Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Ministry of foreign affairs. Show all posts

NASA Director Parimal Kopardekar Twitter Handle hacked

 

The Powerful Greek Army group has compromised the Twitter handle of NASA Director Parimal Kopardekar. A spokesperson from the organization said that they reached out to the group who hacked the handle to inquire as to why they targeted the director of NASA, the attackers denied any political motivation to be there behind the attack, saying that the security incident was merely for 'fun'. As per the attackers, Kopardekar was chosen on the basis of his 'professional association' with NASA. 

The director asked the group that how did they hack the handle and the group explained that they detected an exploit that allows them to take over Twitter accounts. They further told that they are hacking for fun to demonstrate that “that nobody is safe online.” 

After getting in touch with the hacker group, Paganini reported that the group had no intention of doing anything malicious with the NASA director’s handle and it could be concluded that it was merely an experiment to test security flaws.

In April 2020, the Powerful Greek Army group breached the Twitter handle of the vice-speakers of the Greek Parliament and KINAL MP, Odysseas Konstantinopoulosening. 

“Government we have warned you. Do not lie to your own people again” states one of the messages published by the compromised account, while in another message he posted, he said: “To clarify something. We do NOT have an issue with this one, with the one with whom we have a big issue is the government and its moves. Friendship”. 

The list of victims who have been attacked includes the Nigerian Ministry of Foreign Affairs and Ministry of Finance, Bank of Nigeria, Ministry of Defence Of Azerbaijan, and The National Bank of North Macedonia.

Parimal Kopardekar holds a senior position at NASA as the Air Transportation Systems and is a principal investigator for the Unmanned Aircraft Systems Traffic Management project at the NASA Ames Research Centre. 

New Cyber Espionage Group Targeting Ministries of Foreign Affairs

 

Researchers unveiled a new cyber espionage group on Thursday, which is behind the series of targeted operations attacking diplomatic entities and telecommunication corporations in Africa and the Middle East since at least 2017. 

The campaign, dubbed "BackdoorDiplomacy," involves exploiting flaws in internet-exposed devices like web servers to carry out various cyber-hacking operations, including moving laterally across the network to execute a custom implant called Turian which is capable of exfiltrating sensitive data stored on removable media. 

Jean-Ian Boutin, head of threat research at Slovak cybersecurity firm ESET said, "BackdoorDiplomacy shares tactics, techniques, and procedures with other Asia-based groups. Turian likely represents a next stage evolution of Quarian, the backdoor last observed in use in 2013 against diplomatic targets in Syria and the U.S." 

The cross-platform group, which targets both Windows and Linux operating systems, singles out management interfaces for networking equipment and servers with internet-exposed ports, most likely abusing unsecured flaws to implement the China Chopper web shell for initial access, which is then used to conduct reconnaissance and install the backdoor. 

F5 BIG-IP devices (CVE-2020-5902), Microsoft Exchange servers, and Plesk web hosting control panels are among the systems affected. Victims have been identified in many African countries' foreign ministries and those in Europe, the Middle East, and Asia. Furthermore, in Africa and at least one Middle Eastern country, telecom carriers have also been hit. 

The researchers stated, "In each case, operators employed similar tactics, techniques, and procedures (TTPs), but modified the tools used, even within close geographic regions, likely to make tracking the group more difficult."

BackdoorDiplomacy is also believed to overlap with previously reported campaigns operated by a Chinese-speaking group Kaspersky tracks as "CloudComputating.

According to ESET researchers, apart from its features to gather system information, take screenshots, and carry out file operations, Turian's network encryption protocol is nearly identical to that used by WhiteBird, a C++ backdoor operated by an Asia-based threat actor named Calypso that was installed within diplomatic organizations in Kazakhstan and Kyrgyzstan at the same timeframe as BackdoorDiplomacy.