A WEST WING UPDATE: The White House official playing a major role in the Trump administration's push to modernize the federal government's information technology has emerged as a possible candidate to serve as President Trump's new economic adviser. Trump is said to be considering Chris Liddell, a former top executive at Microsoft and General Motors, to replace outgoing economic adviser Gary Cohn, The New York Times reported on Saturday. Liddell currently serves as the White House's director of strategic initiatives and heads up the American Technology Council within the Office of American Innovation, working closely with Trump's son-in-law and senior adviser Jared Kushner. Liddell has been a key player in the White House's effort to replace outdated federal IT with new, more secure technology. Liddell was viewed as a front-runner for Trump's new economic adviser as of the weekend, though CNBC reported Monday that Larry Kudlow was the leading candidate for the position. Trump has not yet made a final decision on the job. A REPORT IN FOCUS: RUSSIAN HACKERS FIND NEW TARGETS: Kaspersky Lab researchers say that a hacking group widely believed to be linked to the Russian government has been executing cyberattacks against a new set of targets in the Far East, including military, defense and diplomatic organizations, according to a new report. The Moscow-based security firm said Friday that Sofacy, commonly known as "Fancy Bear" and "APT28," is behind new attacks that reach outside of its usual European and NATO-tied targets. Kaspersky Lab, which itself has come under scrutiny in Washington for alleged ties to the Russian government, says the group is now branching out to attack groups in the Middle East and Central Asia -- largely government, technology, science and military-related organizations in or from Central Asia. "Their activity in the East has been largely under-reported, but they are clearly not the only threat actor interested in this region, or even in the same targets," Kurt Baumgartner, the principal security researcher at Kaspersky Lab, said in a statement. Kaspersky Lab said it found certain scenarios where the cyber espionage group's efforts clashed with other cyber predators, which at times led to "a target overlap between very different threat actors." For example, the researchers found that Sofacy's malware vied for access to certain victims with other cyber espionage groups like the Russian-speaking Turla and the Chinese-speaking Danti. "As the threat landscape grows ever more crowded and complex, we may encounter more examples of target overlap -- and it could explain why many threat actors check victim systems for the presence of other intruders before fully launching their attacks, " Baumgartner said. Baumgartner also pointed out that their research suggests Sofacy is overall a calculating and "agile" group, which pushes back on descriptions that portrayed it as carrying out attacks in a "wild and reckless" manner. To read more from our piece, click here. A LIGHTER CLICK: The premiere of Steven Spielberg's new sci-fi flick gets off to a rocky start at SXSW in Austin. (Hollywood Reporter) WHAT'S IN THE SPOTLIGHT: CYBER THREATS FROM IRAN: Experts are sounding the alarm about new cyber activity from Iran, as hackers become more emboldened and skilled at carrying out surveillance operations and other attacks outside the country's borders. In recent years, Iran-linked hacker groups have showed signs of growing sophistication, expanding their cyber tool kits and stepping up operations against new international targets, including in the Middle East and the United States. Iran's growing ambitions, coupled with the geopolitical climate, have given some warning of the future threat. "They're good enough that they're able to break into a lot of organizations," said Charles Carmakal, vice president at Mandiant, a FireEye subsidiary that provides cyber incident response to government and private organizations across the globe. "There's definitely a lot of fear by the intelligence agencies and lots of security companies about what Iran is going to do." Cybersecurity professionals have detected Iranian hackers breaking into networks of defense contractors, aviation firms, oil and gas companies, technology companies and telecommunications providers. In February, cybersecurity firm Symantec revealed that the Iran-based hacking group dubbed "Chafer" had expanded spy operations to new targets across numerous sectors in Israel, Jordan, the United Arab Emirates, Saudi Arabia and Turkey, and successfully compromised a major telecommunications provider in the Middle East. The group also began using several new hacking tools over the past year, including leveraging the "EternalBlue" exploit reportedly stolen from the National Security Agency by another hacker group. While Symantec has no definitive evidence linking Chafer to the Iranian government, Vikram Thakur, the firm's security response technical director, said the group's targets -- which include companies in the aviation sector -- suggest a government motivation because the information would be more valuable in the public versus private sector. "What we've noticed of the overall picture that the quantity of attacks that are originating from that geography are much, much higher than seven or eight years ago," Thakur said. "In the coming years, we'd expect Chafer as well as other cyber actors originating from Iran to continue increasing their volumes of attack as well as their list of victims." In many cases, Iran-linked cyber activity is limited to intelligence operations. But some groups have also shown signs of destructive capabilities. Last September, FireEye identified a new Iranian hacking group that's been dubbed "Advanced Persistent Threat 33," or APT 33, that had been quietly conducting spying operations since at least 2013 against organizations in the U.S., Saudi Arabia and South Korea. The group has a particular eye toward the military, commercial aviation and energy sectors. FireEye found evidence that APT 33 is capable of carrying out destructive attacks, linking it to a destructive "wiper" malware that can delete files. Iran has a long history of malicious activity in cyberspace. U.S. officials suspected Iran in the 2012 cyber assault against Saudi Arabian oil giant Saudi Aramco, in which hackers used destructive malware called "Shamoon" to wipe computer networks of data and replace the files with an image of a burning U.S. flag. A new variant of the malware resurfaced in late 2016, infiltrating other Saudi Arabian computer systems. FireEye traced the 2016 activity back to Iran, but did not attribute it to a specific threat group. The Justice Department earlier that year indicted seven Iranians believed to have been working at the behest of Tehran's government for conducting distributed denial of service attacks on U.S. financial institutions between 2011 and 2013, as tensions ran high over sanctions on Iran's nuclear program. Much of the attention in Washington has lately focused on the cyber threat from Russia, following Moscow's interference in the 2016 presidential election. Iran is still widely viewed by officials and cybersecurity professionals as inferior to China and Russia in terms of its capabilities. Still, experts say Iran's hackers have notably grown more professional in a matter of years. To read more from our piece, click here. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Putin: Jews, Ukrainians 'with Russian citizenship' could be behind US election meddling. (The Hill) OP-ED: Former CIA chief Michael Hayden: To defend against hostile nations, America needs fierce cyberpower. (The Hill) UK prime minister: Russia was likely behind poisoning of ex-spy. (The Hill) OP-ED: Weakening encryption is no solution to election hacking. (The Hill) Peter Thiel's Palantir wins a major U.S. Army software contract. (Bloomberg) Feds arrest company CEO for selling custom encrypted phones to drug cartel. (Motherboard) NRA sites targeted in distributed denial-of-service attacks. (Inverse) Department of Homeland Security releases new cybersecurity research guides. (DHS) White House official says administration is looking to take action on new cyber recommendations. (FCW) At SXSW, Sen. Mark Warner (D-Va.) says U.S. 'woefully unprepared' for cyber threats. (CNN) If you'd like to receive our newsletter in your inbox, please sign up here. |
沒有留言:
張貼留言