Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label OFAC. Show all posts
United States
Chinese Hackers Cyber Security OFAC Telecom United States

Chinese Hackers Target U.S. Treasury Sanctions Office

 


A major cybersecurity breach has been reported against the U.S. Treasury Department, specifically its Office of Foreign Assets Control (OFAC). OFAC, which oversees trade and economic sanctions, was accessed by Chinese state-backed hackers in what officials have described as a "major incident."  

How the Attack Happened

The breach was through a vulnerability in BeyondTrust, a remote support software used by the Treasury. Hackers exploited this platform to gain unauthorized access to sensitive government systems. OFAC was their primary focus, likely because of its role in managing sanctions against foreign entities, including Chinese individuals and organizations.

OFAC was originally created in 1950 in the Korean War to block assets from China and North Korea. Today, it remains a very central part of U.S. sanctions enforcement. This makes OFAC a high-value target for espionage. 

Impact of the Breach

According to the reports, in addition to OFAC, the hackers accessed the Treasury's Office of Financial Research. Officials have so far confirmed that the compromised systems have been secured, and the hackers do not have access any longer. The extent of data stolen or misused is yet to be determined.  

The same hacking crew, which identified itself as the "Salt Typhoon," also has been identified with earlier incidents of hacking other major U.S. telecom firms, including Verizon and AT&T, whose breaches enabled illicit access to customers' communications-affecting contents such as sent text messages or calls, among others-as well as wiretaps conducted by police.

Salt Typhoon is not limited to the United States, as there have been reports of similar breaches in telecommunications networks of several countries. This has shown weaknesses in crucial communication infrastructure. 

In response to these incursions, U.S. officials have called for more stringent cybersecurity measures. CISA has suggested using encrypted messaging apps such as Signal to secure communications. Moreover, lawmakers are thinking of banning China Telecom's remaining operations in the U.S.

Senator Ron Wyden also introduced new legislation to ensure the US telecom system's security. All these steps are taken to avoid such breaches in the future and to prevent the sensitive data pertaining to the government and private institutions, which would have been accessed by the state-funded cyberattacks. This was a highly sophisticated cyber-espionage campaign, thus proving the explicit necessity for security measures.



Read more »
US Government
Conti Conti Ransomware CrowdStrike outage Cyber Attacks healthcare sectors OFAC ransomware attacks US Government

U.S. Government Escalates Sanctions to Combat Rising Cybersecurity Threats

 

In a significant move to combat rising cyber threats, the U.S. government has intensified its use of sanctions against cybercriminals. This escalation comes in response to an increasing number of ransomware attacks and other cybercrimes targeting American infrastructure, businesses, and individuals. The latest sanctions target hackers and cyber groups responsible for some of the most severe breaches in recent history. 

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has spearheaded these efforts. By freezing assets and prohibiting transactions with designated individuals and entities, OFAC aims to disrupt the financial networks that support these cybercriminal operations. This strategy seeks not only to punish those directly involved in cyber attacks but also to deter future incidents by raising the financial and operational costs for would-be hackers. 

One of the key targets of these sanctions is the notorious ransomware group, Conti. This group has been linked to numerous high-profile attacks, including the devastating breach of Ireland’s Health Service Executive in 2021, which disrupted healthcare services nationwide. By imposing sanctions on Conti and associated individuals, the U.S. government aims to dismantle the group’s operational capabilities and limit its reach. 

In addition to Conti, the sanctions list includes individuals connected to Evil Corp, a cybercrime syndicate known for deploying Dridex malware. This malware has been used to steal financial information and execute large-scale ransomware attacks. The sanctions against Evil Corp reflect a broader strategy to target the infrastructure and personnel behind such sophisticated cyber threats. The increase in sanctions also aligns with international efforts to tackle cybercrime. The U.S. has collaborated with allies to coordinate sanctions and share intelligence, creating a united front against global cyber threats. 

This cooperation underscores the recognition that cybercrime is a transnational issue requiring a collective response. Despite these aggressive measures, the fight against cybercrime is far from over. Cybercriminals continually evolve their tactics, finding new ways to bypass security measures and exploit vulnerabilities. The U.S. government’s approach highlights the need for ongoing vigilance, robust cybersecurity practices, and international collaboration to effectively combat these threats. 

In addition to sanctions, the U.S. government is investing in enhancing its cyber defenses. This includes increasing funding for cybersecurity initiatives, promoting public-private partnerships, and encouraging the adoption of best practices across critical sectors. These efforts aim to build resilience against cyber attacks and ensure that the country can swiftly respond to and recover from incidents when they occur. The impact of these sanctions is already being felt within the cybercriminal community. Reports indicate that some groups are experiencing difficulties in accessing funds and recruiting new members due to the increased scrutiny and financial restrictions. 

While it is too early to declare victory, these sanctions represent a significant step in disrupting the operations of major cyber threats. In conclusion, the U.S. government’s use of sanctions against cybercriminals marks a critical development in the fight against cyber threats. By targeting the financial networks that sustain these operations, the government aims to weaken and deter cybercriminals. However, the dynamic nature of cybercrime necessitates continuous adaptation and international cooperation to protect against evolving threats. 
Read more »
US Government
Data Breach Hacker group Kimsuky Kimsuky North Korea Hackers OFAC US Government

US Govt’s OFAC Sanctions North Korea-based Kimsuky Hacking Group


The Treasury Department’s Office of Foreign Assets Control (OFAC) has recently confirmed the involvement of Kimsuky, a North-Korea sponsored hacking group, in a cyber breach attempt that resulted in the compromise of intel in support of the country’s strategic aims. 

Eight North Korean agents have also been sanctioned by the agency for aiding in the evasion of sanctions and promoting their nation's WMD development.

The current measures are apparently a direct response to the Democratic People's Republic of Korea's (DPRK) purported launch of a military reconnaissance satellite on November 21 in an attempt to hinder the DPRK's ability to produce revenue, obtain resources, and obtain intelligence to further its WMD program.

"Active since 2012, Kimsuky is subordinate to the UN- and U.S. designated Reconnaissance General Bureau (RGB), the DPRK's primary foreign intelligence service," the Department of Treasury stated. "Malicious cyber activity associated with the Kimsuky advanced persistent threat is also known in the cybersecurity industry as APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee."

The OFAC, in August 2010, linked Kimsuky to North Korea's primary foreign intelligence agency, the Reconnaissance General Bureau. 

Kimsuky’s operations mostly consist of stealing intelligence, focusing on foreign policies and national security concerns regarding the Korean peninsula and nuclear policy. 

High-Profile Targets of Kimsuky

One of the most notable high-profile targets of the North Korea-based cyberespionage group includes the compromise of South Korea’s nuclear reactor operator in 2018, Operation STOLEN PENCIL against academic institutions in 2018, Operation Kabar Cobra against South Korean government organizations and defense-related agencies in 2019, and Operation Smoke Screen the same year.

Kimsuky was responsible for targeting at least 28 UN officials and several UN Security Council officials in their spear-phishing campaign conducted in August 2020. The cyberespionage group also infiltrated infiltrated South Korea's Atomic Energy Research Institute in June 2021. 

In September 2019, the US Treasury Department imposed sanctions on the North Korean hacker groups Lazarus, Bluenoroff, and Andariel for transferring money to the government of the nation through financial assets pilfered from global cyberattacks against targets.

In May, OFAC also declared sanctions against four North Korean companies engaged in cyberattacks and illegal IT worker schemes intended to raise money for the DPRK's weapons of mass destruction (WMD) programs.  

Read more »
Subscribe to: Posts (Atom)