New: The hackers behind a watering-hole campaign against targets in the Middle East may be using software from the Israeli spyware firm Candiru, recently targeted by U.S. export restrictions, according to @ESET: subscriber.politicopro.com/article/2021/1…
In research being presented today at @CYBERWARCON, ESET experts say an IP address linked to Candiru in a recent @citizenlab report has ties to two of the malicious domain names in the watering-hole attacks.
These watering-hole attacks spoofed websites of Yemen’s parliament & interior ministry, Iran’s foreign ministry, Syria’s electricity ministry, @MiddleEastEye, and Hezbollah-linked TV channels.

Fake sites delivered malware that exploited web browser vulnerabilities.
@MiddleEastEye But the hackers got smarter between their 2020 and 2021 watering-hole campaigns, according to ESET.

They configured their malicious code to scan victims' computers and look for specific targets before deploying.

This prevented researchers from acquiring the malware to analyze.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Eric Geller

Eric Geller Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ericgeller

16 Nov
New: The Belarusian government is behind a wide-ranging campaign of cyberattacks on its Eastern European neighbors, @Mandiant says. subscriber.politicopro.com/article/2021/1…

Attacks targeted Ukraine, Lithuania, Latvia, Poland, and Germany, as well as Belarusian journalists and dissidents.
In research presented at @CYBERWARCON, Mandiant said it's attributing these attacks to Belarus based on technical evidence and the fact that the targets are "most consistent with Belarusian interests."

Some Belarusians targeted before disputed 2020 election were later arrested.
Mandiant said it had “sensitively sourced technical evidence” that the operation was based in Minsk, as well as “separate technical evidence” specifically linking the Belarusian military to the campaign.
Read 7 tweets
16 Nov
New: FBI Cyber Division chief Bryan Vorndran told House Oversight in written statement for the record that Biden admin is “troubled” that cyber incident reporting mandate doesn’t set up simultaneous reporting to CISA *and* FBI.

Story with @woodruffbets: politico.com/news/2021/11/1…
Going beyond what he said at the still-ongoing hearing, Vorndran's statement says the current legislation “fails to recognize the critical expertise and role” of DOJ/FBI.

Both CISA and the FBI “should immediately receive all information mandated to be reported,” Vorndran wrote.
Needless to say, this could throw a wrench into the plan to pass the painstakingly crafted incident reporting mandate that is in the House NDAA and is expected to be folded into the Senate NDAA soon.

I've asked the legislation's sponsors if they'll rework the provisions.
Read 8 tweets
16 Nov
The House Oversight Committee is about to convene a hearing on ransomware attacks with @ncdinglis, CISA's Brandon Wales, and FBI's Bryan Vorndran: oversight.house.gov/legislation/he…

Ahead of the hearing, House Oversight has released a staff memo on recent attacks: oversight.house.gov/sites/democrat…
House Oversight hearing on ransomware attacks is starting now:

I'll tweet highlights.
“We are at a tipping point," House Oversight chair Carolyn Maloney says. "Cyberattacks have become more common and potentially more damaging."
Read 22 tweets
16 Nov
📅🎂🎉 It's @CISAgov's third birthday. "Cyber is, to a large extent, where it's at nowadays," then-President Donald Trump said as he signed the CISA establishment bill into law. subscriber.politicopro.com/article/2018/1…
@CISAgov Two years and one day after creating CISA (i.e. one year ago tomorrow), Trump fired CISA's director, @C_C_Krebs, for debunking his election fraud lies, throwing CISA into the partisan Trump-era turmoil that it had successfully avoided since its creation. politico.com/news/2020/11/1…
A year after Krebs' firing, CISA is on firmer footing and playing a key role in the implementation of Biden's sweeping cyber EO.

Just this morning, CISA released EO-mandated "playbooks" to guide agencies' responses to vulnerabilities and cyberattacks. cisa.gov/news/2021/11/1…
Read 4 tweets
2 Sep
Scoop: Senate HSGAC is working on a bill that combines the House's industry-friendly cyber incident reporting legislation w/ a bunch of programs to tackle ransomware.

Raises Qs about what happens to Warner/Rubio/Collins bill, which industry doesn't like.

subscriber.politicopro.com/article/2021/0…
The big stuff in the HSGAC bill:

* The House Homeland incident reporting legislation, with some tweaks and additions
* "Due diligence requirement" for companies facing ransom demands
* Ransomware task force
* "Ransomware vulnerability warning pilot program"
Due diligence req:

Before paying a ransom, a company would have to determine whether it could recover from the attack “through other means,” including by seeing if experts have published a decryption tool that works for them.

It would have to report to CISA on this process.
Read 17 tweets
2 Sep
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, is about to speak at the White House press briefing.
Neuberger: "We want to take a moment to encourage organizations to be on guard for malicious cyber activity in advance of the holiday weekend. To be clear, we have no specific threat information or information regarding attacks this weekend, but what we do have is history."
Neuberger notes that history shows that hackers often target companies over holiday weekends, when security operations centers may be understaffed or otherwise unprepared.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Thank you for your support!

Follow Us on Twitter!

:(