Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label NASA. Show all posts
US Healthcare
Cyber Security CyberCrime Cyberhackers Cyberstrealing CyberThreat Everest Gang Malware attacks NASA ransomware attacks US Healthcare

Everest Gang Poses New Cybersecurity Threat to US Healthcare

 


According to the Health Sector Cybersecurity Coordination Center, the Everest Ransomware group is a threat profile of the recent ransomware attack that took place at Gramercy Surgery Center in New York. The Everest Ransomware group is behind the recent attack. In addition to this, the group has also claimed responsibility for attacks on Horizon View Medical Center in Las Vegas, 2K Dental in Ohio, Prime Imaging in Tennessee, and Stages Pediatric Care in Florida, with more attacks targeted toward the healthcare and public health sectors since 2021. 

More than 120 victims have been added to the site of this group, of which 34% are in the United States, and 27% of them are in the healthcare industry, according to information gathered from their data leak. At least 20 attacks have been carried out by the group between April 2021 and July 2024 on healthcare organizations, with disproportionately high rates of attacks on medical imaging organizations during that period.

As one of the most prevalent types of cybercrime experienced by the world today, ransomware has rapided over the last few years. As a result, criminals are luring victims with highly automated and easy-to-distribute crypto-locking malware to encrypt systems forcibly to demand Bitcoin ransoms in exchange for keys that would allow them to unlock the systems. There are several sources of information available on this Ransomware Resource Center, including information on emerging ransomware variants, threat intelligence on attackers, as well as best practices for detecting, responding, and remediating ransomware. 

A relatively new Russian-speaking ransomware group is looking for targets in the healthcare sector and claims to have stolen sensitive patient information in recent attacks on at least two medical care providers in New York and Nevada. The Everest ransomware group was first identified in December 2020. Following the attack on the Brazilian government and NASA in April 2012, it quickly became well-known within the cybercrime community after several high-profile targets were targeted. 

The group has used double extortion tactics to extort money and exfiltrate data by infecting files with ransomware and then encrypting them with a ransom payment to be paid to decrypt the files and prevent them from being uploaded to its dark web data dump site. According to researchers, there are similarities between the encryptor used by Everest, as well as other ransomware groups, such as Ransomed, which is known to work in collaboration with Everest. Everest has previously been associated with BlackByte ransomware. 

Ransomware is only a recent attack method that was used by the group, as they initially focused on data exfiltration to run malware. Everest, a company that's been around since late 2022, has become a market leader in the initial access broker (IAB) niche. IABs are a group of malicious hackers whose primary objective is to breach company networks, install malware to provide remote access to those networks, and then sell that access to other groups of malicious hackers who need that access to carry out their threats. 

When it comes to threat groups making money with ransomware attacks, this tactic is relatively uncommon. That is because if a threat group can breach company networks and has an encryption tool, it might be able to make more money if it conducts the attack itself rather than outsource access to another group. It is possible that this could be happening to keep a low profile and avoid any law enforcement scrutiny as the explanation. Among the many victims listed on Everest's dark web leak site is Gramercy Surgery Center, which was struck down in January of this year. 

According to the company, it has exfiltrated from the New York-based practice 450 gigabytes of data, including patient and doctor information, which it claims is all private and confidential. Gramercy announced in a statement published on its website on June 18 that it may have been the victim of a cyberattack and that it would be investigating the matter. From June 14 to June 17, Gramercy Medical Center determined that some documents were lost within its information technology environment and as part of the incident, copies of these documents were made and viewed within its systems. 

There is a report that Gramercy reported the hacking incident to federal regulators on Aug. 9 as a data breach by HIPAA regulations that affects nearly 51,000 people. In addition, Everest also listed the Nevada-based Horizon View Medical Center on its data leak site and alleged that the Medical Records Information, which included test results and other sensitive information about patients, had been stolen. The notice about the alleged incident was not posted on Horizon View's website as of Thursday, and the company did not immediately respond to an inquiry for comment from Information Security Media Group regarding Everest's statements regarding the alleged incident.

Following the HHS HC3 alert, the American Hospital Association on Wednesday issued a warning to hospitals regarding the threat of Everest that could pose a threat to patient safety. To move from one victim's network to another, the group employs compromised user accounts and remote desktop protocols to gain entry into the victim's computer networks. It is well known that Everest attacks are made possible by exploiting weak or stolen credentials. 

They can exploit the credentials of several systems that are within an organization. They use tools like ProcDump to make copies of the LSASS process which allows them to steal additional credentials. Following the recommendations of the AHA and HC3, hospitals and healthcare organizations should set up network monitoring systems so that alerts can be sent out for activations of the Cobalt Strike. The US authorities have advised organizations within the healthcare sector to undertake a thorough review of their cybersecurity infrastructure in response to emerging threats from the Everest Gang. 

