US, UK cybersecurity agencies disclose hacking methods used by Russian spy group

Shutterstock image
Shutterstock image
Short Url
Updated 02 July 2021

US, UK cybersecurity agencies disclose hacking methods used by Russian spy group

US, UK cybersecurity agencies disclose hacking methods used by Russian spy group
  • Operatives linked to Russia's spy agency GRU have tried to break into networks using Kubernetes, says NSO

WASHINGTON: US and British agencies disclosed on Thursday details of “brute force” methods they say have been used by Russian intelligence to try to break into the cloud services of hundreds of government agencies, energy companies and other organizations.
An advisory released by the US National Security Agency describes attacks by operatives linked to the GRU, the Russian military intelligence agency, which has been previously tied to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 American elections.
In a statement, NSA Cybersecurity Director Rob Joyce said the campaign was “likely ongoing, on a global scale.”
Brute force attacks involve the automated spraying of sites with potential passwords until hackers gain access. The advisory urges companies to adopt methods long urged by experts as common-sense cyber hygiene, including the use of multi-factor authentication and mandating strong passwords.
Issued during a devastating wave of ransomware attacks on governments and key infrastructure, the advisory does not disclose specific targets of the campaign or its presumed purpose, saying only that hackers have targeted hundreds of organizations worldwide.
The NSA says GRU-linked operatives have tried to break into networks using Kubernetes, an open-source tool originally developed by Google to manage cloud services, since at least mid-2019 through early this year. While a “significant amount” of the attempted break-ins targeted organizations using Microsoft’s Office 365 cloud services, the hackers went after other cloud providers and email servers as well, the NSA said.
The US has long accused Russia of using and tolerating cyberattacks for espionage, spreading disinformation, and the disruption of governments and key infrastructure.
The Russian Embassy in Washington on Thursday “strictly” denied the involvement of Russian government agencies in cyberattacks on US government agencies or private companies.
In a statement posted on Facebook, the embassy said, “We hope that the American side will abandon the practice of unfounded accusations and focus on professional work with Russian experts to strengthen international information security.”
Joe Slowik, a threat analyst at the network-monitoring firm Gigamon, said the activity described by NSA on Thursday shows the GRU has further streamlined an already popular technique for breaking into networks. He said it appears to overlap with Department of Energy reporting on brute force intrusion attempts in late 2019 and early 2020 targeting the US energy and government sectors and is something the US government has apparently been aware of for some time.
Slowik said the use of Kubernetes “is certainly a bit unique, although on its own it doesn’t appear worrying.” He said the brute force method and lateral movement inside networks described by NSA are common among state-backed hackers and criminal ransomware gangs, allowing the GRU to blend in with other actors.
John Hultquist, vice president of analysis at the cybersecurity firm Mandiant, characterized the activity described in the advisory as “routine collection against policy makers, diplomats, the military, and the defense industry.”
“This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt,” Hultquist said in a statement.
The FBI and the Cybersecurity and Infrastructure Security Agency joined the advisory, as did the British National Cyber Security Center.
The GRU has been repeatedly linked by US officials in recent years to a series of hacking incidents. In 2018, special counsel Robert Mueller’s office charged 12 military intelligence officers with hacking Democratic emails that were then released by WikiLeaks in an effort to harm Hillary Clinton’s presidential campaign and boost Donald Trump’s bid.
More recently, the Justice Department announced charges last fall against GRU officers in cyberattacks that targeted a French presidential election, the Winter Olympics in South Korea and American businesses.
Unlike Russia’s foreign intelligence agency SVR, which is blamed for the SolarWinds hacking campaign and is careful not to be detected in its cyber ops, the GRU has carried out the most damaging cyberattacks on record, including two on Ukraine’s power grid and the 2017 NotPetya virus that caused more than $10 billion in damage globally.
GRU operatives have also been involved in the spread of disinformation related to the coronavirus pandemic, US officials have alleged. And an American intelligence assessment in March says the GRU tried to monitor people in US politics in 2019 and 2020 and staged a phishing campaign against subsidiaries of the Ukrainian energy company Burisma, likely to gather information damaging to President Joe Biden, whose son had earlier served on the board.
The Biden administration in April sanctioned Russia after linking it to election interference and the SolarWinds breach.
 


