• chevron_right

      The life and times of Cozy Bear, the Russian hackers who just hit Microsoft and HPE

      news.movim.eu / ArsTechnica · Friday, 26 January - 13:15 · 1 minute

    The life and times of Cozy Bear, the Russian hackers who just hit Microsoft and HPE

    Enlarge (credit: Getty Images)

    Hewlett Packard Enterprise (HPE) said Wednesday that Kremlin-backed actors hacked into the email accounts of its security personnel and other employees last May—and maintained surreptitious access until December. The disclosure was the second revelation of a major corporate network breach by the hacking group in five days.

    The hacking group that hit HPE is the same one that Microsoft said Friday broke into its corporate network in November and monitored email accounts of senior executives and security team members until being driven out earlier this month. Microsoft tracks the group as Midnight Blizzard. (Under the company’s recently retired threat actor naming convention, which was based on chemical elements, the group was known as Nobelium.) But it is perhaps better known by the name Cozy Bear—though researchers have also dubbed it APT29, the Dukes, Cloaked Ursa, and Dark Halo.

    “On December 12, 2023, Hewlett Packard Enterprise was notified that a suspected nation-state actor, believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear, had gained unauthorized access to HPE’s cloud-based email environment,” company lawyers wrote in a filing with the Securities and Exchange Commission. “The Company, with assistance from external cybersecurity experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity. Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”

    Read 15 remaining paragraphs | Comments

    • chevron_right

      Hacker gains admin control of Sourcegraph and gives free access to the masses

      news.movim.eu / ArsTechnica · Friday, 1 September, 2023 - 18:17

    A Cracked Lock in a Group of Secure Ones, Data Security

    Enlarge (credit: Getty Images)

    An unknown hacker gained administrative control of Sourcegraph, an AI-driven service used by developers at Uber, Reddit, Dropbox, and other companies, and used it to provide free access to resources that normally would have required payment.

    In the process, the hacker(s) may have accessed personal information belonging to Sourcegraph users, Diego Comas, Sourcegraph’s head of security, said in a post on Wednesday . For paid users, the information exposed included license keys and the names and email addresses of license key holders. For non-paying users, it was limited to email addresses associated with their accounts. Private code, emails, passwords, usernames, or other personal information were inaccessible.

    Free-for-all

    The hacker gained administrative access by obtaining an authentication key a Sourcegraph developer accidentally included in a code published to a public Sourcegraph instance hosted on Sourcegraph.com. After creating a normal user Sourcegraph account, the hacker used the token to elevate the account privileges to those of an administrator. The access token appeared in a pull request posted on July 14, the user account was created on August 28, and the elevation to admin occurred on August 30.

    Read 6 remaining paragraphs | Comments

    • chevron_right

      LastPass users: Your info and password vault data are now in hackers’ hands

      news.movim.eu / ArsTechnica · Thursday, 22 December, 2022 - 22:43

    Calendar with words Time to change password. Password management.

    Enlarge (credit: Getty Images)

    LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.

    The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August . At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager's development environment and "took portions of source code and some proprietary LastPass technical information." The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren't affected.

    Sensitive data, both encrypted and not, copied

    In Thursday’s update, the company said hackers accessed personal information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses customers used to access LastPass services. The hackers also copied a backup of customer vault data that included unencrypted data such as website URLs and encrypted data fields such as website usernames and passwords, secure notes, and form-filled data.

    Read 10 remaining paragraphs | Comments

    • chevron_right

      Server hack yields harrowing images of life inside Chinese detention camps

      news.movim.eu / ArsTechnica · Tuesday, 24 May, 2022 - 23:31 · 1 minute

    Server hack yields harrowing images of life inside Chinese detention camps

    Enlarge

    A hack on police servers in China’s Xinjiang region has yielded thousands of graphic images and videos of Uighur detainees suffering in detention camps in one of the starkest accounts yet of the ongoing humanitarian crisis caused by the country’s persecution of ethnic minorities.

    The images are accompanied by training manuals, detailed police work rosters, and instructions for guarding the camps. Using a euphemism to describe inmates, one document states: “If students do not respond to warning shots and continue to try to escape, the armed police shoot to kill,” the BBC reported . Images show one prisoner in an iron torture device known as a tiger chair, which immobilizes the arms. Der Spiegel, one of the other outlets that published the tranch of hacked photos and documents, said it confirmed their authenticity in part by analyzing GPS data included in some of the images.

    “The material is unprecedented on several levels,” Dr. Adrian Zenz, director and senior fellow in China Studies at the Victims of Communism Memorial Foundation, who obtained the files and shared them with news outlets, wrote on Twitter. His thread provided a broad overview of the leaked materials that included “high-level speeches, implicating top leadership and containing blunt language,” “camp security instructions, far more detailed than China Cables [that] describe heavily armed strike units with battlefield assault rifles,” and other evidence of Uighur oppression at the hands of the Chinese government.

    Read 3 remaining paragraphs | Comments