15 March 2018

Cyber WAR: US and Russian hackers UNCOVERED after leaving EVIDENCE on a Chinese server

By THOMAS MACKIE
Kurt Baumgartner, a researcher at Moscow-based Kaspersky found cyberespionage tools believed to have been created by intelligence agencies of the US and Russia this winter. Colorado native, Mr Baumgartner found evidence of the US and Russia sharing the same space on one Chinese computer. Mr Baumgartner said: ”This is a unique situation - we've never seen overlap, never seen Sofacy attacking the same system as a Lambert.”


The tools were also linked to both the CIA and the same Kremlin-backed hacking group, which the US believe hacked the Democratic National Committee (DNC), known widely as Fancy Bear.

Mr Baumgartner said ahead of his talk at the Kaspersky Analyst Summit in Cancun on Friday that the tools, which are believed to belong to the CIA could sniff out data and passively collect information, however, it is unclear what was carried out.

Kaspersky, a cybersecurity company, refers to the CIA-linked group as the Lamberts.

However, researchers at Symantec have previously dubbed the same hackers the Longhorn crew.

The programs were linked to code released by Wikileaks in its Vault 7 files.

Mr Baumgartner said Fancy Bear had left handfuls of its known modules, keyloggers, file stealers, remote access software on the Chinese server.

The allegedly Russian spies used a kind of encryption that has only ever been used by them, as far as researchers are aware, hence the ability for Mr Baumgartner to associate it with Fancy Bear.

Kaspersky is not revealing the name of the company, although it did say it manufactures aerospace and air defence technologies.

The biggest cyber-attacks, hacks and data breachesSat, May 13, 2017
From viruses to data breaches, cyber-crime is far from a modern invention - here is Express.co.uk's list of some of the biggest attacks in history.


It is unclear that the CIA and Kremlin-linked hackers had separately breached the same Chinese server, or if one was borrowing the code from the other.

"It’s a bit of a mystery," the Kaspersky researcher added.

The researcher said that both the CIA and ‘Fancy Bear’ had breached a vulnerable web application sitting on the server, however, he declined to name which one.

The CIA declined to comment on the Kaspersky findings.

Russia has previously denied responsibility for the DNC hack.


One of Mr Baumgartner’s colleagues, Vitaly Kamluk, had also seen possible cyber attacks at the recent Winter Olympics.

Mr Kamluk said: "The attribution of professional cyberattacks is not only getting difficult, it's getting impossible t's attribution hell...

"We've seen those tiny traits that were used previously by a Sofacy actor... To say this is Sofacy behind it, we need more time to pass."

Mr Kamluk spotted that Fancy Bear could have been involved in taking out Wi-Fi and broadcasting systems during the opening ceremony in South Korea.

Mr Kamluk said the company had received warnings about destructive malware targeting Olympics systems and infrastructure, which were run by companies who were helping to run the games.

Hackers sought to wipe files and cause chaos.

GETTYThe allegedly Russian spies used a kind of encryption

It appeared the attackers spreading that malware had used similar infrastructure, including VPN and hosting services, to previous Fancy Bear efforts.

The Washington Post had also recently reported on the claims of US intelligence officials that Russia was responsible for the hacks and had tried to make it appear North Korea was to blame.

However, Mr Kamluk admitted that it was far from certain that Fancy Bear was involved in an attack that included a so-called "false flag" effort, designed to make attribution as difficult as possible.

In February, Dmitri Alperovitch, co-founder and CTO at CrowdStrike, said he had seen some indications Fancy Bear had targeted the Olympics, but rather than trying to cause destruction as in the previously-documented attacks, it was following its typical modus operandi of quietly carrying out espionage operations.

At the turn of the year, deep in the digital bowels of a Chinese aerospace and military conglomerate, a computer server had some unwelcome guests who'd left their belongings behind.

Not clothing, keys, or wallets, but cyberespionage tools believed to have been created by intelligence agencies of the United States and Russia.

No comments: