North Korea and Friends, Cyber War, Nerve Gas and WMD

Hey, look over there –>

WikiLeaks Reveals ‘AfterMidnight’ & ‘Assassin’ CIA Windows Malware Frameworks

When the world was dealing with the threat of the self-spreading WannaCry ransomware, WikiLeaks released a new batch of CIA Vault 7 leaks, detailing two apparent CIA malware frameworks for the Microsoft Windows platform. Dubbed “AfterMidnight” and “Assassin,” both malware programs are designed to monitor and report back actions on the infected remote host computer running the Windows operating system and execute malicious actions specified by the CIA. Since March, WikiLeaks has published hundreds of thousands of documents and secret hacking tools that the group claims came from the US Central Intelligence Agency (CIA). This latest batch is the 8th release in the whistleblowing organization’s ‘Vault 7’ series.

‘AfterMidnight’ Malware Framework

According to a statement from WikiLeaks, ‘AfterMidnight’ allows its operators to dynamically load and execute malicious payload on a target system. The main controller of the malicious payload, disguised as a self-persisting Windows Dynamic-Link Library (DLL) file and executes “Gremlins” – small payloads that remain hidden on the target machine by subverting the functionality of targeted software, surveying the target, or providing services for other gremlins. Once installed on a target machine, AfterMidnight uses an HTTPS-based Listening Post (LP) system called “Octopus” to check for any schedu led events. If found one, the malware framework downloads and stores all required components before loading all new gremlins in the memory. According to a user guide provided in the latest leak, local storage related to AfterMidnight is encrypted with a key which is not stored on the target machine. A special payload, called “AlphaGremlin,” contains a custom script language which even allows operators to schedule custom tasks to be executed on the targeted system. More detail here.

Meanwhile….

North Korean hacking group is thought to be behind cyber attack which wreaked havoc across the globe
  • Technical clues suggest North Korean hacking group is behind cyber attack
  • Ransomware left the NHS crippled with operations cancelled over the weekend
  • The virus is now thought to have been released by the Lazarus Group
  • It has already been blamed for a string of hacks dating back to at least 2009
  • It includes the 2014 attack on Sony that left its network offline for weeks

Okay maybe….while other IT cyber professionals point to Russian thug hackers….

Rex Tillerson last month spoke about a quasi red line with North Korea….when is enough, enough? Well his answer was, ‘we will know it when we see it’.

Nonetheless, what more needs to be known about North Korea that the media is not reporting? Plenty…..

‘Unrestricted Warfare’ (超限战, literally “warfare beyond bounds”) is a book on military strategy written in 1999 by two colonels in the People’s Liberation Army, Qiao Liang (乔良) and Wang Xiangsui (王湘穗). Its primary concern is how a nation such as China can defeat a technologically superior opponent (such as the United States) through a variety of means. Rather than focusing on direct military confrontation, this book instead examines a variety of other means. Such means include using International Law (see Lawfare) and a variety of economic means to place one’s opponent in a bad position and circumvent the need for direct military action.[1]  Go here for more information.

This already tells us and the Pentagon, to not trust China….right? So how can we place trust and the burden of dealing with North Korea on Beijing? We cant.

The RGB is the KGB….

The RGB is the North Korean Reconnaissance General Bureau….much like that of the KGB, now in Russia known as the FSB.

In 2015, North Korea spies infiltrated the United Nations agencies including the World Food Program which is a major supplier of food aid to North Korea. Somehow, the Obama White House and other government agencies neglected to take real action on that or even earnestly report it. Prior to that little event, in 2010, the U.S. Treasury via and Obama Executive Order targeted North Korea for proliferation and other illicit activities including arms trafficking, money laundering and smuggling narcotics.

Barack Obama, simply annexed a GW Bush Executive Order adding a few new items noted below:

President Obama also identified the following entities and individual for sanctions by listing them on the Annex to the Order:

·   The Reconnaissance General Bureau (RGB), North Korea’s premiere intelligence organization involved in North Korea’s conventional arms trade;

·       RGB commander Lieutenant General Kim Yong Chol;

·   Green Pine Associated Corporation, a North Korean conventional arms dealer subordinated to the control of the RGB; and

·   Office 39 of the Korean Workers’ Party, which provides critical support to North Korean leadership in part through engaging in illicit economic activities and managing the leadership’s slush funds.

