Category: Intelligence

Auto Added by WPeMatico

Posted on

Combatting Cyber Threat Actors Perpetrating Living Off the Land Intrusions

Source: National Security Agency NSA

FORT MEADE, Md. – The National Security Agency (NSA) is proud to partner with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the United Kingdom National Cyber Security Center (NSC-UK) on CISA’s Cybersecurity Technical Report (CTR) “Identifying and Mitigating Living Off the Land,” which provides guidance on defending against common living off the land (LOTL) techniques. This release follows a May 2023 joint Cybersecurity Advisory on LOTL techniques.
 
Rather than introducing malicious code to a system, LOTL threats use existing tools on the system to circumvent security capabilities, which makes these cyberattacks more difficult to detect and mitigate. These techniques can occur in multiple types of IT environments including on site, in the cloud, or hybrid environments. People’s Republic of China and Russian Federation state-sponsored actors often use these techniques to evade detection.
 
“Living off the land attacks have galvanized the cybersecurity community,” said Rob Joyce, NSA’s Director of Cybersecurity and Deputy National Manager for National Security Systems (NSS). “More than half a dozen international and domestic partner organizations signed on to our previous living off the land Cybersecurity Advisory. Industry also allowed us to reference their important contributions. 
 
“Together with our partners and allies, we’re shining a light on attacks that occur in dark corners, and illustrating how the PRC behaves irresponsibly by holding civilian critical infrastructure at risk. CSAs like this arm all of us to improve defense and bring together a coalition that can do more as a group than any one of us can do alone,” said Joyce.
 
The CSA outlines how and why LOTL attacks are effective and includes best practice recommendations that are part of a multi-faceted and comprehensive approach to mitigating LOTL cyber threats. Best practices for prioritizing detection and hardening targets include implementing logging that allows for better detection of malicious LOTL activities, implementing authentication controls, maintaining user and admin privilege restrictions, auditing remote access software, establishing baseline behaviors, and refining monitoring tools and alerting mechanisms. The advisory also contains recommendations for software and technology manufacturers, technical details on threat actor activity, and information on network defense weaknesses.

Read the full report here.

Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations
MediaRelations@nsa.gov
443-634-0721

Posted on

NSA and Partners Spotlight People’s Republic of China Targeting of U.S. Critical Infrastructure

Source: National Security Agency NSA

FORT MEADE, Md. – The National Security Agency (NSA) has joined partners to issue a Cybersecurity Advisory (CSA) to address People’s Republic of China (PRC) targeting of U.S. critical infrastructure. The CSA, entitled “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure,” is led by the Cybersecurity and Infrastructure Security Agency (CISA) in partnership with NSA, the Federal Bureau of Investigation (FBI), and additional government agencies.
 
The CSA focuses on PRC-sponsored cyber actor, Volt Typhoon, targeting IT networks of communications, energy, transportation, water, and wastewater organizations in the U.S. and its territories. The authoring agencies recognize the reality that the PRC has already compromised these systems. In some cases, the cyber actors have been living inside IT networks for years to pre-position for disruptive or destructive cyberattacks against operational technology (OT) in the event of a major crisis or conflict with the United States. 
 
“This is something we have been addressing for a long time,” said Rob Joyce, NSA’s Director of Cybersecurity and Deputy National Manager for National Security Systems (NSS). “Our insights on PRC pre-positioning have driven action across the cyber community. We have gotten better at all aspects of this, from understanding Volt Typhoon’s scope, to identifying the compromises likely to impact critical infrastructure systems, to hardening targets against these intrusions, to working together with partner agencies to combat PRC cyber actors.”
 
The CSA notes Volt Typhoon’s choice of targets and pattern of behavior are not consistent with traditional cyber espionage or intelligence gathering. Their ability to access operational technology (OT)could allow the group to disrupt OT functions across multiple critical infrastructure entities.
 
This report is paired with a technical guide, also released today, entitled “Identifying and Mitigating Living Off the Land (LOTL).” LOTL is a technique often used by Volt Typhoon to access and embed undetected in existing systems.
 
Read the full report here.

Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations
MediaRelations@nsa.gov
443-634-0721

Posted on

Joint press conference by NATO Secretary General Jens Stoltenberg and the National Security Advisor of the United States, Jake Sullivan

Source: NATO

Good afternoon.

I have just chaired a meeting of National Security Advisers from all NATO Allies. 

And I am glad to be joined today by U.S. National Security Advisor Jake Sullivan.

Jake, it is good to see you again,
Just after we last met in Washington last week.

In our meeting today, NATO Allies discussed our preparations for the Washington Summit in July.

Including Ukraine;
Deterrence and defence;
And the growing challenge posed by China.

Today, Allies reiterated their support for Ukraine.

This is not charity.
It is in our own security interest.

