• Sc chevron_right

    ZuoRAT Malware Is Targeting Routers / Schneier · 6 days ago - 20:04

Wired is reporting on a new remote-access Trojan that is able to infect at least eighty different targets:

So far, researchers from Lumen Technologies’ Black Lotus Labs say they’ve identified at least 80 targets infected by the stealthy malware, including routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate.

The discovery of custom-built malware written for the MIPS architecture and compiled for small-office and home-office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive and remain undetected is the hallmark of a highly sophisticated threat actor.

More details in the article.

  • chevron_right

    China lured graduate jobseekers into digital espionage / ArsTechnica · 6 days ago - 13:49

China lured graduate jobseekers into digital espionage

Enlarge (credit: FT montage | Getty Images | Dreamstime )

Chinese university students have been lured to work at a secretive technology company that masked the true nature of their jobs: researching Western targets for spying and translating hacked documents as part of Beijing’s industrial-scale intelligence regime.

The Financial Times has identified and contacted 140 potential translators, mostly recent graduates who have studied English at public universities in Hainan, Sichuan and Xi’an. They had responded to job advertisements at Hainan Xiandun, a company that was located in the tropical southern island of Hainan.

The application process included translation tests on sensitive documents obtained from US government agencies and instructions to research individuals at Johns Hopkins University, a key intelligence target.

Read 31 remaining paragraphs | Comments

The Surreal Case of a C.I.A. Hacker’s Revenge

Did he betray his #country because he was pissed off at his colleagues ?

  • chevron_right

    Gone in 130 seconds: New Tesla hack gives thieves their own personal key / ArsTechnica · Wednesday, 8 June - 20:21 · 1 minute

Gone in 130 seconds: New Tesla hack gives thieves their own personal key

Enlarge (credit: Getty Images)

Sometime last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC Key Cards. Now, a researcher has shown how the feature can be exploited to steal cars.

For years, drivers who used their Tesla NFC Key Card to unlock their cars had to place the card on the center console to begin driving. Following the update, which was reported here last August, drivers could operate their cars immediately after unlocking them with the card. The NFC card is one of three means for unlocking a Tesla; a key fob and a phone app are the other two.

An image from Herfurt's recent presentation at the REcon conference in Montreal.

An image from Herfurt's recent presentation at the REcon conference in Montreal. (credit:

Enrolling your own key

Martin Herfurt, a security researcher in Austria, quickly noticed something odd about the new feature: Not only did it allow the car to automatically start within 130 seconds of being unlocked with the NFC card, but it also put the car in a state to accept entirely new keys—with no authentication required and zero indication given by the in-car display.

Read 14 remaining paragraphs | Comments

  • chevron_right

    Server hack yields harrowing images of life inside Chinese detention camps / ArsTechnica · Tuesday, 24 May - 23:31 · 1 minute

Server hack yields harrowing images of life inside Chinese detention camps


A hack on police servers in China’s Xinjiang region has yielded thousands of graphic images and videos of Uighur detainees suffering in detention camps in one of the starkest accounts yet of the ongoing humanitarian crisis caused by the country’s persecution of ethnic minorities.

The images are accompanied by training manuals, detailed police work rosters, and instructions for guarding the camps. Using a euphemism to describe inmates, one document states: “If students do not respond to warning shots and continue to try to escape, the armed police shoot to kill,” the BBC reported . Images show one prisoner in an iron torture device known as a tiger chair, which immobilizes the arms. Der Spiegel, one of the other outlets that published the tranch of hacked photos and documents, said it confirmed their authenticity in part by analyzing GPS data included in some of the images.

“The material is unprecedented on several levels,” Dr. Adrian Zenz, director and senior fellow in China Studies at the Victims of Communism Memorial Foundation, who obtained the files and shared them with news outlets, wrote on Twitter. His thread provided a broad overview of the leaked materials that included “high-level speeches, implicating top leadership and containing blunt language,” “camp security instructions, far more detailed than China Cables [that] describe heavily armed strike units with battlefield assault rifles,” and other evidence of Uighur oppression at the hands of the Chinese government.

Read 3 remaining paragraphs | Comments

  • chevron_right

    Russia hammered by pro-Ukrainian hackers following invasion / ArsTechnica · Friday, 6 May - 14:30

Russia hammered by pro-Ukrainian hackers following invasion

Enlarge (credit: Getty Images)

For years, Dmitriy Sergeyevich Badin sat atop the FBI’s most wanted list. The Russian government-backed hacker has been suspected of cyber attacks on Germany’s Bundestag and the 2016 Olympics, held in Rio de Janeiro.

A few weeks into Russia’s invasion of Ukraine, his own personal information—including his email and Facebook accounts and passwords, mobile phone number and even passport details—was leaked online.

Another target since the war broke out two months ago has been the All-Russia State Television and Radio Broadcasting Company, known as a voice of the Kremlin and home to Vladimir Solovyov, whose daily TV show amplifies some of the most extreme Russian government propaganda.

Read 21 remaining paragraphs | Comments

  • chevron_right

    Hackers are exploiting 0-days more than ever / ArsTechnica · Saturday, 23 April - 11:57 · 1 minute

VPNfilter had a total of nine modular tools discovered thus far by researchers,  potentially turning thousands of routers into a versatile attack platform.

Enlarge / VPNfilter had a total of nine modular tools discovered thus far by researchers, potentially turning thousands of routers into a versatile attack platform.

Previously unknown “ zero-day ” software vulnerabilities are mysterious and intriguing as a concept. But they're even more noteworthy when hackers are spotted actively exploiting the novel software flaws in the wild before anyone else knows about them. As researchers have expanded their focus to detect and study more of this exploitation, they're seeing it more often. Two reports this week from the threat intelligence firm Mandiant and Google's bug hunting team, Project Zero , aim to give insight into the question of exactly how much zero-day exploitation has grown in recent years.

Mandiant and Project Zero each have a different scope for the types of zero-days they track. Project Zero, for example, doesn't currently focus on analyzing flaws in Internet-of-things devices that are exploited in the wild. As a result, the absolute numbers in the two reports aren't directly comparable, but both teams tracked a record high number of exploited zero-days in 2021. Mandiant tracked 80 last year compared to 30 in 2020, and Project Zero tracked 58 in 2021 compared to 25 the year before. The key question for both teams, though, is how to contextualize their findings, given that no one can see the full scale of this clandestine activity.

Read 10 remaining paragraphs | Comments

  • chevron_right

    US uncovers “Swiss Army knife” for hacking industrial control systems / ArsTechnica · Thursday, 14 April - 20:52

US uncovers “Swiss Army knife” for hacking industrial control systems

Enlarge (credit: cravetiger | Getty Images)

Malware designed to target industrial control systems like power grids, factories, water utilities, and oil refineries represents a rare species of digital badness. So when the United States government warns of a piece of code built to target not just one of those industries, but potentially all of them, critical infrastructure owners worldwide should take notice.

On Wednesday, the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI jointly released an advisory about a new hacker toolset potentially capable of meddling with a wide range of industrial control system equipment. More than any previous industrial control system hacking toolkit, the malware contains an array of components designed to disrupt or take control of the functioning of devices, including programmable logic controllers (PLCs) that are sold by Schneider Electric and OMRON and are designed to serve as the interface between traditional computers and the actuators and sensors in industrial environments. Another component of the malware is designed to target Open Platform Communications Unified Architecture (OPC UA) servers—the computers that communicate with those controllers.

Read 11 remaining paragraphs | Comments