The U.S. government has longstanding concerns regarding North Korea’s involvement in a range of illicit activities conducted through government agencies and associated front companies. North Korea’s nuclear and missile proliferation activity and other illicit conduct violate UN Security Council Resolutions 1718 and 1874, and these activities and their other illicit conduct violate international norms and destabilize the Korean Peninsula and the entire region. In signing this Order, President Obama has frozen the property and interests in property of the three entities and one individual listed on the Annex. This Order provides the United States with new tools to disrupt illicit economic activity conducted by North Korea.

As a matter of note, in recent days, Russia has stepped in to offer some diplomatic assistance dealing with North Korea as it appears China is dragging the diplomatic and political anchor dealing with the DPRK. Ah Russia again right? The in depth study is here on North Korea, It includes, history, terror attacks, cyber attacks, assassination attempts, raids and details on unrestricted warfare.

Just for some context, Russia and China have been aiding North Korea for decades…..but has the media done their work to expose this or the State Department? Nope…

Image result for north korea general o kuk ryol Courtesy

You see, General O Kuk ryol and Kim Jong Un both manage Unit 121. Unit 121, is part of the RGB and did the Sony hack, remember that? Well General O, is a graduate of the Mangyongdae Revolutionary School and the Kim Il sung University….but most importantly, he graduated also from Frunze Military Academy in 1962….where is that? Ah….Moscow, and at the time, it was the Soviet Union.

Frunze Military Academy in Devichie pole, Moscow

Strategy: Integrate their cyber forces into an overall battle strategy as part of a combined arms campaign. Additionally they wish to use cyber weapons as a limited non-war time method to project their power and influence.

Experience: Hacked into the South Korea and caused substantial damage; hacked into the U.S. Defense Department Systems. More here.

Meanwhile, we also have the Korea Computer Center…there are 9 production facilities and 11 regional centers. However, the KCC also has offices in China, Germany and Syria..further it should be noted that an estimated 10,000 North Korean IT developers operate in China, where it is common that $500.00 of their monthly salary goes back to the North Korean state.

So, we have Syria, Russia, China all colluding with North Korea….Iran is as well but the United Nations too? Yup…

FNC: For more than a year, a United Nations agency in Geneva has been helping North Korea prepare an international patent application for production of sodium cyanide — a chemical used to make the nerve gas Tabun — which has been on a list of materials banned from shipment to that country by the U.N. Security Council since 2006.

The World Intellectual Property Organization, or WIPO, has made no mention of the application to the Security Council committee monitoring North Korea sanctions, nor to the U.N. Panel of Experts that reports sanctions violations to the committee, even while concerns about North Korean weapons of mass destruction, and the willingness to use them,  have been on a steep upward spiral.

Fox News told both U.N. bodies of the patent application for the first time late last week, after examining the application file on a publicly available WIPO internal website.

Information on the website indicates that North Korea started the international patent process on Nov. 1, 2015 — about two months before its fourth illegal nuclear test. The most recent document on the website is a “status report,” dated May 14, 2017 (and replacing a previous status report of May 8), declaring the North Korean applicants’ fitness “to apply for and be granted a patent.”

CLICK HERE FOR THE STATUS REPORT

During all that time, however, the U.N.’s Panel  of Experts on North Korea “has no record of any communication from WIPO to the Committee or the Panel regarding such a serious patent application,” said Hugh Griffiths, coordinator of the international U.N. expert team, in response to a Fox News question.

The Panel of Experts has now officially “opened an investigation into this matter,” he said.

“This is a disturbing development that should be of great concern to the U.S. administration and to Congress, as well as the U.S. Representative to the U.N.,” William Newcomb, a member of the U.N. Panel of Experts for nearly three years ending in 2014, told Fox News.