Pakistani capital partially closed as banned religious party marches on Islamabad

Pakistani capital partially closed as banned religious party marches on Islamabad
Updated 23 October 2021

Pakistani capital partially closed as banned religious party marches on Islamabad

Pakistani capital partially closed as banned religious party marches on Islamabad
  • Outlawed Tehreek-e-Labbaik Pakistan party wants its leader released from prison, French envoy expelled

ISLAMABD: Authorities blocked several thoroughfares in the Pakistani capital on Friday after the banned religious party Tehreek-e-Labbaik Pakistan began a march on the Pakistani capital to force the government to release its top leader and expel the French envoy to Islamabad.

TLP has been protesting about the incarceration of it chief, Saad Rizvi, and demanding the expulsion of the French ambassador over cartoons of the Prophet Muhammad published in France last year.

After Rizvi’s arrest in April, violent demonstrations by TLP supporters erupted in major Pakistani cities. Six policemen were killed and more than 800 people were injured, according to official figures, in protests that lasted a week.

Protesters are marching from Lahore, Punjab province, where the TLP leadership is based.

Authorities have partially shut down the country’s capital and other major cities by blocking major roads and arteries with shipping containers after the TLP leadership on Thursday threatened to march on Islamabad and stage a sit-in until their demands were met.

“Our march has started now from Lahore to Islamabad,” Saddam Bukhari, a TLP spokesperson, told Arab News on Friday afternoon. “Thousands of people are accompanying us, and we will reach Islamabad to register our protest.”

Islamabad and adjacent Rawalpindi have already deployed heavy contingents of police at and around the Faizabad Interchange — a junction between the twin cities.

“Everything is normal so far in Islamabad,” Zia-ul-Qamar, an Islamabad police spokesperson, told Arab News. “The riot police and other law enforcement personnel are deployed in the city to maintain law and order.”

The Lahore High Court recently declared Rizvi’s detention as illegal while approving a petition filed by his uncle against his continued incarceration.

The Punjab government, however, filed an appeal against the court’s verdict, saying the bench had not considered the intent and purpose of putting the TLP leader’s name on a list of proscribed individuals and entities to ensure the maintenance of public order.

The Punjab government also said it had intelligence reports that TLP activists were planning a major protest rally in November and were waiting for Rizvi’s release.

Founded in August 2015, the TLP has made the sanctity of the Prophet Muhammad central to its politics. The party has built a wide base of support in recent years, rallying around cases of blasphemy, which are punishable by death in Pakistan.

It was banned following April’s protests.

Rizvi became the leader of TLP in November last year after the death of his father, Khadim Hussein Rizvi.

Related


Swedish teen rapper killed in Stockholm shooting

Swedish teen rapper killed in Stockholm shooting
Updated 23 October 2021

Swedish teen rapper killed in Stockholm shooting

Swedish teen rapper killed in Stockholm shooting
  • The son of Swedish actress Lena Nilsson, Einar grew up in southern Stockholm and often referred to the criminal scene in the area in his work

STOCKHOLM: Award-winning Swedish rapper Einar, who has topped the country’s charts, was shot and killed in Stockholm, police and media said Friday as police hunted for suspects.

The 19-year-old Einar, who raps in Swedish, was the most streamed artist on Spotify in Sweden in 2019.

He was shot several times outside an apartment building shortly before 11 p.m. (2100 GMT) on Thursday.

Ambulance personnel administered first aid but he died at the scene, Stockholm police spokeswoman Towe Hagg told AFP.

Police have opened a murder investigation.

“We are actively working to figure out why it happened and who can be behind it,” Hagg said.

In line with usual practice, the police have not yet confirmed the identity of the victim. But Sweden’s mainstream media identified him as Einar, whose full name is Nils Kurt Erik Einar Gronberg.

Many of Einar’s songs reference a life of crime, including drugs and weapons. He had public feuds with rival artist Yasin, who in July was jailed for 10 months for his role in a planned kidnapping of Einar in 2020.

