Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label US Government. Show all posts
US Government
Bitcoin Cryptojacking Cyber Attacks Monero US Government

Hackers Exploit US Government agency’s Cloud System for Cryptojacking

 



A recent cybersecurity breach has exposed vulnerabilities in government agencies, as hackers infiltrated the U.S. Agency for International Development (USAID) to mine cryptocurrency. The attackers secretly exploited the agency’s Microsoft Azure cloud resources, leading to $500,000 in unauthorized service charges before the breach was detected. This incident highlights the growing threat of cryptojacking, a cybercrime where hackers hijack computing power for financial gain.  


How the Hackers Gained Access 

The attackers used a technique called password spraying, which involves trying a set of commonly used passwords on multiple accounts until one works. They managed to breach a high-level administrator account that was part of a test environment, gaining significant control over the system.  

Once inside, they created another account with similar privileges, allowing them to operate undetected for some time. Both accounts were then used to run cryptomining software, which consumes large amounts of processing power to generate digital currency. Since USAID was responsible for cloud costs, the agency unknowingly footed a massive bill for unauthorized usage.  


What is Cryptojacking?  

Cryptojacking is a cyberattack where hackers steal computing resources to mine cryptocurrencies like Bitcoin or Monero. Mining requires powerful hardware and electricity, making it expensive for individuals. By infiltrating cloud systems, cybercriminals shift these costs onto their victims, while reaping financial rewards for themselves.  

This attack is part of a larger trend:  

1. 2018: A cryptojacking incident compromised government websites in the U.S., U.K., and Ireland through a malicious web plugin.  

2. 2019: Hackers accessed an AWS cloud account of a U.S. federal agency by exploiting credentials leaked on GitHub.  

3. 2022: Iranian-linked hackers were found mining cryptocurrency on a U.S. civilian government network.  

Cybersecurity experts warn that cryptojacking often goes unnoticed because it doesn’t immediately disrupt services. Instead, it slowly drains computing resources, resulting in skyrocketing cloud costs and potential security risks.  


How USAID Responded

Once the attack was discovered, USAID took steps to secure its systems and prevent future breaches:  

  •  Tightened password policies to prevent unauthorized access.  
  •  Enabled multi-factor authentication (MFA) to add an extra layer of security.  
  •  Deleted compromised accounts and removed harmful scripts used in the attack.  
  •  Introduced continuous security monitoring to detect suspicious activity earlier.  

A USAID internal report emphasized the need for stronger cybersecurity defenses to prevent similar incidents in the future.  


Experts Warn of Increasing Cryptojacking Threats  

Cryptojacking attacks are typically carried out by individual hackers or cybercrime syndicates looking for quick profits. However, some state-sponsored groups, including those linked to North Korea, have also used this method to fund their operations.  

Cybersecurity professionals explain how these attacks work:  

“If I break into someone’s cloud system, I can mine cryptocurrency using their resources, while they get stuck with the bill,” — Hamish Eisler, Chainalysis.  

Jon Clay, a Threat Intelligence Expert at Trend Micro, describes cryptojacking as a persistent issue, where cybercriminals constantly look for new ways to exploit vulnerabilities.  


How to Protect Against Cryptojacking  

Organizations can take several measures to reduce the risk of cryptojacking attacks:  

  • Implement strong passwords and MFA to make unauthorized access harder.  
  • Monitor cloud usage for unexpected spikes in resource consumption.  
  • Limit administrative access to only essential personnel.  
  • Regularly review security settings to close potential loopholes.  

To combat these threats, Microsoft introduced mandatory MFA for Azure logins, which began rolling out in 2024. This security measure is expected to make it harder for hackers to take over cloud accounts.  

Cryptojacking is a growing cybersecurity threat that can lead to financial losses, operational disruption, and security risks. The USAID breach serves as a wake-up call for both government agencies and businesses to strengthen their cyber defenses. Without proactive measures, organizations remain vulnerable to attacks that silently drain resources and increase costs.

Read more »
User Security
Data Breach Data Leak Social Security Number US Government User Security

Should Americans Share The Social Security Number? Experts Explain the Pros and Cons

 

The initial Social Security numbers were most likely issued in late 1936, and they were intended to be used solely by the US federal government to manage retirement and disability insurance payouts. However, in the 1960s, the use of Social Security numbers as universal identifiers skyrocketed as government agencies adopted automated data processing in their recordkeeping. 

