PLA Unit 61398 – Who are they?

PLA Unit 61389 are the chinese cyber-warfare unit, although there is very little published about their clandestine operations. In a county as secretive as China, it is to be expected that they would keep this group relativity secretive.

In 2013 an american security firm Mandiant released a report highlighting PLA Unit 61398, and suspects them for launching attacks on the US. Their targets are not only governmental and federal organisations, but also private sector businesses.

The types of attacks carried out by this group range from advanced persistent threats to the deployment of malware. It is hard to find an accurate figure on the numbers of attacks carried out by this group, as they wish to remain secretive. It is understandable that China’s offensive cyber unit does not want to take credit for every attack they have carried out.

That being said they have been accused of a number of attacks over the years. There is speculation around the groups involvement in Operation Shady Rat, this attack is said to have affected more than 70 organisations including the United Nations and US Government.
There are also other reports that suggest that the number of organisations that had been attacked by this group is in the thousands. Through further investigation it appeared as if most of these attack are carried out during working hours in Beijing’s time zone, although this is not concrete evidence it allows for further speculation of the attackers location. And due to the sum what regimented hours these attackers are carried out in, lead me to believe that although it could be a well structure group of hackers it is much more likely that this organisation if official or governmental.

Will anymore of the activities carried out by this group hit the head lines or will it all mealy remain speculation and accusations?

 

 

Bureau 121 – Who are they?

The Bureau 121 took the lime light recently after accusations that they where behind the WannaCry attacks that affected multiple countries. Although it was never confirmed by the North Korean government, a number of reports have pointed towards North Korea.

They are said to have around 1,800 members that are hand-picked from university and then trained for an additional 5 years before being given their assignment. These assignments could be across the globe, as an incentive they are promised that their family’s will receive greater privileges.

They have been accused of a number of significant and high-profile cyber attacks, these include the WannaCry virus and the attack on Sony.

Just after the WannaCry virus took the world by storm I speculated that there could have been North Korean involvement. This was later confirmed by both the UK and US government. Although the North Korean government have never officially taken credit for the attack.
The hacks that affected Sony Pictures before the release of the movie The Interview were also alleged to have been carried out by North Korea. This was later backed up by security researchers who reported that some of the code used in the hack was written in Korean. Although it was again never officially confirmed it is quite easy to see the connection.

They are also said to conduct regular cyber-attacks aimed at South Korea, this has affected a number of different sectors including banking and broadcasting companies. During 2013 it was alleged that an infected smart phone application was the result of Bureau 121.

While Bureau 121 are not a hacktivist or cyber crime group, they have been causing havoc across the globe and raging cyber-warfare. I find it almost baffling that in a country with such poor human rights and such a poor quality of life that there is a division of the Korean Government who have the ability and skill set to disrupt and damage computer systems across the globe.

Source: CNN, Business Insider, The Market Mogul, BBCNews Week

Who are the Fancy Bears?

In recent years there have been a number of different Hacktivism groups that have been floating around the news and the depth of the internet.

And while everyone has their own opinion of the actions carried about by these groups, some of them appear to have more depth to them than others.

The Fancy Bear group are some what of an enigma in regard to Hacktivism. Although their manifesto appears to offer a very clear and somewhat understandable objective.

“Greetings citizens of the world. Allow us to introduce ourselves… We are Fancy Bears’ international hack team. We stand for fair play and clean sport. ”
Source: www.fancybear.net

From the initial outset the Fancy Bear group appears to be only after one thing, and that is making sport clean and fair. And in recent years a huge amount of doping in sports has been in the tabloids. Making their objectives relatable and arguably, in the public interest.

But why would a group that appears to want to make sport clean and fair, have alleged ties to the Russian Government. And why have they been accused of a number of hacks that do not appear to related to sports in the slightest.

The list below is attacks carried out by the Fancy Bear group that appear to have much greater political motivation than a group who just want to clean up sports.

  • German Attack (2014)
    • The Fancy Bear group are alleged to have carried out a 6 month cyber-attack on the German parlement that began in December 2015.
    • There is also further speculation that the Fancy Bears are also responsible for a spear phishing campaign that targeted members of the German Parlement.
    • There was a perceived threat to the coming 2017 German election as the information acquired during the attacks might have led to manipulation of the general publics options before the vote.
  • French Television Hack (April 2015)
    • In  april 2015 there was a large-scale cyber-attack aimed at a French TV network TV5Monde. While initially the attack appeared to have been carried out by a group connected to the Islamic State.
      But these claims where soon dismissed by the French cyber-agency. They believed the attack had been carried out by the APT 28 group, other wise know as the Fancy Bears.
  • R00t9B Report (May 2015)
    • In May 2015 a Cyber Security Firm Root9B published a report on the Fancy Bears. The report stated that they had discovered targeted spear phishing attacks targeting financial institutions.
      United Bank for Africa, Bank of America, TD Bank and the UAE Bank were all targeted. Although security journalist Brian Krebs argued that the attacks may have come from Nigerian phishers.
  • EEF spoof, White House and NATO attack (August 2015)
    • The Fancy Bears are also known to have used a number of zero-day exploits in 2015. Their attacks initially targeted the Electronic Frontier Foundation and then the White House and NATO. Again a spear phishing campaign was also used to direct emails to a fake URL.
  • Democratic National Committee (2016)
    • The Fancy Bears also carried out yet another spear phishing attack, this time on the Democratic National Committee in early 2016. The attack was carried out by phishing emails from 2008. Once the older accounts had been compromised the group was able to retrieve an up to date contact list with current members email addresses.
    • It was CrowdStrike that reported the Fancy Bears involvement in the attack. Although a sole actor then came forward to take credit for the entire attack.
  • Ukrainian Artillery (2014-2016)
    • A report from CrowdStrike also presumes that between 2014 and 2016 the Fancy Bears launched a cyber-attack on the Ukrainian military. The attack was carried out using Malware on Android devices.
    • The Malware was a compromised versions of an app used to control the targeting for the D-30 Howitzer artillery. They used the X-Agent spyware.
  • Windows zero-day (October 2016)
    • In 2016 Google’s Threat Analysis Group released a zero-day vulnerability in Microsoft Windows. This was later acknowledged by Microsoft Executive Vice President of the Windows Device Group Terry Myerson. The published a blog post acknowledged that the vulnerability had effected Adobe Flash and down-level Windows Kernal. It was Microsoft that suggested the Fancy Bears had been responsible for the attack. This was referenced by the use of Microsoft’s in-house name for the Fancy Bears ‘STRONTIUM’.
  • Dutch Ministries (February 2017)
    • More recently in February of 2017 the Dutch Security Services stated that the Fancy Bears had attempted several attacks, with the goal of gaining access to te Dutch ministries.
  • German and French Elections (2016-2017)
    • A group of researchers from the group Trend Micro published a report in 2017, it contained information regarding attempts made by the Fancy Bear group to phish people associated with both the German and French elections. They carried out the attack by creating fake email servers and then sending phishing emails with links to malware.

