#AxisOfEasy 233: OilRig Hackers Develop New Backdoor In ‘Out To Sea’ Espionage Campaign


Weekly Axis Of Easy #233


Last Week’s Quote was “All progress comes from those who do not take the accepted views, nor accept the world as it is.” was by Neville Goddard.  No one got it.

This Week’s Quote:  “The idea that everybody you do business or interact with has a moral obligation to share your political views is the height of grandiosity and narcissism.  When that is weaponized, you have #CancelCulture” …by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


 

In this issue:

  • Russian Hackers impersonate the Iranian Ministry of Foreign Affairs to Target European Diplomats 
  • DHS warns against mistrust of the US government in the latest terror bulletin
  • OilRig hackers develop new backdoor in ‘Out to Sea’ Espionage Campaign
  • NYPD’s Intel Unit allegedly received a demo of Pegasus Spyware
  • Department of Justice makes its largest financial seizure in history
 

Elsewhere online:

 
  • Polish authorities appointed an army general to lead the newly created Cybersecurity Military Unit 
  • British Online Security Bill that bans “knowingly false” speech is still in the works 
  • Cybercriminals are using an increasing number of Intelligent Bots at scale to pose a threat 
  • Arm faces increased competition after Nvidia backs out of the deal 
  • IRS no longer plans to use facial recognition after receiving backlash
     


Russian Hackers impersonate the Iranian Ministry of Foreign Affairs to Target European Diplomats

The author behind the attacks is known as APT29, a hacker group linked to the Russian government. During October and November 2021, these scammers —also known as The Dukes or Cozy Bear— launched spear-phishing campaigns targeting European diplomatic missions and foreign ministries.

The threat actors impersonated the Iranian Ministry of Foreign Affairs and sent COVID-19 themed phishing emails to the intended victims. According to the Slovakian company ESET, the purpose behind the spear-phishing attacks was to deploy Cobalt Strike Beacon and additional malware to gather information about the hosts and other machines on the network.

Recent months have shown that The Dukes are a serious threat to western organizations, especially in the diplomatic sector,” the researchers noted. 

They are very persistent, have good operational security, and they know how to create convincing phishing messages.

Read: https://thehackernews.com/2022/02/russian-apt-hackers-used-covid-19-lures.html?&web_view=true 


DHS warns against mistrust of the US government in the latest terror bulletin

The US Department of Homeland Security (DHS) has labeled online “misinformation” as a terror threat in its latest report. According to DHS’ terrorism threat bulletin published last week, there is an “online environment full of false or misleading narratives, conspiracy theories, and other forms of mis-, dis-, and mal-information promulgated by foreign and domestic threat actors.”

According to the bulletin, these “threat actors” aim to create discord to generate unrest, potentially leading to violence and undermining public confidence in state institutions. The DHS warns then that this misinformation spread by said threat actors could result in “mass casualty attacks.”

American citizens raising concerns about election fraud or COVID 19 restrictions might threaten homeland security, reports the DHS. The agency states that “these themes inspired violent extremist attacks” in 2021; however, the report doesn’t give examples of these cited circumstances.

Read: https://reclaimthenet.org/dhs-says-online-misinformation-is-a-terror-threat/ 


OilRig hackers develop new backdoor in ‘Out to Sea’ Espionage Campaign

An Iranian hacker group has updated its malware toolkit and developed a new backdoor —called Marlin— as part of a long-running espionage campaign that began in April 2018.

The cybersecurity company ESET has attributed the “Out to Sea” attacks to the OilRig hacking group while connecting these malicious activities to a second Iranian group tracked under Lyceum.
According to a post shared by The Hacker News, “victims of the campaign include diplomatic organizations, technology companies, and medical organizations in Israel, Tunisia, and the United Arab Emirates.

The Slovakian cyber security company reports that the threat actors used spear-phishing, remote access, and administration software like ITbrain and TeamViewer to access the victim’s network. Additional findings showed that DNS overlapping usage was employed as a C&C channel. At the same time, HTTP/S was used as a secondary communication method, and files were uploaded and downloaded from the C&C server via multiple folders in the backdoor’s working directory.