A Russian victory would weaken us,
And embolden not just Moscow,
But also China, Iran, and North Korea.

That matters for Europe’s security.
And it matters for America’s security.

By spending a fraction of our military budgets,
We have helped Ukraine to destroy a substantial part of Russia’s combat capacity.

Our support is also an example of true transatlantic burden sharing.

Where both Europe and North America are making critical contributions to preserve Ukraine’s freedom.

Last week in Washington, I heard strong support for Ukraine from Congressional leaders – both Republicans and Democrats.

The debate continues in Washington on funding for a number of important priorities.

It is vital that the United States Congress agrees on continued support for Ukraine in the near future.

And I count on all Allies to sustain their commitment.

Today, we also discussed further bolstering NATO’s deterrence and defence.

At the Summit, we will demonstrate that we are delivering on our commitments.

Including by fully resourcing our new defence plans,
Investing in new capabilities,
And accelerating efforts to strengthen our transatlantic defence industrial base.

Since last July, NATO has agreed industry deals worth some 10 billion US dollars for ammunition.
Including 5.5 billion dollars for 1,000 more Patriot air defence missiles just last month.
A deal that will build more production capacity in Europe for this vital capability.

The world has become more dangerous.
But NATO has become stronger.
With more forces,
Higher readiness,
And increased defence investment.

We can never take peace for granted.
But we do not see any imminent threats against any NATO Ally.

NATO is now holding Steadfast Defender – our biggest military exercise in decades.

Our exercise demonstrates that there should be no room for miscalculation in Moscow about NATO’s readiness and resolve to protect all Allies.

In our meetings today, we also addressed the growing challenge posed by China. 
Our competitors are increasingly joining forces.
And Russia’s increasing cooperation with China, Iran, and North Korea raises serious concerns.

So it is even more important that NATO is working more closely with partners like Australia, Japan, New Zealand and South Korea.

Today, we also condemned Iran’s destabilising role throughout the Middle East,
Including its support for terror groups that attack Allied forces and civilian shipping.

Attacks by Iranian-backed militias in Iraq and Syria against U.S. forces are unacceptable.
Iran must rein in its proxies.

So dear Jake,

Thank you again for your strong personal commitment to our Alliance.
And for the extraordinary leadership of the United States and President Biden as we face global challenges.

Together in NATO, we will continue to protect our nations, our people and our values.

And we all look forward to the Summit in Washington.

So, please.

Posted on

One of the main key leaders of EncroChat extradited to France with support of Eurojust

Source: Eurojust

An international arrest warrant was issued against the suspect in July 2021. He was extradited to France last week at the request of the Public Prosecutor of Lille.

This dismantling was coordinated and supported by Eurojust and Europol and sent shockwaves through organised crime. Between 2020 and 2023, over 6 500 suspects were arrested and at least EUR 900 million in assets were seized, with investigations still ongoing. Eurojust supported a joint investigation team into the case from 2020.

In an update on the EncroChat investigations, in June 2023, the Public Prosecutor of Lille already announced that potential suspects who were living outside the European Union could be extradited. The French Desk at Eurojust supported the PPO of Lille in contacting the Dominican authorities to arrange the formal extradition to France.

The extradited defendant is suspected, among other things, of participating in a criminal conspiracy to illegally import and acquire illicit drugs, and aiding and abetting their illegal possession, supply and transfer. He is also suspected of participating in a criminal conspiracy, aggravated money laundering, illegal arms possession and supplying or transferring a cryptologic device without integrity control or prior declaration to the authorities.

The person concerned was indicted on 2 February and further legal proceedings will be taken. The accused has been remanded in custody and is still presumed innocent at this stage of the proceedings. Eurojust remains available to support the authorities in case of further requests.

Posted on

Reserve Forces Committee addresses the future of military medicine through telemetry, AI, and big data

Source: NATO

From 31st January to 2nd February 2024, the Interallied Confederation of Medical Reserve Officers (CIOMR) organised their Mid-Winter meeting at NATO HQ, in Brussels. The meeting was not only a showcase of technological advancements; it was a testament to the Alliance’s commitment to embracing innovation for the betterment of allied military medical services. The overarching theme of the CIOMR Scientific Committee was the exploration of telemetry, AI, and ‘big data’ in enhancing military medical capabilities.

As the field of military medicine continues to evolve with technology playing a pivotal role in enhancing operational capabilities, the work of the Scientific Committee, under the leadership of Surgeon Commander Stuart A. G. Roberts (UK) as Chair and Major Paul Dhillon (CAN) as Vice-Chair, sets a high standard in the field of military medicine. The recent Mid-Winter meeting of CIOMR marked a significant milestone, with the committee presenting and leading sessions focused on the integration of telemetry, artificial intelligence (AI), and ‘big data’ in military medicine.

