Leaders’ Meetings: A Privileged Target for Hackers

Leaders’ meetings are privileged targets for nation-state attackers that launch massive offensives to gather intelligence from the ongoing events.

Let’s analyze together what has happened in concomitance with the recent meetings between President Donald Trump and the North Korean leader Kim Jong Un, as well as the Russian President Vladimir Putin.

Cybersecurity Live - Boston

Who are the top attacker countries and which kinds of ports did the hackers target?

Security experts at the F5 security firm published two very interesting reports that provide us information on the attacks that targeted the countries hosting the two meetings, Singapore and Helsinki (Finland).

Before we begin, it is important to highlight that the experts have no data to suggest the attacks against Finland and Singapore were successful.

Researchers at F5 observed a spike in the number of cyberattacks targeting Singapore during the Trump-Kim summit, which was held in the country from June 11 to June 12.

Singapore is known to not be a top attack destination, but something strange happened during the Trump-Kim meeting.

88% of overall attacks originated from Russia, and this data doesn’t surprise the intelligence analysts considering the importance of the event. According to F5 and its partner Loryka, 97% of all the attacks that originated from Russia between June 11 and June 12 targeted Singapore. This means that Russian threat actors were focused in this period in gathering intelligence on the meeting:

“From June 11 to June 12, 2018, F5 Labs, in concert with our data partner, Loryka, found that cyber-attacks targeting Singapore skyrocketed, 88% of which originated from Russia. What’s more, 97% of all attacks coming from Russia during this time period targeted Singapore.” reads the analysis published by F5 Labs. “We cannot prove they were nation-state sponsored attacks, however the attacks coincide with the day President Donald Trump met with North Korean President Kim Jong-un (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Pierluigi Paganini. Read the original post at: