DOJ Indicts Two Iranian Men for a Bold Hacking and Disinformation Campaign Prior to the 2020 Presidential Campaign

Microsoft warns that Iranian hackers are targeting IT firms, California Pizza Kitchen exposed 100,000 employee SSNs, Bank regulators mandate 36-hour cybersecurity incident reporting, more

Two Iranian men, Seyyed Kazemi and Sajjad Kashian, were indicted by the U.S. Justice Department accused of a hacking and disinformation campaign that targeted American voters in the run-up to the 2020 U.S. presidential election.

Posing as proud boys, the two men allegedly sent threatening emails to try to scare primarily Democratic voters, attempted to break into several states’ voting-related websites, and gained access to a U.S. media company’s computer network. In addition, they threatened the email recipients with physical attacks if they did not change party affiliation and vote for President Donald Trump. The emails seemed to target primarily voters in Florida and Alaska.

According to the indictment, they also pushed a video through Facebook, Twitter, and YouTube, primarily aimed at Republicans, claiming to show someone hacking into voter websites to create falsified overseas and absentee ballots. Kazemi and Kashian further allegedly tried to break into 11 state voter registration and information websites. Finally, the pair allegedly also unsuccessfully tried to break into the computer network of a company that provides content management systems to many U.S. news organizations in an attempt to spread more disinformation.

Officials said the two men worked for an Iran-based company formerly known as Eeleyanet Gostar, now called Emennet Pasargad. U.S. officials said the government was imposing sanctions against six people tied to the Iranian company. Both of the accused men are believed to be in Iran, making it unlikely to be brought to a U.S. courtroom anytime soon. (Devlin Barrett / Washington Post)

Related: PerthNow, The New Arab, Associated Press Technology, Iran International | Home Page, The Hill: Cybersecurity, CNN.com, Washington Free Beacon, The Record by Recorded Future, POLITICO, Cyberscoop, The National, CNBC Technology, The Huffington Post, NBC News Top Stories, Wall Street Journal, Axios, Security Week, Bleeping Computer, The Independent, The New Arab, NBC News Top Stories, NPR, BNN Bloomberg, LA Daily News, Mercury News, Washington Examiner, Homeland Security Today, Business Insider, PerthNow, Voice of America, Bloomberg, New York Post, The Huffington Post, Daily Beast, Al Jazeera English, PerthNow, Reuters: World News, Reddit-hacking, New York Times, Dark Reading, Arutz Sheva News, The Persian Pasdaran, Justice.gov, Axios

Microsoft announced it had observed multiple Iranian threat actors targeting the IT services sector in attacks that aim to steal sign-in credentials belonging to downstream customer networks to enable further attacks. The Microsoft Threat Intelligence Center (MSTIC) and Digital Security Unit (DSU) assess this as part of a broader espionage objective to compromise organizations of interest to the Iranian regime.

So far this year, Microsoft has issued more than 1,600 notifications to over 40 IT companies in response to Iranian targeting, compared to 48 notifications in 2020, making this a significant increase from years past. Most of the targeting is focused on IT services companies based in India and several companies based in Israel and the United Arab Emirates.

Separately, the U.S., U.K., and Australia, in a joint advisory, urged infrastructure organizations to patch vulnerabilities in Microsoft and Fortinet products that they say hackers associated with Iran use in ransomware attacks (Sergiu Gatlan / Bleeping Computer)

Related: AlterNet.org, Reddit cybersecurity, Vox, NextGov, ZDNet, Microsoft, CRN, CISA, STL.News, Windows Central, Security Week

In a data breach notification posted this week, California Pizza Kitchen revealed a data breach that exposed the Social Security numbers of more than 100,000 current and former employees.

The company said it learned of a “disruption” to its systems on September 15 and moved to “immediately secure” its environment. (Carly Page / TechCrunch)

Related: Benzinga, The Mac Observer, Gizmodo, TechCrunch, Reddit - cybersecurity, PYMNTS.com, SiliconANGLE, Maine Attorney General

The Federal Bureau of Investigation (FBI) warned in a Flash alert of an advanced persistent threat (APT) exploring a zero-day vulnerability in computer networking firm FatPipe’s router clustering and load balancer products to breach targets' networks.

"As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021," according to the alert. FatPipe's advisories page offers advice on how customers can mitigate the bug by disabling UI access on all the WAN interfaces or configuring Access Lists on the interface page to only allow access from trusted sources. (Sergiu Gatlan / Bleeping Computer)

Related: Security Affairs, Threatpost, FBI

U.S. banking regulators, the FDIC, Office of the Comptroller of the Currency, and the Federal Reserve System, issued a final rule that directs banks to report any significant cybersecurity incidents to the government within 36 hours of discovery.

Separately, the banking industry said it had completed a massive cross-industry cyber security drill that aims to ensure Wall Street knows how to respond in the event of a ransomware attack that threatens to disrupt a range of financial services. (Pete Schroeder / Reuters)

Related: IT News, Bleeping Computer, FDIC, Bloomberg

In a letter to Sen. Ron Wyden (D-OR) Mobilewalla, a company that collects and sells consumer information gleaned from cell phones, said it was the source of some of the advertising data used by the Department of Homeland Security and other government entities to track mobile phones without a warrant.

Mobilewalla harvested the data and sold it to Gravy Analytics, based in Dulles, Virginia, adding that Gravy’s wholly-owned subsidiary, Venntel, then provided the data to several federal agencies and contractors with ties to the U.S. military and intelligence agencies. The company said it only recently learned the government was getting the data and apologized for previous statements to Congress that may have been misleading. (Byron Tau / Wall Street Journal)

Related: MediaPost

According to internal documents reviewed by Reveal from the Center for Investigative Reporting and WIRED, Amazon's vast empire of customer data is so sprawling, fragmented, and promiscuously shared within the company that the security division can’t even map all of it, much less adequately defend its borders.

Amazon has given broad swathes of its global workforce extraordinary latitude to tap into customer data at will to speed customer service and corporate growth. Moreover, Amazon’s information security efforts are in disarray, and on the consumer side of the business are cast aside as dead weight, a drag on profitability. Information security professionals lack knowledge of the data flows and storage locations of sensitive data. (Will Evans / Wired)

Related: Reveal News, Protocol, Fast Company

Gen Sir Patrick Sanders and Government Communications Headquarters (GCHQ) director Sir Jeremy Fleming and US Cyber Command head Gen Paul Nakasone "reaffirmed" their commitment to jointly disrupt and deter new and emerging cyber-threats.

The combined action would address "evolving threats with a full range of capabilities," they said, with an unspoken focus on the ransomware threats arising from Russia. (Gordon Corera / BBC News)

Related: TechCentral.ie, Gov.uk, Computer Weekly

A technology executive, Amir Golestan, head of a company called Micfo, pleaded guilty to federal wire-fraud charges closing an obscure but potentially influential case that could shape future criminal prosecutions involving companies that provide bedrock internet services to customers.

Golestan was accused of using fraudulent means to obtain thousands of internet protocol or IP addresses from the American Registry for Internet Numbers, a Virginia-based nonprofit that allocates the addresses that computers use to communicate online. In an interview with the Wall Street Journal last year, Golestan acknowledged creating ten fictitious personas to pose as chief executives of ten shell entities to obtain the IP addresses he then used to build his business. (Dustin Volz, Byron Tau / Wall Street Journal)

Related: Krebs on Security, Justice.gov

Swiss security firm Prodaft report that the operators of the Conti ransomware have earned at least $25.5 million from attacks and subsequent ransoms carried out since July 2021.

The company worked with blockchain analysis firm Elliptic to track more than 500 bitcoin the Conti gang had collected over the past five months in 113 cryptocurrency addresses. The $25.5 million is merely an estimate. The Conti gang is believed to have earned much more over this period, and its history, dating back to August 2020. (Catalin Cimpanu / The Record)

Related: Prodaft

A Canadian teenager was arrested for allegedly stealing $37 million worth of cryptocurrency ($46M Canadian) via a SIM swap scam, making it the largest virtual cash heist affecting a single person yet.

The arrest followed a joint investigation by the FBI and the US Secret Service Electronic Crimes Task Force, Hamilton Police in the Canadian province of Ontario

Related: PYMNTS.com, Hamilton Police

Canadian entrepreneur Jean-François Eap, CEO of Sky Global, a firm that develops privacy-focused mobile phones with custom software for sending encrypted messages, filed suit against the U.S. government in the Southern District of California. The suit spells out why the company thinks the government took over 100 Sky domains illegally and says Eap has offered to cooperate with the Department of Justice.

The government took over the domains after it charged Eap for allegedly helping distribute at least 5 kilograms of cocaine by providing his customized phones to criminals. Eap contends he didn't do the crimes alleged in the indictment, that Sky was and is a legitimate, above-board company. (Joseph Cox / Motherboard)

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) published new guidance to mitigate cyber threats within 5G cloud infrastructure.

The new guidance, Security Guidance for 5G Cloud Infrastructures: Securely Isolate Network Resources (Part II), is the second in a series of 5G cloud security guidance documents issued under the Enduring Security Framework public-privacy, a cross-sector working group led by CISA and NSA. (John Curran / Meritalk)

Related: NSA.gov, Homeland Security Today, Defense.gov

Cybersecurity professionals have long railed against using the terms “crypto” to denote cryptocurrency and not cryptography. However, now that the iconic Staples Center, home to the Los Angeles Lakers and Clippers, will soon be known as the Crypto.com Arena in a deal reportedly worth $700 million, experts say it’s time to give up that fight.

Not only do most non-tech people consider “crypto” to mean cryptocurrency, but “crypto” is now also widely used to refer to cryptocurrency in news media and within the cryptocurrency, blockchain, and decentralized finance, or DeFi, industry. (Lorenzo Franceschi-Bicchierai / Motherboard)

Related: The Guardian

Password authentication company Stytch raised $90 million in a Series B venture funding round.

Coatue Management LLC led the round with participation from existing investors Benchmark Capital, Thrive Capital, and Index Ventures. (Carly Page / TechCrunch)

Related: Venture Beat, Business Insider, The Business Journals, Pitchbook, Business Wire

Photo CC BY-SA 4.0 via Wikimedia Commons