Said an expert familiar with the sanctions regime:  “It undermines sanctions to have this going on. The U.N. agencies involved should have been much more alert to checking these programs out.”

Questions sent last week to the U.S. State Department about WIPO’s patent dealings with North Korea had not been answered before this story was published.

For its part, a WIPO spokesperson told Fox News by email, in response to the question of whether it had reported the patent application to the U.N. sanctions committee, only that the organization “has strict procedures in place to ensure that it fully complies with all requirements in relation to U.N. Security Council sanction regimes.”

The spokesperson added that “we communicate with the relevant U.N. oversight committees as necessary.”

But apparently, help with preparing international patent applications for a sanctioned nerve gas “chemical precursor” does not necessarily count as grounds for such communication, if the Panel of Experts records are correct.

This is by no means the first time that WIPO, led by its controversial director general, Francis Gurry, has flabbergasted other parts of the U.N. and most Western nations with its casual and undeclared assistance, with potential WMD implications, to the bellicose and unstable North Korean regime.

And, as before, how the action is judged may depend upon razor-thin, legalistic interpretations of U.N. sanctions law on the one side vs. staggering violations of, at a minimum, common sense in dealing with the unstable North Korean regime, which among other things has never signed the international convention banning the development, production, stockpiling and use of chemical weapons.

While the patent process went on at WIPO, that regime has conducted five illegal nuclear tests — two in the past year, while the patent process was under way — and at least ten illegal ballistic missile launches since 2016, while issuing countless threats of mass destruction against its neighbors and the U.S.

In 2012, Fox News reported that WIPO had shipped U.S.-made computers and sophisticated computer servers to North Korea, and also to Iran, without informing sanctions committee officials.

The shipments were ostensibly part of a routine technology upgrade. Neither country could obtain the equipment on the open market, and much of it would have required special export licenses if shipped from the U.S.

The report kicked off an uproar, but after a lengthy investigation, the U.N. sanctions committee decided that the world organization’s porous restrictions had not been violated, while also noting WIPO’s defense that as an international organization, it was not subject to the rules aimed at its own member states.

Nonetheless, the investigators declared that “we simply cannot fathom how WIPO could have convinced itself that most Member States would support the delivery of equipment to countries whose behavior was so egregious it forced the international community to impose embargoes.”

The investigators also declared that “WIPO, as a U.N. agency, shares the obligation to support the work of other U.N. bodies, including the Sanctions Committees,” and that in response to the furor, WIPO had “implemented new requirements to check on sanctions compliance in advance of program implementation.”

There is no doubt about the banned nature of sodium cyanide — which can also be used to produce deadly cyanide gas, another weapon of mass destruction.

The chemical appears on a Security Council list of “items, materials, equipment, goods and technology” related to North Korea’s “other weapons of mass destruction programs” beyond nuclear weapons, which first appeared after U.N. Security Council resolution 1718 was approved in 2006.

CLICK HERE FOR THE LIST

That resolution, voted after North Korea conducted its first nuclear test, ordained that  member states  “prevent the direct or indirect supply, sale or transfer” to the regime known as the Democratic People’s  Republic of Korea, or DPRK, of  the listed items “which could contribute to DPRK’s nuclear-related, ballistic missile-related or other weapons of mass destruction-related programs.”

It also declared that “all member states shall prevent any transfers to the DPRK by their nationals or from their territories, or from the DPRK by its nationals or from its territory, of technical training, advice, services or assistance related to the provision, manufacture, maintenance or use of the items” listed.

Additionally, it demanded a freeze by U.N. member states or all “funds, other financial assets and economic resources” that could be used in the mass destruction-related programs.

CLICK HERE FOR RESOLUTION 1718

A subsequent Security Council resolution, 2270, in 2016 broadened things by declaring that “economic resources” referred to in Resolution 1718 “includes assets of every kind, whether tangible or intangible, movable or immovable, accrual or potential, which potentially may be used to obtain funds, goods or services” by DPRK.

