Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Why hackers target background investigation databases

Foreign hackers are targeting background investigation databases to blackmail US government personnel or to try to bribe them. It is not a mystery that Chinese hackers continuously target US companies and government offices, the attackers usually backed by the Government of Bejing mainly run cyber espionage campaigns to steal intellectual property and any kind of information related to person […]

China-linked APT Salt Typhoon

Foreign hackers are targeting background investigation databases to blackmail US government personnel or to try to bribe them.

It is not a mystery that Chinese hackers continuously target US companies and government offices, the attackers usually backed by the Government of Bejing mainly run cyber espionage campaigns to steal intellectual property and any kind of information related to person of interest belonging to “persons of interest.”

Security experts confirmed that Chinese hackers are targeting background check files to gather information on the US people.

The recent cyber attacks at the Office of Personnel Management (OPM), the USIS and KeyPoint Government Solutions, are the demonstration of the great interest of foreign hackers in the information on specific individuals.

The attackers use to target background investigation databases to gather detailed information about specific profiles or communities of interest.

“Newly revealed information about how hackers broke into a company conducting millions of background investigations on national security employees shows the lengths to which attackers are willing to go to steal U.S. secrets. ” reported the Nextgov

The attack scheme is easy as efficient, the attack in the majority of cases begins with a spear phishing attack that is the vector for malicious code used to infect the victims’ machines ad grab the video whenever background investigation software was being used.
There are various tactics adopted by Chinese hackers, the attackers always search for the weakest link in the security chain, in many cases this link is represented by the victims’ suppliers. Hackers use to target subcontractors to hit enterprises due the poor level of security they offer. The situation is particularly serious in the energy sector.

China hackers target Investigation database

“The attacker was able to navigate from the third-party-managed environment into the USIS network in late [redacted] by successfully brute-forcing a password on an application server,” Stroz Friedberg Managing Director Bret Padres wrote in the letter, obtained by Nextgov.

“Once the attacker was able to log in to that server, the attacker installed a malicious backdoor” to provide easy access, Padres wrote.

The attacks against companies like the USIS are not a surprise, these companies create detailed dossiers on government officials that could be used by the threat actors to conduct further attacks against the targeted organization.

Let me add that China isn’t the unique country that target US organization searching for background investigation databases, Russian hackers also represent a serious threat to the US.

To better understand why attackers target background investigation databases, let’s think to the information that a state-sponsored hacker can gather linking data from a government personnel databases and health care databases like the one compromised in the Anthem hack.  Intruders can easily obtain precious data related to the family lives of federal employees who might be susceptible to bribery or blackmail. This information could allow an attacker establish a contact with the victims and obtain an easy access to classified information by exploiting the human weakness.

“The breach of an Anthem health care database last fall affected federal employee subscribers as well as BCBS federal members who aren’t covered by Anthem but received BCBS services in a state where Anthem operates. But “if I know you have a clearance from the USIS breach and I know that maybe your husband or wife has cancer from the Anthem breach, maybe I can approach you and say: ‘You work at Langley. You’ve got access to sensitive information. Maybe if I give you $50,000 a year just to tell me a little bit about what you do, maybe I can eventually convince you to betray your country,'” Barger said, as an example of how medical data could be used to recruit human assets.”

The protection of background Investigation database is becoming a question of Homeland security, a cyber security strategy must properly address it, even when these archives are managed by private companies.

Pierluigi Paganini

(Security Affairs  background Investigation database, state-sponsored hackers)