35 North Korean cyberattacks in 17 countries

Posted on August 19, 2019October 17, 2019 by Denise Simon

According to a South Korean politician, last fall North Korean hackers gained access to South Korea’s Defense Integrated Data Center and stole 235 gigabytes of classified military plans. More here.

UNITED NATIONS (AP) — U.N. experts say they are investigating at least 35 instances in 17 countries of North Koreans using cyberattacks to illegally raise money for weapons of mass destruction programs — and they are calling for sanctions against ships providing gasoline and diesel to the country.

Last week, The Associated Press quoted a summary of a report from the experts which said that North Korea illegally acquired as much as $2 billion from its increasingly sophisticated cyber activities against financial institutions and cryptocurrency exchanges.

The lengthier version of the report, recently seen by the AP, reveals that neighboring South Korea was hardest-hit, the victim of 10 North Korean cyberattacks, followed by India with three attacks, and Bangladesh and Chile with two each.

Thirteen countries suffered one attack — Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam, it said.

The experts said they are investigating the reported attacks as attempted violations of U.N. sanctions, which the panel monitors.

The report cites three main ways that North Korean cyber hackers operate:

—Attacks through the Society for Worldwide Interbank Financial Telecommunication or SWIFT system used to transfer money between banks, “with bank employee computers and infrastructure accessed to send fraudulent messages and destroy evidence.”

—Theft of cryptocurrency “through attacks on both exchanges and users.”

— And “mining of cryptocurrency as a source of funds for a professional branch of the military.”

The experts stressed that implementing these increasingly sophisticated attacks “is low risk and high yield,” often requiring just a laptop computer and access to the internet.

The report to the Security Council gives details on some of the North Korean cyberattacks as well as the country’s successful efforts to evade sanctions on coal exports in addition to imports of refined petroleum products and luxury items including Mercedes Benz S-600 cars.

One Mercedes Maybach S-Class limousine and other S-600s, as well as a Toyota Land Cruiser, were transferred from North Korea to Vietnam for last February’s summit between the country’s leader Kim Jong Un and U.S. President Donald Trump, the experts said, adding that Vietnam said it asked for but was never provided a list of vehicles being brought into the country.

The panel also said it obtained information that the Taesong Department Store in Pyongyang, which reopened in April and is selling luxury goods, is part of the Taesong Group which includes two entities under U.N. sanctions and was previously linked to procurement for North Korea’s ballistic missile programs.

The panel recommended sanctions against six North Korean vessels for evading sanctions and illegally carrying out ship-to-ship transfers of refined petroleum products.

Under U.N. sanctions, North Korea is limited to importing 500,000 barrels of such products annually including gasoline and diesel. The U.S. and 25 other countries said North Korea exceeded the limit in the first four months of 2019.

The panel also recommended sanctions against the captain, owner, and parent company of the North Korean-flagged Wise Honest, which was detained by Indonesia in April 2018 with an illegal shipment of coal.

As for North Korea’s military cooperation with other countries, the experts said Iran rejected an unnamed country’s allegation that two North Korean entities under sanctions maintained offices in Iran — the Korea Mining Development Trading Corporation known as KOMID, which is the country’s primary arms dealer and main exporter of goods and equipment related to ballistic missiles and conventional weapons, and Saeng Pil Company.

How does Nolvadex work?
Cheap Nolvadex prevents the cells of tumor to access growing hormones which ensures slowing or complete termination of growth of tumor. Tamoxifen https://canadianrxcenter.com/buy-nolvadex-online-cheap/ belongs to the drug class known as SERM which stands for selective estrogen receptor modulators. The medicine prevents estrogen from binding with certain particles (receptors) on cells of cancer tumor. Tamoxifen fills these receptors and estrogens are disabled to bind to the cells. When breast cancer cells lack estrogen they turn dormant and in 98% of cases the cells of cancer die.

The experts said they have requested information from Rwanda on a report that North Koreans are conducting special forces training at a military camp in Gabiro. And they said they are also waiting for a response from Uganda “to multiple inquires” about reports indicating specialized training is being conducted in the country, and KOMID and North Korean workers maintain a presence.

