Cyberwar’s global players—it’s not always Russia or China | #cybersecurity | #cyberattack | #education | #technology | #infosec

Over the past year, a string of high-profile cyberattacks coming from Russia and China has galvanized the United States and its western allies into taking swift action to counter the escalating incidents. Consequently, the SolarWinds spyware infiltration, the Microsoft Exchange hack, and ransomware attacks launched by criminal gangs harbored by the Kremlin dominate headlines and drive nation-state cybersecurity responses.

However, it’s not always Russia or China who are dangerous adversaries in the digital realm. Smaller threat groups from India, Iran, Belarus, Latin America, and Israel can hold their own when it comes to disruptive hacking or espionage operations. In addition, alleged “hacktivist” groups and threat actors of indeterminate origin engage in malign activities for often mysterious purposes.

Indian hackers pose as legitimate firms

Reuters journalists Chris Bing and Raphael Satter recapped at the recent Cyberwarcon event their ongoing investigation of a loose collective of Indian hackers that blur the lines between reputation management firms and outright hacking-for-hire services. Working for outfits such as Appin Security Labs and BellTrox, these hackers target lawyers, activists, executives, investors, pharmaceutical companies, energy firms, asset management companies, offshore banking entities, and high net worth individuals.

One target of Delhi-based BellTrox was Iranian-American aviation tycoon Farhad Azima, whose emails were stolen by the company and used against him during litigation. “When you guys discover a hack and leak operation down the line, I don’t just want you to think it’s Russia or it’s North Korea or even India,” Bing said. “We want you to think maybe it’s that billionaire who’s been in the news, maybe it’s that K Street lobbying firm, maybe it’s even that disgruntled former spouse.”

Belarus and not Russia is behind the Ghostwriter campaign

The biggest news to come out of Cyberwarcon was the revelation that Mandiant’s Threat Intelligence Group linked state-sponsored espionage group UNC1151, previously tied by researchers to Russia, to the Belarusian government. Mandiant also concluded that UNC1151 provides technical support to an information operations campaign known as Ghostwriter, which has fostered narratives consistent with Belarusian government interests, including anti-NATO messaging.

Mandiant’s Ben Read, senior manager for cyber espionage analysis, and Gabby Roncone, technical threat intelligence analyst, said they couldn’t rule out Russia’s involvement entirely. “Ghostwriter is tied to Belarus with moderate confidence,” Read said. “I’ve seen the ties to 1151. The technical support that you’re getting from this group we have tied with high confidence.”

Copyright © 2021 IDG Communications, Inc.

Source link