The plan was ultimately aborted, but Einar was abducted several weeks later without Yasin’s involvement.

Einar was beaten, robbed, photographed in humiliating conditions and blackmailed, according to prosecutors.

The kidnapping was part of a broader case involving 30 suspects in a criminal network accused of a variety of crimes.

Among the suspects was another rapper, Haval Khalil, who was sentenced in July to two-and-a-half years in prison for complicity in the kidnapping and who has also had public spats with Einar.

The verdict was appealed and the case is currently being heard by the Svea Court of Appeal, which is expected to go on until December.

Einar had been called to attend the trial as a plaintiff, but was not planning to do so, his lawyer Rodney Humphreys told AFP.

“The same way he didn’t attend the trial in the district court,” Humphreys said.

The Aftonbladet newspaper reported Friday that Einar was living with a “price on his head” after a series of threats against him which had escalated recently.

Einar himself was one of several suspects arrested for a stabbing at a restaurant in central Stockholm earlier this month.

The son of Swedish actress Lena Nilsson, Einar grew up in southern Stockholm and often referred to the criminal scene in the area in his work.

He started his career posting songs to social media, and broke through in 2019 releasing “Katten i trakten” (The cat in the area), which hit No. 1 on Sweden’s singles chart.

He won several music awards, including Swedish Grammis.

Fans and friends expressed their grief on Einar’s social media.

“Einar was a real brother to me and I will miss him so much. We just released our first record last week and it feels so strange since I spoke to him just a day ago,” producer Trobi wrote on Instagram.

Prime Minister Stefan Lofven said that “it is a young life that has been lost, and I understand that he meant a lot to many young people”.

“It’s tragic that another life has been lost,” he told news agency TT.

Another lesser-known Swedish rapper, 23-year-old Rozh Shamal, was also killed in a 2019 gangland shooting.

Sweden has in recent years struggled to rein in rising shootings and bombings -- usually settlings of scores by gangs and organised crime involved in drug trafficking.

As of October 15, 273 shootings had been recorded with 40 people dead so far in 2021, according to police statistics.

During 2020, 47 people were killed in 366 shootings in the country of 10.3 million people.


Red Cross warns aid groups not enough to stave off Afghan humanitarian crisis

Red Cross warns aid groups not enough to stave off Afghan humanitarian crisis
Updated 22 October 2021

Red Cross warns aid groups not enough to stave off Afghan humanitarian crisis

Red Cross warns aid groups not enough to stave off Afghan humanitarian crisis
  • ICRC has since increased its efforts in the country while other organisations were also stepping up, Director General Robert Mardini said
  • The UN on Thursday announced it had set up a fund to provide cash directly to Afghans

DUBAI: The Red Cross on Friday urged the international community to engage with Afghanistan’s new Taliban rulers, saying that aid groups on their own would be unable to stave off a humanitarian crisis.
Afghanistan has been plunged into crisis by the abrupt end of billions of dollars in foreign assistance following the collapse of the Western-backed government and return to power by the Taliban in August.
The International Committee of the Red Cross (ICRC) has since increased its efforts in the country while other organizations were also stepping up, Director General Robert Mardini said.
But he told Reuters that support from the international community, who had so far taken a cautious approach in engaging with the Taliban, was critical to providing basic services.
“Humanitarian organizations joining forces can only do so much. They can come up with temporary solutions.”
The United Nations on Thursday announced it had set up a fund to provide cash directly to Afghans, which Mardini said would solve the problem for three months.
“Afghanistan is a compounded crisis that is deteriorating by the day,” he said, citing decades of conflict compounded by the effects of climate change and the COVID-19 pandemic.
Mardini said 30 percent of Afghanistan’s 39 million population were facing severe malnutrition and that 18 million people in the country need humanitarian assistance or protection.
The Taliban expelled many foreign aid groups when it was last in power from 1996-2001 but this time has said it welcomes foreign donors and will protect the rights of their staff.
But the hard-line Islamists, facing criticism it has failed to protect rights, including access to education for girls, have also said aid should not be tied to conditions.
“No humanitarian organization can compensate or replace the economy of a country,” Mardini said.


