{"id":32013,"date":"2017-05-24T12:42:10","date_gmt":"2017-05-24T02:42:10","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=32013"},"modified":"2017-05-24T12:42:10","modified_gmt":"2017-05-24T02:42:10","slug":"cyber-wrap-165","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/","title":{"rendered":"Cyber wrap"},"content":{"rendered":"<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-32014 size-full\" title=\"Image courtesy of Pixabay user stellabelle.\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/05\/lego-2228659_640.jpg\" alt=\"Image courtesy of Pixabay user stellabelle.\" width=\"640\" height=\"480\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/05\/lego-2228659_640.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/05\/lego-2228659_640-205x154.jpg 205w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/p>\n<p>The fallout from the WannaCry ransomware incident continued this week. ShadowBrokers, who released the <a href=\"https:\/\/en.wikipedia.org\/wiki\/EternalBlue\" target=\"_blank\" rel=\"noopener noreferrer\">Eternal Blue exploit<\/a> used by the WannaCry ransomware, <a href=\"https:\/\/sputniknews.com\/science\/201705171053713964-hacker-release-more-tools-june\/\" target=\"_blank\" rel=\"noopener noreferrer\">have announced a new program<\/a> where members will gain access to new vulnerabilities and tools, as well as information supposedly stolen from Iranian, Chinese and North Korean missile programs. While ShadowBrokers have been <a href=\"http:\/\/www.afr.com\/news\/world\/like-a-wine-club-but-for-cyber-weapons-20170521-gw9kh7\" target=\"_blank\" rel=\"noopener noreferrer\">linked to Russian intelligence services<\/a>, it\u2019s noteworthy that <a href=\"https:\/\/www.nytimes.com\/2017\/05\/14\/world\/europe\/russia-cyberattack-wannacry-ransomware.html?_r=0\" target=\"_blank\" rel=\"noopener noreferrer\">Russia itself was significantly affected by the incident<\/a>. As expected, additional uses of the EternalBlue exploit have been uncovered, including to install <a href=\"http:\/\/www.darkreading.com\/attacks-breaches\/nsa-tools-behind-wannacry-being-used-in-even-bigger-attack-campaign\/d\/d-id\/1328901\" target=\"_blank\" rel=\"noopener noreferrer\">software that mines the cryptocurrency Monero<\/a>.<\/p>\n<p>Speculation over whether the Hermit Kingdom is behind WannaCry has also continued this week. Cybersecurity firm <a href=\"https:\/\/www.symantec.com\/connect\/blogs\/wannacry-ransomware-attacks-show-strong-links-lazarus-group\" target=\"_blank\" rel=\"noopener noreferrer\">Symantec\u2019s Security Response team have released further evidence<\/a> which they claim more closely ties WannaCry to the North Korean-linked Lazarus Group of hackers. Symantec notes that similarities in the tools used in last week\u2019s attack link the ransomware to the <a href=\"https:\/\/www.theatlantic.com\/technology\/archive\/2017\/05\/cyberwar-is-officially-crossing-over-into-the-real-world\/526860\/\" target=\"_blank\" rel=\"noopener noreferrer\">tools used in other cyber incidents linked to North Korea<\/a>\u2014including the <a href=\"https:\/\/www.washingtonpost.com\/news\/the-switch\/wp\/2014\/12\/18\/the-sony-pictures-hack-explained\/?utm_term=.750e6c309a69\" target=\"_blank\" rel=\"noopener noreferrer\">2014 Sony hack<\/a> and last year\u2019s attack on <a href=\"http:\/\/www.reuters.com\/article\/us-cyber-heist-philippines-idUSKCN0YA0CH\" target=\"_blank\" rel=\"noopener noreferrer\">Bangladesh\u2019s Central bank<\/a>. However, the difference between previous incidents and WannaCry is the nature of the malware\u2019s <a href=\"http:\/\/thehill.com\/policy\/cybersecurity\/334658-symantec-increasingly-confident-wanna-cry-linked-to-north-korea\" target=\"_blank\" rel=\"noopener noreferrer\">autonomous propagation through networks<\/a> using the EternalBlue exploit, whereas previous Lazarus Group linked malware required greater intervention by the hackers, limiting the extent of its spread.<\/p>\n<p>WannaCry has also <a href=\"http:\/\/www.dailymail.co.uk\/news\/article-4527136\/North-Korean-hacking-cells-kids-plucked-school.html\" target=\"_blank\" rel=\"noopener noreferrer\">focused international attention<\/a> on <a href=\"http:\/\/www.news.com.au\/technology\/online\/hacking\/north-korea-cyber-war-on-australia-more-likely-than-missile-attack-expert-says\/news-story\/791372da9d6c4fd3beff1e6ec6013c50\" target=\"_blank\" rel=\"noopener noreferrer\">North Korea\u2019s<\/a> <a href=\"https:\/\/au.news.yahoo.com\/technology\/a\/35607457\/north-koreas-unit-180-a-more-likely-threat-to-australia-than-any-missile-expert-warns\/\">cyber capabilities<\/a>. Jim Lewis from CSIS noted that the Sony hack marked a steep change in the nature of North Korean cyber espionage and hacking activity. <a href=\"http:\/\/www.sbs.com.au\/news\/article\/2017\/05\/21\/west-fears-north-korea-cyber-warfare-cell\" target=\"_blank\" rel=\"noopener noreferrer\">Lewis notes that before Sony North Korea focused on espionage and harassment of South Korean political targets<\/a>, but afterwards they\u2019ve increasingly used their skills for criminal activity to generate hard currency for the regime.