The zero-day vulnerability that NSO's software used to help governments access user devices first surfaced in May this year. Now, Reuters, citing confidential sources, is reporting that government officials inside the US and its allied countries were targetted through NSO's hacking tools.
The Reuters report that we've come across today has damming implications from WhatsApp being hacked. It's believed by the publication's sources that high-profile civilian and military institutions, in a list of 20 countries that include the United States and her allies, have had their smartphones compromised through hacking softwares developed by the NSO group. The NSO group's sales are ultimately regulated by the Israeli ministry of defense.
Government and military hit by WhatsApp hack
If NSO's hacking software was sold exclusively to governments, then who hacked the devices? There are only two answers which we can think of. The first suggests that governments who purchased an NSO product lost control of, or let the product be accessed by nefarious individuals. The second, even more controversial, entails that perhaps it's the governments themselves spying on their highly ranked civilian and military employees.
SINGAPORE - A hacking campaign suspected to be linked to an Asian government breached seven high-profile targets in South-east Asia and Europe, including government and military agencies, according to cyber-security firm Group-IB.
The newly identified hacker group, dubbed Dark Pink, used phishing e-mail messages and advanced malware to compromise the defences of military branches in the Philippines and Malaysia, as well as government organisations in Cambodia, Indonesia and Bosnia-Herzegovina, from September to December 2022.
Government and military organisations are frequently prime targets for hackers, given the confidential and sensitive data on their networks, and e-mail continues to be one of the common breach methods.
December 2022. A U.S. lawmaker predicted spyware hacks of U.S. government employees could be in the hundreds, including diplomats in multiple countries. This follows a probe into how many devices spyware are affected in the U.S. government.
November 2022. Iranian government-sponsored hackers compromised the U.S. Merit Systems Protection Board, exploiting the log4shell vulnerability as early as February 2022. After breaching the network, hackers installed cryptocurrency-mining software and deployed malware to obtain sensitive data.
November 2022. State-sponsored hackers with possible ties to the Chinese government targeted multiple Asian countries in an espionage operation since March 2022, compromising a digital certificate authority in one country.
November 2022. Hackers disabled digital services of the Vanuatu government in a cyberattack. The attack affected all government services, disabling emails, websites, and government systems, with only partial access restored a month later. Australian sources stated the hack was a ransomware attack.
November 2022. Indian hackers targeted Pakistani government entities, including the military, and companies since April 2020. The attacks enabled hackers to infiltrate systems and access computer controls.
October 2022. Hackers targeted a communications platform in Australia, which handles Department of Defence data, in a ransomware attack. The government believes hackers breached sensitive government data in this attack.
August 2022. Hackers used phishing emails to deploy malware in government institutions and defense firms throughout Eastern Europe in January 2022. A report by Russian-based company Kaspersky linked the campaign to a Chinese hacking group.
June 2022. Hackers targeted Norwegian public institutions with DDoS attacks, disrupting government websites. The Norwegian NSM security authority attributed the attack to pro-Russian hackers.
May 2022. A Chinese hacking group stole intellectual property assets from U.S and European companies since 2019 and went largely undetected. Researchers believe the group is backed by the Chinese government.
March 2022. Pakistani government-linked hackers targeted Indian government employees in an espionage operation. The group also created fake government and military websites to deliver malware to their targets.
March 2022. The U.S. Department of Justice charged four Russian government employees involved in hacking campaigns that took place between 2012 and 2018. The hacks targeted critical infrastructure companies and organizations largely in the energy sector. The hackers sought to install backdoors and deploy malware in the operational technology of their targets.
February 2022. An investigation led by Mandiant discovered that hackers linked to the Chinese-government compromised email accounts belonging to Wall Street Journal journalists. The hackers allegedly surveilled and exfiltrated data from the newspaper for over two years beginning in at least February 2020.
Most high-profile hacks this year were done with clear monetary aims, rather than carried out by spies or hacktivists. On a few occasions, however, hacks have been traced to governments across the globe attempting to surveil individuals.
Last week, the US Department of Defense released a highly-anticipated new draft of cybersecurity standards, which tightens the norms that government contractors need to abide by for fending off hacks. The DOD is expected to issue its final framework for cybersecurity standards in January, according to FedScoop.
The FT reported that the spyware was designed by Israel's NSO group, and WhatsApp said in a statement that the hack bore the hallmarks of a private organization accustomed to working with government agencies. The Israeli firm denied any involvement.
According to a report by Check Point Research, a total of 32 organisations in India were hit by hackers who exploited vulnerabilities in Microsoft Exchange servers. The report also mentions that the finance and the banking sector was the worst affected with 28% of the hacks being targeted at it, followed by government and military (16%), manufacturing (12.5%), insurance and legal (9.5%). All other industries constituted the remaining 34%.
NSO, the Israeli company, has claimed that it supplies such software only to government agencies. If indeed Indian government agencies are not involved, then the hacking of smartphones constitutes a criminal offense in India. Why has the government, specifically the IT Ministry, not filed a police complaint and launched criminal investigations?
All information gathered by such software is routed to Israel and American spy agencies. When governments buy this software from foreign sources they are, in effect, partnering with foreign agencies to spy on their own citizens. They are helping foreign powers shape the domestic narrative. If NTRO or RAW have indeed bought Pegasus, the narrative that such hacking can produce can be easily manipulated by Israeli or US spy agencies.
In short, these are not hacking tools but cyber weapons. That is why governments need to sign a moratorium against developing and deploying them, just as they have for chemical and biological weapons.
When it comes to describing the exploits and tactics used by government hackers, we are faced with two difficulties. One is that the methods that government hackers use are cloaked in secrecy. Secondly, each government has different motives when it comes to launching attacks, and therefore uses different tactics.
There are, however, some ways of finding out a little about how government hackers operate. One source of information on this is generously provided by Verizon as part of its annual Data Breach Investigations Report (DBIR). This report indicates that government hacking has increased significantly over the past few years, and details the most common methods used by government hackers:
By analyzing these sources of information on the methods used by government hackers, and by slicing the raw data that DBIR provides, we can provide a little more insight into these government-orchestrated attacks. In the table above are listed the top six attack mechanisms used by state hackers. As the DBIR notes, these 121 breaches are based on well-rehearsed exploits in which certain actions almost always appear.
Of course, this is not an unusual scenario for a more sophisticated type of non-government hacker. The key point here is that traditional preventive methods and Plan B-type mitigation would still apply.
When the Obama administration placed blame for the 2014 Sony Pictures hack on North Korea, for example, much of the security community agreed with the consensus, but there was also some prominent skepticism. Part of this was because Obama did not disclose that the US had the direct ability to spy on North Korean internet activity before and during the attack on Sony. These details were later reported by the New York Times. But inconsistent access to full evidence can make it difficult for individuals and civilian security firms to vet government attributions.
In the USA, there is government support available to help you identify and defend yourself against government hacking. The central agency charged with this task is CISA, part of the US Department of Homeland Security. This agency frequently issues alerts that detail current security issues, vulnerabilities, and exploits.
A decade ago, government hacking was largely the concern of cybersecurity analysts working for government agencies. In recent years, however, these attacks have become much more frequent, and much more dangerous. Whichever type of organization you work for, you need to be aware of government hacking, and how to protect your systems against it. In addition, a thorough knowledge of government hacking is now an essential skill for anyone looking to build a cybersecurity career. 2ff7e9595c
Comments