30 Sep 2022

Joseph Menn: Observations From Two Decades Of Tech Journalism

Covering technology issues, and specifically cybersecurity as a journalist is a tough endeavor. Some of these technologies are complex as are the security vulnerabilities often inherent in their deployment and making these topics broadly accessible can be a challenge. Many of the underlying issues touch upon national security and civil

Read More
07 May 2022

Open Source “Protestware”: Sabotaging Open-Source Code as a Form of Hacktivism

OODA Loop readers will know more than most the two biggest uses of the term “Open Source.” We frequently write about both. In the context of intelligence, Open Source means information that does not come from classified channels. In terms of software, Open Source means software developed and managed in an open way, generally using open source licenses that allow code to be modified and used freely.  This has always introduced some ambiguity for technologists who operate at the nexus of technology and national security. Now it is getting even more complicated. In this post, for example, we provide some open source intelligence on open source software threats. 

Read More
25 Mar 2022

The Very Serious Okta Breach and the Arrest of the Lapsus$ Ransomware Gang

The recent breach of the industry-standard, cloud-based single sign-on (SSO) authentification service provider Okta is a consequential cyber incident. Following is a timeline of the Okta Breach and the recent Lapsus$ ransomware rampage, concluding with technical guidance and recommendations gleaned from a handful of ongoing technical investigations underway by law enforcement, Okta, Microsoft, Nvidia and cybersecurity researchers worldwide.

Read More
22 Mar 2022

CISA, FBI Issue Joint Cybersecurity Advisory for SATCOM Ecosystem Following Viasat Cyberattack

Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger took to the podium yesterday to announce that U.S. Intelligence continues to investigate the Feb 24th hack of a European satellite company, Viasat, which provides internet connectivity to Europe, including the Ukrainian government and military. In light of this attack, on March 17th the U.S. Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint statement which warned of the “possible threats to U.S. and international satellite communication (SATCOM) networks.”

Read More
02 Mar 2022

Full Log4Shell Attack Chain-Enabled Conti Ransomware Gang Supports Russia; Ukrainian Gang Member Retaliates

In early February, a cybercrime crackdown by Russian authorities included the arrest of members of the REvil gang. Overall, follow-up reports suggested a growing sentiment that the Russian authorities were out to optimize the appeasement value to the U.S. of the arrests. We later suggested that the REvil Gang arrest was possibly a false flag operation. Our suggested scenario at the time:  The Russians gave up the REvil Gang while still planning to lean on non-state actors for the plausible deniability of cyberwar operations. Our latter assumption has proven true.  A few days ago, the Conti Gang announced their support for the Russian Government.

Read More
01 Feb 2022

State-sponsored Iranian hackers attack Turkish government, private organizations

Cybersecurity researchers at Cisco Talos identified a campaign conducted by advanced persistent threat group MuddyWater targeting high-profile entities in Turkey. MuddyWater is a state-sponsored Iranian hacking group that has been linked to campaigns in the Middle East, Israel, the US, and Europe in the past. The group has ties to

Read More
18 Jan 2022

Are Initial Access Brokers the Next Crime Target for Governments?

Initial Access Brokers (IAB) are poised to become a force in 2022, due to a unique skill set that positions them as a valuable commodity for the deployment of hostile cybercrime activity. IABs serve as middlemen, specializing in the exploitation of victims and gaining initial entry. Once achieved and sustained, these actors sell these unique accesses to interested customers on dark web forums and markets. In this capacity, they execute the first phase of a cyber-attack chain, performing the necessary research prior to conducting an operation. Emilio Iaisiello explores the implications of the growth of IABs.

Read More
09 Nov 2021

Chinese hackers are targeting Zoho ManageEngine software

Microsoft has issued an alert regarding the exploitation of systems running Zoho ManageEngine ADSeflService Plus. Microsoft Threat Intelligence Center (MSTIC) has detected exploits originating from a sophisticated Chinese hacker group. Microsoft stated that the group is targeting an obscure bug in the Zoho software to install a web shell. The

Read More
04 Oct 2021

Hackers as Global Private Contractors is a Pandora’s Box You Do Not Want to Open

The U.S. Department of Justice (DoJ) recently fined three former National Security Agency (NSA) hackers who worked as service contractors for a United Arab Emirates (UAE) cybersecurity company named DarkMatter. These three individuals were not the only former ex-U.S. Intelligence officers working for the company. DarkMatter employed more than a dozen former NSA hackers who would use the skills and techniques learned from the NSA to help the UAE target and compromise the phones and computers of its enemies. These “enemies” included human rights activists, journalists, and political rivals. At the core of this issue is the fact that these ex-intelligence operatives used cutting-edge cyber-espionage tools learned from their time in the U.S. Intelligence Community on behalf of a foreign intelligence service.

Read More
24 Aug 2021

Hackers Leak Footage of Iranian Prison

Hacking group Edalat-e Ali has allegedly released silent videos capturing the living conditions inside Tehran’s Evin Prison after compromising their systems and accessing surveillance footage. The prison typically houses political prisoners, according to reports. Iran International confirmed that they received the images and video footage from the hacking group on

Read More