In other news, the transparency activists DDoSecrets, a sort of successor group to WikiLeaks, publish a trove of corporate information —a move that was particularly controversial given that the data was originally stolen by ransomware attackers. And speaking of Wikileaks, on Monday the United Kingdom denied the United States Justice Department's request to extradite Julian Assange , citing Assange's mental state and risk of suicide rather than any evaluation of whether the WikiLeaks founder violated the Espionage Act.
Government Officials in More Than 20 Countries Targeted via WhatsApp HackingLast May, WhatsApp revealed that hackers at NSO Group had been exploiting a vulnerability in its software that allowed them to compromise a phone simply by targeting it with a voice call that planted malware on the device capable of silently stealing a victim's messages.
FBI Is Investigating Whether JetBrains Played a Role in SolarWinds Hack—Which JetBrains DeniesSince it was revealed that SolarWinds' Orion IT management tool was exploited in a software supply chain attack, the cybersecurity industry has anxiously dreaded news that the same Russian hackers also piggybacked on other popular software. This week FBI sources told Reuters that Czech Republic-based software firm JetBrains has been scrutinized as another possible victim—and potential vector for corrupted code. JetBrains' project management tool TeamCity is used by tens of thousands of customers, including SolarWinds, raising the possibility that it may have served as the initial point of infection inside SolarWinds' network. The fact that JetBrains was founded by three Russian engineers has cast further suspicion on the company. But JetBrains' St. Petersburg-based CEO said this week that he hasn't been contacted by the FBI or any other agency. Nor, he says, has JetBrains seen any evidence that it was itself breached by hackers, not to mention used to further breach SolarWinds' systems.
Former CISA Head Chris Krebs Joins SolarWinds to Help It Recover From Massive Russian HackChris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, became a cause célèbre in November when president Trump fired him for stating—correctly—that the claims of widespread election hacking and fraud advanced by the president and his supporters were false. Now, after a federal career that many credited with helping to secure the 2020 presidential election from foreign interference, Krebs is venturing into the other massive cybersecurity story of the last year: the Russian hacker intrusion into SolarWinds , a Texas-based company whose software was hijacked and used to penetrate the networks of at least half a dozen federal agencies. SolarWinds has hired Krebs to help it remediate and recover from the breach that put it at the epicenter of that far-reaching hacking scandal. He'll be joined by former Facebook and Yahoo chief security officer Alex Stamos, who similarly signed on with video conferencing firm Zoom last spring to help it recover from its security woes . Krebs and Stamos will both work with SolarWinds via a consulting firm they've cofounded, the Krebs Stamos Group. Given that SolarWinds' stock has lost more than a third of its value, or about $2.5 billion dollars, since the news of its breach broke, whatever fees the company is paying that consultancy—likely very large ones—are no doubt a rounding error for its total breach costs.
Singapore Says Law Enforcement Can Request Covid-19 Tracing App DataDesmond Tan, Singapore’s minister of state for its Ministry of Home Affairs, told parliament on Monday that Singaporean police can use data from the country's Covid-19 contact tracing platform in investigations. Originally, the service was marketed as gathering the least amount of information possible and as a single-purpose tool for contact tracing only. But on Monday the platform was updated to reflect the potential for law enforcement access. Over four million of Singapore's 6 million citizens reportedly use the app.
This week, the Chinese firm QiAnXin spotted Russian hackers—possibly affiliated with the groups Sandworm and Fancy Bear —sending phishing emails laced with malicious document attachments to Ukrainian targets.Meanwhile, the Vietnamese security firm VinCSS detected a high volume of novel coronavirus-related phishing emails over the last two weeks attributed to government hackers.