Just in:
Payments giants back shared Open USD stablecoin // France and Oman press toll-free Hormuz passage // World’s First Commercial Multimodal LLM for Cultural Tourism Enters Broad Application // Bid To Rebuild Bengal To Its Old Glory Is Welcome, Though Difficult // Bangladesh-China Joint Statement On Teesta Cooperation Poses A Big Challenge To India // PRHK 2026 Benchmark Report highlights how Hong Kong’s IPO revival, AI, and the GBA are reshaping the SAR’s PR industry // Save the Children Hong Kong’s Play to Thrive: Prioritising Personal Growth Over Competitive Success // OpenAI limits Sol launch amid cyber risks // This summer will never stop us from our wellness routine // Tehran blocks French role in Hormuz clearance // Cheap RAT spreads through Telegram channels // Why your AI transformation can fail — and it’s not the technology // Alibaba Cloud gains edge in agentic AI race // Afogreen Build Highlights Growing Adoption of Building Performance Modelling in Australia’s Sustainability-Driven Construction Sector // DSQ Real Estate Highlights Post-Purchase Advisory as a Growing Need for Overseas Dubai Property Owners // Taiwan International Plant-Based Festival Launches in Singapore: High-End Culinary Partnerships and Diplomatic Exhibitions Shape Premium Agri-Product Branding // Hawaii tests plastic waste in roads // Beijing widens Japan curbs as Takaichi row deepens // 5 Law Firms Making a Difference in Cincinnati // Binzhou’s Leap from Manufacturing to Intelligent Manufacturing //

Obama, Feds outline technical, spear phishing details, sanctions vs. Russia over cyber attacks

1483054200 ris attacks

The Obama administration along with the Department of Homeland Security and Federal Bureau of Investigation have released the technical details behind ongoing cyber attacks from Russian intelligence groups.

Obama on Thursday outlined a series of sanctions on Russia’s two intelligence services and officers for an ongoing hacking campaign on U.S. targets. The White House also said 35 Russian intelligence were ejected and two compounds in the U.S. were shut down.

ADVERTISEMENT

The details of the sanctions can be found in the statement and executive order, which outlines the groups involved. The sanctions come after months of hacking allegations against Russia during the U.S. election cycle.

While the sanctions will garner most of the attention, the analysis from the DHS and FBI is what security, business and technology leaders should read. By releasing the details, U.S. public and private firms will be able to better defend future attacks.

In a statement, President Obama said:

The Department of Homeland Security and the Federal Bureau of Investigation are releasing declassified technical information on Russian civilian and military intelligence service cyber activity, to help network defenders in the United States and abroad identify, detect, and disrupt Russia’s global campaign of malicious cyber activities.

According to the joint analysis report from the DHS and FBI, Russian military intelligence services used spear phishing to probe networks tied to the U.S. election. The U.S. government lumped the activity under the moniker Grizzly Steppe.

Spear phishing refers to fraudulent email that targets a group with the aim of gathering access to confidential data.

Tech Pro Research: How risk analytics can help your organization plug security holes | Template: Information security incident reporting policy | Security awareness and training policy | Special Report: Cyberwar and the Future of Cybersecurity | Governments and nation states are now officially training for cyberwarfare: An inside look | Cybercrime and cyberwar: A spotter’s guide to the groups that are out to get you

Now the report doesn’t directly attribute the attacks to Russia or any other countries, but does note technical indicators point to Russia.

According to the DHS and FBI, spear phishing was used against government organizations, infrastructure entities, think tanks, political groups and corporations. The report noted that Russian actors “masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack.”

Here’s the flow chart of two attacks in the summer of 2015 and spring 2016.

ris-attacks.png

Among the core takeaways:

  • Spear fishing campaigns used web links to code that is executed and can avoid defenses.
  • Domains in the campaigns mimic targeted organizations.
  • Command and control nodes harvest credentials.
  • These attacks most recently appeared in November after the U.S. election.

The report also provided a signature that can be used to comb networks.

ris-signature.png

What’s a network admin to do? The report said:

DHS recommends that network administrators review the IP addresses, file hashes, and Yara signature provided and add the IPs to their watchlist to determine whether malicious activity has been observed within their organizations. The review of network perimeter netflow or firewall logs will assist in determining whether your network has experienced suspicious activity.

When reviewing network perimeter logs for the IP addresses, organizations may find numerous instances of these IPs attempting to connect to their systems. Upon reviewing the traffic from these IPs, some traffic may correspond to malicious activity, and some may correspond to legitimate activity. Some traffic that may appear legitimate is actually malicious, such as vulnerability scanning or browsing of legitimate public facing services (e.g., HTTP, HTTPS, FTP). Connections from these IPs may be performing vulnerability scans attempting to identify websites that are vulnerable to cross-site scripting (XSS) or Structured Query Language (SQL) injection attacks. If scanning identified vulnerable sites, attempts to exploit the vulnerabilities may be experienced.

In the end, the report recommends that groups use cybersecurity best practices including training, risk analysis, scanning and patching and incident response.

(via PCMag)



Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Social Media Auto Publish Powered By : XYZScripts.com
Just in:
Masdar starts Kazakh wind power push // ClawHub breach exposes agent marketplace risk // DSQ Real Estate Highlights Post-Purchase Advisory as a Growing Need for Overseas Dubai Property Owners // CG Capital, the Leader in Branded Residences in Thailand, Marks Milestone Success for InterContinental Residences Bangkok Asoke Amid Global Economic Uncertainty // BateriHub, Global Energy Battery Partner MNA Metal to Tighten Malaysia’s Used Battery Recycling Chain // Payments giants back shared Open USD stablecoin // Bangladesh-China Joint Statement On Teesta Cooperation Poses A Big Challenge To India // Abu Dhabi starts new Saadiyat arts landmark // Most UAE expats under-insured, reveals survey // OpenAI limits Sol launch amid cyber risks // This summer will never stop us from our wellness routine // France and Oman press toll-free Hormuz passage // Save the Children Hong Kong’s Play to Thrive: Prioritising Personal Growth Over Competitive Success // World’s First Commercial Multimodal LLM for Cultural Tourism Enters Broad Application // Why your AI transformation can fail — and it’s not the technology // Bid To Rebuild Bengal To Its Old Glory Is Welcome, Though Difficult // Bracell Welcomes Fernando Branco’s Appointment to Lead ABAF and Reinforces Commitment to Sustainable Forestry Development in Bahia // 5 Law Firms Making a Difference in Cincinnati // Cheap RAT spreads through Telegram channels // PRHK 2026 Benchmark Report highlights how Hong Kong’s IPO revival, AI, and the GBA are reshaping the SAR’s PR industry //