CyberheistNews Vol 14 #09 Exposed: Global Espionage Unleashed by China's Police in Groundbreaking Leak

Cyberheist News

CyberheistNews Vol 14 #09  |   February 27th, 2024

Exposed: Global Espionage Unleashed by China's Police in Groundbreaking LeakStu Sjouwerman SACP

I get my news from a very wide variety of sources. One is the venerable SpyTalk news that lives in Substack. They just reported something pretty astounding. Here are the first few paragraphs and at the end is the link to substack with the rest.

A Chinese Snowden?

Massive leak from Shanghai hacking firm shows China's police are spying worldwide.

China's Ministry of State Security, its premier spy agency, occasionally makes a splash in the news with bungled spy operations and triumphant hacking operations, especially here in America. Less well known are mishaps abroad by Beijing's premier law enforcement agency, the Ministry of Public Security, or MPS.

Last year, however, saw the exposure of "overseas police stations" run by the MPS in 14 countries, including the U.S., supposedly to help Chinese citizens abroad renew driver's licenses and the like, but in reality focused on suppressing the activities of Chinese dissidents abroad.

Now comes a bombshell leak revealing why and how China's national police have been enrolled in state espionage and sabotage operations on the world stage through hacking.

On February 16 an anonymous party dumped an enormous cache of hacking-related data and internal messages onto GitHub, the web-based platform for software engineers. The data originated with iS00N, also known as the Shanghai Anxun Information Company [上海安洵信息公司]. The dump, cataloged here in Chinese, reveals the worldwide targeting of entities on behalf of various local MPS outposts — as well as iS00N's role in training police across China to hack into foreign databases.

"This MPS data breach mirrored the magnitude of the NTC Vulkan leak, indicating the severity and potential consequences of the incident," the Firewall Daily reported.

The leak was discovered by a Taiwanese threat intel technical analyst who wasn't sure of the source, said Adam Kozy, a former FBI cyber expert and CrowdStrike analyst who consults on China threat intelligence and is writing a book on the subject entitled "Geeks, Spies, and Criminals: How Chinese Intelligence is Hacking its Way to Hegemony."

"It could be a disgruntled employee of iS00N, or even one of the characters mentioned in the chats…but the things they're saying align with other investigations on (Chinese) contractors like APT41," Kozy told SpyTalk.

Also known as Double Dragon, the MSS-linked APT41 has gained notoriety for carrying out espionage-related and financial attacks on commercial targets worldwide.

Kozy added that iS00N's activities are reminiscent of those previously linked to entities that Western cyber experts have given the code names Red Scylla, Poison Carp, and Evileye.

Target Lists

SpyTalk reviewed a portion of this massive assortment of data, now doubtless being mined by numerous intelligence and law enforcement agencies. It revealed a wide range of targets across the globe. This is only the tip of the iceberg.

[BREAKING NEWS Continued updates at KnowBe4 Blog]

Making the Return on Investment (ROI) Case for Security Awareness Training

As an InfoSec professional, one of your many important responsibilities is to minimize expensive downtime and prevent data breaches. Skyrocketing ransomware infections can shut down your network and exfiltrate data. Phishing is responsible for two‑thirds of ransomware infections. But how do you convey the value and return on investment (ROI) of security awareness training to your CFO and leaders?

Join us for this webinar where Joanna Huisman, SVP of Strategic Insights and Research at KnowBe4, helps you understand the value and articulate the return on investment that security awareness training (SAT) programs can deliver.

You'll learn:

  • Why the ongoing problem of social engineering is problematic for organizations of all sizes
  • The risk and cost of doing nothing to secure the human element
  • The cost savings and risk reduction realized through using KnowBe4's security awareness training platform
  • Why training your users ultimately saves you time and money while protecting your organization

Having a robust and effective SAT program doesn't have to be a strategic or financial challenge. Learn more about the value of preparedness!

Date/Time: TOMORROW, Wednesday, February 28 @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot!

Anyone Can Be Scammed and Phished, With Examples

By Roger Grimes

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe it was successful.

A group posing as an Amazon employee and various U.S. law enforcement agencies were able to convince a woman to take $50,000 out of her bank account in cash and hand it off to a complete stranger in the streets. It is a wild story and most of us would not be tricked into doing what happened to her.

I think most people cannot believe she did it and many think she is either dumb or overly naïve. This is not true.

Intelligence and "street smarts" have little to do with whether you are ultimately scammable or not. I do think being smart and "street smart" can make you less likely to be scammed in many situations, possibly most scenarios. But doctors, lawyers, engineers, successful business owners, rocket scientists and even Nobel Physics prize winners have been successfully scammed. Many people who thought they were super street smart and unscammable have been scammed.

The truth is anyone can be scammed. Anyone can be phished. Anyone is susceptible to the "right" scam in the right conditions. And if you think you are unscammable or cannot be phished, that attitude could be harmful to your own self-interests in the long run.

It might take a very sophisticated, multi-channel scam or it might simply be the right conditions and circumstances. I know some very bright and knowledgeable people who got tricked into clicking on a rogue link simply because they were very busy and trying to do 10 things at the same time. They were not being mindful and focused, and it cost them.

Sometimes it is simply that the scam came with particular attributes right at the exact minute the person was dealing with a similar situation. I know of a person who just reported a negative Uber experience that then got an email from "Uber," clicked the included link, and ended up with malware on his phone.

Another person shared with me that they got a request from their ex-wife's email address for three gift cards just before Christmas, and they just happened to be raising three kids. It seemed like a plausible request.

Whatever the reason, we are all susceptible to scams and phishing attacks. And if you think you are not, you might be eating humble pie one day.

Some EXTREMELY Realistic Scam Examples Continued at the KnowBe4 Blog:

[New Features] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us Wednesday, March 6, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

  • NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
  • NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
  • NEW! 2023 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
  • Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
  • Full Random Phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test

Find out how 65,000+ organizations have mobilized their end users as their human firewall.

Date/Time: Wednesday, March 6, @ 2:00 PM (ET)

Save My Spot!

The Unsettling Leap of AI in Video Creation: A Glimpse Into Sora

By Javvad Malik

In the rapidly evolving landscape of artificial intelligence (AI), the launch of Sora by OpenAI marks an unnerving milestone in video synthesis.

The unveiling of such revolutionary technology is simultaneously exciting and raises red flags to the broader implications of AI's role in digital content creation and cybersecurity.

The potential of Sora to generate up to one-minute video clips from mere text input is staggering. This leap mirrors the advancements seen with Dall-E for image generation, but the addition of dynamic elements like reflection, texture and physics over time introduces a new realm of authenticity to AI-generated content.

Several examples of its capabilities are on the open AI website, which include examples such as a stylish woman walking down a neon-lit Tokyo street to a vintage SUV speeding up a dirt road. At first glance, these videos look authentic, but the closer we scrutinize these videos, the more we uncover imperfections.

But as these models improve at a breakneck pace, the distinction between real and synthetic becomes blurrier. This blurring raises profound ethical questions, notably in how AI-generated content can be used or misused. For instance, while this technology could revolutionize stock footage, saving time and resources, it simultaneously poses risks of misinformation, particularly in sensitive contexts like elections or public opinion molding.

The impersonation of public figures or the creation of fictitious yet realistic events could have dire consequences if used maliciously. We have already seen previous examples of videos being altered to create suspicion. For instance, a few years ago, a distorted video of U.S. House Speaker Nancy Pelosi appeared to show her slurring her words, fueling rumors about her health condition.

So while OpenAI has included watermarks to indicate AI generation, the threat of cropping or other manipulations to conceal this indicator persists.

The introduction of Sora signifies a future where the line between digital creation and reality becomes increasingly indistinct. This innovation could Spread video production, allowing creators to manifest their visions without the traditional barriers of videography.

Yet, it underscores the pressing need for strict ethical guidelines and robust cybersecurity measures to mitigate potential abuses.

Blog post with links:

KnowBe4 Wins 2024 Most Loved Award from TrustRadius

We are excited to announce that our Compliance Plus product received one of the coveted 2024 Most Loved Awards from TrustRadius. This heartfelt honor recognizes products that received the most mentions of the word "love" in customer reviews on the TrustRadius platform. Thank you to our amazing customers for showing us all the love!

KnowBe4's Compliance Plus is not your traditional compliance training program. It addresses challenging topics like sexual harassment, diversity and inclusion, discrimination and business ethics in an engaging and interactive way. It includes various types of media formats and reinforcement materials to support each customers' own compliance training programs. The ability to simulate real-world scenarios provides users with practical ways for dealing with complex issues, entrenching its popularity even further.

One customer at a financial services organization commented, "KnowBe4 Compliance Plus has more content with various language translations. We used another brand that had many fewer options and features. Aside from excellent quality, the quantity of features and options make it a great choice. This translates to better value for the price."

Employees at a computer security organization also raved about the product. "The employees love it — ease of use, fun, and very educational content — what else do you need…?"

Read more:

QR Code Attacks Target the C-Suite 42 Times More than Standard Employees

QR-code attacks leveraging QR codes are kicking into high gear and becoming a common method used in phishing attacks, according to new data from Abnormal Security.

We saw a surge in QR code based phishing attacks late last year. And new data in security vendor Abnormal Security's H1 2024 Email Threat Report gives us some additional insight into how these attacks are being executed.

According to the report:

  • 89.3% of QR code attacks are credential phishing
  • 27% of attacks impersonate multi-factor authentication (MFA) notifications
  • 21% of attacks sent targets fake notifications of a shared document

Also, SMB (specifically organizations with up to 500 employees) companies are 19 times more likely to receive a QR code phishing attack than the largest enterprises with more than 50,000 employees.

You might be thinking, "Who's dumb enough to take their phone and scan a QR code off of their computer?," or "Who can scan a QR code from an email when they're reading the email on their mobile device?"

But threat actors have taken this into consideration in their attacks. For example, in the image below, the attackers are using a problem with multi factor authentication.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

[CONTINUED] on KnowBe4 Blog with screenshots:

Your KnowBe4 Fresh Content Updates from February 2024

Check out the 29 new pieces of training content added in February, alongside the always fresh content update highlights, events and new features.

NEW FEATURE! Individual Leaderboards

Phishing attempts are getting more sophisticated by the day, and it's our responsibility to ensure they don't find success in our inboxes! We're committed to empowering you with innovative tools that turn defense against these threats into an engaging and rewarding experience for your users.

We're excited to announce the launch of individual Leaderboards, a new gamification feature to help increase security awareness training engagement!

With individual Leaderboards, users compete with their colleagues on how well they report suspicious emails using the KnowBe4 Phish Alert Button (PAB).

Some benefits to your organization are:

  • Increased Awareness: Elevates cybersecurity awareness across your workforce and fosters a culture of alertness and shared responsibility
  • Real-time Feedback: Allows users to watch their contributions make an impact as they climb the leaderboard with each reported email
  • Rewards and Recognition: Recognizes your users for their critical role in protecting your organization with incentives that applaud their diligence in the top spots on a monthly, quarterly or yearly basis
  • Learn more on how you can take advantage of gamification features when implementing your security awareness training program within your organization!

Ready to see how you can build a strong security culture and support human risk management?

As of Feb 24, 2024 Knowbe4 has:

  • 25,000 phishing and landing page templates
  • 374 interactive training modules
  • 549 video modules
  • 262 posters and artwork
  • 287 newsletters and security docs
  • 1504 pieces of education and training content
  • 32 games

In the month of February, 376 new translations were added for the following training content categories:

  • Newsletters/Security Documents/Posters: 85
  • Games/Assessments/Training Modules: 199
  • Video Modules: 92

Here is the blog post with much more detail:

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO] Hack-Proof Your Workforce With Security Awareness Practices via @forbes:

PPS: If you have not seen it, absolutely see the film Navalny. He died last week:

[BONUS INFOGRAPHIC] KnowBe4's Learner App by the Numbers:

Quotes of the Week  
"The beginning of wisdom is the definition of terms."
- Socrates - Philosopher (469 - 399 BC)

"Love all, trust a few, do wrong to none."
- William Shakespeare (1564 - 1616)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

EU Entities Targeted by Spear Phishing

Numerous state-sponsored threat actors frequently launched spear phishing attacks against European Union entities last year, according to a new report from the EU's Emergency Response Team (CERT-EU).

"In 2023, spear phishing remained the predominant initial access method for state-sponsored and cybercrime groups seeking to infiltrate target networks," the report says. "This sophisticated form of phishing involved highly targeted and personalized e-mail campaigns, meticulously crafted to deceive specific individuals within organizations.

"In Union entities or their vicinity, as well, spear phishing was the most observed method to attempt initial access. We have analyzed 177 such attacks, that we found notable."

The threat actors often used lures that were themed around EU organizations and impersonated real people. "A number of adversaries used specific lures related to EU affairs, in their attempts to deceive users in our vicinity," the researchers write. "Some threat actors sent spear phishing e-mails containing malicious attachments, links, or decoy PDF files that originally were internal or publicly available documents related to EU policies....

To make the spear phishing message even more credible, the attackers often impersonated staff members of Union entities or of the public administration of EU countries. These attacks targeted not only Union entities but also public administration in EU countries. This shows a significant interest by some adversaries to gather information related to various EU political matters.

The threat actors put a great deal of effort into researching their targets and crafting tailored social engineering attacks. "[W]hatever the goal of the attack was, the threat actors dedicated time and resources in preparatory phases such as reconnaissance and social engineering," the report says.

"Reconnaissance involves gathering intelligence about Union entities: the role of certain staff members, their contact lists, the documents or information they usually share with their stakeholders.

"Social engineering manipulates human psychology, and in the context of spear phishing against Union entities, social engineering aims to craft believable deceptive messages by leveraging information acquired from previous attacks or exposed on unsecured IT assets to increase the likelihood of successful infiltration."

Infosecurity Magazine has the story:

Nearly One in Three Cyberattacks Last Year Involved Abuse of Valid Accounts

Thirty percent of all cyber incidents in 2023 involved abuse of valid credentials, according to IBM X-Force's latest Threat Intelligence Index. This represents a 71% increase compared to 2022.

"One of the top initial access vectors in 2023—jumping from third to first place— was the abuse of valid accounts identified in 30% of the observed incidents X-Force responded to," the researchers write.

"As defenders increase their detection and prevention capabilities, attackers are finding that obtaining valid credentials is an easier route to achieving their goals, considering the alarming volume of compromised yet valid credentials available—and easily accessible—on the dark web.

"X-Force found that cloud account credentials alone make up 90% of for sale cloud assets on the dark web, making it easy for threat actors to take over legitimate user identities to establish access into victim environments.

"Attacker use of valid accounts as an initial access vector appears to have a significant impact on the required response efforts, as well." X-Force observed a "significant drop in observed compromises through phishing," which the researchers believe is due to successful phishing mitigation efforts.

The researchers note, however, that generative AI will allow threat actors to craft phishing lures in minutes. "Using compromised valid credentials is a quick, direct route into the environment, whereas IBM X-Force Red data indicates that human-crafted phishing emails are time-intensive, requiring on average 16 hours to craft one," the researchers write.

"However, it's worth noting that X-Force assesses that phishing is expected to be one of the first malicious use cases of AI that cybercriminals will invest in, theorizing that it's far from done scaling. In fact, X-Force data shows that AI can generate a deceptive phish in 5 minutes, a potential time savings of nearly 2 days for attackers."

New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 orgs worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

IBM has the story:

What KnowBe4 Customers Say

"Just wanted to say thank you for the recent support you've given us in setting up KnowBe4 for our organization. My CSM has added real value in guiding us around best practice and then setting up those configurations within the platform in a really clear, helpful and friendly way.

We work with a lot of software providers but you stand out with a great CSM; understanding what the customer's challenges are and then providing your expertise to help them achieve the most value out of the platform."

- C.P., VP Information Security & Data Protection

The 10 Interesting News Items This Week
  1. How A Global Police Operation Just Took Down a Notorious Ransomware Gang:

  2. As OpenAI's Sora blows us away with AI-generated videos, the information age is over — let the disinformation age begin:

  3. Face off: New Banking Trojan steals biometrics to access victims' bank accounts:

  4. Navalny Social Engineered FSB Officer to Confess his own Murder Plot:

  5. NSA cyber director to step down after 34 years of service:

  6. International law enforcement operation disrupts LockBit ransomware syndicate:

  7. KeyTrap attack: Internet access disrupted with — one — DNS packet:

  8. Exposed: Global Espionage Unleashed by China's Police in Groundbreaking Leak:

  9. Apex vulnerabilities open Salesforce instances to attack:

  10. Yours Truly @forbes. Hack-Proof Your Workforce With Security Awareness Practices:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews