Trickbot is not a new threat, but it is an evolving one. The latest twist of the banking Trojan knife as far as Windows 10 users are concerned is the addition of new methods to not only evade but actually disable Windows Defender security protection. As reported on July 14 in Forbes , Trickbot is a particularly stealthy banking Trojan that has been around since 2016. Since then, it was thought to have compromised no less than 250 million email accounts in an effort to distribute the malware payload. That payload includes the stealing of online banking credentials and cryptocurrency wallets. Microsoft has always been front and center as far as Trickbot attack campaigns are concerned, with weaponized Word and Excel files being a favored approach. The latest campaign is targeting Windows 10 users and implementing a highly detailed and convincing, but fake nonetheless, Office 365 page to prompt for browser updates that install the Trojan itself. Disab...
WASHINGTON — Russian government hackers stole highly sensitive U.S. spying tools after a contractor brought classified material home and put it on a computer that used Kaspersky anti-virus software, a former senior intelligence official briefed on the matter told NBC News.
The details were first reported Thursday by The Wall Street Journal.
The contractor, whose name has not been made public, worked for the National Security Agency, which specializes in hacking computers and eavesdropping on communications.
The Journal said the stolen material included secret details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S.
The report also said it was unclear whether the contractor had lost his job or is facing prosecution. He is not believed to have wittingly cooperated with a foreign government.
The man took his work home in violation of NSA rules, and Russian hackers were able to identify the material and access his machine because he was using Kaspersky software, the former official said.
The case explains why the U.S. government has cracked down on Kaspersky in recent months, banning its use by government agencies, he added.
Kaspersky is an anti-virus company owned by Eugene Kaspersky, who has long been accused by U.S. officials of having ties with Russian intelligence officials. But until recently, the company's products were widely for sale in the U.S. and used by some federal agencies.
Kaspersky did not immediately respond to NBC News' request for comment.
The loss of secrets is "extremely damaging," the former official said, because it offers Russia great insights into how the NSA steals data. It will make the NSA's job harder.
"Not only is the work of the NSA and CIA increasingly visible, there is a certain aggression implied by this," he said. "It's a 'game-on' moment."
Kaspersky, he said, should be treated as a hostile actor.
Another NSA contractor, Harold Martin, has been charged wi.th taking home classified material without permission. He had pleaded not guilty, and he is not the person implicated in this case, the former official said.
A third contractor, Edward Snowden, famously removed reams of classified information NSA facilities and leaked it to the news media. But Snowden for the most part did not reveal spying tools, so the current case could in some ways prove more damaging.
Sen. Ben Sasse, R-Neb., a member of the Armed Services Committee, said the NSA "needs to get its head out of the sand and solve its contractor problem. Russia is a clear adversary in cyberspace and we can’t afford these self-inflicted injuries."
An NSA spokesman declined to comment. An agency official who asked not to be named said the NSA is committed to improving its internal security.
Comments
Post a Comment