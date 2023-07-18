



Hundreds of individuals working in defense and intelligence agencies around the world had their names and email addresses accidentally exposed by employees of Google’s malware scanning platform VirusTotal.

This online service allows organizations to upload suspected malware and check it against various antivirus tools. VirusTotal then shares these files with the security community to create a library of malware signatures that enable cybersecurity professionals to detect attack attempts and develop threat intelligence.

But as Der Spiegel first reported on Monday, the list of 5,600 repository customers was also mistakenly uploaded to the platform itself. The list, reviewed by Recorded Future News, identifies individuals with the U.S. Cyber ​​Command and the National Security Agency, as well as the Pentagon, the FBI, and numerous branches of the U.S. military.

Those from the UK include the names of a dozen Defense Ministry officials and emails belonging to staff of the CERT-UK function of the National Cyber ​​Security Center, part of GCHQ. As per the GCHQ e-mail format, the NCSC e-mail will only contain the first initial of each user’s last name.

In addition to the Pentagon, full names can be found in the e-mail addresses of experts working for the Cabinet Office, the Decommissioning Institution, and the pension regulator.

A major concern for affected organizations (which includes many private sector users of the Virus Total platform) is the potential for compromised emails to be targeted by phishing attacks.

Exfiltration includes emails to ministries in Germany, Japan, United Arab Emirates, Qatar, Lithuania, Israel, Turkey, France, Estonia, Poland, Saudi Arabia, Colombia, Czech Republic, Egypt, Slovakia, Ukraine .

A Google spokesperson told Recorded Future News: We are aware that one of our employees unintentionally distributed the customer group administrator’s email and part of the organization name on her VirusTotal platform.

We removed the listing from our platform within an hour of its posting, adding that we are reviewing internal processes and technical controls to improve future operations.

This list groups emails by the corporate customer account to which the emails are connected. This reveals that some military personnel are using email providers other than those connected to official domains and registering personal accounts with Gmail, Hotmail, and Yahoo as part of their threat intelligence efforts. Became.

A spokesperson for the organization affected by the leak told Record Future News that it believed it was a low-risk incident.

The Ministry of Defense, which accounts for almost half of emails associated with the gov.uk domain, said: We are aware of a data breach from a third party involving details of Department of Defense personnel. No sensitive data and now all details have been removed.

It is understood that the National Cyber ​​Security Center is aware of the breach and is not concerned about its potential impact.

A spokesperson for the Nuclear Decommissioning Authority (NDA) said: Employee email addresses can be exposed in the public domain for a variety of reasons, so we do not send phishing emails to staff. provide ongoing training and awareness of the risks associated with

“We take cybersecurity very seriously and have implemented controls to prevent malicious email from entering our systems,” the pension regulator told Recorded Future News. rice field.

Read more: Alexander Martin

Alexander Martin is the editor of Recorded Future News in the UK. Previously he was Sky News’ Technology Correspondent and a Fellow of the European Cyber ​​Conflict Research Initiative.

