber Squared’s newly-released cyber espionage investigation. Read the story or click here to read a summary and download the case study.

Due to the positive response our Project Enlightenment case study has generated, we will hold a webinar on Wednesday, May 30th to share additional insights into our cyber espionage investigation.  Click for More Information and to Register.

CSO Online publishes online story on Cyber Squared’s newly-released cyber espionage investigation. Read the story or click here to read a summary and download the case study.

Darkreading publishes online story on Cyber Squared’s newly-released cyber espionage investigation. Read the story or click here to read a summary and download the case study.

The Christian Science Monitor publishes online story on Cyber Squared’s newly-released cyber espionage investigation. Read the story or click here to read a summary and download the case study.

Security provider Cyber Squared has released a detailed report examining a widespread cyber espionage operation that targeted a variety of companies and organizations across multiple sectors.

Cyber Squared’s newly released case study highlights the seriousness of cyber threats to all types of organizations.  Click here to read a summary and download the case study.

Read Adam Vincent’s latest SYS-CON Media article on what small businesses can do to protect themselves and mitigate the risk of losing customers, revenue, sensitive information, and their reputation.

We welcome Jason Lord to our team of cyber security professionals. Jason brings industry expertise in Incident Response and Digital Forensics.  He will be leading our services team in supporting our commercial clients and helping them manage their cyber security risks. Welcome, Jason!

I was part of a panel titled “Developing Security Strategies to Successfully Combat Sophisticated Threats to your Network, while Protecting Customer Privacy” at the TM Forum conference two weeks ago. Given the topic, and the interesting conversation, I wanted to highlight some of the ideas expressed around sophisticated threats.

With the 2012 political season upon us, we have just gained a glimpse of the individual candidates and their cyber policies. It is from those cyber policies that we have also heard the candidates address China; specifically Chinese nation state cyber sanctioned or sponsored espionage. To the American voter, “cyber” issues may not be the hot topic that the economy, immigration or the presence of troops in Iraq and Afghanistan are. However, the candidates and their staffs would benefit by recognizing cyber security is not just a second tier national issue for debate, but a very real problem that they will have to deal with directly in their own campaign’s security posture.

Google recently reported the possibility of a Man-In-The-Middle (MITM) attack using fraudulent SSL certificates issued by DigiNotar.  The attack affected people logging into Google’s popular email services from Iran, and google has responded by rejecting all the Certificate Authorities operated by DigiNotar. We now know that Google is not the only possible target of these bogus DigiNotar issued certificates.  Rather DigiNotar certificate signing services, used to create a foundation of trust, had been used maliciously to create many fraudulent SSL certificates.

DEFENCE companies such as Lockheed Martin have seen some of their cyber-defences penetrated. Sony, Google, Citigroup and other firms have had sensitive customer data swiped by high-tech intruders. The IMF has been the victim of a digital attack, as has the website of America’s Senate. And a hackers’ collective, called Anonymous, has threatened to launch an online assault on the computer systems of America’s Federal Reserve unless its chairman, Ben Bernanke, agrees to step down.

The International Monetary Fund was targeted by attackers over several months earlier this year, The New York Times reported. Many security experts are speculating the attackers may have had some support from a nation-state.

In the aftermath of cyber attacks on L-3, Lockheed Martin, and RSA, Cyber Squared Inc., a government consulting firm specializing in tracking and disrupting sophisticated threats, is offering security intelligence services to the commercial sector.

The existence of a persistent cyber-espionage threat to the military, government, and defense contractors is nothing new. While the ability of these organizations to react and remediate attacks against their networks is still often demonstrably lacking, there is now at least some level of cognizance of the threat and even an expectation of serious, repeated attacks. Awareness is obviously a vital first step on the road to solid security and attack prevention.

In the last week Lockheed Martin, then L-3 Communications Holdings have been in the news due to sophisticated cyber attacks on their networks by unknown actors. Now there are rumors that Northrop Grumman may have been targeted as well, since the company shut down remote access to the company’s network. Are these events linked to the attack on RSA which was reported on May 17th?