This may open up another controversial aspect of the cyanide patent application, since, along with its mass-destructive uses, the chemical is considered the most common agent in the extraction of gold from ores and concentrates.

Further, according to the North Korean application to WIPO, the new process it wants to make ready for international patenting is a lower-cost process that produces ultra-high-grade product.

CLICK HERE FOR THE PROCESS APPLICATION DESCRIPTION

In WIPO’s response to Fox News, the agency’s spokesperson emphasized that “WIPO is not a patent-granting authority. Its role in handling these applications is to ensure that they conform to the procedural requirements” of the 152-member Patent Cooperation Treaty, or PCT, “and to publish them in accordance with the provisions of the treaty.”  North Korea is a PCT signatory.

Translation:  WIPO is merely a neutral, technical pass-through mechanism. As the spokesperson put it: “The decisions concerning whether or not to ultimately grant the patent are the sole purview of each jurisdiction where protection is being sought, in accordance with national law.”

While that may be true, it is also true, according to the WIPO website, that the U.N. agency gives those who use its services a lot of financially meaningful help.

That starts with the fact that by filing an international filing application with the agency, you have to pay only one fee rather than more than 150 to get an application acceptable in all PCT countries (which include the U.S. as one of the treaty’s biggest users).

WIPO also provides one-stop research on whether a patent overlaps with those elsewhere, and offers the possibility of widespread dissemination and publicity — i.e., stimulating demand, and thus at least the potential for sanctions-breaking in any subsequent licensing the North Korean patent.

Igniting controversy has been a characteristic of Director General Gurry’s reign — indeed, even before he first took WIPO’s top executive office in 2008.

In 2015, the U.N.’s watchdog Office of Internal Oversight Services (OIOS) was asked by WIPO’s own General Assembly chair to investigate Gurry for allegedly ordering, in 2008, break-ins of the offices of staffers to seek DNA evidence that they wrote anonymous letters against him. Gurry was WIPO’s No. 2 at the time.

A year later, after much byzantine maneuvering, a heavily redacted version of the report declared that “while there were indications that Mr. Gurry had a direct interest in the outcome of the DNA analysis, there is no evidence that he was involved in the taking of DNA samples.”

But the same document also found that Gurry had bent the organization’s rules and steered a sensitive cyber-security contract to a business acquaintance, , something alleged by one of Gurry’s former top deputies, James Pooley.

Under Gurry, WIPO also has been the only U.N. agency ever sanctioned by the U.S. State Department, on the grounds that it failed to adopt “best practices” in ethics and whistle-blower standards — a punishment first meted out by the pro-U.N. Obama administration in September 2015.

Among the whistle-blowers who say they were forced to leave WIPO during Gurry’s tenure for drawing attention to the agency’s previous computer shipments to North Korea is Miranda Brown, formerly Gurry’s senior strategic advisor.

Brown has repeatedly asked for her reinstatement at the WIPO, and just as often has been turned down by Gurry’s office.

 

With GPS, Drug Cartels Move Shipments to Europe Until

Drug cartels heavily rely on GPS devices to track shipments, feds say

The GPS has increasingly become a drug dealer’s new partner in crime.

Drug-smuggling groups are relying on the device to keep tabs on drug packages as they wind their way through Central America to the United States, according to published reports.

The criminals attach the drug shipments to buoys, send them off in the Pacific Ocean, and use signals they give off to track a package’s location by using special codes, InSight Crimes reports.

The GPS gives dealers the advantage of having drug shipments picked up by others monitoring their movements without being detected by authorities.

GPS devices are also allowing drug cartels to keep track of lower-level smugglers to ensure they are doing what they were told, say U.S. officials.

Barbara L. Carreno, public affairs officer for the U.S. Drug Enforcement Administration, said drug dealers have been using the tracking device for years. But recently, as the once bulky devices have become smaller and cheaper, their use has increased, she said.

“Traffickers need to know that their mules are doing what they are supposed to do and delivering their very valuable shipments where they are supposed to go,” Carreno said. “We often find GPS devices in shipments we seize.”

Traffickers won’t use a computerized system that would lead law enforcement back to them or create records that would implicate them.

– Barbara L. Carreno, spokeswoman, U.S. Drug Enforcement Administration

The GPS is simple enough, the DEA says, that it actually eludes more sophisticated tools used for drug interdictions by government agencies of various countries.

“Traffickers wouldn’t use a computerized system that would lead law enforcement back to them or create records that would implicate them,” Carreno said. “They want something cheap, unsophisticated and untraceable.”

Salvadoran officials say that Ecuadorean boatmen have become a core part of the criminal activity. They move the shipments to places off coasts of El Salvador, Guatemala and Costa Rica.

Once the shipments are left at certain locations in the Pacific, traffickers use the GPS to alert those waiting for them by sending information to mobile telephones and computers, the website said, citing the Salvadoran national police’s anti-narcotics division.

One of the most notorious drug kingpins, Ecuador’s Washington Prado Alava, was said by Colombian authorities to have run a highly sophisticated trafficking operation. But his operation, which moved 250 metric tons of cocaine to the United States over a four-year span, was dependent on GPS locators, Insight Crime reported. More here from FNC.

***

Anti-drug forces from several European and American countries intercepted a total of eight tons of cocaine in a double bust that is being dubbed as one of the largest in history.

In the larger one, Spanish authorities cooperated with Ecuadorean police to intercept a ship off that Latin American country bringing more than 5.5 metric tons of cocaine to Spain.

The ship was loaded with Colombian cocaine in the Pacific and planned to travel through the Panama Canal and across the Atlantic to Europe, officials said in a statement.

Una operación de la junto a la de Ecuador ha permitido interceptar un buque con 5.529 kilos de cocaína y detener a 24 personas.

 

In a separate drug seizure, Spanish police stopped a Venezuela-flagged fishing vessel carrying 2.5 metric tons of cocaine near Martinica.

The ship was intercepted on May 4 and was towed to Las Palmas in Spain’s Canary Islands.

The U.S. Drug Enforcement Agency and Britain’s National Crime Agency also took part in the joint operation.

The cargo seized off the coast of Ecuador has an estimated value of $250 million. Ecuadorean agents boarded it when it was almost three nautical miles off Santa Elena province.

Spain’s Interior Minister Juan Ignocio Zoido said to El Pais that the first operation resulted in the capture of 24 suspected drug traffickers.

“It is one of the largest cocaine seizures in history and it takes apart a large drug-trafficking organization between South America and Spain,” he said.

The massive operation began after Spain found out in January that a South American ring with links in Spain was organizing a large shipment.

That information was corroborated by intelligence also gathered by the U.S., Britain and Portugal, the statement said.

Since the beginning of 2017, Ecuador has confiscated about 30 tons of cocaine.

Large seizures of cocaine and cannabis aren’t uncommon in the Iberian Peninsula, which is seen as a drug gateway to Europe.

Spanish police captured almost eight metric tons of cocaine from four vessels in 2015 and 2016 and arrested 80 people, the police statement said.

 

Trump Orders Emergency Meeting After Global Cyber-attack

Primer: Investigators launched a far-reaching hunt for the perpetrator, as institutions around the world worked to mitigate damage from the highest-profile computer-worm outbreak in nearly a decade. More here from the WSJ.

Image result for wannacry ransomware

President Trump reportedly ordered an emergency meeting over the weekend after an unprecedented cyberattack hit at least 100,000 organizations in 150 countries.

Senior security staffers with Homeland Security, the FBI and the National Security Agency met on Friday and Saturday in the White House to assess the threat from the “ransomware” attack, Reuters reported.

Trump ordered Homeland Security adviser Tom Bossert to hold the meeting, CBS News reported. Details of the meeting were not immediately disclosed.

The attack that began Friday is believed to be the biggest online extortion attack ever recorded, spreading chaos by locking computers that run Britain’s hospital network, Germany’s national railway and scores of other companies, factories and government agencies worldwide.

