The Clop Ransomware Gang Have Struck State, Federal Agencies and Hospitals

Posted on by

It was several days ago that the first reports started to surface and as CISA/FBI issued warnings, the target list/victims continues to expand.

All attributions so far point to an Russian entity with history on this and those attributions do  not come from the Federal government but rather outside cyber expert companies across the country.

Clop ransomware gang starts extorting MOVEit data-theft victims source and expanded details

So, anyone remember when President Biden gave a list of entities that were completely off limits to cyber attacks? Remember?

Well it was exactly a year ago this month…

There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience advances a national policy to strengthen and maintain secure, functioning, and resilient critical infrastructure. This directive supersedes Homeland Security Presidential Directive 7.

Click here for the full description of the list. 

Meanwhile, the victims of this cyber attack related to MoveIT and CLOT include:

Reported by TechTarget:

Illinois, Minnesota and Missouri state governments are among a growing list of organizations attacked via a critical flaw in Progress Software’s MoveIT Transfer product.

Progress Software on May 31 detailed an SQL injection bug in its managed file transfer (MFT) software MoveIt Transfer. Progress urged customers to immediately apply mitigations for the vulnerability, tracked as CVE-2023-34362, while it worked on a patch, which was released later that day. But as security vendors reported soon after, the critical bug was already under active exploitation in the wild.

wave of organizations have disclosed data breaches in the wake of CVE-2023-34362 coming to light. Some of the early major names affected by the MoveIT flaw included the government of Nova Scotia, Canada; HR software provider Zellis; the BBC; British Airways; and British retailer Boots.

Several other organizations have disclosed compromises since that initial wave, including U.K. broadcast regulator Ofcom and networking vendor Extreme Networks. Multinational accounting firm Ernst and Young was also reportedly breached via the critical flaw. Ernst and Young did not reply to TechTarget Editorial’s request for comment, but the BBC said it received confirmation of a data breach from the firm.

Additionally Johns Hopkins University Hospital got hit as well as British Airlines. 

CNN adds information to the report:

A Russian-speaking hacking group known as CLOP last week claimed credit for some of the hacks, which have also affected employees of the BBC, British Airways, oil giant Shell, and state governments in Minnesota and Illinois, among others.

The Russian hackers were the first to exploit the vulnerability, but experts say other groups may now have access to software code needed to conduct attacks.

The ransomware group had given victims until Wednesday to contact them about paying a ransom, after which they began listing more alleged victims from the hack on their extortion site on the dark web. As of Thursday morning, the dark website did not list any US federal agencies.

The episode shows the widespread impact that a single software flaw can have if exploited by skilled criminals.

The hackers – a well-known group whose favored malware emerged in 2019 – in late May began exploiting a new flaw in a widely used file-transfer software known as MOVEit, appearing to target as many exposed organizations as they could. The opportunistic nature of the hack left a broad swath of organizations vulnerable to extortion.

Progress, the US firm that owns the MOVEit software, has also urged victims to update their software packages and has issued security advice.

Biden Must Fire Carlos Elizondo

Posted on by

The White House has taken Pride month to the extreme. During a White House lawn celebration, President Biden declared that the LGBTQ is the ‘bravest and inspiring people’ he has ever known. Really Joe, does that include those awarded the Congressional Medal of Honor you yourself have awarded, or police officers risking their own lives to save others just to mention a few?

American flags and a pride flag hang from the White House during a Pride Month celebration on the South Lawn, Saturday, June 10, 2023, in Washington. (Manuel Balce Ceneta/AP) (AP Photo/Manuel Balce Ceneta) Source

Then it was noticed by thousands how the White House broke the American flag protocol by arranging the rainbow flag in conflict with the Stars and Stripes.

The disgrace continued on the south lawn of the White House. A transgender influencer invited to the event went off the rails defacing the once standard of reverence of the White House.

This event and charade went global as the Daily Mail reported the following–>

A transgender actress and model raised eyebrows on Saturday by baring her breasts on the lawn of the White House at an event to celebrate Pride.

Rose Montoya, 27, was among hundreds invited to the White House for the festivities where she met the president and first lady – before unhooking her dress and cupping her bare breasts on the South Lawn.

‘Are we topless at the White House?!’ the person recording the clip says, as Montoya moves her hands up and down while grinning.

Rose Montoya, 27, on Monday attended a Pride party at the White House, and posed topless

Montoya is seen with Joe Biden, and declaring: 'Trans rights are human rights'

The Daily Mail also included Jill Biden noting –> In another part of the clip, Jill Biden tell the crowd: ‘You are loved, you are beautiful, you are heard, you belong.’

***

So back to Carlos Elizondo….who is he and why should he be fired?

