Minarapat ng Website na ito na itago sa loob ng link ang balita upang makaiwas sa mga may kinalaman sa mga pangyayari.
*New cybersecurity report says China-based group is hacking Asia-Pacific governments - cnbc.com
*Chinese hackers stealing digital info from PH gov’t agencies - inquirer.net
*Chinese-linked APT10 has been active in the Philippines- cyberscoop.com
*Philippines elections hack 'leaks voter data' - bbc.com
*Comelec hacking threatens security of voters: Trend Micro
*1.3M passports, 15.8M fingerprints compromised in Comelec site hack, says security software firm. news.abs-cbn.com
*Data Protection Mishap Leaves 55M Philippine Voters at Risk - trendmicro.com
New cybersecurity report says China-based group is hacking Asia-Pacific governments
A state-backed Chinese hacking group called APT41 were able to hack into telecommunications firms’ servers and steal the contents of text messages for intelligence that was of interest to Beijing, according to a new report from cybersecurity firm FireEye.
A China-based hacking group has quietly been carrying out a five-year cyber espionage campaign against governments in the Asia Pacific region, a new report by Check Point revealed.
The collective known as Naikon has targeted countries including Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei.
The Chinese group attempts to infiltrate a government body then use information it acquires such as contacts and documents to attack other departments.
A China-based hacking group has been quietly carrying out a five-year cyber espionage campaign against Asia-Pacific governments after it previously “slipped off the radar,” a new report claims.
The group, known as Naikon, has targeted nations including Australia, Indonesia, Philippines, Vietnam, Thailand, Myanmar and Brunei, according to Israeli cybersecurity firm Check Point.
Naikon targets ministries of foreign affairs, science and technology, as well as government-owned companies with the aim of “gathering of geo-political intelligence,” Check Point said.
What drives them is their desire to gather intelligence and spy on countries, and they have spent the past five years quietly developing their skills ...Lotem Finkelsteen CHECK POINT
Security researchers first found out about the Naikon group in 2015. However, Check Point said it had “slipped off the radar, with no new evidence or reports of activities found” until now. The hacking group had actually been active for the past five years but “accelerated its cyber espionage activities in 2019 and Q1 2020.”
The cybersecurity firm did not say if Naikon is linked to the Chinese government. But a separate report in 2015, by a Washington-based security company called ThreatConnect, claimed the group was a unit of the Chinese People’s Liberation Army (PLA).
China’s Ministry of Foreign Affairs was not immediately available for comment when contacted by CNBC.
According to the report, Naikon attempts to infiltrate a government body and use the stolen information it acquires there — such as contacts and documents — to attack other departments within that country’s government.
Check Point said it was alerted when it found an email with a document attached that contained malicious software, also known as malware.
When the document is opened, it infiltrates a user’s computer and attempts to download another piece of malware called “Aria-body.” This gives the hackers remote access to that computer or network, and bypasses security measures, Check Point said.
The group uses so-called spear-phishing, where it sends an email with the infected document that looks like it comes from a trusted source, in this case, another government official. They’re able to get information to create the fake email from previous successful attacks or public data.
Once they’re inside a network, they can launch further attacks without detection.
“What drives them is their desire to gather intelligence and spy on countries, and they have spent the past five years quietly developing their skills and introducing a new cyber-weapon with the Aria-body backdoor,” Lotem Finkelsteen, manager of threat intelligence at Check Point, said in a statement.
Chinese hackers stealing digital info from PH gov’t agencies
Has China been hacking into computers of Philippine government and military organizations and stealing sensitive information for the past years?
Computer security firm Kaspersky Labs said in their latest cybersecurity bulletin that a Chinese-speaking hacker group called “Naikon” had successfully infiltrated governments around the South China Sea region including the Philippines.
Naikon had been conducting “at least five years of high volume, high profile, geopolitical attack activity” and had a “high success rate in infiltrating national organizations in Asean countries,” Kaspersky said.
Gov’t agencies hit in ‘Country X’
Kaspersky Labs provided an example of the how deep Naikon can infiltrate a government’s computer systems using “Country X.”
“Analysis revealed that the cyberespionage campaign against Country X had been going on for many years. Computers infected with the remote control modules provided attackers with access to employees’ corporate email and internal resources and access to personal and corporate email content hosted on external services,” Baumgartner said.
“A few of these organizations were key targets and under continuous, real-time monitoring,” Baumgartner said.
• Office of the President • Military Forces • Office of the Cabinet Secretary • National Security Council • Office of the Solicitor General • Intelligence Services • Civil Aviation Authority • Department of Justice • Federal Police • Executive/Presidential Administration and Management Staff
Kaspersky did not explicitly state which country in Southeast Asia is Country X.
Chinese-linked APT10 has been active in the Philippines, researchers say
An elite Chinese government-linked hacking group known for allegedly stealing reams of data from U.S. organizations has been actively targeting entities in the Philippines, according to new research first shared with CyberScoop.