As examples of North Korean cyberattacks, the panel said hackers in one unnamed country accessed the infrastructure managing its entire ATM system and installed malware modifying the way transactions are processed. As a result, it forced 10,000 cash distributions to individuals working for or on behalf of North Korea “across more than 20 countries in five hours.”

In Chile, the experts said, North Korean hackers demonstrated “increasing sophistication in social engineering,” by using LinkedIn to offer a job to an employee of the Chilean interbank network Redbanc, which connects the ATMs of all the country’s banks.

According to a report from one unnamed country cited by the experts, stolen funds following one cryptocurrency attack in 2018 “were transferred through at least 5,000 separate transactions and further routed to multiple countries before eventual conversion” to currency that a government has declared legal money, “making it highly difficult to track the funds.”

In South Korea, the experts said, North Korean cyber actors shifted focus in 2019 to targeting cryptocurrency exchanges, some repeatedly.

The panel said South Korea’s Bithumb, one of the largest cryptocurrency exchanges in the world, was reportedly attacked at least four times. It said the first two attacks in February 2017 and July 2017 each resulted in losses of approximately $7 million, while a June 2018 attack led to a $31 million loss and a March 2019 attack to a $20 million loss.

The panel said it also investigated instances of “cryptojacking” in which malware is used to infect a computer to illicitly use its resources to generate cryptocurrency. It said one report analyzed a piece of malware designed to mine the cryptocurrency Monero “and send any mined currency to servers located at Kim Il Sung University in Pyongyang.”

Historical Look at Afghanistan, US in or Out?

Posted on August 19, 2019August 19, 2019 by Denise Simon

As we hear the talks with the Taliban have concluded with the United States, we have no idea just yet whether the United States will keep troops in country in an unknown quantity. Could it be that the Taliban have truly defeated coalition nations in Afghanistan that victory for the Taliban is real?

What could happen next if the Taliban shares rule of the nation? More Taliban, more al Qaeda, more ISIS? Or could there be another Russian invasion? How about other major conflicts in the future that include the Tajiks, the Uzbecks or maybe the Hazaras? Or China?

In particular, the analysis cites a local media report claiming that local militias of former Tajik Mujahedeen have started to remobilizing alongside the Afghan National Defense and Security Forces in Afghanistan’s Panjshir province because of an uptick in threats against the province from the Taliban. The media report, published by TOLO News, claims the area has “changed to a hub for insurgents’ activities over the past few weeks.”

Afghanistan - Comintern (SH) - for a communist Afhjanistan ... photo

Going back in time:

Genghis Khan took over the territory in the 13th century, but it wasn’t until the 1700s that the area was united as a single country. By 1870, after the area had been invaded by various Arab conquerors, Islam had taken root.

During the 19th century, Britain, looking to protect its Indian empire from Russia, attempted to annex Afghanistan, resulting in a series of British-Afghan Wars (1838-42, 1878-80, 1919-21).

1921

The British, beleaguered in the wake of World War I, are defeated in the Third British-Afghan War (1919-21), and Afghanistan becomes an independent nation. Concerned that Afghanistan has fallen behind the rest of the world, Amir Amanullah Khan begins a rigorous campaign of socioeconomic reform.1926

Amanullah declares Afghanistan a monarchy, rather than an emirate, and proclaims himself king. He launches a series of modernization plans and attempts to limit the power of the Loya Jirga, the National Council. Critics, frustrated by Amanullah’s policies, take up arms in 1928 and by 1929, the king abdicates and leaves the country.

1933

Zahir Shah becomes king. The new king brings a semblance of stability to the country and he rules for the next 40 years.

1934

The United States formally recognizes Afghanistan.

1947

Britain withdraws from India, creating the predominantly Hindu but secular state of India and the Islamic state of Pakistan. The nation of Pakistan includes a long, largely uncontrollable, border with Afghanistan.

1953

The pro-Soviet Gen. Mohammed Daoud Khan, cousin of the king, becomes prime minister and looks to the communist nation for economic and military assistance. He also introduces a number of social reforms including allowing women a more public presence.

1956

Soviet Premier Nikita Khrushchev agrees to help Afghanistan, and the two countries become close allies. More here.

***

Afghanistan “Is On The Path Towards Completing Another Monumental Struggle Of Freedom From American Imperialism In The 21st Century”

“The centennial of Afghanistan gaining independence from the British colonialists will be celebrated on 28th of Assad of the Hijri solar calendar [corresponding with August 19, 2019]. Exactly a century earlier our righteous mujahid predecessors gained freedom from the British occupiers after long drawn-out battles, and as a result Afghanistan became a shining beacon on how to attain freedom from Western imperialists for oppressed people worldwide.

“Sovereignty or political freedom is the God-given right of every nation. A people can only become a peer of others when they are independent in their political actions. Even though some people in the current world order only care about worldly interests and do not give much thought to spiritual values such as independence, freedom and sovereignty… The reality is that the most valued treasure possessed by humanity remains their spiritual values. It is this spirituality that distinguishes humans from other living beings because they seemingly have no other superiority over other beings in worldly matters.

“Even as our Muslim nation remains one of the most underdeveloped in worldly matters due to constant foreign invasions… its spiritual chest is overflowing with riches and pride. Our nation is not only the first to gain independence from the British colonialists but also holds the honor of shattering the Soviet Union and freeing itself from the shackles of communism in the 20th century, and is on the path towards completing another monumental struggle of freedom from American imperialism in the 21st century.”

“All Segments Of The Mujahid Afghan Nation Must Rise To Fulfill Their Religious And Moral Obligation; They Must Back The Mujahideen”

“Now as we are approaching a centennial of independence from British colonialism, this opportunity must be used by our younger generation to diligently study the history of their mujahid forefathers so that they may comprehend that freedom is such an immeasurable blessing that our forefathers fought great prolonged battles over it against British imperialism. And as today the valiant grandchildren [i.e., the Taliban fighters] of this believing nation have presented their heads as offering, they understand full well that a Muslim nation can only live a life of honor when they are independent and free from influence of infidel occupiers. More here.

American Cities Hit by Ransomware

Posted on August 19, 2019August 19, 2019 by Denise Simon

AUSTIN – The Department of Information Resources (DIR) is leading the response to a coordinated ransomware attack that has impacted at least twenty local government entities across Texas

AUSTIN – The Department of Information Resources (DIR) is leading the response to a coordinated ransomware attack that has impacted at least twenty local government entities across Texas.

The Texas Division of Emergency Management is assisting by coordinating state agency support through the Texas State Operations Center.

Currently, DIR, the Texas Military Department, and the Texas A&M University System’s Cyberresponse and Security Operations Center teams are deploying resources to the most critically impacted jurisdictions. Further resources will be deployed as they are requested.

Local jurisdictions who have been impacted should contact their local TDEM Disaster District Coordinator. DIR is fully committed to respond swiftly to this event and provide the necessary resources to bring these entities back online.

***

Users are then extorted for cash in order to regain access to their systems, and they are nearly always asked to pay in Bitcoin, a blockchain currency that is virtually untraceable, allowing hackers to pull off these complex operations from a single room halfway around the world.

It is unknown how much the hackers were demanding from Texas officials, which systems are currently offline and whether the impacted cities are expected to pay the ransom.

*** More than 20 Texas cities and towns have been taken ... photo

The attack took place on Friday morning, August 16, US time, when several smaller local Texas governments reported problems with accessing their data to the Texas Department of Information Resources (DIR).

DIR officials did not publish a list of impacted local governments. On Friday, the agency couldn’t provide an exact number of impacted entities, but a day later, DIR said the number is 23.

“It appears all entities that were actually or potentially impacted have been identified and notified,” DIR said. “Responders are actively working with these entities to bring their systems back online.”

The organization has been coordinating recovery efforts together with more than ten other Texas and US government agencies, such as the Texas Division of Emergency Management, the FBI, the DHS, the Texas Department of Public Safety, and others.

“At this time, the evidence gathered indicates the attacks came from one single threat actor,” DIR officials said on Saturday.

.JSE ransomware

ZDNet has learned from a local source that the ransomware that infected the networks of the 23 local Texas governments encrypts files and then adds the .JSE extension at the end.