Steven Wilson, Head of Europol’s European Cybercrime Centre, told Sky News on Sunday that it was now important that IT departments checked their systems on Monday morning to ensure they had not been compromised.

Security experts warned that further cyberattacks are likely.

“The global reach is unprecedented and beyond what we have seen before,” Rob Wainwright, director of the Netherlands-based Europol said Sunday “The latest count is over 200,000 victims in at least 150 countries, and those victims, many of those will be businesses, including large corporations.”

“At the moment, we are in the face of an escalating threat. The numbers are going up,” he added. “I am worried about how the numbers will continue to grow when people go to work and turn on their machines on Monday morning.”

The Europol spokesman said it was too early to say who is behind the onslaught and what their motivation was. The main challenge for investigators was the fast-spreading capabilities of the malware, he said, adding that so far not many people have paid the ransoms that the virus demands.

Had it not been for a young cybersecurity researcher’s accidental discovery of a so-called “kill switch,” the malicious software likely would have spread much farther and faster. Security experts say this attack should wake up every corporate board room and legislative chamber around the globe.

***

The long-expected US Executive Order is out, and giving prominence to the NIST Framework, DHS,and OMB. Eternal Blue is used to spread WannaCry ransomware, and the UK’s NHS is hard hit. Fancy Bear prances in NATO costume. US Intelligence Community leaders warn the Senate that the Russian cyber threat is large, growing, and not going away. And spamming celebrates its thrity-ninth birthday—no happy returns for you, spammers.

In today’s podcast, we hear about the long-expected US Executive Order, with commentary from Politico’s Eric Geller. It was signed yesterday, and gives prominence to the NIST Framework, DHS,and OMB. Eternal Blue is used to spread WannaCry ransomware, and the UK’s NHS is hard hit. Fancy Bear prances in NATO costume. US Intelligence Community leaders warn the Senate that the Russian cyber threat is large, growing, and not going away. The University of Maryland’s Jonathan Katz explains some potential browser protocol vulnerabilities. And spamming celebrates its thirty-ninth birthday—no happy returns for you, spammers.  Go here for the podcast, see WannaCry ransomware title.  It is key to note that cyber experts saw chatter in hack chat rooms about this worm in April.

N. Korea Missile Hwasong 12 Launch with Video

Korean Central Television

A test-fire of new ground-to-ground medium long-range strategic ballistic rocket Hwasong-12 was successfully carried out on Sunday by scientists and technicians in the field of rocket research, who are bravely advancing toward a new goal to be proud of in the world, true to the far-sighted idea of Kim Jong Un, chairman of the Workers’ Party of Korea, chairman of the State Affairs Commission of the DPRK and supreme commander of the Korean People’s Army, for building a nuclear power.
Kim Jong Un guided the test-fire on the spot.
Looking at Hwasong-12, he expressed his satisfaction over the possession of another “Juche weapon”, a perfect weapon system congruous with the military strategic and tactical idea of the WPK and the demand of the present times.
The test-fire was conducted at the highest angle in consideration of the security of neighboring countries. The test-fire aimed at verifying the tactical and technological specifications of the newly-developed ballistic rocket capable of carrying a large-size heavy nuclear warhead.
According to the order of Kim Jong Un, the new rocket Hwasong-12 was launched at 04:58 on Sunday.
The rocket accurately hit the targeted open waters 787km away after flying to the maximum altitude of 2 111.5km along its planned flight orbit.
The test-fire proved to the full all the technical specifications of the rocket, which was newly designed in a Korean-style by defence scientists and technicians, like guidance and stabilization systems, structural system and pressurization, inspection and launching systems and reconfirmed the reliability of new rocket engine under the practical flight circumstances.
It also verified the homing feature of the warhead under the worst re-entry situation and accurate performance of detonation system.
Kim Jong Un hugged officials in the field of rocket research, saying that they worked hard to achieve a great thing. And he had a picture taken with officials, scientists and technicians who took part in the test-fire.
Highly appreciating again their devotion for manufacturing the Korean-style medium long-range strategic ballistic rocket, he gave a special thanks to them on behalf of himself.
He said with confidence that the successful test-fire of Hwasong-12, a demonstration of high-level defence science and technology of the DPRK, is of great and special significance for securing peace and stability in the Korean peninsula and the region and is the greatest victory of the Korean people.
He declared that the DPRK is a nuclear power worthy of the name whether someone recognizes it or not. He stressed the DPRK will keep strict control over those engaging themselves in nuclear blackmail with its nuclear deterrence which has been unimaginably and rapidly developed.
The U.S. massively brought nuclear strategic assets to the vicinity of the Korean peninsula to threaten and blackmail the DPRK, but the coward American-style fanfaronade militarily browbeating only weak countries and nations which have no nukes can never work on the DPRK and is highly ridiculous, he said, stressing that if the U.S. dares opt for a military provocation against the DPRK, we are ready to counter it.
The most perfect weapon systems in the world will never become the eternal exclusive property of the U.S., he said, expressing the belief that the day when the DPRK uses the similar retaliatory means will come. He continued that on this occasion, the U.S. had better see clearly whether the ballistic rockets of the DPRK pose actual threat to it or not.
If the U.S. awkwardly attempts to provoke the DPRK, it will not escape from the biggest disaster in the history, he said, strongly warning the U.S. not to disregard or misjudge the reality that its mainland and Pacific operation region are in the DPRK’s sighting range for strike and that it has all powerful means for retaliatory strike.
He gave the scientists and technicians in the field of rocket research the order to continuously develop more precise and diversified nukes and nuclear striking means, not content with the successes, and make preparations for more tests till the U.S. and its vassal forces make a proper choice with reason.

