A China-based cyber gang has compromised Attack.Databreach UK firms as part of a `` systematic '' global hacking operation , a new report has revealed . The attacks Attack.Databreach were found to have breached Attack.Databreach a wide variety of secret data ranging from personal data to intellectual property , in what the report described as `` one of the largest ever sustained global cyber espionage campaigns '' . The group behind the attacks , named APT10 , was found to have used custom malware and `` spear phishing Attack.Phishing `` techniques to target managed outsourced IT service companies as stepping stones into the systems of an `` unprecedented web '' of victims according to the report 's authors . The report 's authors included the National Cyber Security Centre ( NCSC ) and cyber units at defence group BAE systems and accountancy firm PwC . The gang were found to have used the companies as a way into their customers ' systems from 2016 onwards , although there is evidence to suggest they had first employed the tactics from as early 2014 . PwC cyber security Partner Richard Horne told the Press Association the extent of the malicious campaign was still unclear . He said : `` The reason we 've gone public with this is because we can see so much and we have seen so much in several managed IT service providers ( MSPs ) and other companies compromised through it , but we do n't know how far this has gone . `` Us , together with the NCSC and BAE Systems are very keen to get this information out there so we can promote a mass response to this . '' The report behind the unmasking operation , codenamed Cloud Hopper , highlights targeted attacks against Japanese commercial firms and public bodies , but indicates further widespread operations against companies in 14 other countries including the UK , France and the United States . The report 's authors state APT10 is `` highly likely '' to be based in China , demonstrating a pattern of work in line with China Standard Time ( UTC+8 ) and the targeting of specific commercial enterprises `` closely aligned with strategic Chinese interests '' . Mr Horne said the data collected Attack.Databreach in individual attacks spanned a plethora of sensitive categorisations . He said : `` We 've seen a number of different companies targeted for different reasons , but essentially it 's all around sensitive information they hold , whether that 's intellectual property , or personal information on people or a whole realm of other areas . `` It 's a very large-scale espionage operation . '' Spear phishing emails with bespoke malware were first sent Attack.Phishing to staff in targeted companies , and once the attackers had successfully infiltrated their systems they were free to seek out Attack.Databreach a raft of sensitive data within . Dr Adrian Nish , head of threat intelligence at BAE , told the BBC such MSPs were crucial to the nature of the campaign 's success . He said : `` Organisations large and small rely on these providers for management of core systems and as such they can have deep access Attack.Databreach to sensitive data '' . `` It is impossible to say how many organisations might be impacted altogether at this point . '' The organisations behind operation Cloud Hopper are expected to release a further report this week into the detailed methods that ATP10 has used in its campaign in a bid to encourage firms to take a proactive approach into checking if their systems have been targeted .

The same group of hackers that intelligence officials believe swung the US election in favour of Donald Trump has also attacked Norwegian targets within the military and foreign service . Called “ Fancy Bear , ” computer security experts believe Russia is behind the hacking that ’ s aimed at political manipulation and destablization of western democracies . Norway ’ s foreign ministry has been among the targets of hackers , also abroad . DN reported that the list of targets is long , including embassies and ministries in more than 40 countries , several NATO and EU institutions , political and military leaders , well-known journalists , activists and academics . Most haven ’ t been aware they were attacked Attack.Phishing when they clicked on links in email that seemed to come from Attack.Phishing people they knew . The attacks Attack.Databreach enabled the hackers to steal Attack.Databreach confidential information by penetrating email accounts and internal systems . The attacks in Norway only make up 2 percent of attacks on military and political institutions , DN reported , but local authorities are on high alert for more . The US ’ FBI , CIA and NSA have all described the attacks as the largest Russian attempt to gain influence in the US ever . Russian authorities from President Vladimir Putin ’ s office on down have vigorously denied they ’ re behind the hacking . In addition to the attacks on foreign ministry and military interests , email accounts at Norway ’ s Greens Party ( Miljøpartiet De Grønne , MDG ) were hacked last June and the attacker gained access to the party ’ s membership register . A few weeks later , Norway ’ s Socialist Left party ( SV ) was also attacked , with the hackers gaining access to SV ’ s membership register as well . A false profile was established ono the party ’ s internal debate forum . Both attacks remain under investigation , according to the Oslo Police District . “ It can seem that security is not good enough , ” Grandhagen told DN , but it ’ s demanding and expensive for such organizations to fend off the hackers . Norwegian political parties aren ’ t required by law to test their data systems for possible penetration . “ Information that should not or must never come out should never be sent via Hotmail or email that ’ s not classified , ” Bernsen said .

Organizations use them regardless of their size ; from MetLife , LinkedIn , City of Chicago , Expedia , BuzzFeed to KMPG and The Guardian there are several other high-profile platforms that are currently taking advantage of MongoDB . At the same time , having a high-profile customer doesn ’ t mean that platform is completely secure . That ’ s why in 2016 , in two different incidents Attack.Databreach , hackers leaked Attack.Databreach more than 36 million and 58 million accounts respectively from unsecured MongoDB . More : LG Smart TV Screen Bricked After Android Ransomware Infection Now , unsecured MongoDB databases are being hijacked by a hacker , who is not only wiping out these databases but also storing copies of them and asking for a ransom Attack.Ransom of 0.2 bitcoins ( roughly US $ 211 ) from admins in exchange of the lost data . Those admins who haven ’ t created backups of these databases are seriously helpless because the rate of Bitcoin is also increasing and the latest rate is 1 Bitcoin = USD1063.93 . The hacking campaign was discovered by security researcher Victor Gevers , co-founder of GDI Foundation , a non-profit organization . Gevers notified owners about the presence of vulnerable , non-password-protected MongoDB databases and also informed that around 200 of these installations have been wiped out by the hacker . Gevers believes that the hacker ( s ) might be utilizing an automation tool but they manually select their target databases . Hacker seems to be interested in databases that contain important information/data or he chooses companies that are most likely in a position to pay the ransom Attack.Ransom to get their data back . In a conversation with SecurityWeek , Gevers said that “ They use some sort of automation tool , but they also do some of the work manually . If they used a fully automated tool , we might have seen all exposed MongoDB databases being hijacked in one swift move ” . But that was old news ; as per recent tweet by Shodan founder John Matherly , approx . It must be noted that Shodan is the platform where a majority of MongoDB instances can be located . As of now , 16 admins/organizations have already paid the ransom Attack.Ransom to obtain the lost data . The attacks Attack.Ransom on MongoDB databases have been going on for more than a week and servers from across the globe have been targeted . Researchers believe that the attacker , who uses the alias “ harak1r1 ” does not encrypt the stolen data but runs a script , which replaces the database content with the ransom note .

Last week we first tweeted that the GuardiCore Global Sensor Network ( GGSN ) has detected a wide ransomware attack Attack.Ransom targeting MySQL databases . The attacks Attack.Ransom look like an evolution of the MongoDB ransomware attacks Attack.Ransom first reported earlier this year by Victor Gevers . Similarly to the MongoDB attacks Attack.Ransom , owners are instructed to pay Attack.Ransom a 0.2 Bitcoin ransom Attack.Ransom ( approx. $ 200 ) to regain access to their content . We saw two very similar variations of the attack Attack.Ransom using two bitcoin wallets . In this post we will describe in detail the attack flow and provide some recommendations on how to protect your databases from similar attacks along with attack IoCs . The attacks started at midnight at 00:15 on February 12 and lasted about 30 hours in which hundreds of attacks were reported by GGSN . We were able to trace all the attacks to 109.236.88.20 , an IP address hosted by worldstream.nl , a Netherlands-based web hosting company . The attacker is ( probably ) running from a compromised mail server which also serves as HTTP ( s ) and FTP server . Worldstream was notified a few days after we reported the attack . The attack starts with ‘ root ’ password brute-forcing . Once logged-in , it fetches a list of the existing MySQL databases and their tables and creates a new table called ‘ WARNING ’ that includes a contact email address , a bitcoin address and a payment demand Attack.Ransom . In one variant of the attack the table is added to an existing database ; in other cases the table is added to a newly created database called ‘ PLEASE_READ ’ . The attacker will then delete the databases stored on the server and disconnect , sometimes without even dumping them first . The attack as reported by GuardiCore Centra We logged two versions of the ransom message : INSERT INTO PLEASE_READ. ` WARNING ` ( id , warning , Bitcoin_Address , Email ) VALUES ( ‘ 1′ , ’ Send 0.2 BTC to this address and contact this email with your ip or db_name of your server to recover your database ! Your DB is Backed up to our servers ! ’ , ‘ 1ET9NHZEXXQ34qSP46vKg8mrWgT89cfZoY ’ , ‘ backupservice @ mail2tor.com ’ ) INSERT INTO ` WARNING ` ( id , warning ) VALUES ( 1 , ‘ SEND 0.2 BTC TO THIS ADDRESS 1Kg9nGFdAoZWmrn1qPMZstam3CXLgcxPA9 AND GO TO THIS SITE http : //sognd75g4isasu2v.onion/ TO RECOVER YOUR DATABASE ! The second version offers the owner to visit the following darknet web site ‘ http : //sognd75g4isasu2v.onion/ ’ to recover the lost data . The darknet web site referenced in the ransom note . Each version uses a different bitcoin wallet , 1Kg9nGFdAoZWmrn1qPMZstam3CXLgcxPA9 vs 1ET9NHZEXXQ34qSP46vKg8mrWgT89cfZoY and based on Blockchain public information people have been paying up .

Robotics & Automation News Market trends and business perspectives January 5 , 2017 by Mark Allinson A globally co-ordinated cyber attack has hit 500 industrial companies in 50 countries in the past few months , according to security company Kaspersky . The worst affected were companies in the smelting , electric power generation and transmission , construction , and engineering industries . The attacks Attack.Phishing take the form of emails purportedly from Attack.Phishing famous companies – such as DHL and Saudi Aramco – and most were sent Attack.Phishing from “ legitimate email addresses belonging to valid organizations ” , says Kaspersky . However , Kaspersky says its analysis of the emails compared to known malware shows that “ no new code was written specifically for this attack ” . Kaspersky says the hackers could have accessed Attack.Databreach and read previous communications between the target and their partners . They may then have used this information to craft Attack.Phishing email communications which appear to be legitimate , so that the victim didn ’ t recognize the malicious aspect of the email . If the email is opened , it can steal Attack.Databreach the user ’ s authentication credentials , which are send to a remote server .