therecord.media
Open in
urlscan Pro
2606:4700::6812:1c78
Public Scan
URL:
https://therecord.media/virustotal-user-email-addresses-leaked-google-military-intelligence
Submission: On July 19 via api from TR — Scanned from DE
Submission: On July 19 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
<form><span class="text-black text-sm icon-search"></span><input type="text" name="s" placeholder="Search…" value=""><button type="submit">Go</button></form>Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. Accept * Leadership * Cybercrime * Nation-state * People * Technology * Mobile App * About * Podcast * Contact Go SUBSCRIBE TO THE RECORD Subscribe Alexander MartinJuly 18th, 2023 * News * Technology * Industry * Government * * * * * Get more insights with the Recorded Future Intelligence Cloud. Learn more. GOOGLE EXPOSES INTELLIGENCE AND DEFENSE EMPLOYEE NAMES IN VIRUSTOTAL LEAK Hundreds of individuals working for defense and intelligence agencies globally have had their names and email addresses accidentally exposed by an employee at Google’s malware scanning platform VirusTotal. The online service lets organizations upload suspected malware to be checked against a range of anti-virus tools. VirusTotal then shares these files with the security community, creating a library of malware signatures to help cybersecurity professionals detect attempted attacks and develop threat intelligence. But a list of 5,600 of the repository’s customers also was uploaded, accidentally, to the platform itself, as first reported on Monday by Der Spiegel. The list, which has been seen by Recorded Future News, identifies individuals affiliated with U.S. Cyber Command and the National Security Agency, as well as with the Pentagon, the FBI, and a number of U.S. military service branches. From the United Kingdom, it contains the names of a dozen Ministry of Defence personnel as well as emails belonging to staff at the CERT-UK function of the National Cyber Security Centre, a part of GCHQ. Keeping with GCHQ’s email format, the NCSC emails include only an initial for each users’ surname. Full names are recognisable in the email addresses belonging to specialists working at the MoD, as well as at the Cabinet Office, the Nuclear Decommissioning Authority, and the Pensions Regulator. The primary concern among the affected organizations, which also include numerous private sector users of the Virus Total platform, is the potential for the leaked emails to be targeted in phishing attempts. The leak includes emails for ministries in Germany, Japan, the United Arab Emirates, Qatar, Lithuania, Israel, Turkey, France, Estonia, Poland, Saudi Arabia, Colombia, the Czech Republic, Egypt, Slovakia and Ukraine. A spokesperson for Google told Recorded Future News: “We are aware of the unintentional distribution of a small segment of customer group administrator emails and organization names by one of our employees on the VirusTotal platform. “We removed the list from the platform within an hour of its posting and are looking at our internal processes and technical controls to improve our operations in the future,” they added. The list groups emails by the enterprise customer accounts they are connected to. It reveals some military personnel are using email providers other than those connected to official domains as part of their threat intelligence work, with personal accounts registered to Gmail, Hotmail, and Yahoo. Spokespeople for organizations impacted by the leak told Recorded Future News they considered it a low-risk incident. The Ministry of Defence, which accounts for almost half of the emails associated with the gov.uk domain, said: “We are aware of a data breach from a third party involving the details of MoD employees. None of the data was sensitive and all details have now been removed.” The National Cyber Security Centre is understood to be aware of the leak and unconcerned about its potential impact. A spokesperson for the Nuclear Decommissioning Authority (NDA) said: “Employee email addresses may be available in the public domain for a variety of reasons, which is why we provide ongoing training and awareness for staff of the risks associated with phishing emails.” The Pensions Regulator told Recorded Future News: “We take cyber security extremely seriously and have controls in place to prevent malicious emails from infiltrating our systems.” * * * * * Tags * VirusTotal * Google * data leak * military * Law enforcement * intelligence agency ALEXANDER MARTIN Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative. Previous articleNext article Cybersecurity labeling program for internet-connected devices to be launched next year, White House says Germany’s new cyber chief to ‘intensify and focus’ work shaping European rules BRIEFS * Russian medical lab suspends some services after ransomware attackJuly 18th, 2023 * Legislators: HHS is failing to adequately protect health records from law enforcementJuly 18th, 2023 * Ukraine police bust another bot farm accused of pro-Russia propaganda, internet fraudJuly 18th, 2023 * Google fixes ‘Bad.Build’ vulnerability affecting Cloud Build serviceJuly 18th, 2023 * Alleged Ukrainian scareware developer arrested after a decade on the runJuly 17th, 2023 * By criminals, for criminals: AI tool easily generates ‘remarkably persuasive’ fraud emails July 17th, 2023 * Honeywell, CISA warn of ‘Crit.IX’ vulnerabilities affecting manufacturing toolsJuly 14th, 2023 * Hackers target Pakistani government, bank and telecom provider with China-made malwareJuly 14th, 2023 * Belarus-linked hacks on Ukraine, Poland began at least a year ago, report saysJuly 13th, 2023 PUTIN’S POTENTIAL SUCCESSORS PART 2: ALEKSEY DYUMIN Putin’s Potential Successors Part 2: Aleksey Dyumin CHINA'S TARGETING OF INTERNATIONAL COMPANIES IN GEOPOLITICAL COMPETITION China's Targeting of International Companies in Geopolitical Competition THE ESCALATING GLOBAL RISK ENVIRONMENT FOR SUBMARINE CABLES The Escalating Global Risk Environment for Submarine Cables NORTH KOREA’S CYBER STRATEGY North Korea’s Cyber Strategy BLUEDELTA EXPLOITS UKRAINIAN GOVERNMENT ROUNDCUBE MAIL SERVERS TO SUPPORT ESPIONAGE ACTIVITIES BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities * * * * * Privacy Policy © Copyright 2023 | The Record from Recorded Future News