<\/p>\n<p>Various <a href=\"https:\/\/www.businessinsider.com.au\/north-korea-worlds-best-hackers-2016-5?r=US&amp;IR=T\" target=\"_blank\" rel=\"noopener noreferrer\">North Korean People\u2019s Army units<\/a> have been identified as being involved in cyber operations, but <a href=\"http:\/\/www.news.com.au\/technology\/online\/hacking\/north-korea-cyber-war-on-australia-more-likely-than-missile-attack-expert-says\/news-story\/791372da9d6c4fd3beff1e6ec6013c50\" target=\"_blank\" rel=\"noopener noreferrer\">Unit 180 in the Reconnaissance General Bureau<\/a> has been most closely linked to WannaCry. Greg Austin from <a href=\"http:\/\/asia.nikkei.com\/Politics-Economy\/Policy-Politics\/Fog-of-cyberwar-spurs-virtual-arms-race-on-Korean-peninsula?page=2\" target=\"_blank\" rel=\"noopener noreferrer\">UNSW told a seminar in Canberra last week<\/a> that over 6,000 North Koreans are involved in various aspects of cyber operations including disrupting the South\u2019s military critical infrastructure and command and control systems. And over at the UN, the North Korean Sanctions Committee has warned members to be alert to North Korean hacking <a href=\"http:\/\/www.smh.com.au\/world\/uns-north-korea-sanctions-monitors-hit-by-sustained-cyber-attack-20170522-gwar9c.html\" target=\"_blank\" rel=\"noopener noreferrer\">after one of its panel of experts was hacked<\/a>. The warning ominously noted that the hackers had gained \u2018very detailed insight\u2019 into the work of the committee.<\/p>\n<p>Another infamous hacking group\u2014variously known as APT3, Gothic Panda and UPS\u2014has been linked to the Chinese Ministry of State Security (MSS) in a blog published by <a href=\"https:\/\/intrusiontruth.wordpress.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Intrusion Truth<\/em><\/a>, an anonymous cybersecurity blogging group. The post notes the links between <a href=\"https:\/\/www.itnews.com.au\/news\/apt3-hackers-who-stole-asio-blueprints-linked-to-chinese-govt-462313?utm_source=feed&amp;utm_medium=rss&amp;utm_campaign=iTnews\" target=\"_blank\" rel=\"noopener noreferrer\">two directors of the Guangzhou Boyu Information Technology Group (Boyusec)<\/a>, and the domains used by APT3 for their activities. Boyusec is also linked with Chinese technology firm Huawei, and<a href=\"http:\/\/freebeacon.com\/national-security\/pentagon-links-chinese-cyber-security-firm-beijing-spy-service\/http:\/www.darkreading.com\/attacks-breaches\/apt3-threat-group-a-contractor-for-chinese-intelligence-agency\/d\/d-id\/1328913\" target=\"_blank\" rel=\"noopener noreferrer\"> the US Defense Department reportedly noted in an internal investigation in 2016<\/a> that Boyusec and Huawei had been cooperating to develop products with <a href=\"http:\/\/www.darkreading.com\/attacks-breaches\/apt3-threat-group-a-contractor-for-chinese-intelligence-agency\/d\/d-id\/1328913\" target=\"_blank\" rel=\"noopener noreferrer\">\u201cbackdoors\u201d installed<\/a> to enable future espionage activity. <em>Intrusion Truth<\/em> believes that <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chinese-government-contractor-identified-as-cyber-espionage-group-apt3\/\" target=\"_blank\" rel=\"noopener noreferrer\">Boyusec is contracted to MSS through various intermediary state organs,<\/a> keeping with that agency\u2019s \u00a0conventional intelligence collection methods by utilising \u00a0commercial organisations as cover for intelligence collection. APT3 has previously been linked with cyber operations targeting both the <a href=\"http:\/\/www.securityweek.com\/china-linked-apt3-group-focuses-attacks-hong-kong\" target=\"_blank\" rel=\"noopener noreferrer\">US and Hong Kong<\/a>.<\/p>\n<p>Closer to home, <a href=\"https:\/\/www.itnews.com.au\/news\/oaic-forces-australian-govt-into-a-data-privacy-code-462164?utm_source=feed&amp;utm_medium=rss&amp;utm_campaign=iTnews\" target=\"_blank\" rel=\"noopener noreferrer\">the Australian government has agreed to work with the Information Commissioner to develop a privacy code for Commonwealth agencies<\/a>. Back in March, Commissioner Tim Pilgrim requested that the new code be developed, spurred by the fact that significant bungles including #censusfail and data breaches from the Health Department and Public Service Commission had the potential to significantly undermine public trust in the government\u2019s ability to manage data appropriately. The code will be implemented in 2018.<\/p>\n<p>Also in Canberra, in an attempt to improve their own skills and attract more tech-savvy people, <a href=\"http:\/\/www.canberratimes.com.au\/national\/public-service\/cyber-war-games-to-test-aps-departments-hacking-prowess-20170519-gw8oog.html\" target=\"_blank\" rel=\"noopener noreferrer\">teams of government cybersecurity personnel will take part in a cyber \u2018war game\u2019 this September,<\/a> hosted by the Department of Human Services. The teams will work on a cyber test range to defend Lego models of trains, bridges and towns.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The fallout from the WannaCry ransomware incident continued this week. ShadowBrokers, who released the Eternal Blue exploit used by the WannaCry ransomware, have announced a new program where members will gain access to new vulnerabilities &#8230;<\/p>\n","protected":false},"author":364,"featured_media":32014,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,728,86],"class_list":["post-32013","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-hacking","tag-north-korea"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cyber wrap | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber wrap | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The fallout from the WannaCry ransomware incident continued this week. ShadowBrokers, who released the Eternal Blue exploit used by the WannaCry ransomware, have announced a new program where members will gain access to new vulnerabilities ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2017-05-24T02:42:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/05\/lego-2228659_640.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"480\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Liam Nevill\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Liam Nevill\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/05\/lego-2228659_640.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/05\/lego-2228659_640.jpg\",\"width\":640,\"height\":480,\"caption\":\"Image courtesy of Pixabay user stellabelle.\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/\",\"name\":\"Cyber wrap | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/#primaryimage\"},\"datePublished\":\"2017-05-24T02:42:10+00:00\",\"dateModified\":\"2017-05-24T02:42:10+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber wrap\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\",\"name\":\"Liam Nevill\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"caption\":\"Liam Nevill\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber wrap | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/","og_locale":"en_US","og_type":"article","og_title":"Cyber wrap | The Strategist","og_description":"The fallout from the WannaCry ransomware incident continued this week. ShadowBrokers, who released the Eternal Blue exploit used by the WannaCry ransomware, have announced a new program where members will gain access to new vulnerabilities ...","og_url":"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2017-05-24T02:42:10+00:00","og_image":[{"width":640,"height":480,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/05\/lego-2228659_640.jpg","type":"image\/jpeg"}],"author":"Liam Nevill","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Liam Nevill","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/05\/lego-2228659_640.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/05\/lego-2228659_640.jpg","width":640,"height":480,"caption":"Image courtesy of Pixabay user stellabelle."},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/","url":"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/","name":"Cyber wrap | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/#primaryimage"},"datePublished":"2017-05-24T02:42:10+00:00","dateModified":"2017-05-24T02:42:10+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-165\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Cyber wrap"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936","name":"Liam Nevill","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","caption":"Liam Nevill"},"url":"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/32013"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/364"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=32013"}],"version-history":[{"count":1,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/32013\/revisions"}],"predecessor-version":[{"id":32015,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/32013\/revisions\/32015"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/32014"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=32013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=32013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=32013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}