Per Wikipedia in part:

From 2009 to 2017, Elizondo served as a special assistant to President Barack Obama and as Social Secretary to Vice President Joe Biden and Second Lady Jill Biden.[3][4] In this role, he planned and managed all events which were hosted by Biden and his family, including visits by world leaders, members of Congress, and other high-profile visitors. Outside of government, Elizondo worked as the director of events at Georgetown University and the manager of activities and protocol at Walt Disney World.[2][4]

(Disney eh?)

On November 20, 2020, after winning the presidential election, Biden named Elizondo to be his White House social secretary.[5] He is the first Hispanic individual and second openly gay person to hold the position.[6]

***

As a White House social secretary, it is the closet thing to once was a Protocol officer at the White House and they are not only assigned to ensure all events and appearances follow all standards of etiquette but they also coordinate with the State Department to do the same with foreign dignitaries.

Going back a little, the Associated Press published:

Elizondo, who oversaw holiday decorating by 150 volunteers after Thanksgiving followed by a visit by France’s president that included a state dinner for more than 330 guests. There also was a White House reception for the Kennedy Center honorees and a three-day summit with nearly 50 African leaders — including a group dinner in the East Room and a performance by Gladys Knight.

Elizondo also lent his expertise to preparations for the 250-guest South Lawn wedding of Biden’s granddaughter Naomi in November, and he is working his way through more than 20 holiday parties and receptions, sometimes two per day, ending later this week.

So how is he managing? “Lots of caffeine,” said Elizondo, the first Latino to become White House social secretary. He began working for Biden and his wife back when Biden was Barack Obama’s vice president.

“For over a decade the President and I have relied on Carlos for his creativity, heart, and dedication to bring our traditions and warm welcome to the American people,” first lady Jill Biden said in a written statement to The Associated Press. “Now at the White House, Carlos is helping us celebrate the richness of our country’s culture and diversity, and together, we are opening the doors of ‘the People’s House’ wider and wider.”

A native of Harlingen, Texas, Elizondo is among a group of openly LGBTQ aides serving Biden in prominent roles, including Transportation Secretary Pete Buttigieg, White House press secretary Karine Jean-Pierre and State Department spokesperson Ned Price.

Katherine Vargas, who worked in the Obama White House, and Henry R. Munoz III, a longtime friend of Elizondo, said the family focus of Elizondo’s Mexican American upbringing likely endeared him to the Bidens, who are a close-knit family themselves.

 

 

The 1023 Redactions Show 17 Audio Tapes of Joe and Burisma

Posted on by

Primer:Mykola Zlochevsky, the Ukrainian owner of Burisma, was the “foreign national” involved in the alleged “criminal bribery scheme” detailed in the FBI form, and Zlochevsky referred to Joe Biden as the “big guy” during a conversation several years before the June 2020 date of the bureau document, according to sources familiar with the FBI record who described its contents to the Washington Examiner.

Hoorah again for Senator Grassley. The Director of the FBI continues to remember that Senator Grassley has seen the whole 1023 form, yes the un-redacted version. So, it appears the Republicans are going on the offense and Grassley took to the Senate floor to announce for the official record the 17 tapes that were used by the top executive at Burisma as an insurance policy. What kind of policy is unclear but for sure there was a lack of trust from the outset.

But read on…

JTN:

Iowa Republican Sen. Chuck Grassley on Monday announced that the foreign national who allegedly bribed then-former Vice President Joe Biden and his son Hunter kept recordings of his conversations with each as an “insurance policy.”

“The 1023 produced to that House Committee redacted reference that the foreign national who allegedly bribed Joe and Hunter Biden allegedly has audio recordings of his conversations with them. Seventeen total recordings,” Grassley said on the Senate floor. Fifteen audio recordings include conversations between him and Hunter Biden while two include conversations between him and Joe Biden.

“These recordings were allegedly kept as a sort of insurance policy for the foreign national in case he got into a tight spot. The 1023 also indicates that then-Vice President Joe Biden may have been involved in Burisma employing Hunter Biden,” he continued.

A source familiar with the matter told Just the News that the FD-1023 memorializes the conversation between the Burisma executive and the FBI’s confidential human source in which he told the source he was in possession of the recordings. Those recordings are not included in the record, however.

In his remarks, Grassley pointed to the FD-1023 form that members of the House Oversight Committee were recently permitted to view by the FBI, but noted that the bureau still redacted parts of the unclassified document.

“More than that, the FBI made Congress review a redacted unclassified document in a classified facility. That goes to show you the disrespect the FBI has for Congress,” he added (emphasis original).

The FD-1023 includes allegations from a confidential human source that the head of Burisma, a Ukrainian energy company, hired Hunter Biden to serve on its board in order to use his father’s influence to stifle an investigation from then-Ukrainian Prosecutor General Viktor Shokin into the firm. Shokin was removed from his post in 2016 and the FD-1023 indicates that two Biden family members received $5 million each for their trouble.

***

The contents of the form last week, the FD-1023 form, dated June 30, 2020, is the FBI’s interview with a “highly credible” confidential source who detailed multiple meetings and conversations he or she had with a top Burisma executive over the course of several years, starting in 2015. (Obama knew since Biden was tasked with the Ukraine portfolio)

Grassley said the recordings were “allegedly kept as a sort of insurance policy for the foreign national in case he got into a tight spot.”

“The 1023 also indicates that then-Vice President Joe Biden may have been involved in Burisma employing Hunter Biden,” Grassley said.

Grassley demanded answers on “what, if anything has the Justice Department and FBI done to investigate?”

“The Justice Department and FBI must show their work,” Grassley said. “They no longer deserve the benefit of the doubt.”

The FBI brought the document to Capitol Hill last week after House Oversight Committee Chairman James Comer subpoenaed it last month. The FBI briefed Comer and committee Ranking Member Jamie Raskin, D-Md., on the form in a SCIF on Capitol Hill, but did not turn over the document. Comer threatened to hold FBI Director Christopher Wray in contempt of Congress.

The Mysterious Chinese Space Plane no One Talks About

Posted on by

Except for a congressman that sent me a text tied to this only this morning.China is paying Cuba to host a spy/eavesdropping facility in Cuba to monitor communications, phone calls and even satellite transmissions. How is that for a country that is just a competitor as Joe Biden tells us?

***

The second orbital mission of China’s robotic space plane has come to a close. It is called Known as Shenlong (“divine dragon”). It docked with or otherwise captured a separate object on multiple occasions, managed by China Aerospace Science and Technology Corporation.

The mysterious reusable vehicle touched down Monday (May 8) at the Jiuquan Satellite Launch Center in northwest China, wrapping up a 276-day mission to Earth orbit, according to China’s state-run Xinhua news agency.

“The success of the experiment marks an important breakthrough in China’s research on reusable spacecraft technologies, which will provide more convenient and affordable round-trip methods for the peaceful use of space in the future.”

The space plane launched from Jiuquan on Aug. 4, 2022, kicking off a mission short on details but long on intrigue.

On Oct. 31, for example, the vehicle ejected something into orbit. Some experts speculated that the object was a service module, possibly indicating that the space plane was getting ready to return to Earth.

Others posited that the new free flyer was a small satellite designed to monitor the Chinese space plane — perhaps the correct guess, given how much longer the robotic spacecraft stayed aloft.

 

***

Experts think the Chinese space plane is likely similar to the Boeing X-37B, a U.S. space plane that debuted in 2010. Kevin Pollpeter, a research scientist at the Center for Naval Analyses, told Nature.com that the reveal of X-37B sparked concern within the Chinese government over the craft’s military potential. It’s possible that this spurred the country’s space program, which is closely tied to its military, to start developing its own version, Pollpeter said.

Like the X-37B space plane, the Chinese craft appears to be uncrewed and relatively small. It probably first flew in September 2020, making a short two-day stint into orbit before returning to the ground. Its most recent mission began in August 2022, when it took off on a Long March 2F rocket from the Jiuquan Satellite Launch Center in northern China, according to a report from the Washington, D.C.-based Center for Strategic and International Studies (CSIS). The  exact purpose of the mission remains unclear.

According to the CSIS report, the craft released an “object” into orbit sometime in October. The object apparently disappeared in January, only to suddenly reappear on satellite tracking radar in March. Experts believe this could indicate that the plane has some sort of satellite removal capability, such as a robotic arm.

“[The Chinese] have been working a lot with robot arms in other contexts, like the Chinese space station,” Jonathan McDowell, an astrophysicist at the Harvard & Smithsonian Center for Astrophysics, told Nature.

If that’s the case, then the plane’s primary purpose might be to repair damaged satellites or remove orbital debris. However, this does not rule out military capabilities — either for the Chinese space plane or for the X-37B. Until more details come out, however, the best we can do is speculate. Source and more reading.

Image source

Antiquities Bust Highlights Trafficking of Cultural Heritage

Posted on by

Low risk and high profits…

From Interpol in part:

Every June and December, we highlight the most wanted works of art through a poster that is distributed to countries.

50b_WOA-poster

The Soufan Center:

Police in Italy recently broke up a major international antiquities trafficking ring, seizing more than 3,500 ancient artifacts and arresting 21 people across multiple locations, in late May. The 21 detained suspects – 30 more remain at large – face charges that include criminal conspiracy, theft, and the illegal export of goods, according to a special unit dedicated to combatting the illicit trafficking of cultural property. The investigation by the Comando Carabinieri Tutela Patrimonio Culturale, also known as the Carabinieri “Art Squad,” began last fall and uncovered several sites in southern Italy associated with the trafficking ring, including illegal dig sites and operational bases. During raids on the locations, police found ancient ceramics, jewelry, miniatures, and hundreds of bronze, gold, and silver coins dating from the 4th century B.C. to the 3rd century A.D. According to the police, the items have “inestimable historical, artistic, and commercial value.” Authorities also recovered excavation tools as well as documentation of illicit transactions in Italy and abroad. The criminal operation involved illicit actors at almost every stage of the process, including grave diggers, “fencers” (individuals who knowingly buy the stolen art to resell for a profit), and exporters (who facilitate sales of illegally sourced relics to auction houses and buyers abroad). Italy has taken a leading role on the issue of cultural heritage trafficking in the United Nations and more broadly.

