Економіка

The state-backed Russian cyber spies behind the SolarWinds hacking campaign launched a targeted spear-phishing assault on U.S. and foreign government agencies and think tanks this week using an email marketing account of the U.S. Agency for International Development, Microsoft said.
The effort targeted about 3,000 email accounts at more than 150 different organizations, at least a quarter of them involved in international development, humanitarian and human rights work, Microsoft Vice President Tom Burt said in a blog post late Thursday.
It did not say what portion of the attempts may have led to successful intrusions.
The cybersecurity firm Volexity, which also tracked the campaign but has less visibility into email systems than Microsoft , said in a post  that relatively low detection rates of the phishing emails suggest the attacker was “likely having some success in breaching targets.”  
Burt said the campaign appeared to be a continuation of multiple efforts by the Russian hackers to “target government agencies involved in foreign policy as part of intelligence gathering efforts.” He said the targets spanned at least 24 countries.
The hackers gained access to USAID’s account at Constant Contact, an email marketing service, Microsoft said. The authentic-looking phishing emails dated May 25 purport to contain new information on 2020 election fraud claims and include a link to malware that allows the hackers to “achieve persistent access to compromised machines.”
Microsoft said in a  separate blog post that the campaign is ongoing and evolved out of several waves of spear-phishing campaigns it first detected in January that escalated to the mass-mailings of this week.
While the SolarWinds campaign, which infiltrated dozens of private sector companies and think tanks as well as at least nine U.S. government agencies, was supremely stealthy and went on for most of 2020 before being detected in December by the cybersecurity firm FireEye, this campaign is what cybersecurity researchers call noisy. Easy to detect.
Microsoft noted the two mass distribution methods used: the SolarWinds hack exploited the supply chain of a trusted technology provider’s software updates; this campaign piggybacked on a mass email provider.
With both methods, the company said, the hackers undermine trust in the technology ecosystem.
…

Facebook says it will no longer remove claims that COVID-19 is human-made or manufactured “in light of ongoing investigations into the origin of COVID-19 and in consultation with public health experts.”There is rising pressure worldwide to investigate the origins of the pandemic, including the possibility that it came from a lab. Since the pandemic began, Facebook has been changing what it allows on the topic and what it bans. In February, it announced a host of new claims it would be prohibiting — including that COVID-19 was created in a Chinese lab. Other claims it added at the time included the false notion that vaccines are not effective or that they are toxic.Lisa Fazio, a professor of psychology at Vanderbilt University, said the reversal shows the difficulty of fact-checking in general, particularly with something unprecedented like the coronavirus, when experts can disagree and change their minds with new evidence.“It’s one reason that content moderation shouldn’t be static, scientific consensus changes over time,” Fazio said. “It’s also a reminder to be humble and that for some questions the best current answer is “we don’t know yet” or “it’s possible, but experts think it’s unlikely.”Facebook’s reversal comes as President Joe Biden ordered U.S. intelligence officials to “redouble” their efforts to investigate the origins of the COVID-19 pandemic, including any possibility the trail might lead to a Chinese laboratory. After months of minimizing these claims as a fringe theory, the Biden administration is joining worldwide pressure for China to be more open about the outbreak. It aims to head off GOP complaints that Biden has not been tough enough and to use the opportunity to press China on alleged obstruction.“We’re continuing to work with health experts to keep pace with the evolving nature of the pandemic and regularly update our policies as new facts and trends emerge,” said Guy Rosen, Facebook’s vice president of integrity, in a statement Wednesday.Facebook does not usually ban misinformation outright on its platform, instead adding fact-checks by outside parties, which includes The Associated Press, to debunked claims. The two exceptions have been around elections and COVID-19.
…

The Cyprus-flagged oil tanker Berlina was drifting near the Caribbean island of Dominica earlier this year when tracking technology showed it stopping in its tracks and in two minutes turning around 180 degrees.It was an amazingly quick pivot since the 274-meter ship needs roughly 10 times that amount of time to perform such a maneuver.Even more intriguing: Around the same time the Berlina was pinging its location at sea, it was physically spotted loading crude oil in nearby Venezuela despite U.S. sanctions against such trading.Meanwhile, nine other ships, some connected to the same Greece-based owner of the Berlina, were digitally monitored moving nearby at an identical speed and direction with sudden draft changes, indicating they had somehow been loaded full of crude though apparently out at sea.The Berlina’s impossible journey could represent the next frontier of how rogue states and their enablers manipulate GPS-like tracking systems to hide their movements while circumventing sanctions, maritime experts say.Evading detectionIn recent years, as the U.S. has expanded economic sanctions and tracking technology has become more widely used, companies have adopted a number of techniques to evade detection. Most involve a ship going dark, by turning off its mandatory automated identification system or by “spoofing” the identity and registration information of another ship, sometimes a sunken or scrapped vessel.Windward, a maritime intelligence agency whose data is used by the U.S. to investigate sanctions violations, carried out a detailed investigation into the Berlina. It considers the movements of the Berlina and the other ships to be one of the first instances of orchestrated manipulation in which vessels went dark for an extended period while off-ship agents used machines to hide their activities by making it appear they were transmitting their locations normally.Militaries around the world have been using the same electronic warfare technology for decades. But it is only now cropping up in commercial shipping, with serious national security, environmental and maritime safety implications.“We believe this is going to spread really fast because it’s so efficient and easy,” Matan Peled, co-founder of Windward, said in an interview. “And it’s not just a maritime challenge. Imagine what would happen if small planes started adopting this tactic to hide their true locations?”Under a United Nations maritime treaty, ships of over 300 tons have been required since 2004 to use the automated identification system to avoid collisions and assist rescues in the event of a spill or accident at sea. Tampering with its use is a major breach that can lead to consequences for a vessel and its owners.But the maritime safety mechanism has also become a powerful mechanism for tracking ships engaged in rogue activities like illegal fishing or transporting sanctioned crude oil to and from places under U.S. or international sanctions like Venezuela, Iran and North Korea.In the cat-and-mouse game that has ensued, the advent of digital ghosts leaving false tracks could give the bad actors the upper hand, said Russ Dallen, the Miami-based head of Caracas Capital Markets brokerage, who tracks maritime activity near Venezuela.“It’s pretty clear the bad guys will learn from these mistakes and next time will leave a digital trail that more closely resembles the real thing,” Dallen said. “The only way to verify its true movement will be to get a physical view of the ship, which is time consuming and expensive.”Manipulation or malfunction?The Berlina never reported a port call while floating in the Caribbean. Nonetheless, on March 5, the draft indicated by its identification system went from 9 meters to 17 meters, suggesting it had been loaded with oil.Was it manipulation or a malfunction?While the Berlina’s voyage remains something of a mystery, Vortexa, a London-based energy cargo tracker, determined the tanker had loaded at the Venezuelan port of Jose on March 2 and then headed toward Asia. Separately, Windward also confirmed the crude delivery through two sources.Two months later, on May 5, the Berlina discharged its crude in a ship-to-ship transfer to a floating storage vessel, the CS Innovation, according to Vortexa. The CS Innovation remains off the coast of Malaysia where the transfer took place and has undertaken several ship-to-ship transfers in the interim, making it nearly impossible to know where Venezuela’s oil will end up.Adding to suspicions, the Berlina and at least four of the nine other vessels involved in the Caribbean voyage earlier this year are connected to the same Greek company, according to Windward. And all 10 vessels switched flags — another common ploy used to make it harder to keep track of ships — to Cyprus in the four months prior to the manipulation of the fleet’s tracking information.The AP was unable to locate any contact information for the Berlina’s ship manager or owner, both of which are based in the port city of Pireaus, near Athens.Peled said the Berlina’s activities may never have been detected if not for a tip it received from an external source that it wouldn’t identify.But the know-how gained from the investigation has allowed it to identify other recent examples of location tampering, including one in January when a ship it did not identify was spotted loading Iranian crude at Kharg island while broadcasting its location out at sea somewhere else in the Persian Gulf.While the U.S. government has additional resources to ferret out such deceptive practices, doing so will require extra effort.“It suggests the length to which rogue actors are willing to go, to hide their activities,” said Marshall Billingslea, an assistant Treasury secretary for terrorist financing during the Trump administration and former deputy undersecretary of the Navy. “It’s a worrisome trend and given the huge volume of maritime traffic will introduce a lot more noise into the system.”
…

