Iran, China, Russia—the gang was all here in the first half of this year. Oh, and also an unprecedented pandemic that’s been a boon for hackers.
Well, what can we say about 2020 so far? Between a deadly pandemic whose reach and scale is unprecedented in our lifetimes, the corresponding global economic downturn, geopolitical strife around the world, and widespread civil rights uprisings, the first six months of the year have been remarkable in every way. And all of this has had a profound impact on cybersecurity dynamics and risks, not to mention digital attacks.
So much has happened in cyberspace over the past six months that it’s daunting to think what the back half of the year will bring. For now, let’s reflect on the major hacks and breaches that have occurred so far, as we steel ourselves for whatever is coming.The Pandemic Situation
Covid-19 has changed the way people around the world live, work, and learn, which in turn has had a large impact on how hackers crafttheir attacks and which vulnerabilities they target. The pandemic is a boon to nation-state spies conducting digital espionage; it has also fueled state-backed phishing, criminal hacking, and all manner of scams.
One unnerving target of attacks by elite hackers has been governments and international organizations working on pandemic response. The World Health Organization, for example, was targeted in March by unknown attackers who bombarded the organization with phishing messages in an attempt to access its digital systems. In April, Iran-linked hackers were caught launching phishing attacks against the pharmaceutical company Gilead Sciences, which has been working to develop and distribute treatments for Covid-19.
Scams and digital extortion attempts like ransomware have also flourished globally during the pandemic. In the US, states nationwide have scrambled to address rampant unemployment fraud coming from overseas and draining the crucial social safety net at a dire moment.China Deepens and Expands Targeting
The Chinese government has been subjecting the country’s Uighur ethnic minority to increasingly invasive digital surveillance and hacking for years. As far back as 2013, state-backed hackers worked to develop spyware and web-hacking techniques they could deploy to track and manipulate the Uighur population. In spite of the Covid-19 pandemic, these operations continued apace and even expanded their targeting in the first half of 2020.
Meanwhile, Australian prime minister Scott Morrison announced in June that the country’s public and private sectors have been grappling with a months-long battery of cyberattacks. Government officials have avoided publicly attributing the attacks beyond a “sophisticated state-based actor,” but local media reported that many believe China is likely responsible. A spokesperson for China’s Ministry of Foreign Affairs called that “baseless and nonsense.”Tensions between Australia and China have escalated in recent months over trade negotiations, and the pattern of aggressive espionage campaigns and trade secret theft is reminiscent of hacking initiatives China has launched against countries around the world. At the end of June, the Australian government formed plans to invest more than $930 million over 10 years to build out its digital defensive and offensive capabilities.Sensitive Dating Apps Data Exposed
In May, security researchers Noam Rotem and Ran Locar discovered a total of 845 gigabytes of user data from nine specialized dating apps sitting open and accessible on the public internet. The trove represented 2.5 million individual records that were likely linked to hundreds of thousands of users. Though the incident is not known to have resulted in a hack or breach, the exposure is still particularly significant, because the dating apps—3somes, Cougary, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating, and GHunt—cater to specific populations. In some cases, as with Herpes Dating, the exposure potentially compromised users’ health status information. The researchers found that all the apps seem to share a developer. Some list Cheng Du New Tech Zone as their developer in the Google Play Store. The researchers submitted their findings through generic web forms on a couple of the apps’ websites and received a brief initial response. Then the data was all locked down simultaneously and became inaccessible. It is unknown if anyone aside from the researchers found and stole the data while it was exposed, though. “We were amazed by the size and how sensitive the data was,” Locar told WIRED in June. “The risk of doxing that exists with this kind of thing is very real—extortion, psychological abuse. As a user of one of these apps, you don’t expect that others outside the app would be able to see and download the data.”BlueLeaks
After being largely dormant for almost a decade, the hacktivist collective Anonymous resurfaced with a 269-gigabyte data leak of US law enforcement documents and internal communications, which the activist group Distributed Denial of Secrets, or DDoSecrets, published on the Juneteenth holiday. BlueLeaks, as the trove of more than a million files is being called, includes emails, audio recordings, video footage, and law enforcement planning and intelligence documents from over 200 state, local, and federal agencies. The data illustrates, for example, how police track protesters and discusses groups like the antifascist movement Antifa. According to a law enforcement memo obtained by Krebs on Security, the data was stolen from the web development firm Netsential.2019 Cyberattack on Georgia Attributed to Russia
A massive cyberattack on Georgia in October 2019 was perpetrated by hackers from Russia’s GRU military intelligence agency, according to a joint attribution made in February by Georgia, the United States, and the United Kingdom. The digital assault took thousands of websites offline in Georgia, including government pages, and also disrupted television broadcasts. US officials explicitly named the notorious GRU hacking group Sandworm as carrying out the attack. In May, the US National Security Agency also said that Sandworm had recently been exploiting vulnerable email servers as part of some of its attacks. The NSA did not specify targets, though. “Last October, #Georgia suffered a reckless cyber attack affecting state, media & business entities. This was an intolerable act attempting to undermine our sovereignty,” Georgian Prime Minister Giorgi Gakharia wrote in a tweet. “We deeply appreciate the vocal support from our partners & allies around the world.”One to Watch: Iran
Iran has steadily escalated its offensive cyberactivity over the years, particularly since President Donald Trump withdrew the United States from the 2015 Iranian nuclear agreement in 2018. In fact, the country was WIRED’s One to Watch last July as well, thanks to a series of run-ins with the US in the Middle East. One year later, we’re still watching.
After the US assassination of Iranian general Qasem Soleimani in the first days of 2020, and the retaliatory missile strike that followed, security analysts warned that Iran could react through cyberattacks next. Days later, researchers published findings that Iranian hacking groups have been pelting the US grid with digital attacks, attempting to gain access inside electric utilities and oil and gas companies. At the beginning of June, Google’s Threat Analysis Group said that the Iran-linked actor APT 35, aka Charming Kitten, had launched phishing attacks against President Donald Trump’s reelection campaign. Google did not see signs that the assaults were successful. Microsoft also spotted Charming Kitten targeting the Trump campaign at the end of last summer.
Most recently, and disconcertingly, a series of explosions in and around Tehran at the end of June and beginning of July, including one near a suspected missile site, may foreshadow more events and revelations to come. The blast at the beginning of July occurred at an Iranian manufacturing plant thought to create next-generation centrifuges for enriching uranium. Iranian officials said the explosion was a minor, superficial incident, but reports indicate that that explosion was caused by a bomb planted by unknown saboteurs.
All Rights Reserved for Lily Hay Newman