The Secret Service Hunt for LLM-Enabled Malware

13723612478?profile=RESIZE_400xThe US Secret Service on 23 September reported it has foiled what appears to be a sophisticated plot for cyber-espionage and disruption of mobile networks in New York at a time when more than 100 heads of state and governments and foreign ministers are in the city for the UN General Assembly’s leaders’ session.

In a statement, the Secret Service said that the agency recovered more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites in New York tristate area.  The agency said that the discovery was made as part of a broader investigation into telecommunications-related against senior US government officials, which represented an imminent threat to the agency’s protective operations.[1]

Cyber espionage refers to the use of computer networks to gain illicit access to confidential information, typically for strategic, political, or economic advantage.  In this case, the foiled plot highlights how cybercriminals are increasingly targeting telecommunications infrastructure and high-profile events, aiming to intercept sensitive communications or disrupt critical operations.  Such activities often involve sophisticated tools, including the deployment of SIM servers and fraudulent SIM cards, which can be used to impersonate legitimate users and bypass security protocols.  While no mobile disruption had been made, the network under investigation carried out anonymous telephonic threats, the agency said without specifying.

By law, the US Secret Service oversees the security of visiting heads of states and governments.  It is also the lead agency that heads and coordinates the massive security operations for the UNGA leaders’ session, that includes several thousands of personnel from a host of agencies, such as the Secret Service, FBI, New York Police Department, Diplomatic Security Service, US Coast Guard, and state and federal emergency and aviation services.

The devices that were discovered could be used to conduct a wide range of telecommunications attacks, such as disabling cell phone towers, enabling denial of services attacks, and facilitating anonymous, encrypted communication between potential criminals and terrorists, the Secret Service said.

One official told The New York Times (NYT) that the network could send up to 30 million text messages per minute anonymously.  The official added the agency had never seen such an extensive operation.

In case of a security incident, or any emergency, such a network could have disrupted mobile networks, making 911 emergency service potentially inaccessible to people and compromising emergency and security services response to situations, the newspaper reported.  The Secret Service will continue to investigate to determine whether the plot was directed at the United Nations General Assembly (UNGA) gathering, said Matt McCool, the top agent at the Secret Service’s New York field office, as per the NYT.  “We will continue working toward identifying those responsible and their intent, including whether their plan was to disrupt the UN General Assembly and communications of government and emergency personnel during the official visit of world leaders in and around New York City,” said McCool.

State-sponsored espionage suspected - While officials have not named any group, either state-backed or private, observers have said that such sophistication suggests state-backed espionage was behind this plot.

The operation appeared to be sophisticated and costly and instincts say it would be a case of espionage, Anthony J Ferrante, the global head of the cybersecurity practice at FTI, an international consulting firm, told The Times.  Only a few countries in the world, such as Russia, China, and Israel, can pull off this kind of an operation, James A. Lewis, a cybersecurity researcher at the Center for European Policy Analysis, told the newspaper.

This article is shared with permission at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a Notification and a Tier I Mitigation service (RedXray) or an analysis service (CTAC).  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://register.gotowebinar.com/register/5207428251321676122

[1] https://www.firstpost.com/world/us-secret-service-foils-plot-to-disrupt-mobile-network-amid-un-general-assembly-session-13936276.html

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!