[ad_1]
Iranian hackers sought to interest President Biden’s campaign in information stolen from the rival campaign of former President Donald Trump, sending unsolicited emails to people connected to the Democratic president in an effort to interfere in the 2024 election, the FBI and other federal agencies said Wednesday.
There’s no evidence that any of the recipients responded, officials said, preventing the hacked information from surfacing in the final months of the closely contested election.
The hackers sent emails in late June and early July to people who were associated with Mr. Biden’s campaign before he dropped out. The emails “contained an excerpt taken from stolen, non-public material from former President Trump’s campaign as text in the emails,” according to a U.S. government statement.
In late July, officials with the FBI, the Office of the Director of National Intelligence and the Department of Homeland Security said that Tehran had started a campaign that was working to weaken Trump’s candidacy, while Russia was attempting to do the opposite.
Last month, sources told CBS News that the FBI was investigating whether Iranian hackers had targeted people associated with both the Trump and Biden-Harris campaigns.
In response to the revelation, Harris campaign spokesperson Morgan Finkelstein told CBS News in a statement Wednesday evening that “we’re not aware of any material being sent directly to the campaign,” adding that “a few individuals were targeted on their personal emails with what looked like a spam or phishing attempt.”
Finkelstein said the campaign has “cooperated with the appropriate law enforcement authorities since we were made aware that individuals associated with the then-Biden campaign were among the intended victims of this foreign influence operation.”
Trump campaign spokesperson Karoline Leavitt told CBS News in a statement that “this is further proof the Iranians are actively interfering in the election to help Kamala Harris and Joe Biden because they know President Trump will restore his tough sanctions and stand against their reign of terror.”
A Microsoft threat intelligence report last month provided examples about the actions of Iranian groups seeking to influence the 2024 election.
“Not surprisingly, the latest revelations confirm that Iran’s efforts are multi-pronged and intended to damage the Trump campaign,” Chris Krebs, former Cybersecurity and Infrastructure Security Agency director, told CBS News Wednesday. “This comes on the same day as a Senate Intelligence Committee hearing on foreign threats to elections. In that hearing Microsoft President Brad Smith characterized the state of foreign interference as Russia vs Harris and Iran vs Trump.”
The Trump campaign disclosed on Aug. 10 that it had been hacked and said Iranian actors had stolen and distributed sensitive internal documents. At least three news outlets — Politico, The New York Times and The Washington Post — were leaked confidential material from inside the Trump campaign. So far, each has refused to reveal any details about what it received.
Politico reported that it began receiving emails on July 22 from an anonymous account. The source —an AOL email account identified only as “Robert”— passed along what appeared to be a research dossier that the campaign had apparently done on the Republican vice presidential nominee, Ohio Sen. JD Vance. The document was dated Feb. 23, almost five months before Trump selected Vance as his running mate.
A spokesperson for Iran’s permanent mission to the U.N. told CBS News in a statement Wednesday that the FBI’s “allegations” were “fundamentally unfounded, and wholly inadmissible.”
“Having already unequivocally and repeatedly announced, Iran neither has any motive nor intent to interfere in the U.S. election; and, it therefore categorically repudiates such accusations,” the statement read. “Should the U.S. government genuinely seek the truth, it is incumbent upon them to formally and transparently provide their substantiated evidence, so as to receive a corresponding and precise response.”
[ad_2]
[ad_1]
Former President Donald Trump’s presidential campaign said Saturday that it has been hacked and suggested Iranian actors were involved in stealing and distributing sensitive internal documents.
The campaign provided no specific evidence of Iran’s involvement, but the claim comes a day after Microsoft issued a report detailing foreign agents’ attempts to interfere in the U.S. campaign in 2024.
In its report, Microsoft cited an instance of an Iranian military intelligence unit in June sending “a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.”
Trump campaign spokesperson Steven Cheung blamed the hack on “foreign sources hostile to the United States.”
A National Security Council spokesperson told CBS News that it was deferring to the Justice Department on the matter, while the FBI declined comment.
“As we have said many times, the Biden-Harris Administration strongly condemns any foreign government or entity who attempts to interfere in our electoral process or seeks to undermine confidence in our democratic institutions,” the NSC spokesperson said in a statement.
Microsoft also declined comment when reached by CBS News Saturday.
Politico first reported Saturday on the hack. The outlet reported that it began receiving emails on July 22 from an anonymous account. The source — an AOL email account identified only as “Robert” — passed along what appeared to be a research dossier the campaign had apparently done on the Republican vice presidential nominee, Sen. JD Vance of Ohio. The document was dated Feb. 23, almost five months before Trump selected Vance as his running mate.
“These documents were obtained illegally” and “intended to interfere with the 2024 election and sow chaos throughout our Democratic process,” Cheung said.
He pointed to the Microsoft report issued Friday and its conclusions that “Iranian hackers broke into the account of a ‘high ranking official’ on the U.S. presidential campaign in June 2024, which coincides with the close timing of President Trump’s selection of a vice presidential nominee.”
“The Iranians know that President Trump will stop their reign of terror just like he did in his first four years in the White House,” Cheung said, adding a warning that “any media or news outlet reprinting documents or internal communications are doing the bidding of America’s enemies and doing exactly what they want.”
In response to Microsoft’s report, Iran’s United Nations mission denied it had plans to interfere or launch cyberattacks in the U.S. presidential election. In July, U.S. officials with the Office of the Director of National Intelligence, FBI and Department of Homeland Security indicated that Iran has started an influence campaign designed to undercut Trump’s candidacy.
Cheung did not immediately respond to questions about the campaign’s interactions with Microsoft on the matter.
In that report, Microsoft stated that “foreign malign influence concerning the 2024 US election started off slowly but has steadily picked up pace over the last six months due initially to Russian operations, but more recently from Iranian activity.”
The analysis continued: “Iranian cyber-enabled influence operations have been a consistent feature of at least the last three U.S. election cycles. Iran’s operations have been notable and distinguishable from Russian campaigns for appearing later in the election season and employing cyberattacks more geared toward election conduct than swaying voters.”
“Recent activity suggests the Iranian regime — along with the Kremlin — may be equally engaged in election 2024,” Microsoft concluded.
Specifically, the report detailed that in June 2024, an Iranian military intelligence unit, Mint Sandstorm, sent a phishing email to an American presidential campaign via the compromised account of a former adviser.
“The phishing email contained a fake forward with a hyperlink that directs traffic through an actor-controlled domain before redirecting to the listed domain,” the report states.
Vice President Kamala Harris’ campaign did not immediately respond to a request for comment on the reported hacking or on the Democratic nominee’s cybersecurity protocols.
[ad_2]
[ad_1]
Watch CBS News
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
[ad_2]
[ad_1]
Watch CBS News
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
[ad_2]
[ad_1]
Washington — Hackers backed by the Chinese government are targeting U.S. water treatment plants and electrical grids, strategically positioning themselves within critical infrastructure systems to “wreak havoc and cause real-world harm to American citizens and communities,” FBI Director Christopher Wray told Congress Wednesday.
“There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure,” Wray warned the House Select Committee on the Chinese Communist Party, according to excerpts of his remarks obtained by CBS News. “The risk that poses to every American requires our attention — now.”
The head of the FBI and other national security officials — including Jen Easterly, who leads the Cybersecurity and Infrastructure Security Agency — are testifying at a congressional hearing focused on the cybersecurity threat posed by China’s government.
Wray told Congress that much of the framework upon which Americans rely for daily tasks, like oil and natural gas pipelines and transportation systems, is vulnerable to a cyberattack by hackers supported by China’s ruling party.
JULIA NIKHINSON/AFP via Getty Images
The Justice Department and FBI announced Wednesday that they’ve disrupted the hacking operation known as “Volt Typhoon,” a China-backed hacking operation that officials said targeted critical infrastructure in the U.S. and other nations.
Active since mid-2021, researchers at Microsoft previously determined it “could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
U.S. investigators obtained a court order to delete the botnet malware on infected routers and later took measures to prevent future reinfection. Remotely disabling hackers behind cyberattacks as they did in this case is a new weapon in the U.S. government’s cyber defense arsenal.
Volt Typhoon utilizes botnets – networks of infected internet-connected devices that can be used to bring down sensitive targets. Typically, initial access is gained through unsecured home routers or modems.
“Through the course of an investigation, the FBI determined the best action was to conduct a technical operation to decisively neutralize the botnet in a timely and coordinated manner,” the senior FBI official said, “curtailing the PRC’s ability to further target U.S. entities.”
“The United States will continue to dismantle malicious cyber operations – including those sponsored by foreign governments – that undermine the security of the American people,” Attorney General Merrick Garland said in a statement Wednesday.
Activity by the China-based hacking group reportedly alarmed U.S. officials, given its proximity to Andersen Air Force Base in Guam. China has ramped up its military activities near the island in recent years in response to what Beijing claims is “collusion” between Taiwan and the U.S.
The naval port in Guam would play a critically important role in launching any U.S. military response in the event of a Taiwanese invasion. Microsoft noted at the time that Chinese intelligence and military hackers routinely prioritize espionage and the gathering of information.
Last week, senior officials from the National Security Agency (NSA) warned that part of the PRC’s strategy behind Volt Typhoon could be to distract the U.S. in the event of conflict over Taiwan.
“This is unique in that it’s prepositioning on critical infrastructure, on military networks, to be able to deliver effects at the time and place of their choosing so that they can disrupt our ability to support military activities or to distract us, to get us to focus on a domestic incident at a time when something’s flaring up in a different part of the world,” said Rob Joyce, cybersecurity director at NSA, adding that the PRC doesn’t “want us facing the foreign aspects of that.”
“[T]he reason it’s a whole-of-government effort is because every sector, potentially, is being targeted and impacted and we really have to be all in unison on how we’re doing mitigation,” added Morgan Adamski, chief of the NSA’s Cybersecurity Collaboration Center, which works with private sector companies to detect and prevent against cyber threats.
Joyce said efforts were ongoing across the government to convince China’s leadership that civilian targets should be out of bounds.
“We have to get to the point where PRC leadership decides that the embarrassment in the international community of being caught at this, the horror of the international community that somebody would hold civilians at risk with cyber is intolerable,” he said.
Earlier this month, the FBI and CISA also pushed out a new alert, warning that Chinese-manufactured drones, or UAS, pose a “significant risk” to critical infrastructure and U.S. national security.
“The use of Chinese-manufactured UAS in critical infrastructure operations risks exposing sensitive information to PRC authorities, jeopardizing U.S. national security, economic security, and public health and safety,” the bulletin read.
Other top public officials, like Attorney General Merrick Garland, have also warned of the threat China’s government poses to Americans’ well being, economic prosperity and innovation. In the last year, the Justice Department has announced novel cases calling out Chinese chemical companies for aiding the fentanyl epidemic and secret Chinese police stations working to quiet Chinese dissidents living in the U.S.
“Today, and literally every day, they’re actively attacking our economic security, engaging in wholesale theft of our innovation, and our personal and corporate data,” Wray told Congress Wednesday. “They target our freedoms, reaching inside our borders, across America, to silence, coerce, and threaten our citizens and residents.”
Last year, the Justice Department launched the Disruptive Technology Strike Force to target rival nations like China that seek to use American high-tech advances to undermine national security and upset the rule of law.
U.S. officials are paying more attention to how foreign adversaries try to use investments to gain access to American technology and data. In announcing the department’s new initiative last February, Deputy Attorney General Lisa Monaco said the Biden administration is looking at options to enable federal regulators to monitor the flow of American money into foreign tech sectors, while making sure those funds do not advance the national security interests of other nations, including China.
[ad_2]
Source link
[ad_1]
Okta, a major provider of security technology for businesses, government agencies and other organizations, said Friday that one of its customer service tools had been hacked.
The hacker used stolen credentials to access the company’s support case management system and view files uploaded by some customers, Okta Chief Security Officer David Bradbury disclosed in a securities filing. Okta said that system is separate from its main client platform, which was not penetrated.
Some of the world’s biggest companies, including FedEx, Hewlett Packard and T-Mobile, use Okta to secure access to the computer systems (Paramount, which owns CBS News, is also an Okta customer.)
Okta shares slid on news of the intrusion, falling early 12% to $75.57.
“Attacks such as this highlight the importance of remaining vigilant and being on the lookout for suspicious activity,” Bradbury said.
Okta said it has notified all customers that were affected by the cyberattack. The company also released internet protocol and other information aimed at helping customers detect if their systems were compromised in the hack.
The cost of a typical data breach in the U.S. reached nearly $4.5 million this year, a record high, according to IBM. That’s up more than 15% from $3.9 million in 2020.
Ransomware attacks and other types of cybercrime targeting companies has surged in recent years because of the number of companies using internet cloud services to store data.
Thanks for reading CBS NEWS.
Create your free account or log in
for more features.
[ad_2]
[ad_1]
Senior government officials are racing to limit the impact of what’s believed to be a global cyberattack affecting U.S. federal agencies and allies, including NATO member countries.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed in a statement Thursday that it was providing support to several federal agencies “that have experienced intrusions affecting their [file transfer] applications.”
“We are working urgently to understand impacts and ensure timely remediation,” the statement continued.
Anne Neuberger, deputy national security advisor for cyber and emerging technology for the National Security Council, told CBS News Thursday that the hackers “compromised a vulnerability in a widely used software” that companies worldwide use “to move large files.”
“They’ve (the hackers) started releasing some of the data that was stolen as part of their work to extort these companies,” Neuberger said. “We strongly encourage anyone who was a user of the software to, of course, patch, lock down their systems.”
One cybersecurity expert characterized the breach as one of the largest theft and extortion events in recent history. Victims include Johns Hopkins University, the University of Georgia, the BBC and British Airways.
Cybersecurity experts say the hacking gang has been active since at least 2014 and is believed to operate from Russia with the tacit approval of Moscow’s intelligence services. CISA Director Jen Easterly identified the hackers as CLOP Ransomware.
“They’re basically taking data and looking to extort it,” Easterly said.
Brett Callow, a cyber threat analyst with Emsisoft, told CBS News that there were 47 confirmed victims so far, “plus a number of as yet unidentified U.S. government agencies.” He added that CLOP claimed “hundreds of organizations have been impacted.”
Late Thursday afternoon, a senior CISA official declined to identify which government agencies had been affected, but noted that the Energy Department had issued a statement indicating it had reported an incident to CISA. The official also said that at this time, there is no indication that any of the military branches or the intelligence community were impacted.
“This is not a campaign like Solar Winds that presents a systemic risk to our national security or our nation’s networks,” the official said, referring to a hugely disruptive cyberattack in 2020 that was traced to Russian military hackers.
Further, no federal agencies have so far received extortion demands and no federal data has been leaked, the official said.
Many organizations had already patched the vulnerability before the cyber actors were able to intrude, according to CISA.
CLOP works by seizing sensitive data and holding it for ransom, threatening “after 7 days your data will start to be published.” It’s exploiting a vulnerability in a software program called MoveIt Transfer, which is widely used to transfer data.
A CISA analyst note described CLOP as a ransomware variant that uses a double extortion ransomware strategy. The cybercriminal gang steals the information before encrypting it and then demands a ransom to head off the leaking of that information on CLOP’s ransomware site.
At this point, Easterly says the government is “focused specifically on the federal agencies that may be impacted” and is “working hand-in-hand with them to mitigate the risk.”
“We understand there are businesses, though, around the world,” she added.
Researcher Bret Callow says victims also include banks and credit unions.
The FBI and CISA warned last week that in late May, a ransomware gang began exploiting a vulnerability in a the file-sharing software MoveIt Transfer.
The FBI declined to comment, but referred CBS News to the security advisory about MoveIt, which also encouraged private sector partners to implement recommended measures to protect themselves from the ransomware and to report any suspicious cyber activity to local FBI offices and CISA.
— Nicole Sganga and Robert Legare contributed to this report.
[ad_2]
[ad_1]
Senior government officials are racing to limit the impact of what’s believed to be a global cyberattack affecting U.S. federal agencies and allies, including NATO member countries.
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed in a statement Thursday that it was providing support to several federal agencies “that have experienced intrusions affecting their [file transfer] applications.”
“We are working urgently to understand impacts and ensure timely remediation,” the statement continued.
One cybersecurity expert characterized the breach as one of the largest theft and extortion events in recent history. Victims include Johns Hopkins University, the University of Georgia, the BBC and British Airways.
Cybersecurity experts say the hacking gang has been active since at least 2014 and is believed to operate from Russia with the tacit approval of Moscow’s intelligence services. CISA Director Jen Easterly identified the hackers as CLOP Ransomware.
“They’re basically taking data and looking to extort it,” Easterly said.
Brett Callow, a cyber threat analyst with Emsisoft, told CBS News that there were 47 confirmed victims so far, “plus a number of as yet unidentified U.S. government agencies.” He added that CLOP claimed “hundreds of organizations have been impacted.”
Late Thursday afternoon, a senior CISA official declined to identify which government agencies had been affected, but noted that the Energy Department had issued a statement indicating it had reported an incident to CISA. The official also said that at this time, there is no indication that any of the military branches or the intelligence community were impacted.
“This is not a campaign like Solar Winds that presents a systemic risk to our national security or our nation’s networks,” the official said, referring to a hugely disruptive cyberattack in 2020 that was traced to Russian military hackers.
Further, no federal agencies have so far received extortion demands and no federal data has been leaked, the official said.
Many organizations had already patched the vulnerability before the cyber actors were able to intrude, according to CISA.
CLOP works by seizing sensitive data and holding it for ransom, threatening “after 7 days your data will start to be published.” It’s exploiting a vulnerability in a software program called MoveIt Transfer, which is widely used to transfer data.
A CISA analyst note described CLOP as a ransomware variant that uses a double extortion ransomware strategy. The cybercriminal gang steals the information before encrypting it and then demands a ransom to head off the leaking of that information on CLOP’s ransomware site.
At this point, Easterly says the government is “focused specifically on the federal agencies that may be impacted” and is “working hand-in-hand with them to mitigate the risk.”
“We understand there are businesses, though, around the world,” she added.
Researcher Bret Callow says victims also include banks and credit unions.
The FBI and CISA warned last week that in late May, a ransomware gang began exploiting a vulnerability in a the file-sharing software MoveIt Transfer.
The FBI declined to comment, but referred CBS News to the security advisory about MoveIt, which also encouraged private sector partners to implement recommended measure to protect themselves from the ransomware and to report any suspicious cyber activity to local FBI offices and CISA.
Nicole Sganga and Robert Legare contributed to this report.
[ad_2]
[ad_1]
Microsoft and a group of cybersecurity firms received help from the courts with the massive takedown Thursday of a notorious hacking tool that had been co-opted by cybercriminals to target hospitals and healthcare systems.
Joining forces with cybersecurity firm Fortra and the Health Information Sharing and Analysis Center (H-ISAC), the firms applied for and received a court order designed to remove bootleg versions of Fortra’s Cobalt Strike software. Last Friday, the U.S. District Court for the Eastern District of New York awarded the court order to the organizations, enabling them to seize domain names where malicious actors were storing the “cracked” versions of the software.
For years, a malicious version of the tool — initially designed to enable companies to check their cyber defenses — has been manipulated by bad actors launching ransomware attacks on unwitting victims.
Ransomware families associated with the cracked copies of Cobalt Strike “have been linked to more than 68 ransomware attacks impacting healthcare organizations in more than 19 countries around the world,” according to Microsoft, costing hospital systems “millions of dollars in recovery and repair costs, plus interruptions to critical patient care services including delayed diagnostic, imaging and laboratory results, canceled medical procedures and delays in delivery of chemotherapy treatments.”
As hospitals grappled with the coronavirus pandemic across the U.S., cybercriminals ramped up crippling cyber attacks designed to lock down computer networks containing patient data in exchange for hefty ransoms. Analysis conducted by the Cybersecurity and Infrastructure Security Agency (CISA) found such attacks posed long-term negative impacts on hospitals, creating more ambulance diversions and increased mortality.
Older, illegal copies of the Cobalt Strike software — often referred to as “cracked” versions — have been abused by criminals in a series of high profile attacks, including those waged against the government of Costa Rica and the Irish Health Service Executive, according to Microsoft.
At least two infamous Russian-speaking ransomware gangs — Conti and LockBit — are listed among the 16 defendants, according to a court order obtained by CBS News.
“While the exact identities of those conducting the criminal operations are currently unknown, we have detected malicious infrastructure across the globe, including in China, the United States and Russia,” Microsoft stated in their announcement. “In addition to financially motivated cybercriminals, we have observed threat actors acting in the interests of foreign governments, including from Russia, China, Vietnam and Iran, using cracked copies.”
“We are also going to do what we call ‘sinkholing,’ which means redirecting those domains to Microsoft so that we can identify any victims. We’ll work with others around the world to help remediate those victims,” said Amy Hogan-Burney, general manager and associate general counsel for cybersecurity policy and protection at Microsoft.
Friday’s legal move marks rare action by a tech leader to target malicious hackers’ tools and tactics with a court authorized order. Spearheaded by Microsoft’s 35-person Digital Crime Unit, researchers began devising the legal strategy more than one year ago in conjunction with Fortra and H-ISAC.
Microsoft has previously tapped civil orders to seize domains and IP addresses associated with specific malware, but Friday’s court order marks the first time the tech leader has sought to take down a malicious hacking tool on this scale.
“Some of the legal claims are similar to actions we’ve done in the past, but the scope is much bigger than what we’ve done,” said Hogan-Burey.
Microsoft has already begun digging into hacking tools it believes cybercriminals will switch to after the Cobalt Strike crackdown, according to Hogan-Burney said. And although Friday’s legal action will not stop cybercriminals from exploiting the cracked software outright, Hogan-Burney calls it an important first step.
Microsoft and Fortra obtained a temporary restraining order against those violating the copyright of their programs to permit quicker shutdown of malicious versions of the software. But Friday’s court order also allows Microsoft, Fortra and the H-ISAC to carry out future takedowns as criminals develop new infrastructure.
“[This court order] allows us to keep doing it,” Hogan-Burney added. “After we execute the temporary restraining order today, we are going to seek a permanent injunction because we believe this activity will continue by the cybercriminals. They will look to move hosting [sites] for the cracked versions of Cobalt Strike because it is an effective tool for them. And we will continue to chase them.”
[ad_2]
[ad_1]
Panera Bread is rolling out palm scanners that will link customers’ handprints to their loyalty accounts — a move the company paints as convenient but that privacy advocates have decried.
The biometric-gathering technology, developed by Amazon, will hit stores in the next few months, Panera said on Wednesday. The gadgets will help suggest menu items based on customers’ order histories and allow employees to greet customers by their names and share customers’ available rewards, the company said.
Panera Bread CEO Niren Chaudhary described the move as a “frictionless, personalized, and convenient” evolution of Panera’s loyalty program, which boasts 52 million members.
The fast-casual chain has already installed the scanners at locations in St. Louis, where it is headquartered, and says the scanners will “expand to additional locations in the coming months,” although it’s unclear how many of the chain’s 2,000-plus locations will be affected. Reuters reported that Amazon One technology is in use at some 200 locations across the country, including Amazon’s Whole Foods Market subsidiary and Amazon Go stores.
Panera says the technology will securely store its customers’ biometric data. However, digital rights activists worry that information could be tapped by federal agencies or accessed by hackers.
“Federal agencies like Customs and Border Protection have experienced devastating hacks where large databases of biometric information have been stolen,” Fight for the Future told CBS MoneyWatch in an email. “Do we really expect Amazon, or Panera, to have better cybersecurity practices?”
Panera and Amazon did not immediately reply to requests for comment.
Amazon began using biometric-gathering technology at its Amazon Go locations in late 2020, but the payments system has raised some eyebrows and alarms. In 2021, a group of U.S. senators sent a letter to Amazon’s CEO requesting details about how the company intends to use customers’ data and whether it will continue to build up its biometric information.
Amazon’s tracking practices are also at the crux of a lawsuit filed earlier this month. The suit alleges the e-commerce giant skirted New York City data privacy laws by not disclosing to shoppers that it was collecting their biometric information.
Thanks for reading CBS NEWS.
Create your free account or log in
for more features.
[ad_2]