Specifically, they have recommended the meticulous examination of domain controllers, servers, workstations, and active directories to identify and address any new or unrecognized user accounts. Additionally, it is advised that organizations regularly back up their data, implement air-gapping for data copies, and ensure that backup copies are stored offline and secured with strong passwords. Moreover, the Everest Gang's malicious activities are not confined solely to the healthcare industry. 

The group has also targeted a wide array of sectors, including construction and engineering, financial services, legal and professional services, manufacturing, and government institutions. The authorities have urged all organizations within these industries to remain vigilant and adopt stringent cybersecurity measures to safeguard against potential breaches.
Read more »
US Military
Cyber Attacks NASA North Korea Hackers North Korean cyber attacks Ransom Attack Ransomware attack US Military

North Korean Hacker Indicted for Cyber Attacks on U.S. Hospitals, NASA, and Military Bases

 

Federal prosecutors announced the indictment of Rim Jong Hyok, a North Korean military intelligence operative, for his role in a conspiracy to hack into American healthcare providers, NASA, U.S. military bases, and international entities. 

The indictment, unveiled on July 25, 2024, in Kansas City, Kansas, details Hyok’s involvement in stealing sensitive information and deploying ransomware to fund further cyberattacks. Rim Jong Hyok is accused of laundering money through a Chinese bank, using the proceeds to acquire computer servers and finance additional cyberattacks targeting defense, technology, and government entities globally. The indictment highlights his connection to the Andariel Unit of North Korea’s Reconnaissance General Bureau, a state-sponsored group responsible for these malicious activities. 

The cyberattacks on American hospitals and healthcare providers disrupted patient care, underscoring the severe impact of such crimes on public health. Prosecutors allege that Hyok targeted 17 entities across 11 U.S. states, including NASA and U.S. military bases. Defense and energy companies in China, Taiwan, and South Korea were also among the victims. Over three months, Hyok and his team infiltrated NASA’s computer systems, extracting over 17 gigabytes of unclassified data. They also accessed systems of defense companies in Michigan and California and breached Randolph Air Force Base in Texas and Robins Air Force Base in Georgia. 

The malware used by the Andariel Unit enabled them to transmit stolen information to North Korean military intelligence, aiding the country’s military and nuclear ambitions. The stolen data included details of fighter aircraft, missile defense systems, satellite communications, and radar systems, according to a senior FBI official. Stephen A. Cyrus, an FBI agent based in Kansas City, emphasized that North Korea uses cybercrimes to circumvent international sanctions and fund its political and military goals. The impact of these attacks is felt directly by citizens, as evidenced by the disruption of hospital operations in Kansas and other states. 

A reward of up to $10 million has been offered for information leading to his capture or that of other foreign operatives targeting U.S. infrastructure. The Justice Department has a history of prosecuting North Korean hackers. In 2021, three North Korean programmers were charged with a range of cybercrimes, including an attack on an American movie studio and the attempted theft and extortion of over $1.3 billion from banks and companies worldwide. The FBI’s involvement in this case began when a Kansas medical center reported a ransomware attack in May 2021. 

Hackers had encrypted the hospital’s files and servers, blocking access to patient records and critical equipment. A ransom note demanded Bitcoin payments, threatening to leak the files online if the demands were not met. Investigators traced the Bitcoin transactions to two Hong Kong residents, eventually converting the funds to Chinese currency and transferring them to a Chinese bank. The money was accessed from an ATM near the Sino-Korean Friendship Bridge. 

In 2022, the Justice Department announced the seizure of approximately $500,000 in ransom payments, including the entire ransom paid by the Kansas hospital. While Hyok’s arrest is unlikely, the indictment may lead to sanctions that could hinder North Korea’s ability to collect ransoms, potentially reducing the motivation for future attacks on critical infrastructure. 

Cybersecurity analyst Allan Liska from Recorded Future notes that although sanctions may not stop North Korea’s cyber activities entirely, they could deter attacks on hospitals by making ransom payments more difficult to collect. This incident also raises questions about China’s stance on being targeted by its ally, North Korea.
Read more »
Satellite Security
Air Force Cyber Security Cyberattacks CyberCrime Cyberhackers Hack-A-Sat Hacking NASA Satellite Security

Satellite Security Breached: Hackers Pocket $50K for Exploiting US Air Force Defenses

 


An impressive security exercise was conducted during the annual "Hack-A-Sat" competition within the US Air Force during which hackers managed to successfully compromise a satellite in orbit. MHACKeroni, an Italian team that emerged as the winner of the competition, won a prize of $50,000 for the discovery of vulnerabilities within the satellite's network systems which allowed them to reveal the vulnerabilities. 