The operation, which has been heralded by the Carabinieri and Italy’s Minister of Culture as a resounding success, starkly displays not only the vulnerability of ancient Italian artifacts to traffickers, but also the financial incentives that drive illicit actors to exploit cultural heritage more broadly. The estimated worth of the transnational trade in cultural heritage trafficking ranges from several hundred million to billions of dollars annually, according to the U.S. Congressional Research Service. Confidentiality, challenges in documenting provenance, the use of intermediaries, and inconsistent due diligence practices all contribute to the illegal trade. Moreover, archaeological sites and artifacts in countries with armed conflict, such as Iraq and Syria, are particularly vulnerable to trafficking and exploitation, as the chaos of war can enable illicit actors, including terrorists, to illegally obtain, circumvent due diligence practices, and, ultimately, profit from the sale of antiquities abroad. Islamic State’s exploitation of cultural heritage has helped finance the group’s activities and strengthened its ties with transnational organized crime. In response to this threat, the UN Security Council unanimously voted to adopt Resolution 2347 in 2017, warning that any trade involving ISIS, Al Nusra Front, or Al-Qaeda affiliates could cons­­­titute financial support for sanctioned entities.

Beyond the financial incentive, illicit actors have targeted and exploited cultural heritage to further their agendas – either by validating their narratives or providing financial gain – and to marginalize and stigmatize communities. The 2001 destruction of the Bamiyan Buddhas by the Taliban, the 2014 destruction of the Sukur cultural landscape in Nigeria by Boko Haram, Islamic State’s destruction of historical and cultural sites and works of art in Palmyra, Syria, and the destruction of mausoleums in Timbuktu, Mali, by Ansar Dine and al-Qaeda in the Islamic Mahgreb all exemplify how terrorist groups target cultural heritage to strengthen their narratives. In doing so, these groups may seek to destroy a community’s collective cultural identity by targeting sites that the attackers might deem idolatrous to validate their own narrative, or they may target sites that are an integral part of the cultural or religious life of the community to subjugate their victims. Under the Rome Statute, these actions constitute war crimes. They have been prosecuted as such by the International Criminal Court. In 2016­­, a case was brought against a member of Ansar Dine for intentionally directing attack against religious and historic buildings in Timbuktu. In post-conflict contexts, the destruction of cultural heritage can hinder post-conflict recovery and peacebuilding efforts.

Russia’s illegal invasion of Ukraine highlights the role that state actors can play in the destruction of cultural heritage, and how the tactic can be used to obliterate a community’s collective identity. As of May 31, 2023, the UN Educational, Scientific, and Cultural Organization (UNESCO) had verified that over 250 sites in Ukraine had been damaged, with over 150 partially or totally destroyed, since the beginning of the invasion. These sites include religious sites, museums, monuments, libraries, and an archive. A 2022 New York Times investigation previously identified 339 cultural sites that sustained substantial damage, both as collateral damage and as a result of intentional targeting by Russian soldiers or pro-Russian separatists. Ukraine’s minister of culture, Oleksandr Tkachenko, told reporters last fall that almost 40 museums in Ukraine have been looted of artifacts by Russian soldiers. One of the looted items, a 1,500-year-old tiara dating back to the rule of Attila the Hun, is one of the world’s rarest and most valuable artifacts. By targeting cultural heritage in the conflict, Moscow appears to be intentionally working to eliminate Ukrainian cultural identity. According to the UN Special Rapporteur in the field of cultural rights, Alexandra Xanthaki, the invasion’s aim has been not merely the capture of territory, but “a gradual destruction of a whole cultural life.” She also said that “one of the justifications of the war is that Ukrainians don’t have a distinct cultural identity.” Particularly since the lead-up to the war and in the year since, Russian President Vladimir Putin has repeatedly called Ukrainian nationhood and culture a fiction, claiming the country is rightful Russian territory that was improperly given statehood during the Soviet era. Russian state media has published propaganda calling for Ukraine’s total elimination. The role of state actors in the destruction of cultural heritage further complicates protection efforts, as states have often facilitated prevention, advocacy, documentation, and transitional justice efforts, and, as UN Security Council Resolution 2347 stresses, have the primary responsibility to protect their cultural heritage.