Showing posts with label know how. Show all posts
Showing posts with label know how. Show all posts

Thursday, 29 May 2025

FBI Reports Hacker Group After US Law Firms (Again)

The U.S. Federal Bureau of Investigation (FBI) Cyber Division (Internet Crime Complaint Center) has issued a warning that certain malicious cyber actors are targeting law firms.  Law firms are a ripe target for valuable information concerning clients, including intellectual property.  The warning states, in part:

The cyber threat actor Silent Ransom Group (SRG), also known as Luna Moth, Chatty Spider, and UNC3753, is targeting law firms using information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive data to extort the victims. While SRG has historically victimized companies in many sectors, starting Spring 2023, the group has consistently targeted US-based law firms, likely due to the highly sensitive nature of legal industry data. . . .

As of March 2025, SRG was observed changing their tactics to calling individuals and posing as an employee from their company’s IT department. SRG will then direct the employee to join a remote access session, either through an email sent to them, or navigating to a web page. Once the employee grants access to their device, they are told that work needs to be done overnight. Once in the victim’s device, a typical SRG attack involves minimal privilege escalation and quickly pivots to data exfiltration conducted through “WinSCP” (Windows Secure Copy) or a hidden or renamed version of “Rclone.” If the compromised device does not have administrative privileges, WinSCP portable is used to exfiltrate victim data. Although this tactic has only been observed recently, it has been highly effective and resulted in multiple compromises. Similar to their phishing emails posing as a company with a subscription, once SRG exfiltrates data, they extort the victim by sending them a ransom email threatening to sell or post the data online. SRG will also call employees at a victim company to pressure them into engaging in ransom negotiations. SRG has developed a publicly available site to post victim data, however, they are inconsistent in their use of the site, and do not always follow through on posting victim data.

Monday, 14 March 2022

A Compelling Read: New Yorker Article on the U.S. Department of Justice's "China Initiative"

The New Yorker has published an important, fascinating and excellent article concerning Franklin Tao, a university researcher, who was caught up in the U.S. Department of Justice's China Initiative.  The article is titled, "Have Chinese Spies Infiltrated American Campuses," and is authored by Gideon Lewis-Kraus.  The article mostly focuses on Mr. Tao's experience, but also raises numerous important questions about the Trump Administration's China Initiative and its general approach. Notably, the Biden Administration has discontinued that initiative, but see here on addressing "The PRC Threat." The article may be classified as additional proof under the Trump Administration critique: "Can Spot a Problem, But Proposes Unworkable and Likely Ultimately Unproductive Solutions." The article could focus a bit more on how in some technical fields the line between basic and applied research is blurred.  Additionally, the question of industry competitiveness (and dare I say protection) is an important one that has national security implications--especially in a global economy.  This is particularly true where private interests control a significant amount of critical (and other) infrastructure and national governments spend significant amounts of funding on research and development that leads to economic development.  It is important to remember that many universities in the United States are land grant institutions with direction to help develop local economic interests.  The Bayh-Dole Act itself points toward a preference for U.S. economic development.  Moreover, democracy relies upon the trust and the relative prosperity of many of its citizens (the protection of good paying middle class jobs). The article seems to indicate that the big difference between now and past policy concerning approaches to sharing technology with, for example, the Soviet Union, is that the United States is no longer perceived as being "on top."  There may be some truth to that, but I don't think it is the full story: a lot has happened since then besides that fear. The important recommended article is available, here. I hope it stimulates more thought and conversation.