Russia and Iran are leading the way when it comes to pushing bad information on one of the world’s most popular social media platforms, and new analysis finds they are getting savvier at evading detection. Facebook issued a report Wednesday looking at so-called coordinated inauthentic behavior over the past four years, warning that despite ongoing efforts to identify and remove disinformation networks, there is no let-up in attempts to exploit or weaponize conflict and crisis. “Threat actors have adapted their behavior and sought cover in the gray spaces between authentic and inauthentic engagement and political activity,” according to the Facebook report, which looked at the more than 150 networks from more than 50 countries that its security teams took down from 2017 to 2020. “We know they will continue to look for new ways to circumvent our defenses,” the report added, noting disinformation efforts were evenly split between foreign and domestic efforts. “Domestic IO also continues to push the boundaries of acceptable online behavior worldwide” per @Facebook “About half of the influence operations we’ve removed since 2017–including in #Moldova, #Honduras, #Romania, #UK, US, #Brazil & #India–were conducted by locals…” pic.twitter.com/e2pLpgLNaJ— Jeff Seldin (@jseldin) May 26, 2021 Russia, Iran influence efforts Overall, Russia was the biggest purveyor of disinformation, according to the analysis, with 27 identified influence operations during the four-year timeframe. Of those, 15 were connected to the St. Petersburg-based Internet Research Agency (IRA) or other entities linked to Yevgeny Prigozhin, a Russian oligarch with close ties to Russian President Vladimir Putin. US Hits Back at Russian Election Disinformation Ring New sanctions target the ‘inner circle’ of Ukrainian politician Andrii Derkach, previously outed by U.S. officials as a long-time Russian agent Another four Russian networks were traced to the Kremlin’s intelligence services and two more originated with Russian media sites. Iran was second on the list, with 23 inauthentic networks, nine of which were connected to the government or Iranian state broadcasters. Myanmar ranked third, with nine disinformation networks, followed by the United States and Ukraine. NEW: #Russia, #Iran#Myanmar top @Facebook’s list of sources for influence ops/ Coordinated Inauthentic Behavior in new report covering 2017-2020US is 4th, #Ukraine is 5th pic.twitter.com/X2Z45AqUO2— Jeff Seldin (@jseldin) May 26, 2021Facebook said the culprits in the United States and Ukraine included public relations firms, fringe political actors, and in the case of Ukraine, two political parties. China’s ‘strategic communication’ China, accused by U.S. intelligence officials for running multiple, intensive influence operations, did not make Facebook’s list of illicit disinformation networks, but not because Beijing was not active. Outgoing US Intel Chief Warns China Seeking Global Domination Director of National Intelligence John Ratcliffe has repeatedly sounded alarms about Beijing’s efforts, but now says China is prepared for an ‘open-ended period of confrontation’ with US “The China-origin activity on our platform manifested very differently than IO [influence operations] from other foreign actors, and the vast majority of it did not constitute CIB [Coordinated Inauthentic Behavior],” the Facebook report said. “Much of it was strategic communication using overt state-affiliated channels [e.g. state-controlled media, official diplomatic accounts] or large-scale spam activity that included primarily lifestyle or celebrity clickbait and also some news and political content.” #Election2020: “In the year leading up to the US 2020 election, we exposed over a dozen CIB operations targeting US audiences, including an equal number of networks originating from #Russia, #Iran, & the #UnitedStates itself” per @Facebookpic.twitter.com/MISQHnJigc— Jeff Seldin (@jseldin) May 26, 2021The Facebook report warned, however, that catching sophisticated disinformation actors like China and Russia is getting more difficult. “They are showing more discipline to avoid careless mistakes,” the report said. “Some are also getting better at avoiding language discrepancies.” Amplifying, outsourcing disinformation Facebook further warned that countries like Russia and China “are getting better at blurring the lines between foreign and domestic activity by co-opting unwitting [but sympathetic] domestic groups to amplify their narratives.” Another concerning trend identified in the Facebook report: outsourcing. “Over the past four years, we have investigated and removed influence operations conducted by commercial actors—media, marketing and public relations companies, including in Myanmar, the U.S., the Philippines, Ukraine, the UAE [United Arab Emirates] & Egypt,” according to the report. The report said despite a growing number of influence operations and their growing sophistication, many of them are being identified and taken down more quickly than in the past. But Nathaniel Gleicher, the head of Facebook security policy, said the social media platform can only do so much by itself. “Countering IO is a whole-of-society challenge. Defenders are most effective when gov’ts, industry, and civil society work together,” Gleicher wrote on Twitter. “We know threat actors are continuing to innovate, so we can’t take our foot off the gas now,” he added. “We have to keep pressing to stay ahead of adversarial innovation in 2021 and beyond.” 
 
…