This ransomware strain does not have its own name, being generally called the .jse ransomware –although some antivirus vendors detect it as Nemucod, under the name of the trojan that drops it on infected hosts.

First signs of this .jse ransomware have been spotted as early as August 2018, but activity has continued and has been reported as recently as this month. The ransomware is a strange one as it does not leave a ransom note behind, confusing victims who most of the time don’t know what happened.

In recent months, US cities have been a prime target for ransomware gangs, with infections reported all over the US.

In July, the governor of Louisiana declared a state emergency after a similar coordinated ransomware attack hit several school districts.

4 Russian Nuclear Monitor Stations, Gone Dark

Posted on August 19, 2019August 19, 2019 by Denise Simon

Severodvinsk is a well known Naval Testing Range and Russia is concealing data after the explosions at the missile test site.

Two Russian nuclear monitoring stations—specifically designed to detect radiation— “went silent” in the days following an explosion of what many believe was a nuclear-powered missile earlier this month during tests at a remote base, a nuclear official said in an email Sunday.

Lassina Zerbo, the head of the Comprehensive Nuclear Test Ban Treaty Organization, told The Wall Street Journal in an email that two days after the explosion that the monitoring stations in Kirov and Dubna suffered “communication and network issues.”
Explosions rock Russian ammunition depot in Siberia – YouTubehttps://www.youtube.com

There have been reports that Russia has not been fully transparent about what occurred at a military base in the far northern Arkhangelsk region. The initial report from the country’s nuclear agency said that five workers were killed in a rocket engine explosion. The Guardian reported that radiation levels in Severodvinsk, a nearby city, increased 20 times above normal for about a half hour after the explosion. More here.

Related image photo

FPRI has more detail in part:

Why would Russia stake its prestige on a weapon system that the United States abandoned in the early 1960s? One reason might be a nuclear-powered cruise missile’s asymmetric deterrence impact, which given unlimited range, could alleviate “some of the difficulties associated with this medium/long range challenge, helping the Russians navigate around pockets of NATO aerospace and sea control to strike at assets supporting NATO and U.S. force projection,”[18] writes Ryan Kuhns, a Program Analyst with the National Nuclear Security Administration’s Defense Programs.

The Severodvinsk incident might have been a Burevestnik prototype test gone wrong. While from an engineering perspective, it is certainly possible with a nuclear thermal reactor based on a solid uranium core, a liquid radioisotope core, or even gaseous uranium to use thermal energy generated from radioactive decay to heat liquid hydrogen fuel, such technologies are unproven with regard to missiles.

On the other hand, the limited facts that exist in the public domain support an alternate, more plausible thesis: if a radioisotopic power system was involved and a liquid-fuel engine exploded, the Severodvinsk incident might well have been a Russia space program test gone wrong, possibly involving a small, uranium-235 based fission reactor. The Severodvinsk venue makes sense: the Russian Navy was involved in the country’s space program in the 1990s and 2000s. There is ample technical precedent as well. In April 1965, the United States successfully flight tested a flight-qualified fission reactor, the SNAP (Space Nuclear Auxiliary Power) 10A. The SNAP 10A converted heat from radioactive decay directly into electricity by means of a radioisotope thermoelectric generator (RTG). The radioactive isotope strontium-90, for example, has been used in both American and Russian RTGs.

If true, it could be suggested the Russian government used a false Burevestnik accident narrative to support a larger, perhaps equally fictitious one regarding Russian missile prowess and the penetrability of Western anti-missile defense. The Office of the Secretary of Defense’s 2019 Missile Defense Review[19] noted that “Russian strategy and doctrine emphasize the coercive and potential military uses of nuclear weapons, particularly including nuclear-armed, offensive missiles”:

Russian leaders also claim that Russia possesses a new class of missile, the hypersonic glide vehicles (HGV), which maneuver and typically travel at velocities greater than Mach 5 in or just above the atmosphere. . . . Russian leaders also claim that Russia possesses a new class of missile, the hypersonic glide vehicle (HGV), that enables Russian strategic missiles to penetrate missile defense systems. HGVs challenge missile defense capabilities because they are maneuvering vehicles that typically travel at velocities greater than Mach 5 and spend most of their flight at much lower altitudes than a ballistic missile. [20]