To identify gaps in the US cyber defense against potential threats from countries like Russia and China, a hacking competition is being held at the DEF CON hacker conference in Las Vegas this week. 

Moonlighter, a small cubesat named after NASA's ionosphere, was developed by NASA's Aerospace Corporation at the request of NASA's Defense Research Laboratory. The small satellite was launched into space along with a cargo payload for the International Space Station on June 5, 2023, atop a SpaceX Falcon 9 rocket.  

An air force satellite, the US Air Force Moonlighter, was the target of a hacker challenge this year in the form of attacks on a real satellite in space. In the program, five teams were selected out of over 700 applications to establish a data link between the satellite and the ground station, while keeping other teams at bay by establishing a strategic hack into the satellite.

A live satellite zooming above Earth was to be hacked as the competition took place for the first time this year. In previous years, simulated satellites were used on the ground to simulate the live satellites they would hack.  

The satellite during the competition only had a few windows open to download files, telemetry, and scripts dependent on where it was located in orbit, so it had a limited number of opportunities to upload or download files. Normally, even the runners of the CTF occasionally cannot establish a connection during the designated contact window because the CTF operates under real-world circumstances. 

In addition, the U.S. Air Force and the U.S. Naval Space Systems Command of the U.S. Navy conduct competitions known as Hack-A-Sat to find vulnerabilities in the satellite systems overhead that can be exploited to enhance satellite system security. 

In this year's challenge, five teams participated, with "macaroni" taking the top honors and taking home the prize this year, representing five Italian cyber research firms. It was announced that $50,000 would be given as the prize for the first-place winner.   

Taking second place was Poland Can Into Space, an organization that carries out cyber-based research. Moreover, the British-American team "JUMP FS :[rcx]" took third place and received a check for $20,000 from the United States Olympic Committee. 

Capt. Kevin Bernert, a member of the U.S. The Space Force revealed at the announcement of the Hack-A-Sat that the organizers were still collecting data from the Moonlighter. Thus, the team assembled in an emergency stairway before moving to the hotel room where they could connect to the Moonlighter and gather data to make sure the final results were accurate.

Although there was a playful atmosphere to the competition, it was an important reminder that satellite hacking poses a serious threat, one that is growing. The consequences of such breaches in geopolitical dynamics can be significant. 

Just hours before the Russian military deployed troops into Ukraine in 2022, the Russian government targeted Viasat, resulting in a major loss of communication during the invasion. Viasat is an American satellite company based in California. In addition to this, classified documents indicate that as part of its warfighting strategy, China is working on acquiring control of enemy satellites as part of its development of technology. 

The leak of classified documents has also revealed that China has been developing technology that is intended to control and manipulate satellites of foreign adversaries and pick up signals from them. It is evident from the successful breach of a satellite belonging to the US Air Force that it is important to identify vulnerabilities and enhance security measures in space in the future. To prevent potential geopolitical issues in the future, it is imperative to address the security of satellite systems to mitigate the risks involved. 

With this annual contest, satellite systems hold several vulnerabilities. It's a means of uncovering these vulnerabilities and enhancing cybersecurity measures to ensure potential threats cannot be exploited. To enhance the security of satellite networks and mitigate the risks associated with hostile cyber attacks, we must identify and address these weaknesses in the US Air Force and other space agencies.
Read more »
space station
Aeronautical NASA space station

Astronaut accused of Bank account Hacking from Space



An astronaut in NASA has been accused of alleged hacking from space.

According to the reports NASA is investigating an accusation that an astronaut has accessed a bank account that belonged to estranged spouse, If the reports are found to be true it will be the first case of cybercrime from  home planet.

The New York Times reports, Anne McClain, is a former U.S army pilot who flew around 800combat hours during Iraq war has been accused of stealing identity and accessing private financial funds. According to the details Summer Worden, estranged spouse of Anne , accused Anne of accessing her bank credentials.After Summer contacted the bank for details of the location used to login into the account, bank found out that the credentials that were used was registered with NASA.

During the hacking event McClain was at the International Space Station, due to be part of the ill-fated all female spacewalk, putting all the clues together Worden concluded that Anne McClain was the hacker of her bank account.
McClain, returned to the earth following her six months in space and has admitted of accessing account of Worden while at the International Space Station.

McClain insisted that she had been just checking funds in the account for the kid that they both had been raising together. Lawyer Rusty Hardin said ”She strenuously denies that she did anything improper," he added that McClain was "totally cooperating."

According to the reports in Business Insider , "Worden's parents said in a separate complaint that McClain accessed the bank account as part of a "highly calculated and manipulated campaign" to obtain custody of Worden's son, who was born about a year before the couple got married."