The Scientific Committee’s work emphasized the transformative potential of these technologies in streamlining medical logistics, improving patient care, and facilitating real-time decision-making in the field. “The journey of integrating telemetry, AI, and big data into military medicine is just beginning, and the insights gained from this meeting will undoubtedly pave the way for further advancements. As we move forward, the focus will remain on harnessing these technologies to enhance the effectiveness, efficiency, and reach of military medical services, ultimately saving lives and improving the well-being of those who serve”, noted Surgeon Commander Roberts in his remarks.

The event, which for the first time saw Australia participating remotely, also brought together junior medical officers from the UK, USA, and France, through the CIOMR Junior Medical Reserve Officer Committee, offering a unique platform for knowledge exchange and collaboration. The participation of international partners such as Australia highlighted the global dimension of the committee’s efforts. This collaborative approach not only enriches the pool of knowledge and expertise but also ensures that the benefits of technological advancements in military medicine are shared widely across the NATO alliance and its partners.

The sessions underscored the committee’s commitment to leveraging cutting-edge technologies to enhance medical support in military operations. A highlight of the meeting was the augmented reality (AR) demonstration by the Kognitiv Spark Team, which showcased the potential of AR in transforming military medical training and field operations. The AR round robin featured three different scenarios centred on:

  • wound care – ability to guide field medics through complex wound care procedures in real-time, enhancing the precision and effectiveness of battlefield medical interventions;
  • remote care – facilitation of remote medical consultations, allowing specialists to provide guidance and support to medics in remote or inaccessible locations;
  • and surgery – glimpse into the future of military surgery, where AR can assist medics in performing intricate procedures with augmented precision and information.

These demonstrations not only highlighted the practical applications of AR in military medicine but also underscored the importance of immersive technologies in training and operational support.

Posted on

Chair of the NATO Military Committee at Leangkollen Security Conference: “by preparing we ramp up our resilience and our deterrence”

Source: NATO

On 6 February 2024, the Chair of the NATO Military Committee, Admiral Rob Bauer, delivered a speech at the Leangkollen Security Conference in Oslo, Norway, emphasizing that NATO has entered a new era of collective defence.

Admiral Bauer said that we face the most dangerous world in decades as the rule-based international order is under unimaginable threat. The Admiral stipulated that the prevention of war should be a whole-of-society event, “if we prepare, we ramp up our resilience, we ramp up our deterrence, and we minimise the chance of an adversary ever attempting to start conflict”. He added that NATO has undergone unprecedented change at an unprecedented pace. A prime example is the Finnish and soon-to-be Swedish accession to the Alliance, which bolsters security on NATO’s Northern Flank.

Admiral Bauer noted that Exercise Steadfast Defender is now underway, the largest NATO exercise in decades, with approximately 90.000 forces from all 31 Allies and Sweden, aimed at testing the new defence plans of the Alliance. He emphasized that Steadfast Defender is one of many steps NATO is taking to ensure that the new defence plans are fully executable.
In his speech, Admiral Bauer also underlined the importance of Article 3 of the Washington Treaty, that every Ally must be able to defend itself. He said Article 5 can only be effective if Article 3 is firmly in place.

As NATO turns 75 this year, Admiral Bauer highlighted that throughout its history NATO has demonstrated an unparalleled ability to unite, adapt and protect. Underscoring that in this new era of collective defence, that ability is crucial: “At a time when global security threats are multiplying and our values are under attack, we need a shield against aggression more than ever”, he added.

Hosted by the Norwegian Atlantic Committee, the Leangkollen Security Conference brings together international and Norwegian researchers and senior officials to address defence, foreign, and security policy issues. The headline of this year’s conference was “NATO 75, Past, Present and Future.”

While in Olso, Admiral Rob Bauer also met with the Norwegian Minister of Defence, Bjørn Arild Gram and Norwegian military leadership. Admiral Bauer highlighted the important role Norway is playing in the North and the European High North as well as its contributions to reinforcing NATO’s Nordic defences. Next month, Norway will be hosting exercise Nordic Response, a part of Steadfast Defender 24, gathering over 20,000 soldiers from at least 14 countries, to train in northern Norway, Sweden and Finland, on land, in the air and at sea.