Source: Wikipedia, BBC News

Although the 9 attacks listed above are not all of the attacks that have been carried out by the Fancy Bears. They are the attacks that have no association with the world of sports and doping.

And while the hacks relating to sports could be seen as something of a cover to dismiss some of the accusations that the Fancy Bears Report to the Kremlin. This has been floating round for a while, and when you think about a couple of the names the group have previously gone by, Threat Group-4127 sounds not only military but very aggressive.

Could it be that as with a number of elections that appear to have been tampered with that the Russian Government are also attempting to control sports. Or could it be to get back at being banned from global events such as the Olympic games.

Could that have been the trigger for the Fancy Bears to go after the rest of the world in an attempt to fight the system so to speak. I personally belive this to be the case, and although the Russians may not want to be directly associated with the Fancy Bears it is hard to ignore their choice of targets.

 

Glasswire Review – The Complete Network Monitor

Glasswire might just be your complete network monitoring and security tool, for both professionals user and home users. I have found from use that it becomes an asset to your security policy, being that at work or home.

Glasswire - Free Features

Glasswire is packed full of features that are designed to not only make your life easier, but also give you piece of mind that your computer is safe from malicious software such as remote Keyloggers and Trojans. This proves evident when you consider the Webcam and Mic detection feature that will notify you if your webcam or mic is activated. And after the leaked documents from Edward Snowden, this concern is ever more prominent. The amount of people you see with tape or a cover over their laptops webcam is not to be ignored.  And rather than placing a sticker or tape over your webcam you could simply turn on the webcam and mic detection feature.

Glasswire -Webcam Detection

The webcam and Mic detection feature can also be used in conjunction with the network monitor, and if Glasswire detected the webcam was in use and you are to see suspicious network activity you would be able to deduce that there could be a Trojan or other remote element on the PC. These features combined make Glasswire a force to be reckoned with in regard to preserving your privacy and preventing your system being compromised.

GlassWire - NetworkScreen

Have you ever wanted to know what or how many devices are connected to your WiFi network, well Glasswire has the solution. Under the network tab you can choose to scan your network and from there it will build a list of all of the device connected to the network.

This will then let you label each device. The ability to label the devices is a nice touch considering in some household there could be as many as 4 iPhone’s that would all be identified by the same name.  And by labeling all of your devices each time you notice an unrecognised device on the network you will be able to carry out an investigation and remove any labeled device from the equation.

As well as this it also has a built in firewall, that can alow you to block or allow certain applciaitons from accessing the outside world. This feature could be very useful if you are to notices some suspicous activity and your first port of call could be to block its network access before investigatong further. This could potentaly save you a massive amount of trouble depending on the type of malware it is.

This slideshow requires JavaScript.

The user interface is warm and welcoming, and offer a few different skins so the user can add their own personal touch to it. And due to all of the option being very clear and easy to access it s quick and smooth to navigate without having to jump through hoops to find certain elements of the application.
GlassWire PricesGlasswire does offer a free option, and for most users, that might be all they need. It will still allow you to monitor your data usage and see a visual representation of network activity.
But considering the ‘Basic’ option starts at $49, paying for the added features will not break the bank and in most cases will cover your average user who may just want to see what is connecting to their wireless network and see what is using data on their PC (This could be beneficial if on a metered internet plan)

The next package the ‘Pro’ comes in at $99 but if you break that down at cost per computer it is only $33 a system. And bundle that with the remote monitoring ability it could be ideal if you have a home server, or multiple devices that you wish to kep an eye on.
And finally there is the Elite version, this I would imagine is targeted at business uses due to the number computers. But depending on your home set up it could be used for a home set up and with that many devices in the home a remote monitoring ability could save a huge amount of time, stress and worry.

To conclude, I personally feel that Glasswire take ‘Cyber Space’ and gives the user a real-time visual representation that would otherwise remain hidden or hard to interpret. It offers the user a nice and smooth experience while also delivering the information in a manner that you do not have to be a network engineer to understand. And I would highly recommend it to anyone who is looking to bolster their security policy at home or work.