The Kremlin on Sunday posted a readout of a thank you call from President Vladimir Putin of Russia to President Donald Trump.

According to the readout, Putin thanked Trump for information — “transmitted through the channels of U.S. special services” — that “helped thwart terrorist acts in Russia.”

The readout noted that the two presidents also discussed issues of mutual interest, agreeing to “continue bilateral cooperation in combating terrorism.” The Russian government news agency TASS, citing a spokesman from the FSB intelligence agency, reported that two Russian nationals were plotting terrorist attacks in St. Petersburg over the New Year holiday but were detained thanks to the information shared by the U.S.

Story Continued Below

The White House has not released a statement on the call, and reporters traveling with Trump in Florida asked for more information on Sunday.

The Kremlin’s readout is not the first time Russia has put out call statements ahead of the White House, even if the statements don’t fully reflect what was said.

In August, the Kremlin said in a statement that Trump offered Putin help in fighting vast wildfires in Siberia. The phone conversation had taken place on the “initiative of the American side,” the Kremlin added. The White House later confirmed the two leaders’ conversation.

And in 2017, photos from Trump‘s first Oval Office meeting with Foreign Minister Sergey Lavrov of Russia surfaced online from the Kremlin. The meeting had been closed to the American media.

Lavrov had another a closed-door Oval Office meeting with Trump earlier this month — on the day House Democrats unveiled articles of impeachment against him. Afterward, Trump praised the “very good meeting“ in a tweet, saying the two had discussed “election meddling.“ But at a news conference at the Russian Embassy, Lavrov wouldn‘t answer that claim directly, suggesting only that Secretary of State Mike Pompeo had raised the issue during a separate meeting.

https://www.politico.com/news/2019/12/29/kremlin-putin-calls-to-thank-trump-for-help-on-terrorism-090430

Washington (CNN)Military cyber officials are developing information warfare tactics that could be deployed against Russian oligarchs and officials if the country attempts to interfere in the 2020 US presidential election, current and former US officials told The Washington Post. The officials told The Post that one option being looked at by US Cyber Command would target senior Russian leadership and elites in an effort to show that their personal data could be hit if election interference did not stop. The option would not take aim at Russian President Vladimir Putin because that would be considered too provocative, the officials said, according to the Post.

Another option involves a disinformation campaign designed to exploit contention within the Russian government as well as operations that would expose malicious behavior, the newspaper reported.

Elissa Smith, a spokeswoman for the Department of Defense, told CNN in a statement that the department doesn't comment on "cyberspace operations, planning or intelligence," but she did say the Defense Department and US Cyber Command were "generating insights for the US government to provide" to state and local governments.

The department, Smith said, also is, "when authorized, enabling the Department of Homeland Security's efforts to secure critical infrastructure; enabling the Federal Bureau of Investigation's efforts to counter malign foreign influence in our elections; and, when authorized, taking action to disrupt or degrade malicious nation-state cyber actors ability to interfere in US elections."

The secretive Cyber Command operation is part of a broader effort that includes the Departments of State, Justice and Homeland Security, the CIA and the National Security Agency, an administration official previously told CNN.

The information warfare tactics being contemplated build on Cyber Command's previous efforts to target Russian operates believed to be attempting to influence the 2018 midterm elections.

Those operations – aimed at making meddling more difficult – included sending phishing messages to suspected cyber operatives and messaging from public officials to make clear the US would not tolerate interference.

Paul Nakasone, chief of the US Cyber Command, has been part of the drive to integrate military operations with cyber-offense operations, the Post reported.

"In 332 days, our nation is going to elect a president," Nakasone said at a defense forum earlier this month, according to The Post. "We can't let up. This is something we cannot be episodic about. The defense of our nation, the defense of our elections, is something that will be every single day for as long as I can see into the future."

https://www.cnn.com/2019/12/26/politics/us-cyber-security-russian-interference/index.html

An advanced persistent threat espionage campaign with suspected ties to the Chinese government quietly targeted businesses and governments in 10 countries for two years, bypassing two-factor authentication, according to a report by Fox-IT.

See Also: Key Trends in Payments Intelligence: Machine Learning for Fraud Prevention

The campaign, dubbed Wocao, targeted government and managed service providers while managing to be "under the radar," the Netherlands-based security firm notes.

"Fox-IT assesses with high confidence that the actor is a Chinese group and that they are likely working to support the interests of the Chinese government and are tasked with obtaining information for espionage purposes," report notes. "With medium confidence, Fox-IT assesses that the tools, techniques and procedures are those of the actor referred to as APT20."

APT20, also known as TH3Bug and Twivy, has been active since 2009 and is known to rely on watering hole attacks - which involve compromising legitimate websites and installing malware to target website visitors, an earlier report by Palo Alto Networks noted.

The Fox-IT report does not mention if the campaign is still active or identify the malware strain used by the threat group. But it states the campaign was active across 10 countries, including the U.S, several European countries and China.

Bypassing 2FA

According to the FOX-IT report, the attackers were able to bypass two-factor authentication by targeting devices of employees with privileged access to the company's network.

"On these systems, the contents of passwords vaults (password managers) are directly targeted and retrieved," the report states.

