Hackers Continue Cyberattacks Against Vatican, Catholic Orgs

A state-sponsored threat group linked to China has been engaged in a five-month long cyberattack against the Vatican and other Catholic Church-related organizations. Attacks have come in the form of spear phishing emails laced with the PlugX remote access tool (RAT) as the payload.

Researchers with Recorded Future observed the group, RedDelta, targeting the mail servers of Catholic organizations since early May 2020. That is ahead of the anticipated September 2020 renewal of the landmark 2018 China-Vatican provisional agreement, called the China-Holy See deal. The network intrusions occurred up until a week before China’s Foreign Ministry announced that the deal had been “implemented successfully” last week, on Sept. 10, saying a renewal of the deal is expected to be announced in the coming weeks – at which point the threat activity observed died off, researchers said.

#vulnerabilities #web security #catholic #catholic diocese of hong kong #china #chinese hackers #cyberattack #plugx #rat #reddelta #remote access trojan #spear phishing #state sponsored hack #vatican

What is GEEK

Buddha Community

Hackers Continue Cyberattacks Against Vatican, Catholic Orgs

A state-sponsored threat group linked to China has been engaged in a five-month long cyberattack against the Vatican and other Catholic Church-related organizations. Attacks have come in the form of spear phishing emails laced with the PlugX remote access tool (RAT) as the payload.

Researchers with Recorded Future observed the group, RedDelta, targeting the mail servers of Catholic organizations since early May 2020. That is ahead of the anticipated September 2020 renewal of the landmark 2018 China-Vatican provisional agreement, called the China-Holy See deal. The network intrusions occurred up until a week before China’s Foreign Ministry announced that the deal had been “implemented successfully” last week, on Sept. 10, saying a renewal of the deal is expected to be announced in the coming weeks – at which point the threat activity observed died off, researchers said.

#vulnerabilities #web security #catholic #catholic diocese of hong kong #china #chinese hackers #cyberattack #plugx #rat #reddelta #remote access trojan #spear phishing #state sponsored hack #vatican

Threat Actors Introduce Unique ‘Newbie’ Hacker Forum

A well-known private hacking forum has recently become more inclusive, introducing a new platform to help newbie threat actors flourish and hone their expertise, research has found. The discovery is unique, as private hacker forums tend to be the exclusive province of elite cybercriminals.

Digital Shadows on Thursday published a report that takes a deep dive into CryptBB, an exclusive hacker forum that has been operational since 2017.

Initially, the site only accepted new members after a “rigorous application and interview process,” requiring that an applicant prove their skill and knowledge on a chosen area of expertise, “leaving no room for those who fail to meet the required standards,” researchers wrote.

However, the forum recently has taken steps “to be viewed as a platform for ‘all,'” by launching near the end of 2019 a designated space for what it called “newbies,” according to the report. These are hackers who failed the application process but still wanted to hone their skills and learn from not just one another, but also from more expert members of the forum.

“The real surprise was the identification of an application-only forum creating a dedicated subforum for failed applicants, or ‘newbies’, to converse, share insights, and learn from full-time members,” Alex Guirakhoo, threat research team lead at Digital Shadows, told Threatpost. “Historically, the only times we have seen exclusive (private) forums lower the parameters for entry are when they have allowed members willing to pay a set fee in order to bypass the application process (this was seen with the English-language forum KickAss and the Russian-language forum Exploit). The payment enabled the forum to gain more members but was also financially beneficial to the forum. In CryptBB’s case, they are using a dedicated subforum to share knowledge and help others for free. They might be doing this for site-traffic metrics, but the intent behind the scheme seems innocent enough and the forum likely feels it is a way to give back and help others to increase their skills/knowledge.”

Last month, CryptBB owners went a step further and also began to reach out on the dark web to try to recruit new hackers into the forum. Digital Shadows identified what is called a “subdread” dedicated to CryptBB on the dark web community forum Dread—which has a “far-reaching and loyal user base” — in early June, researchers noted.

“On this subdread, CryptBB proclaims itself to be an excellent forum for ‘newbie’ hackers, programmers, and carders eager to start on their journey while also remaining a private platform for ‘advanced’ members who can partake in quality discussions and share expertise,” researchers wrote.

Digital Shadows imagined a few reasons for this concerted effort to shift from a forum exclusive to expert hackers to one that is now inviting less experienced ones into the fold.

One could be to try to preserve and maintain some of the methods and strategies already used by more skilled hackers, researchers surmised. Historically, CryptBB has provided some dedicated services for members to offer, including RDP sales and “hackers for hire” services, they said. Earlier this year, the forum’s admin team also began offering penetration testing and bug-reporting services to marketplaces with an assurance of discretion and no “drama,” researchers reported.