*** 

ATN: North Korea launched a missile in a test early in the morning of May 14, North Korean time. If the information that has been reported about the test are correct, the missile has considerably longer range than its current missiles.

Reports from Japan say that the missile fell into the Sea of Japan after traveling about 700 km (430 miles), after flying for about 30 minutes.

A missile with a range of 1,000 km (620 miles), such as the extended-range Scud, or Scud-ER, would only have a flight time of about 12 minutes if flown on a slightly lofted trajectory that traveled 700 km.

A 30-minute flight time would instead require a missile that was highly lofted, reaching an apogee of about 2,000 km (1,240 miles) while splashing down at a range of 700 km. If that same missile was flown on a standard trajectory, it would have a maximum range of about 4,500 km (2,800 miles).

New press reports are in fact giving a 2,000 km apogee for the test.

This range is considerably longer than the estimated range of the Musudan missile, which showed a range of about 3,000 km in a test last year. Guam is 3,400 km from North Korea. Reaching the US West Coast would require a missile with a range of more than 8,000 km. Hawaii is roughly 7,000 km from North Korea.

This missile may have been the new mobile missile seen in North Korea’s April 15 parade (Fig. 2). It appears to be a two-stage liquid-fueled missile.

Fig. 2 (Source: KCNA)

Fig. 1  The black curve is the lofted trajectory flown on the test. The red curve is the same missile flown on a normal (MET) trajectory.

57,000 Detections, 74 Countries Affected by Global Ransomware

 

Go here for more information on malware affections.

Further, US-CERT, by DHS has this information.

 

 

Older machines running XP do not appear to be affected. Meanwhile, about a month ago:

Microsoft responds to NSA’s Windows exploits, urges customers to upgrade to supported versions

Remember, this NSA vault toolkit was stolen, leaked and published by WikiLeaks, Julian Assange. In some cases, it could be a deadly threat to life considering the intrusions into hospitals. The other blame goes to the Russian cyber gang, ShadowBrokers.

Russian-linked cyber gang Shadow Brokers blamed for NHS computer hack 

Ransom message found on NHS computersCourtesy: TelegraphUK: Ransom message found on NHS computers

CyberScoop: Large organizations on every continent are being hit by a global campaign of ransomware attacks on Friday, unfortunately, average ransomware demand has increased significantly. Machines are being infected using exploits developed by the U.S. National Security Agency and leaked by the group known as ShadowBrokers, according to authorities.