Today, if you apply for a credit card, buy a property, or even receive a pay cheque, you must provide your Social Security number. It's perhaps the most vital piece of identification you have, yet data breaches are increasingly exposing private numbers. According to the Los Angeles Times, hackers recently hacked background-checking organisation National Public Data, acquiring the personal data of 2.9 billion people, including the Social Security numbers of every citizen in the United States. 

Due to the fact that almost all US citizens and permanent residents possess a Social Security number, cell phone providers, utility companies, and even retail establishments now require these numbers for authentication. They are therefore a very attractive target for identity theft. How can you decide whether to disclose your Social Security number and when not to? We sought advice from the specialists. 

When is sharing my social security number acceptable? 

There are good reasons to share your Social Security number, even though it's crucial to keep it private. "Your phone number is required by any company you apply to for a loan or credit line," stated Paige Hanson, head of cyber safety education at NortonLifeLock, in an interview. 

According to Hanson, this covers banks and credit reporting agencies, but since a phone contract is similar to a line of credit, it might also refer to a cell service provider. 

In addition, your Social Security number will be required for all tax-related transactions, such as your employer filing your income report to the IRS, according to Alan Butler, executive director of the Electronic Privacy Information Centre, a nonprofit organisation dedicated to protecting identity and privacy rights. If you have an investment adviser or are making a $10,000 or larger cash transaction, such as purchasing a home or vehicle, you will have to disclose it. 

When should I not disclose my Social Security number? 

There are numerous situations in which you should not disclose your Social Security number. With the growth of phishing attempts, never share personal information over email or phone.

"If you're not initiating the call, you should never share your personal information," NortonLifeLock's Hanson stated. "Even if it looks like it's coming from a legit company you do business with.” 

Confirming the final four digits of your Social Security number is lowered risk, according to Hanson, because the company already has the data. 

Not everyone asking for your phone number has malicious intentions. "Some businesses just want your code just because it's a faster way to look up your account," Hanson pointed out. 

But that's not a compelling argument for them to have it. Others may want it if they're asking you to sign a contract, such as a gym membership. "It's an easier way to go to a collections agency if they have to," Hanson added. "But there are other ways.” 

Your Social can be requested by employers, but it "absolutely cannot be required to get a job," according to Hanson. Thus, it ought not to appear on a job application. Don't give them your personal information if they won't budge and you feel uneasy doing so. 

Prevention tips 

By the time you reach adulthood, your Social Security number has been placed into so many systems that it is hard to keep completely secure. However, there are methods that consumers can take to better protect their account information. Do not carry your Social Security card in your wallet or pocketbook. Keep it in a safe location at home. Also, instead of throwing away any documents or letters with your phone number, shred them. Also, find out why you're being asked for your social security number. 

You can also secure your Social Security number by "freezing" your credit reports with Transunion, Equifax, and Experian. If someone attempts to use your phone number to open a credit card or obtain a loan, the request for your credit report will be denied. You can freeze your report indefinitely or specify a "thaw" date.
Read more »
Windows
Cyber Security US Government Vulnerability management Window Systems Windows

Microsoft Update Alert: 70% Of Windows Users Are Now At Risk

 

Microsoft's end-of-support date for Windows 10 is approaching on October 14, 2025, and the operating system is already facing a serious security threat. With 70% of Windows users still operating Windows 10, the situation in terms of cyber-attacks has become increasingly perilous. This security bug has major consequences for individuals and organisations who rely on Windows 10. 

What's happening?

A 2018 Windows flaw has been added to the US government's known exploited vulnerabilities (KEV) database, cautioning of potential privilege escalation assaults and remote code execution. Researchers believe that the vulnerability, CVE-2018-0824, was exploited by the Chinese hacker outfit APT41. This threat actor is supported by the Ministry of State Security and has a high level of seriousness because it targets both government and private organisations. 

The US government has warned people to fix or stop using Windows if there is any risk by August 26. If this is not done, users will remain vulnerable to assaults. This vulnerability will not affect Windows 11. Additionally, it would not harm updated Windows systems, emphasising the importance of upgrades for users. The warnings appear to be insufficient, as many users continue to use Windows 10, with only 30% having updated their systems to Windows 11. 

Furthermore, as the end-of-support date approaches, hundreds of scam emails are likely to target Windows 10 customers' inboxes. The hackers would take advantage of this situation and jeopardise the security of users' data and systems, resulting in data breaches and other serious consequences such as system compromise and financial losses. 

