US Department of Health computers targeted by hackers amidst COVID-19 crisis
March 17, 2020 4 Comments
A cyberattack, coupled with a disinformation campaign, targeted the computer systems of the United States Department of Health and Human Services (HHS), in what officials believe was an effort to undermine America’s response to the coronavirus pandemic.
The cyberattack reportedly took place on Sunday night, when online administrators at HHS noticed an abnormal spike in requests to the department’s servers. The number of requests grew to several million within a few hours, according to Bloomberg News, which first reported the incident. A few hours later, a campaign of disinformation was launched against the HHS, along with text messages warning that martial law would be declared across the nation and a two-week curfew would be imposed by the Armed Forces.
The disinformation campaign prompted a tweet by the US National Security Council on Sunday. The tweet warned against “fake” text messages spreading unsubstantiated rumors. There was no elaboration about the content of these text messages. On Monday, the HHS acknowledged that its computer systems had come under attack the previous evening. However, it said that the hackers behind the attack had failed to compromise the integrity of the Department’s computer systems, and that no data had been stolen.
Later on Monday, the HHS said that it was still investigating what it described as “a significant increase in activity” on its computer infrastructure. But it added that its systems remained “fully operational” and that the functionality of its networks had suffered “no degradation”. An HHS spokesman said the Department had augmented its cybersecurity protections in light of the COVID-19 emergency. Consequently, it had suffered no loss of operational capacity or data as a result of the cyberattack.
Speaking at the White House on Monday, HHS Secretary Alex Azar said that the source of the cyberattack was under investigation and refused to speculate as to the identity of the culprit or culprits. However, Bloomberg said that some US government officials suspect that the attack “may have been the work of a foreign actor”. On March 13, the US news network NBC cited experts from several cybersecurity firms who warned that spy agencies around the world were sending out coronavirus information in an attempt to “hack and spy on their targets”.
► Author: Joseph Fitsanakis | Date: 17 March 2020 | Research credit: M.S. | Permalink
A leading Chinese cybersecurity firm has accused the United States Central Intelligence Agency of using sophisticated malicious software to hack into computers belonging to the Chinese government and private sector for over a decade.
One of the United Nations’ most sensitive computer systems was targeted in a highly sophisticated cyber-espionage operation that appears to have been sponsored by a state, according to a leaked study. The study was leaked to the media earlier this week, and was reported by the Associated Press on Wednesday.
A data dump of unprecedented scale includes usernames, IP addresses and even the content of thousands of private chat logs stolen from an influential neo-Nazi website that is now defunct. The data belonged to IronMarch, which was founded in 2011 by Alexander Mukhitdinov, a Russian far-right activist using the online nom-de-guerre “Slavros”. In the nearly six years of its existence, the website featured some of the most extreme and uncompromising far-right content on the World Wide Web.
Russian hackers hijacked an Iranian cyber espionage group and used its infrastructure to launch attacks, hoping that their victims would blame Iran, according to British and American intelligence officials. The information, 
An Iranian engineer who was recruited by Dutch intelligence helped the United States and Israel infect computers used in Iran’s nuclear program with the Stuxnet cyber weapon, according to a new report. 
A group of hackers, allegedly working for the Chinese military, accessed thousands of classified diplomatic cables from the European Union during a protracted cyber-espionage operation, a report has revealed. Over 100 organizations are believed to have been targeted in the multi-year cyber-espionage campaign, including the United Nations, international labor groups, as well as government ministries from dozens of countries. The operation was revealed on Tuesday by Area 1, a cyber-security company founded by former officials of the United States National Security Agency, and 
Russia “paved the way” for last November’s seizure of Ukrainian Navy ships by launching a major cyber attack and disinformation campaign aimed at Ukraine, according to a cyber security firm and the European Union. In what has become known as the Kerch Strait incident of November 25, border service coast guard vessels belonging to the Russian Federal Security Service (FSB) opened fire on three Ukrainian Navy ships that were attempting to enter the Sea of Azov through the Kerch Strait. All three Ukrainian vessels, along with crews totaling 24 sailors, were captured by the Russian force and remain in detention. Ukraine condemned Russia’s action as an act of war and declared martial law in its eastern and southern provinces. But Moscow said the incident had been caused by a provocation by the Ukrainian government, in a desperate effort to increase its popularity at home. Meanwhile, the three Ukrainian ships and their crews remain in Russia.