UK court increases jail term for Muslim-hating far-right terrorist

UK court increases jail term for Muslim-hating far-right terrorist
Updated 22 October 2021

UK court increases jail term for Muslim-hating far-right terrorist

UK court increases jail term for Muslim-hating far-right terrorist
  • Michael Nugent, 38, celebrated the Christchurch mosque massacre and distributed bomb-making manuals online
  • Previous sentence of 42 months did not reflect the “gravity” of his crimes, judges said on Friday

LONDON: A convicted white-supremacist terrorist who shared bomb-making instructions online and celebrated the Christchurch mosque massacre has had 18 months added to his jail term by appeal-court judges in London.

Michael Nugent, 38, shared on the Telegram messaging app manuals that showed how to create homemade bombs and firearms, and described the attacks on worshipers at two mosques in New Zealand in March 2019 as a “game-changer.”

In June a court in Kingston, London, convicted him of terror offenses and jailed him for 42 months. But on Friday his sentence was increased to five years after a challenge by the UK’s attorney general, who argued that the penalty was not harsh enough given the seriousness of the crimes.

Nugent was said to have “honored” right-wing terrorists such as Brenton Tarrant, who shot and killed 51 people and injured 40 when he attacked the mosques in Christchurch. Tarrant live-streamed the atrocity on Facebook.

The Independent newspaper reported that Nugent created a video celebrating the attacks to mark the first anniversary of the outrage. In his diary, he wrote that ethnic minorities should be “sent home” and “sterilized,” adding: “Terrorism is the only way out of it.”

Judges said on Friday that the 42-month sentence Nugent was handed in June did not reflect the “obvious gravity” of his online radicalization efforts, which included running Telegram groups that could host up to 200,000 members.

A prosecutor said: “This channel attracted and became a safe haven for anyone who wished to post messages expressing and encouraging extreme racial hatred and violence toward black people.”

Nugent was apprehended after he passed instructions for making bombs and firearms to an undercover police officer who joined his channel.

His defense tried to argue that the terrorist’s actions were a product of deteriorating mental health, but Richard Smith, head of London’s Metropolitan Police Counter Terrorism Command, said: “Nugent freely shared his abhorrent extremist views with others over a messaging app and he passed on manuals detailing how to produce deadly weapons and explosive devices. This is another case which shows how harmful online extremism is.”


Greece tourism rebounds but still suffers from COVID-19

Greece tourism rebounds but still suffers from COVID-19
Updated 22 October 2021

Greece tourism rebounds but still suffers from COVID-19

Greece tourism rebounds but still suffers from COVID-19
  • Foreign tourists seeking sun and sand are the driver of Greece's tourism industry
  • Pandemic travel restrictions kept most away in 2020 and battered the sector

ATHENS: The number of foreign tourists arriving in Greece has rebounded strongly this year, central bank data released Friday showed, but the key tourism sector still remains far below pre-pandemic levels.
Foreign tourists seeking sun and sand are the driver of Greece’s tourism industry, which accounts for a fifth of the overall economy, but pandemic travel restrictions kept most away in 2020 and battered the sector.
Greek central bank data showed that the number of tourist arrivals has jumped 80 percent this year to over 8.6 million.
Meanwhile, spending by tourists during the first eight months of the year has shot up by over 135 percent to nearly 6.6 billion euros ($7.7 billion), the Bank of Greece said in a statement.
But those figures are still far off the level in 2019, before the pandemic, when some 21.8 million tourists spent 13.2 billion euros.
Ahead of the peak summer tourism season, Greece ran a major campaign to voluntarily vaccinate most residents if its Aegean islands, its most popular travel destinations, to help lure back foreign tourists.
Most of the arrivals came from Germany, Britain, France and the United States.
Greece’s economy contracted by 9.0 percent in 2020, due in no small part to the drop in tourists.
The government expects the economy to rebound 6.1 percent this year and grow by 4.5 percent in 2022.