Take a look at Reddit or the comments on this post to see the enormous number of Windows users who are waiting for Microsoft to pull a late rabbit out of the bag and expand Windows 10 support. It is unclear how this will affect all those who have invested in upgrading. 

Given the recent experience, with global images of blue screens of death all around, come October, this could be a hackers' paradise for a while. Another aspect to consider is that malicious actors would take advantage of the situation and send out scam after scam to nervous Windows 10 users.
Read more »
US Government
Conti Conti Ransomware CrowdStrike outage Cyber Attacks healthcare sectors OFAC ransomware attacks US Government

U.S. Government Escalates Sanctions to Combat Rising Cybersecurity Threats

 

In a significant move to combat rising cyber threats, the U.S. government has intensified its use of sanctions against cybercriminals. This escalation comes in response to an increasing number of ransomware attacks and other cybercrimes targeting American infrastructure, businesses, and individuals. The latest sanctions target hackers and cyber groups responsible for some of the most severe breaches in recent history. 

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has spearheaded these efforts. By freezing assets and prohibiting transactions with designated individuals and entities, OFAC aims to disrupt the financial networks that support these cybercriminal operations. This strategy seeks not only to punish those directly involved in cyber attacks but also to deter future incidents by raising the financial and operational costs for would-be hackers. 

One of the key targets of these sanctions is the notorious ransomware group, Conti. This group has been linked to numerous high-profile attacks, including the devastating breach of Ireland’s Health Service Executive in 2021, which disrupted healthcare services nationwide. By imposing sanctions on Conti and associated individuals, the U.S. government aims to dismantle the group’s operational capabilities and limit its reach. 

In addition to Conti, the sanctions list includes individuals connected to Evil Corp, a cybercrime syndicate known for deploying Dridex malware. This malware has been used to steal financial information and execute large-scale ransomware attacks. The sanctions against Evil Corp reflect a broader strategy to target the infrastructure and personnel behind such sophisticated cyber threats. The increase in sanctions also aligns with international efforts to tackle cybercrime. The U.S. has collaborated with allies to coordinate sanctions and share intelligence, creating a united front against global cyber threats. 

This cooperation underscores the recognition that cybercrime is a transnational issue requiring a collective response. Despite these aggressive measures, the fight against cybercrime is far from over. Cybercriminals continually evolve their tactics, finding new ways to bypass security measures and exploit vulnerabilities. The U.S. government’s approach highlights the need for ongoing vigilance, robust cybersecurity practices, and international collaboration to effectively combat these threats. 

In addition to sanctions, the U.S. government is investing in enhancing its cyber defenses. This includes increasing funding for cybersecurity initiatives, promoting public-private partnerships, and encouraging the adoption of best practices across critical sectors. These efforts aim to build resilience against cyber attacks and ensure that the country can swiftly respond to and recover from incidents when they occur. The impact of these sanctions is already being felt within the cybercriminal community. Reports indicate that some groups are experiencing difficulties in accessing funds and recruiting new members due to the increased scrutiny and financial restrictions. 

While it is too early to declare victory, these sanctions represent a significant step in disrupting the operations of major cyber threats. In conclusion, the U.S. government’s use of sanctions against cybercriminals marks a critical development in the fight against cyber threats. By targeting the financial networks that sustain these operations, the government aims to weaken and deter cybercriminals. However, the dynamic nature of cybercrime necessitates continuous adaptation and international cooperation to protect against evolving threats. 
Read more »
US law Enforcement
Apple Capitol riots Privacy Push notifications US Government US law Enforcement

Apple’s Push Notification Data Used to Investigate Capitol Rioters; Apple Sets Higher Legal bar


When it initially came to light that governments globally demanded push notification data from Apple and Google, suspicion mounted that the US government was doing the same. This has now been confirmed, with one use of it being the monitoring the Capitol riots, that will take place on January 6.

Previously, Apple was prohibited from disclosing that it was receiving legal demands for the information. However, now that it is permitted to do so, it has also raised the standard for compliance.

What is This All About? 

Last week, it was revealed that legal demands were being made to Apple and Google to provide details of the notifications that were sent to persons of interest in the legal investigations. While both companies were meeting the demands, they were not allowed to disclose that it was actually happening. 

The facts were then made public through an open letter by a senator. 

Push notifications can still disclose a lot of information, even though they prevent third parties from seeing the content of end-to-end encrypted conversations, such as those sent over iMessage.

Consider, for instance, a message exchange between a Chinese whistleblower and a US journalist exposing violations of human rights. The push data indicates that the source and journalist had a lengthy back-and-forth conversation yesterday, and a report on the abuses was released today. 

Apple swiftly verified the allegation and added these events to its transparency reporting once the open letter released them from legal constraints on publicizing the practice.

Push Notification Data Used by US Law Enforcement 

Although "foreign" countries were mentioned in the open letter, it was widely assumed that US law enforcement was also requesting the same information. The Washington Post has reported that the data aided in the investigation of Capitol riots, among other incidents, confirming this.

Apple Sets Higher Legal Bar 

Google held these demands to a higher legal standard than Apple did.

Apple provided the push notification data on the basis of a subpoena, whereas Google needed a court order to do so. Law enforcement agencies can issue subpoenas without judicial oversight; that is, they can demand data on their own, based only on their own determination that it is necessary. In contrast, a court order necessitates that a judge evaluate and accept the demand after reviewing the supporting documentation.

Apple has amended its instructions for law enforcement organizations to clarify that in order to obtain push notification data, a judge must approve a court order or search warrant.  

Read more »
US Government
Data Breach Hacker group Kimsuky Kimsuky North Korea Hackers OFAC US Government

US Govt’s OFAC Sanctions North Korea-based Kimsuky Hacking Group


The Treasury Department’s Office of Foreign Assets Control (OFAC) has recently confirmed the involvement of Kimsuky, a North-Korea sponsored hacking group, in a cyber breach attempt that resulted in the compromise of intel in support of the country’s strategic aims. 

Eight North Korean agents have also been sanctioned by the agency for aiding in the evasion of sanctions and promoting their nation's WMD development.

The current measures are apparently a direct response to the Democratic People's Republic of Korea's (DPRK) purported launch of a military reconnaissance satellite on November 21 in an attempt to hinder the DPRK's ability to produce revenue, obtain resources, and obtain intelligence to further its WMD program.

"Active since 2012, Kimsuky is subordinate to the UN- and U.S. designated Reconnaissance General Bureau (RGB), the DPRK's primary foreign intelligence service," the Department of Treasury stated. "Malicious cyber activity associated with the Kimsuky advanced persistent threat is also known in the cybersecurity industry as APT43, Emerald Sleet, Velvet Chollima, TA406, and Black Banshee."

The OFAC, in August 2010, linked Kimsuky to North Korea's primary foreign intelligence agency, the Reconnaissance General Bureau. 

Kimsuky’s operations mostly consist of stealing intelligence, focusing on foreign policies and national security concerns regarding the Korean peninsula and nuclear policy. 

High-Profile Targets of Kimsuky

One of the most notable high-profile targets of the North Korea-based cyberespionage group includes the compromise of South Korea’s nuclear reactor operator in 2018, Operation STOLEN PENCIL against academic institutions in 2018, Operation Kabar Cobra against South Korean government organizations and defense-related agencies in 2019, and Operation Smoke Screen the same year.

Kimsuky was responsible for targeting at least 28 UN officials and several UN Security Council officials in their spear-phishing campaign conducted in August 2020. The cyberespionage group also infiltrated infiltrated South Korea's Atomic Energy Research Institute in June 2021. 

In September 2019, the US Treasury Department imposed sanctions on the North Korean hacker groups Lazarus, Bluenoroff, and Andariel for transferring money to the government of the nation through financial assets pilfered from global cyberattacks against targets.

In May, OFAC also declared sanctions against four North Korean companies engaged in cyberattacks and illegal IT worker schemes intended to raise money for the DPRK's weapons of mass destruction (WMD) programs.  

Read more »
USDoD
Data Breach Data Leak Database Breach Linkedin LinkedIn Users Personal Data US Government USDoD

Hackers Leaks Scraped LinkedIn Data of 35 Million Users


Threat actors have recently leaked personal information of over 35 million online users, by illicitly accessing a LinkedIn database. Apparently, the hackers are operating under the name ‘USDOD.’

The database, on the other hand, has been released in a popular cybercrime forum, Breach Forums. 

It is significant to note that USDoD is the same hacker who compromised the FBI's InfraGard security platform last year, revealing 87,000 members' personal information.