Posted on

Major blow to Albanian drug trafficking network: 59 arrests across Europe

Source: Europol

Initial investigations against the OCG were launched in 2019 by the Public Prosecutor’s Office (PPO) of Florence – District Antimafia Directorate. From January 2020, the Italian and Albanian authorities of the Special Anti-Corruption Structure (SPAK) in Tirana contacted Eurojust to coordinate cross-border judicial cooperation against this complex network. It operated from both Albania and Italy, transporting drugs by car to…

Posted on

Joint Statement on Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities

Source: Europol

Following the initial disclosure of two vulnerabilities at the beginning of January, two additional vulnerabilities were disclosed on 31 January 2024, which impact all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateway products and make it possible for attackers to run commands on the system. Broader exploitation of the initially disclosed vulnerabilities had been observed already as…

Posted on

General Timothy D. Haugh takes lead of USCYBERCOM and NSA/CSS

Source: National Security Agency NSA

FORT MEADE, Md. – General Timothy D. Haugh, U.S. Air Force, assumed command of U.S. Cyber Command (USCYBERCOM) and the National Security Agency (NSA)/Central Security Service (CSS) on February 2, 2024, during a change of command, directorship, and responsibility ceremony at USCYBERCOM/NSA/CSS Headquarters. The ceremony marked the transition of leadership from General Paul M. Nakasone, U.S. Army, to General Haugh.
 
“I am honored to begin my role as Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service,” General Haugh said. “Having served in both USCYBERCOM and NSA, I have seen our workforce do incredible things on behalf of the nation, creating a unique advantage that has kept us ahead of our adversaries.  I have full confidence in our ability to achieve our goals, because I know that the people of the USCYBERCOM and NSA/CSS are standing ready to tackle any challenge that comes their way.”
 
The change of command ceremony is a time-honored tradition symbolizing the transfer of authority and responsibility for military units, often marked by the exchange of flags. Deputy Secretary of Defense Kathleen H. Hicks and Director of National Intelligence Avril D. Haines presided over the ceremony, which was attended by senior military and civilian leaders, as well as distinguished guests and family members.
 
General Haugh’s career is a testament to the unique talents that are necessary for a leader in the cyber and intelligence domains. Ever-evolving, transnational threats require a swift strategist who excels across the full spectrum of cybersecurity operations and who has the diplomatic skills to navigate the domestic and foreign partnerships necessary to defend the nation. A leader of USCYBERCOM, the NSA, and the CSS also needs sharp technical wisdom to anticipate the next cyberattack.
 
General Haugh has a deep background in cyber operations and intelligence, having served in leadership positions at Sixteenth Air Force, Air Forces Cyber, the Joint Force Headquarters-Cyber, and in the Intelligence Community, where he worked closely with the NSA while on multiple tours.
 
Upon his confirmation, Director Haines issued a statement lauding General Haugh’s experience and service.
 
“He also has a tremendous reputation as a man of integrity and a manager who cares about his workforce,” Director Haines said. “I am grateful to him for taking on this critically important leadership role in our Intelligence Community and very much look forward to working with him in his new position.”
 
While the ceremony welcomed General Haugh to a new leadership role, it also marked a significant transition for General Nakasone’s career as his exemplary service comes to end, and his retirement marks the beginning of the next chapter of his life.
 
General Nakasone has served as Commander, USCYBERCOM and Director, National Security Agency/Chief, Central Security Service (NSA/CSS) since May 2018. Leading a historic transformation, Nakasone’s legacy stretches far beyond simply commanding USCYBERCOM.
 
In 2018, General Nakasone steered the organization through a critical inflection point, taking the helm as it ascended to the prestigious status of a unified combatant command. This historic elevation signified a new era for both USCYBERCOM and military cyber operations, granting the organization heightened autonomy and resources to confront the ever-evolving threats in cyberspace. General Nakasone’s leadership proved instrumental in this groundbreaking transformation, laying the foundation for USCYBERCOM’s current prominence on the global cybersecurity stage.
 
The close teamwork between USCYBERCOM and NSA/CSS, which began with the Russia Small Group, matured under General Nakasone on nearly every endeavor, and allowed the two organizations to effectively navigate an evolving threat landscape. He leaned on both workforces’ expertise to meet the rise of China as the nation’s greatest strategic competitor, rapidly respond to Russia’s invasion of Ukraine, and provide essential intelligence for events in the Middle East. Prioritizing external partnership and innovation, he greatly expanded the cybersecurity mission, established the unclassified Cybersecurity Collaboration Center, and announced the formation of the Artificial Intelligence Security Center.
 
“I am most proud that USCYBERCOM, and particularly NSA/CSS, have maintained the trust and confidence of the American people,” General Nakasone said. “I believe our collective actions across our SIGINT, cybersecurity and cyberspace operational missions have demonstrated to our people that we are worthy of this trust.”
 
A highly decorated officer with extensive experience in intelligence and cyber operations, he served in command and staff positions across all levels of the Army throughout his distinguished career. General Nakasone reflected on his service as he retired from the military.
 
“Stepping down after 37 years of service fills me with immense pride and deep satisfaction,” General Nakasone said. “Leading the incredible men and women of USCYBERCOM, NSA, and CSS has been the honor of my lifetime. Together, we have navigated a dynamic cyberspace landscape, evolving our operations and safeguarding our nation against ever-escalating threats. While I bid farewell to active duty, I look forward to spending time with my family and reflecting on the legacy we have built together.”