A new report by the British government alleges that the so-called ‘Cyber Caliphate’, the online hacker wing of the Islamic State, is one of several supposedly non-state groups that are in fact operated by the Russian state. The group calling itself Cyber Caliphate first appeared in early 2014, purporting to operate as the online wing of the Islamic State of Iraq and Syria (ISIS), which was later renamed Islamic State. Today the Cyber Caliphate boasts a virtual army of hackers from dozens of countries, who are ostensibly operating as the online arm of the Islamic State. Their known activities include a strong and often concentrated social media presence, as well as computer hacking, primarily in the form of cyber espionage and cyber sabotage.
Western intelligence agencies thwarted a plot involving two Russians intending to travel to a Swiss government laboratory that investigates nuclear, biological and chemical weapons, and hack its computer systems. According to two separate reports by Dutch newspaper 
The head of Germany’s domestic security agency has publicly blamed the Russian government for a large-scale cyberattack that has targeted German energy providers. The comments follow a June 13 announcement on the subject by Germany’s Federal Office for Information Security (BSI), which is charged with securing the German government’s electronic communications. According to the BSI, a widespread and systematic attack against Germany’s energy networks has been taking place for at least a year now. The attack, which the BSI codenamed BERSERK BEAR, consists of various efforts by hackers to compromise computer networks used by German companies that provide electricity and natural gas to consumers around the country.
A little-known North Korean cyber espionage group has widened its scope and increased its sophistication in the past year, and now threatens targets worldwide, according to a new report by a leading cyber security firm. Since 2010, most cyber-attacks by North Korean hackers have been attributed to a group dubbed “Lazarus” by cyber security specialists. The Lazarus Group is thought to have perpetrated the infamous Sony Pictures attacks in 2014, and the worldwide wave or ransomware attacks dubbed WannaCry by experts in 2017. It is widely believed that the Lazarus Group operates on behalf of the government of North Korea. Most of its operations constitute destructive attacks —mostly cyber sabotage— and financial criminal activity.
Dutch spies identified a notorious Russian hacker group that compromised computer servers belonging to the Democratic Party of the United States and notified American authorities of the attack, according to reports. In 2016, US intelligence agencies determined that a Russian hacker group known as Cozy Bear, or APT29, led a concerted effort to interfere in the US presidential election. The effort, which according to US intelligence agencies was sponsored by the Russian government, involved cyber-attacks against computer systems in the White House and the Department of State, among other targets. It also involved the theft of thousands of emails from computer servers belonging to the Democratic National Committee, which is the governing body of the Democratic Party. The stolen emails were eventually leaked to WikiLeaks, DCLeaks, and other online outlets. Prior descriptions of the Russian hacking in the media have hinted that US intelligence agencies were notified of the Russian cyber-attacks by foreign spy agencies. But there was no mention of where the initial clues came from.
The Russian hacker group that targeted the United States presidential election in 2016 also attacked hundreds of reporters around the world, most of them Americans, an Associated Press investigation shows. The group is often referred to in cyber security circles as Fancy Bear, but is also known as Pawn Storm, Sednit, APT28, Sofacy, and STRONTIUM. It has been linked to a long-lasting series or coordinated attacks against at least 150 senior figures in the US Democratic Party. The attacks occurred in the run-up to last year’s presidential elections in the US, which resulted in a victory for Donald Trump. The hacker group’s targets included Democratic Party presidential candidate Hillary Clinton and her campaign chairman John Podesta. But its hackers also went after senior US diplomatic and intelligence officials, as well as foreign officials in countries like Canada and the Ukraine.