#hacks #web security #0day #cryptbb #cybercriminals #dark web #digital shadows #hacker forum #hackers #hackers for hire #hacking #kickass #research #the report #threat actors #torum

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

The Department of Justice (DOJ) on Monday announced charges against six Russian nationals who are allegedly tied to the Sandworm APT. The threat group is believed to have launched several high-profile cyberattacks over the past few years – including the destructive NotPetya cyberattack that targeted hundreds of firms and hospitals worldwide in 2017.

According to the DOJ complaint, the six Russian nationals are tied to a division of the Russian military intelligence service and also affiliated with the APT Sandworm, also known as TeleBots. The DOJ said cyberattacks linked to the six defendants were “breathtaking” in their scope and “harmed ordinary people around the world,” said Scott Brady, U.S. attorney with the Western District of Pennsylvania, in a DOJ press conference on Monday.

The six defendants are: Yuriy Sergeyevich Andrienko (32); Sergey Vladimirovich Detistov (35); Pavel Valeryevich Frolov (28); Anatoliy Sergeyevich Kovalev (29); Artem Valeryevich Ochichenko (27) and Petr Nikolayevich Pliskin (32).

A breakdown of the charges against each defendant. Credit: DoJ

Each were charged in seven counts: conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft, according to the DOJ.

According to the DOJ, the alleged malicious activity of the six dates back to November 2015, with the group developing malware known as BlackEnergy, Industroyer and KillDisk. The group used the malware in attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service from Dec. 2015 to Dec. 2016, according to the DOJ.

In April and May 2017 the group allegedly launched spearphishing campaigns targeting French President Macron’s “La République En Marche!” (En Marche!) political party prior to the 2017 French elections.

The six defendants. Credit: DoJ

They were also allegedly behind the June 2017 destructive malware attacks that infected computers worldwide, using the NotPetya malware, resulting in the infection of 400 computers. The malware crippled many critical systems, including mission critical systems used by hospitals like the Pennsylvania-based Heritage Valley Health Systems.

In February 2018, the group allegedly sent spearphishing campaigns and malicious mobile applications targeting South Korean citizens and officials, Olympic athletes, partners, and visitors, and International Olympic Committee (IOC) officials; they then allegedly compromised computers supporting the 2018 PyeongChang Winter Olympic Games. This led to the Feb. 9, 2018, destructive malware attack against the opening ceremony, using malware known as Olympic Destroyer.

#vulnerabilities #web security #apt #cyberattack #gru #justice department #notpetya #olympics cyberattack #sandworm #ukraine power grid cyberattack #us doj

The Role of Continuous Integration in Agile

l tasks, developers can focus on more enjoyable, value-adding work. And because the delivery lifecycle doesn’t have to wait for human intervention, bottlenecks are eliminated and time to delivery is faster.

Additionally, any errors are found easily and resolved quickly because small batches of code are released frequently.

Continuous integration has many benefits, including:

• Rapid integration
• Improved visibility
• Increase coordination and communication
• Improved quality
• Reduced risk
• Fast resolution of issues
• Reallocation of resources to strategic objectives

#devops #continuous delivery #continuous deployment #agile methodology #devops and agile #continuous integratinon

8 Fallacies of Continuous Delivery

A quintessential piece for anyone working with distributed systems is the Fallacies of Distributed Computing by L Peter Deutsch. Even when working with modern platforms such as Kubernetes, the assertions made in the Fallacies of Distributed Computing prove to be very true around latency, bandwidth and system administration.

Continuous Delivery practices and systems are increasing in popularity. When designing, implementing or maintaining Continuous Delivery systems, fallacies do exist. Similar to the eight Fallacies of Distributed Computing, there are eight Fallacies of Continuous Delivery.

1. You Will Always Deploy Successfully

A common pitfall in any system development is to build for the happy path. Because software requires innovation and iteration, deployments will fail, and a failure and recovery path needs to be accounted for.

In lower environments, confidence-building steps such as automated tests will have a higher failure / not-passing rate, as confidence is built into the deployment and feedback loops allow for corrections to eventually pass the test coverage.

2. Your Administrators Will Stay

People never stay in the same position forever. Deep expertise in bespoke deployments is at risk with those with tribal knowledge off-board. This also causes a steeper learning curve for those who onboard as platform administrators or onboard their application to the Continuous Delivery system.

**3. Deployments are Always Homogeneous **

A deployment is a culmination of potentially multiple teams and their respective services. There are several approaches to deployment, but because of variations in the scope of changes, rarely are two changes exactly the same. Certain deployments require downtime, while others may require a rolling or canary release strategy.

**4. Rollback Cost is Zero **

The time to decide or make a judgment call to rollback or roll forward certainly carries a cost. Depending on the criticality of the impacted system(s), the clock is ticking, battling the technical point of no return and impact to the business. Once a rollback or roll forward decision is made and executed, validation still needs to occur.

#continuous-integration #continuous-delivery #continuous-deployment #kubernetes #app-development #distributed-computing #devops #hackernoon-top-story