Read:
https://thehackernews.com/2022/02/iranian-hackers-using-new-marlin.html 



NYPD’s Intel Unit allegedly received a demo of Pegasus Spyware

Motherboard reported last Wednesday that they had obtained an email revealing that an NYPD intel unit had received a demo of Israeli cyber company NSO’s Pegasus spyware. The FBI bought a Pegasus license for evaluation purposes in 2019, according to the New York Times.

The author’s email was named James Sheehan, a program manager from the Northern New Jersey-Newark/Jersey City UASI. As he wrote in an August 2015 email, “there will be a demonstration of the attached investigative software at Rutgers School of Criminal Justice.” The invitation recipients included representatives from the Bergen County Prosecutor’s Office and Jersey City’s public safety agency.

According to Motherboard, the email was obtained through a freedom of information request, and it also included an attached brochure advertising the different hacking abilities of the spyware program. “Turn Your Target’s Smartphone into an Intelligence Gold Mine,” says the Pegasus flyer.

NSO Group has been in the spotlight after Calcalist, an Israeli news site, reported that Israeli law enforcement agencies had used NSO Group’s Pegasus software against CEOs, journalists, and protestors.

Read:
https://www.vice.com/en/article/m7vp93/nso-group-pegasus-demo-nypd 


Department of Justice makes its largest financial seizure in history

Agents arrested two individuals from New York for conspiring to launder $4.5 billion worth of funds stolen in the 2016 hack of cryptocurrency exchange Bitfinex, announced the U.S Department of Justice (DoJ). The detention of Ilya Lichtenstein, 34, and Heather Morgan, 31, alongside the recovery of 3.6 billion in Bitcoin, represents the DoJ’s largest financial seizure to date.

On Tuesday, prosecutors arrested the couple in their lower Manhattan apartment on conspiracy charges to commit money laundering and defrauding the federal government. However, they haven’t been charged with perpetrating the hack itself.

According to the investigators, over 2,000 unauthorized transactions were made to transfer 119,754 bitcoin (BTC) from Bitfinex to a digital wallet controlled by Lichtenstein to launder the proceeds. About 25,000 stolen bitcoins were transferred and deposited into the couple’s account over the past five years. Court documents state that the defendants used several sophisticated laundering methods to obscure the origins of the money, including opening accounts under fake identities, transferring the money from wallet to wallet, and converting the money into other types of cryptocurrency.

Deputy Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division said, “Today, federal law enforcement demonstrated once again that we can follow the money through the blockchain and that we will not allow cryptocurrencies to function as a source of money laundering or other criminal activity in our financial system.”

Read: https://thehackernews.com/2022/02/us-arrests-two-and-seizes-36-million-in.html 


Elsewhere online:


Polish authorities appointed an army general to lead the newly created Cybersecurity Military Unit

https://www.securityweek.com/poland-launches-cybersecurity-military-unit?&web_view=true 


British Online Security Bill that bans “knowingly false” speech is still in the works

https://reclaimthenet.org/uk-wants-to-ban-speech-that-is-knowingly-false/ 
 

Cybercriminals are using an increasing number of Intelligent Bots at scale to pose a threat

https://www.securityweek.com/data-highlights-growing-threat-intelligent-bots-operated-scale-cybercriminals 


Arm faces increased competition after Nvidia backs out of the deal

https://www.wired.com/story/collapse-nvidia-deal-leaves-arm-exposed/ 


IRS no longer plans to use facial recognition after receiving backlash

https://federalnewsnetwork.com/it-modernization/2022/02/irs-walks-away-from-facial-recognition-to-access-online-tools-following-backlash/


Previously on #AxisOfEasy

 

 

One thought on “#AxisOfEasy 233: OilRig Hackers Develop New Backdoor In ‘Out To Sea’ Espionage Campaign

Leave a Reply

Your email address will not be published. Required fields are marked *