In a post on Breach Forums, the hacker verified that web scraping was used to access the most recent LinkedIn information. Web scraping is a software-driven, automated process that extracts data from websites, usually with the purpose of obtaining certain information from web pages.

As revealed by Hackread, the leaked data included publicly available information regarding the victims’ LinkedIn profiles, such as full names and profile bios. While this data also contains millions of email addresses, the hackers could not get hold of the passwords.

Email addresses from senior US government officials and organizations are exposed in the leak. Email addresses from other international government agencies have also been found.

Legitimacy of LinkedIn Data: Is it Authentic?

After analyzing more than 5 million accounts in the database, Troy Hunt of HaveIBeenPwned came to the conclusion that the data was a combination of information from other sources, including fraudulent email addresses and public LinkedIn profiles. Troy notes that the individuals, businesses, domain names, and a large number of email addresses are real, even though some of the information may be anecdotal or largely made up.

"Because the conclusion is that there’s a significant component of legitimate data in this corpus, I’ve loaded it into HIBP[…]But because there are also a significant number of fabricated email addresses in there, I’ve flagged it as a spam list which means the addresses won’t impact the scale of anyone’s paid subscription if they’re monitoring domains," Hunt explained.

This however was not the first time when the LinkedIn information was being leaked online by threat actors. A similar case happened back in April 2021, where 2 scrapped LinkedIn databases went on sale with 500 million and 827 million records. Also, in June 2021, a hacker sold a LinkedIn database that contained information about around 700 million users.  

Read more »
US Government
Chinese Actors Cyber Attacks Energy sector FBI FBI notification LNG Russian Hackers US Government

FBI Warns Energy Sectors: Chinese and Russian Hackers may Actively Target Energy Sector


According to a recent notification sent by the FBI to the energy industry changes in the global energy supply will most probably result in an increase in the number of Chinese and Russian hackers attacking significant energy infrastructure.   

The notification, released on Thursday, lists several contributing causes, including rising LNG exports from the United States, shifts in the global crude oil supply chain favoring the United States, continued Western pressure on Russia's energy supply, and China's reliance on imported oil. 

The alert, however, did not mention any particular advanced persistent threat (APT) group linked with China or Russia, nor did it cite any cybersecurity incident targeting critical infrastructure. Instead, it makes general mention of how appealing U.S. networks are to foreign hackers and cautions recipients that Chinese and Russian hackers are always looking to examine important systems and improve their capabilities to exploit vulnerabilities they find.

According to Brian Harrell, former assistant secretary for infrastructure protection at the Department of Homeland Security and now an energy sector executive, “Utilities see probing and low-level attempted attacks every day by the Russians and PRC.”

These low-profile attacks help hackers to get an insight into the important aspects of specific systems like where a target has open ports or determine potential firewall restrictions. “China doesn’t make a lot of noise, but the small localized intrusions are helping build their network attack capabilities, likely for future use[…]There’s no doubt that the energy sector is on the front lines of malicious cyber-activity right now as China preps the battlefield,” Harrell added.

As the notification suggests, Chinese hackers have exploited certain US entities by conducting “post-exploitation activity with generic reconnaissance commands using ‘live off the land’ tools.”

“Living off the land,” certainly means an attacker is exploiting tools or features that are already present in the target environment. For instance, sneaky varieties of ransomware like WannaCry and LockBit have covered their tracks and survived inside a network by using a default Windows binary, an existing piece of operating system code. 

The warning states that state-backed Chinese hackers have been targeting common vulnerabilities since 2020, in order to, “target US and allied networks and software/hardware companies to steal intellectual property and develop access into sensitive networks to include critical infrastructure, defense industrial base sectors, and private sector organizations.”

However, the FBI declined to comment on the notification.

The notification further highlights how the Russian invasion of Ukraine altered the world's energy supply chain, citing Western sanctions as a "significant driver" of recent changes in the LNG supply chain. According to the notification, the modification will probably lead to an increase in Russian hackers' targeting of the American energy sector.

In 2022, 74% of Europe’s LNG imports originated in the U.S. the notification said, noting that the US was able to meet European LNG demand. 

It also added that since 2016, Russian hackers have targeted state agencies and several US-based critical infrastructure sectors by, “staging targets networks as pivot points and malware repositories when targeting their final intended victims.”

Read more »
Subscribe to: Posts (Atom)