In a twitter statement posted McClain said "There’s unequivocally no truth to these claims. We’ve been going through a painful, personal separation that’s now unfortunately in the media. I appreciate the outpouring of support and will reserve comment until after the investigation. I have total confidence in the IG process."

Any crime committed in the space would be under the Jurisdiction of the country of origin of the astronaut concerned

Read more »
NASA
Anonymous Hacker Bypass of Sensitive data. Hacker Hackers News Nanocomputer NASA

Hacker uses a nanocomputer to steal NASA data

It wasn’t a good day for NASA when an unidentified cyber-attacker was able to steal 500 MB of mission data, through a Raspberry Pi nanocomputer.

First introduced by the charity Raspberry Pi Foundation in 2012, the Raspberry Pi is a credit-card sized device intended for the general public, young and old, beginners and amateurs. It is sold for about $35 that plugs into home televisions and is used mainly to teach coding to children and promote computing in developing countries.

The Raspberry Pi organization has just announced the release of the fourth generation of its budget desktop PC, the completely re-engineered Raspberry Pi 4.

The April 2018 attack went undetected for nearly a year, according to an audit report issued on June 18, and an investigation is still underway to find the culprit.

The hacker infiltrated into NASA’s Jet Propulsion Laboratory network and stole sensitive data and forced the temporary disconnection of space-flight systems, the agency has revealed.

Prior to detection, the attacker was able to exfiltrate 23 files amounting to approximately 500 megabytes of data, the report from NASA’s Office of inspector General said.

These included two restricted files from the Mars Science Laboratory mission, which handles the Curiosity Rover, and information relating to the International Traffic in Arms Regulations which restrict the export of US defense and military technologies.

“More importantly, the attacker successfully accessed two of the three primary JPL networks,” the report said.

"Officials were concerned the cyberattackers could move laterally from the gateway into their mission systems, potentially gaining access and initiating malicious signals to human space flight missions that use those systems."

NASA came to question the integrity of its Deep Space Network data “and temporarily disconnected several space flight-related systems from the JPL network.”
Read more »
NASA
Cyber Security FBI NASA

‘Plane hacker’ says “I got bored, so I hacked NASA”


A hacker who is notoriously believed to be involved in several plane hacking revealed that he hacked the famous U.S space agency NASA just because he was bored.

During Digital Age Summit in Istanbul, Roberts spoke to  Anadolu Agency (AA) and said he enjoyed exploiting the vulnerabilities in  cyber securities from big institutes like NASA.

He said, "We have found that the communication security between the satellite and land systems is not well encrypted. We were able to access the system by passing NASA's International Space Station access control measures," .

Roberts Stressed that there are no unbreakable systems, and the transport companies should take serious steps to protect their networks from being hacked as suggested by “Good hackers”.

There was an investigation on Roberts by  Federal Bureau of Investigations (FBI) in 2015 for the suspected hacking of an airplane’s computer system via in-flight wireless Internet

In a search warrant provided by Federal Bureau Of Investigation(FBI) to the federal court,the FBI stated that Roberts had admitted of hacking entertainment systems on flight through in flight internet almost 15 and 20 times between the years 2011 and 2014
In an affidavit Roberts claimed that through in flight hacking he had accessed the controls of the flight and  caused planes to drift sideways.
However Roberts, who is also popularly  known as “Plane Hacker” insists that he did all the hacking just for showing the vulnerabilities in systems available in aviation industry.
Read more »
NASA
Data Breach Hacking NASA

NASA On Hack Alert: Personal Data And Servers Compromised!




NASA’s recently been victimized by a data breach on its server that laid bare Personally Identifiable Information (PII) of its former and present employees alike.



The breach surfaced as a result of an internal security audit conducted by NASA. It was realized that the social security numbers and other PII was available on the compromised server.


 It was only after a couple of months that the NASA employees were notified about the unfortunate issue, given that the security experts had gotten wise about it in the month of October.


When the employees came up with the concern regarding their stolen data, that’s when they were alerted about it all.


The matter will take a lot of looking into and is a concern of top agency priority. The examining of the servers is going on at full speed.


Needless to say, NASA and federal cyber-security are keenly trying to settle on the severity of the exfiltration and the identity theft of the possibly affected.


According to what NASA has cited, none of its missions or secret data was compromised and everything is under control. Identity protection has also been offered to those who were supposedly affected by the compromised data.


NASA has also alluded that the civil service employees of NASA who were detached from the actual agency may have been subject to this hacking attack.


Reportedly, Instantaneous efforts were made to safeguard the servers and it was affirmed that individuals’ security is being taken very sincerely; also for NASA, as its spokespersons have mentioned, data security is paramount.

Read more »
Subscribe to: Posts (Atom)