To gain this access these devices, the attackers first targeted devices with vulnerable webservers - often those running a version of JBoss, a popular enterprise application platform.

"Such vulnerable servers were observed to often already be compromised with webshells, placed there by other threat actors," the report notes. "The actor actually leverages these other webshells for reconnaissance and initial lateral movement activity. After this initial reconnaissance the actor uploads one of its own webshells to the webserver."

Once the attackers gained persistence by compromising the VPN credentials, they bypassed 2FA, the researchers say.

Fox-IT researchers note that this was likely achieved by stealing an RSA SecureID token, which was then used to generate valid one-time codes in the attacker's systems to bypass the 2FA.

"In short, all the actor has to do to make use of the 2-factor authentication codes is to steal an RSA SecurID Software Token and to patch 1 instruction, which results in the generation of valid tokens," the report notes.

After bypassing the authentication, the attackers then proceeded to perform privilege escalation and gain lateral movement, then collect and exfiltrate data and communicate with the command and control, the researchers say.

While performing these activities, the threat actors were also careful to remove files that could trace their activities, thus making the detection of the group's activity hard, according to the research report.

"As much as is possible, they remove file system-based forensic traces of their activities, making it much harder for investigators to determine what happened after the fact," the report adds.

Rising Chinese APT Threat

Chinese APT groups are known for their complex cyberespionage campaigns carried against specific targets to compromise their systems and gain specific information.

In another incident, another Chinese group, APT5, targeted flaws in Pulse Secure and Fortinet SSL VPNs for more than six weeks, security experts said (see: Chinese APT Groups Began Targeting SSL VPN Flaws in July).

In November, another Chinese advanced threat group, APT41, used a new espionage tool to intercept SMS messages from phone numbers by infecting mobile telecommunication networks, according to the security firm FireEye Mandiant (see: Chinese APT Group Targets Mobile Networks: FireEye Mandiant).

Another report by FireEye noted that Chinese APT groups targeted cancer research organizations across the globe to steal their research (see: Chinese APT Groups Target Cancer Research Facilities: Report).

https://www.bankinfosecurity.com/researchers-chinese-apt-espionage-campaign-bypasses-2fa-a-13557

WASHINGTON: How big a difference does it make when you reinforce foot troops with drones and ground robots? You get about a 10–fold increase in combat power, according to a recent Army wargame.

“Their capabilities were awesome,” said Army Capt. Philip Belanger, a Ranger Regiment and Stryker Brigade veteran who commanded a robot-reinforced platoon in nearly a dozen computer-simulated battles at the Fort Benning’s Maneuver Battle Lab. “We reduced the risk to US forces to zero, basically, and still were able to accomplish the mission.”

That mission: dislodge a defending company of infantry, about 120 soldiers, with a single platoon of just 40 attackers on foot. That’s a task that would normally be assigned to a battalion of over 600. In other words, instead of the minimum 3:1 superiority in numbers that military tradition requires for a successful attack, Belanger’s simulated force was outnumbered 1:3.

When they ran the scenario without futuristic technologies, using the infantry platoon as it exists today, “that did not go well for us,” Belanger said drily.

But that was just the warm-up, getting the captain and his four human subordinates – three lieutenants and a staff sergeant, each commanding a simulated squad – familiar with the Army’s OneSAF software. That’s a complex physics-based model so fine-grained it can assess whether an individual (simulated) soldier is killed, wounded or unscathed in any given attack. OneSAF also strictly limits the amount of information each human player gets. They only know what their simulated soldiers on the battlefield could, so it replicates the fog of war, if not the fear.

Then the wargame organizers added dozens of unmanned systems to the simulation. The immediate impact was on what Belanger and his team could see. Instead of being limited to the immediate field of view of their simulated soldiers, they could send the drones ahead to scout. Instead of being able to engage the enemy about 500 meters away (not quite a third of a mile) – or less in dense terrain like a jungle or a city – they could spot and attack them from 5,000 meters (more than three miles).

“It was awesome to be able to increase that zone of where we knew exactly what was going on, without being right on top of the enemy,” Belanger told me. “We were able to pretty much control the amount of area that probably a battalion-minus would have been able to control, with just one platoon.”

That doesn’t mean it was easy to adapt to the new tools. “The first time we used them was definitely a learning curve,” Belanger said. Drones can move much faster than ground robots, but they can’t carry as much firepower as a ground vehicle of similar size and cost. So, at first the fliers rushed ahead, found the enemy position, and then had to wait for the ground units to catch up. Meanwhile the opposing players, controlling the enemy force, noticed the drones and, although they weren’t able to shoot them down – something unlikely to be true with, say, the Russians – they could use the time to ready their defenses. Belanger’s manned-unmanned team still won, but not as decisively as they wanted to.

“Our UAS [Unmanned Aerial Systems] were able to identify exactly where enemy were, but we were unable to kill them without our ground vehicles,” he said. “You have to figure out how you’re going to mass combat power,” rather than attack piecemeal.

-MORE-

https://breakingdefense.com/2019/12/ai-robots-crush-foes-in-army-wargame/