14 comments

[ 2.2 ms ] story [ 42.5 ms ] thread
If this is what a single company can accomplish with a moderate amount of funding. It makes me worried about what a military force could accomplish given 100x resources.
worry no more! not in ignorance, anyway. worry is warranted in erudition.

stuxnet is attributed to the US and Israel and is regarded as one of the most advanced pieces of malware documented.

furthermore, there is lots of evidence of china absolutely ravaging the intellectual property from other countries, presumed by cyber intrusions. no need to invest decades in people, culture, and research equipment when you can just steal the result from others.

> no need to invest decades in people, culture, and research equipment when you can just steal the result from others.

This isn't really a new phenomena. The USSR had spies in the Manhattan project and was able to create a nuclear bomb a few short years after the USA. Or the classic story of the British cracking the German radio communications in WW2 (with the help of the Poles, certainly).

I wonder if we're going to get interesting stories about what's happening right now in the future if it ever becomes declassified. Also, I'd imagine there's just as much cyber intrusions by the American government / American companies as there are by Chinese companies although I will admit I have seen no evidence to point to this. I just think we wouldn't hear about it.

Per the article, they did a bunch of well crafted phishing at a large scale.

Key takeaways:

- Phishing continues to be highly successful (not a shocker)

- Phishing as a Service has significant demand

- The researchers enumerated the targets via poor operational security of the attackers, including one who apparently used their CV as a test document.

That said, there has been a recent trend moving away from phishing. Exposed services are gaining more popularity,especially for cloud vms.
In that phishing is happening less, or more folks are not properly securing their cloud services?
In that, phishing for malware delivery is getting harder so some gangs try unsecured cloud/onprem assets for initial access. Phishing levels have not changed overall from my perspective but how targeted attacks happen seems to be tilting slightly to other initial access tactics.
In another decade, it will continue to be highly successful, since it exploits a basic human qualities (greed, curiosity, fear, etc.).
This group seems to be targeting left-leaning organizations and journalists. If it targeted Trumps organization, would it even be a story here on HN?
I don't think the group targeted anything specific. They seem to be mercenaries. Sure, there were some environmental activists targeted but also a long list of targets that have presumably nothing to do with the "left".

> Several international banks and investment firms, as well as prominent corporate law firms in the United States, Asia, and Europe, were targets

> The most prominent targeting of the financial sector concerned a cluster of hedge funds, short sellers, journalists, and investigators working on topics related to market manipulation at German payment processor Wirecard AG .

> We identified targets in multiple energy and extractive sectors, including petroleum companies. Targets ranged from lawyers and staff to CEOs and executives

> We identified a range of targets in Eastern and Central Europe, and Russia, indicative of targeting surrounding the investments and actions of extremely wealthy individuals, including cases surrounding individuals who could be considered oligarchs.

> We identified targets in multiple governments, ranging from senior elected officials and their staff to members of the judiciary, prosecutors, members of parliament, and political parties.

> Many of Dark Basin’s targets were high profile, well-resourced individuals. However, we also found that private individuals were also targeted, which appeared to correlate with divorces or other legal matters.

It's a shame that the CFAA is used to prosecute people who bulk download articles from JSTOR instead of crimes like this. The DOJ should work with Indian law enforcement to track down this firm and get information on their customers. It's clearly being run as a legitimate business and I suspect it would be trivial to recover records.

Activity like this makes everyone poorer in terms of the actual damage done by the breach as well as all the extra security work that has to be done by Gmail, Dropbox, etc to prevent further abuses like this. It's exactly the type of activity the government needs to protect us from.

I’ve been tracking some highly targeted phishing operations that use a third-party service to identify and fingerprint their victim(s) using “handsetdetection(.)com”. Spoofing the browsers useragent string is not enough to trigger exploitation because of this “service”.
It would be interesting to know the middleman involved in hiring BellTroX; surely Exxon didn’t hire them directly but were working with a “public relations” company that took initiative to hire this shady firm. Knowing the middleman might help connect the loose threads