Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label President. Show all posts

Myanmar President’s Office Hacked for the Second Time

 

A cyber-espionage hacking gang is suspected of breaking into the Myanmar president's office website and injecting a backdoor trojan into a customized Myanmar font package accessible for download on the home page. ESET, a Slovak security firm, discovered the attack on Wednesday, June 02, 2021. 

The software employed in the attack resembles malware strains used in previous spear-phishing efforts intended at Myanmar targets by a Chinese state-sponsored hacker outfit known as Mustang Panda, RedEcho, or Bronze President, according to researchers. 

Mustang Panda is mostly focused on non-governmental organizations (NGOs). It employs Mongolian language decoys and themes, as well as shared malware such as Poison Ivy and PlugX, to attack its targets. Their attack chain looks something like this: 

• A malicious link is disguised using the goo.gl link shortening tool and sent to a Google Drive folder.

• When you click on the Google Drive link, you'll be taken to a zip file that contains a.Ink file disguised as a.pdf file. 

• The user is redirected to a Windows Scripting Component (.wsc) file when they open the file. This file can be found on a malicious microblogging website.
 
• A VBScript and a PowerShell script from the Twitter page are included in the.Ink file to get the fake PDF file. 
 
• A Cobalt Strike (https://know.netenrich.com/threatintel/malware/Cobalt % 20Strike) payload is created by the PowerShell script. 

• The threat actor can operate the system remotely using Cobalt Strike's connection to the command-and-control IP address. 

Mustang Panda has a history of carefully constructed email-based attacks; for this operation, the gang appears to have modified a Myanmar Unicode font package available for download on the Myanmar presidency's website. “In the archive, attackers added a Cobalt Strike loader [named] Acrobat.dll, that loads a Cobalt Strike shellcode,” the ESET team wrote in a Twitter thread. 

This loader, according to researchers, pings a command and control (C&C) server at 95.217.1[.]81. The loader resembled other malware copies that had previously been transmitted as file attachments in spear-phishing efforts directed at Myanmar targets.

The archives show signs of an advanced and stealthy cyber-espionage operation hidden in files named “NUG Meeting Report.zip,” “Proposed Talking Points for ASEAN-Japan Summit.rar,” “MMRS Geneva,” “2021-03-11.lnk,” and “MOHS-3-covid.rar,” even if ESET said it has yet to officially confirm Mustang Panda's involvement beyond a doubt.

This is the second time the Myanmar president's office has been hacked in order to launch a watering hole attack. The first incident occurred between November 2014 and May 2015, when the site was used to disseminate a version of the EvilGrab malware by another alleged Chinese cyber-espionage group.

Venezuelan blackout due to cyber-attack, says president


Over the last two months, Venezuela has been going through a political and economic crisis with two claimants to the President’s chair and the US imposing sanctions to pressure the incumbent regime. Matters reached a head last week when opposition leader Juan Guaidó, who has declared himself acting President and has the support of the West, returned home after a self-imposed exile to cheering crowds in Caracas. He is trying to force out left-wing dictator Nicolas Maduro, President since 2013, who has declared himself the winner of a controversial election.

Guaidó, 35, was born in the beach town of Vargas, which was severely hit by flash floods in 1999. The family moved to Caracas, where Guaidó studied engineering. It was in 2006 that Guaidó emerged in politics, as one of the principal leaders campaigning for freedom of the press amid a crackdown by then President Hogo Chávez. Guaidó formed his party, Voluntad Popular, which is today leading the fight against Maduro. This year, Guaidó’s party declared him President of the National Assembly, the country’s Parliament.

Ever since the global crude oil downturn, Venezuela has slipped into an economic crisis. Its crime rate has doubled and inflation multiplied. The West-imposed sanctions have now led to a prolonged electricity blackout.

Seventeen people have died in Venezuela's massive power outage, "murdered" by the government of President Nicolas Maduro, opposition leader Juan Guaido alleged Sunday.

The blackout heightened tensions between the opposition and government loyalists, who accuse each other of being responsible for the collapse of the power grid.

Venezuelan president says complete blackout caused by 'an international cyber-attack' with support from within.
Venezuela's President Nicolas Maduro says the country's complete electrical failure has been caused by "an international cyber-attack" but that his administration has "defeated their coup".

Guaido, Venezuela's self-declared interim president, said Sunday that 16 states continued to be completely without power, while six had partial power. He said the private sector had lost at least $400 million from power outages.

Electricity was cut to 70% of the South American nation late last week, and officials warned that hospitals were at risk.’

"Venezuela has truly collapsed already," Guaido told CNN Sunday in an interview in a sweltering hotel room in the Venezuelan capital -- another byproduct of the blackouts.