During the month of April, the APT10 hacking group, which U.S. officials have tied to China’s civilian intelligence agency, has been using two new malicious software variants to deliver its payloads against targets in the Philippines, according to analysts from endpoint security firm enSilo.
“Both the loader variants and their various payloads that we analyzed share similar tactics, techniques, and procedures, and code associated with APT10,” the firm wrote in research published Friday. CyberScoop was unable to independently confirm that the malicious activity was tied directly to APT10. Some of the data points in the enSilo research have been tied to China-based hackers, but not exclusively to APT10, independent researchers said.
It is unclear what the goal of the targeting is, or who the victims are, enSilo said. The burst of new activity targeting the Philippines could be a short-lived attack or a test run for a future campaign.
But the researchers are trying to warn potential victims about changes in the hacking group’s malicious code, and allow other APT10 investigators in the cybersecurity community to contribute their own analysis.
“Our main goal was to get [the word] out as soon as possible” so others can defend their networks, enSilo’s CTO and co-founder Udi Yavo told CyberScoop, adding that the company’s researchers are still searching for additional forensics that could be related to the new activity.
Attributing hacking activity can be a delicate and difficult act for analysts, and other researchers have apparently erred in blaming APT10 for past hacking activity.
Yavo said enSlio researchers thoroughly compared the coding and variants with previous APT10 activity and concluded the group was behind the recent targeting in the Philippines.
“We’ve seen that a significant part of the code base is the same, or very, very similar, [to APT10’s],” Yavo said. “So assuming that it’s not someone who has access to a similar code base, it should be APT10.”
In a similar attack pattern to the kind APT10 has carried out in recent years, hackers are abusing legitimate executables to unpack shellcode in the memory of a target machine, and then delivering modified versions of the remote access trojans (RAT) known as Quasar and PlugX, according to Yakov Goldberg, enSilo’s director of forensics and threat intelligence (Multiple groups, and not just APT10, have used Quasar and PlugX RATs before). The RAT then uses a tool dubbed SharpSploit to extract passwords from a hacked machine. Computer servers in South Korea and a domain registered in Hong Kong were used in the attack, he added.
APT10’s reach is global. In recent years it has compromised organizations in the U.S., Europe, and Japan. Analysts say the Chinese civilian intelligence agency that reportedly sponsors APT10, the Ministry of State Security, has become Beijing’s preferred arm for conducting cyber-economic espionage.
Last December, the Department of Justice unsealed charges against two accused APT10 members for allegedly targeting more than 45 companies and government agencies, including NASA, the U.S. Navy, and a Department of Energy laboratory. And reports of ATP10’s rampant activity – and its intent to use “managed service providers,” which corporations use for IT configuration, to siphon off companies’ proprietary data – have led the Department of Homeland Security to brief the private sector in detail on the threat.
The Chinese government has denied allegations that it engages in state-sponsored intellectual property theft.
Philippines elections hack 'leaks voter data'
The Philippines may have suffered its worst-ever government data breach barely a month before its elections.
Personal information, including fingerprint data and passport information, belonging to around 70 million people is said to have been compromised by hackers.
The Philippine Commission on the Elections (Comelec) saw its website defaced at the end of March.
The Anonymous Philippines group has claimed responsibility for the attack.
The group said it sought to highlight "vulnerabilities" in the system, including the use of automated voting machines that will be used on 9 May.
A second hacker group called LulzSec Philippines is believed to have posted Comelec's entire database online several days later.
Comelec claims that no sensitive information was released, according to multiple reports.
However, cybersecurity firm Trend Micro believes the incident is the biggest government-related data breach in history and that authorities are downplaying the problem.
"Every registered voter in the Philippines is now susceptible to fraud and other risks," it said in a report.
Why the Philippines?
The Philippines general election takes place every six years and will see a new president, vice-president and more than 18,000 other officials voted into office.
Investors will closely be watching the polls given the Philippines is one of Asia's fastest-growing economies.
This is only the third time the South East Asian nation has held automated elections and Comelec has faced criticism that security is not tight enough.
Ryan Flores, a senior manager at Trend Micro, said the government's cybersecurity vulnerabilities could lead to the election being "sabotaged".
"One of the more sensitive issues is that the [leaked] database is the same for the automated system being used for the election," he told the BBC.
"Come election period, anyone who has ill intentions can modify the results."
That was one of the reasons Anonymous Philippines cited for hacking the Comelec website.
It posted a message saying "what happens when the electoral process is so mired with questions and controversies? Can the government still guarantee that the sovereignty of the people is upheld?"
How big is this leak?
Trend Micro believes the Philippines breach may surpass the 2015 hack of the US Office of Personnel Management.
That incident saw the data on 20 million US citizens, including fingerprints and social security numbers, stolen by unknown hackers. Data taken in that attack has, so far, not been found online.
Last week, Panama law firm Mossack Fonseca saw more than 11 million documents released in what is being described as the biggest data leak in history.
Other high-profile targets in recent years where data has been stolen include online dating site Ashley Madison, US retailer Target and the entertainment arm of Sony.
The healthcare and education industries are the most affected by data breaches, according to Trend Micro.
Government agencies are the third biggest sector, followed by retail and financial industries.
What can be done to prevent similar attacks?
Mr Flores believes such breaches are likely to happen again, particularly in developing countries, and that "a stronger security mindset" was needed.
This includes the hiring of an information security team who would be responsible for highly sensitive data, as well as installing software that can track any irregularities in the network.
Mr Flores said countries like the Philippines "don't really have any agency or mandate in the government to improve their security posture".
"They have more pressing needs rather than digital security," he said. "Being a third world country plays into that."
However, he stressed that the investment was needed given there was an increasing trend of young people with technology know-how gravitating towards hacking groups.
Comelec hacking threatens security of voters: Trend Micro
1.3M passports, 15.8M fingerprints compromised in Comelec site hack, says security software firm.
MANILA - Personal data of 1.3 million overseas Filipino voters, including their passport information, as well as fingerprints of 15.8 million people were compromised in the hacking of the Commission on Election's (Comelec) website last March, according to a global security software company.
Trend Micro, in its analysis of the defacement and subsequent leak of the Comelec's entire database online, said the data dump "may turn out as the biggest government related data breach in history."
It said the attack left 55 million Philippine voters at risk, surpassing the U.S. Office of Personnel Management hack in 2015 that leaked personal data of 20 million US citizens.
"Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible for everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and list of peoples running for office since the 2010 elections," Trend Micro said.
It added that among the data leaked online by hackers were files on all candidates running in the election "with the filename VOTESOBTAINED."
"Based on the filename, it reflects the number of votes obtained by the candidate. Currently, all VOTESOBTAINED file are set to have NULL as figure," the security software company said. "The Comelec website also shows real time ballot count during the actual elections. While Comelec claims that this function will be done using a different website, we can only speculate if actual data will be placed here during the elections and if tampering with the data would affect the ballot count."
It warned that criminals can use the leaked personal information of Filipino voters for extortion and other illegal activities. "In previous cases of data breach, stolen data has been used to access bank accounts, gather further information about specific persons, used as leverage for spear phishing emails or BEC [Business Email Compromise] schemes, blackmail or extortion, and much more."
Comelec spokesman James Jimenez told ABS-CBN News that the poll body is still checking Trend Micro's allegations.
"Considering technical nature of post, will have to check its allegations, its sources, and what it claims to have studied," Jimenez said. "Considering the technical nature of the blog entry, I won't comment until I've discussed the matter with our IT Department."
The Comelec earlier downplayed the hacking of its its website.
In an interview with dzMM, Comelec chairman Andres Bautista claimed that hackers failed to access any confidential information that may derail the 2016 elections.
"I was told wala naman daw confidential information na nakuha. Kumbaga, hindi naman ito makakaapekto sa aming paghahanda para sa ating darating na halalan," he said.
The Comelec also asked the National Bureau of Investigation (NBI) Cybercrime Division to identify the perpetrators of the hacking of the poll body's official website.
A group claiming to be Anonymous Philippines defaced the Comelec's website, demanding that the poll body implement the security features of the vote-counting machines for the May 9, 2016 elections.
Meanwhile, another group, LulzSec, said it leaked online 340 gigabytes of the Comelec database.
Trend Micro said the second hackers' group made the database available for download by the public on several websites.
'COMELEAKS' | Lawmakers: Voter database breach compromises May 9 elections; PNP joins probe
"The massive data breach has manifold ramifications for all affected voters, yet the most insidious among these is the fact that unscrupulous groups – especially those currently in power – can use the data trove to commit automated electoral fraud of a scale unparalleled since the advent of automated polls," Ridon said.
"With millions of records of the personal information of voters now uploaded to the Internet, and rendered searchable through a new search engine that sprouted recently, we cannot emphasize enough how the so-called 'Comeleaks' totally compromises the integrity of the upcoming elections," the legislator said.
Gatchalian said that the hacked information about pollgoers has been published by hacker group LulzSec Pilipinas aiming to make the government "start thinking about security of citizens' personal data."
Data Protection Mishap Leaves 55M Philippine Voters at Risk
Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC). While initial reports have downplayed the impact of the leak, our investigations showed a huge number of sensitive personally identifiable information (PII)–including passport information and fingerprint data–were included in the data dump.
Following the defacement of the COMELEC website on March 27 by a hacker group, a second hacker group posted COMELEC’s entire database online. Within the day, they added three more mirror links where the database could be downloaded. With 55 million registered voters in the Philippines, this leak may turn out as one of the biggest government-related data breaches in history, surpassing the Office of Personnel Management (OPM) hack last 2015 that leaked PII, including fingerprints and social security numbers (SSN) of 20 million US citizens.