More than 57,000 detections in 74 countries have been recorded. Russia appears to be the most infected country by far, according to cybersecurity firms Kaspersky and Avast.

The “number [is] still growing fast,” according to Costin Raiu, Kaspersky’s director of research.

Hospitals across England were forced to divert emergency patients, according to the National Health Service. Other hospitals are asking patients to avoid coming in except for emergencies, news reports said.

In Spain, victims including the telecommunications company Telefónica told employees to shut down machines and networks in an effort to stop the spread of the malware. Other victims include Gas Natural and Iberdrola, an electric utility firm.

The ransomware campaign is caused by “exploiting the vulnerability described in bulletin MS17-010 using EternalBlue / DoublePulsar,”Spain’s Computer Emergency Readiness Team explained on Friday. “Infection of a single computer can end up compromising the entire corporate network.”

EternalBlue and DoublePulsar are code names for NSA hacking tools used to infect thousands of machines around the world since the NSA tools leaked in April.

That description from Spanish authorities and the work of several researchers point directly to NSA tools hacked and leaked by ShadowBrokers. The patch that Microsoft published in March assigned the designation MS17-010 to the vulnerability.

A widespread “bloodbath” from criminals has been expected by experts since the leak.

The ransomware “infects the machine by encrypting all its files and, using a remote command execution vulnerability through SMB, is distributed to other Windows machines on the same network. Microsoft published the vulnerability on March 14 in its bulletin and a few days ago a proof of concept was released that seems to have been the trigger of the campaign.” SMB is Microsoft’s Server Message Block protocol for network file sharing.

The attacks in different countries have been linked to the same group, according to the Financial Times.

The U.S. Department of Homeland Security is “coordinating with our international cyber partners” in Europe and Asia, a spokesperson told CyberScoop. “The Department of Homeland Security stands ready to support any international or domestic partner’s request for assistance. We routinely provide cybersecurity assistance upon request, including technical analysis and support.  Information shared with DHS as part of these efforts, including whether a request has been made, is confidential.”

Security researcher Kevin Beaumont advised patching machines immediately:

** Kevin Beaumont?Verified account @GossiTheDog5h5 hours ago 

Confirmed – wcry ransomware spreading across Europe uses EternalBlue/MS17-010/SMB. PATCH NOW EVERYWHERE.

Spanish authorities confirmed the ransomware is a version of WannaCry (also known as WannaCrypt0r), according to the National Cryptology Center. In Spain, the newspaper El Mundo is reporting that “early indications point to an attack originating in China.”

“Given the rapid, prolific distribution of this ransomware, we consider this activity poses high risks that all organizations using potentially vulnerable Windows machines should address,” a spokesperson from the cybersecurity firm FireEye told CyberScoop. “Organizations seeking to take risk management steps related to this campaign can implement patching for the MS17-010 Microsoft Security bulletin and leverage the indicators of compromise identified as associated with this activity.”

FireEye has yet to see a U.S.-based company be affected by the ransomware worm.

An estimated 25 health facilities in London and across England have been hit, according to the NHS. St Bartholomew’s Hospital in London, one of the victims, received warnings earlier this year that computers using Windows XP were vulnerable, reported the technology news site the Inquirer. Increasingly, some infected hospitals are not accepting phone calls or internet communications. The Derbyshire Community Health Services NHS Trust has reportedly shut down all of its IT systems.

“At this stage we do not have any evidence that patient data has been accessed,” an NHS statement said. “We will continue to work with affected organizations to confirm this.”

East and North Hertfordshire NHS trust, a hospital just north of London, publicly acknowledged “a major IT problem” that is “believed to be caused by a cyber attack.”

“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency,” according to a statement. “To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”

News of the English hospitals being hit with ransomware spread quickly among doctors and hospital employees, including in a widely shared message from an English doctor now making the rounds on social media.

**

If.ra? @asystoly6h6 hours ago  Why would you cyber attack a hospital and hold it for ransom? The state of the world ?

“So our hospital is down,” the doctor wrote. “We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.”