The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) issued an urgent joint report, detailing several attempts at hacking computer networks of companies that run nuclear power stations and energy facilities.
The joint report obtained by the New York Times has an urgent amber warning, the second-highest rating for these cyber security threats.
Wolf Creek Nuclear Operating Corporation is among the companies targeted by the hackers. The reason behind the cyber attacks is still unknown, and it is unclear whether the hacking attempts are purely espionage or part of a dastardly plan to cause economic sabotage and physical damages.
Until now, there are no indications that the hackers were able to access the control systems of the nuclear facilities.
The news came a week after the NotPetya ransomware attack that affected hundreds of companies around the world. A spokesman for the Department of Homeland Security stated:
“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”
According to the joint report, it appears that the hackers are trying to map out computer networks for future attacks. The identity of the hackers are still unknown, but the report indicated that an “advanced persistent threat” actor was responsible. The term is commonly used by security specialists to indicate hackers supported by governments.Joint report from #DHS and #FBI cited #hacking of US nuclear facilities.Click To Tweet
Some people involved in the investigation claimed that the techniques employed by the hackers are similar to those of an organization known as Energetic Bear–the Russian group that security experts believed to be behind the hacking of different energy sectors since 2012.
Russia is constantly being tagged as the chief suspect in the recent hacking incident. The country was also said to be behind the hacking of Ukraine‘s power grid last 2015. President Donald Trump, on Thursday, called on to Russian government to “cease its destabilizing activities in Ukraine and elsewhere.”
Cyber security threats have become a part of destabilizing strategies.
CopyCat Malware Affected 14 Million Android Devices
While still suffering from recent cyber attacks, another security breach plagued the world. This time, a malware dubbed as CopyCat infected over 14 million Android devices. Out of that figure, 8 million devices were said to be rooted, 3.8 were used to serve ads, and 4.4 million were utilized to steal credit for installing apps on Google Play.
According to reports from security researchers at Check Point, the majority of the infected users are from Southeast Asia. However, some 280,000 Android users in the United States were also hit.
CopyCat malware is fully developed with vast capabilities. These capabilities include rooting devices and injecting code into Zygote. It is one of a growing number of cyber security threats.CopyCat malware infected 14 million devices. #Google updated Play Protect.Click To Tweet
Researchers at Check Point discovered the malware when it attacked devices at a business protected by Check Point SandBlast Mobile. The company gained information from the malware’s Command and Control servers and did a full reverse engineering of its inner workings. In a technical report released by Check Point, the researchers said:
“The malware has a modular structure, in which each module plays a different role. This allows the malware developers to choose and change their strategy and the malware’s behavior on the device to accommodate their current target. This emphasizes the danger in this kind of malware, which is multipurpose, and capable of changing the campaign’s aim at any given time.”
There was no evidence that the malware was distributed through Google’s app store–Google Play. In March, Check Point informed Google of the said malware. As per the tech giant, they were able to quell the campaign and the current number of infected devices is far lower than it was at the time of the campaign’s peak.
Check Point researchers pointed to a Chinese ad firm as the possible distributor of the malware. Several connections between CopyCat and the Chinese ad network MobiSummer were discovered.
The malware and MobiSummer were both found to be operating on the same server. According to Check Point, CopyCat’s code has several lines signed by MobiSummer. Furthermore, both use the same remote services, and the malware did not target Chinese users.
As of now, Google has already updated Play Protect to block the malware.