Category: russia

The Trump administration has told US cyber command and CISA to stop following or reporting on Russian cyber threats. Yes, Russia! That country everyone used to agree was home to lots of ransomware gangs and hackers. Hmmm... Read more in my article on the Hot for Security blog.

In recent years, media outlets across the United States have heavily reported on the rising concerns surrounding Russia, portraying it as one of the nation’s primary cyber adversaries. Over the past three to four years, Russia has been widely accused of engaging in espionage, cyberattacks, and targeting critical infrastructure in the U.S., leading to its designation as a significant national security threat.

However, last Friday, the White House issued new directives to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), officially removing Russia from the list of America’s primary cyber adversaries. This decision marks a significant shift, as the focus has now turned exclusively to China, which is now considered the sole nation posing a direct cyber threat to the United States. The decision to remove Russia from the threat radar came after discussions between CISA, the Department of Homeland Security, and the Pentagon.

While this move may come as a surprise to many, it was somewhat anticipated, especially considering the ongoing political ties between former U.S. President Donald Trump and Russian President Vladimir Putin. Trump’s cordial relationship with the Kremlin has long been a subject of scrutiny and debate, with some speculating that it might have influenced this recent decision.

With this change, CISA has now been instructed to cease monitoring or reporting any cyber threats originating from Russia, or those funded by the Russian government. However, there is still uncertainty about whether Russian-affiliated cybercriminal groups, such as the notorious ransomware gangs LockBit and Black Basta, will continue to fall under surveillance. These groups, notorious for launching ransomware attacks, have posed a significant threat to businesses across the United States, and their removal from the radar could have serious consequences for cybersecurity in the country.

Meanwhile, in Europe, Poland has taken a different stance. The Polish government recently identified Russia as its most significant cyber adversary after a Kremlin-backed cybercriminal group infiltrated the Polish Space Agency (POLSA), planting malware and stealing sensitive data. Polish officials have confirmed the attack and launched a forensic investigation to uncover the full extent of the breach.

Krzysztof Gawkowski, Poland’s Minister of Digital Communications, verified the attack and emphasized that the investigation is ongoing. The Polish government has publicly accused the Russian government of orchestrating the cyberattack, arguing that it was part of a broader effort to destabilize the country’s political and economic interests. Poland’s strong support for Ukraine, particularly in providing military and humanitarian aid, has made it a key target for the Kremlin. The cyberattack is seen as an attempt to retaliate and undermine Poland’s role in the ongoing conflict between Russia and Ukraine.

This situation underscores the growing importance of cybersecurity on the global stage and highlights the diverse approaches different nations are taking in response to cyber threats. As the United States shifts its focus toward China, Europe, particularly Poland, remains resolute in its stance against Russian cyber aggression, revealing the complex and evolving nature of international cyber conflict.

The post Russia not a cyber threat to the United States appeared first on Cybersecurity Insiders.

This isn’t new, but it’s increasingly popular:

The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it difficult to sign in using more standard forms of authentication, such as entering user names, passwords, and two-factor mechanisms.

Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account. The user opens the link on a computer or other device that’s easier to sign in with and enters the code. The remote server then sends a token to the input-constrained device that logs it into the account.

Device authorization relies on two paths: one from an app or code running on the input-constrained device seeking permission to log in and the other from the browser of the device the user normally uses for signing in.

Russia appears to be tightening its grip on Ukraine through multiple means, simultaneously escalating military attacks and launching sophisticated cyber offensives. On the military front, Russian forces are deploying ballistic missiles targeting Kyiv and surrounding regions, creating widespread destruction.

However, the attacks are not limited to the physical realm. A self-proclaimed Russian hacktivist group has also initiated major cyber attacks, targeting Ukrainian government servers that store sensitive data, including property rights and personal information about civilians.

The group, known as Xaknet Team, has claimed responsibility for the cyber assaults, and in a statement on Telegram, it declared its intent to intensify the attacks in both frequency and scale in the coming months. The group’s actions have sparked grave concerns within Ukraine’s government.

Olha Stefanishyna, the Deputy Prime Minister of Ukraine, confirmed the cyber attack, describing it as potentially the most significant external digital intrusion the country has ever experienced.

According to Stefanishyna, it surpasses even the previous cyberattack on the Chernobyl nuclear plant, which occurred after the facility was struck by Russian missiles in May 2022.

The primary aim behind these cyber attacks is clear: to sow confusion, disinformation, and panic among the Ukrainian populace. By compromising critical government infrastructure and exposing sensitive personal data, the attackers seek to undermine public trust in the government and create a sense of political instability and disarray. The long-term goal seems to be to erode national morale and create a political climate of disinterest or even distrust in President Zelenskyy’s leadership.

As the war enters its fourth year, Russia is looking for ways to counterbalance the growing international support for Ukraine, particularly from nations such as the United Kingdom, the United States, and Australia. These countries have provided crucial military, financial, and humanitarian aid to Ukraine, and Russia appears intent on suppressing this external support. This could involve intensifying military actions against these nations’ interests and increasing digital warfare aimed at destabilizing both Ukraine and its allies.

Parallel to these developments, Russia seems determined to target Ukraine’s national infrastructure in a bid to force President Zelenskyy to surrender. Cyberattacks are being used as a means to cripple key systems, including utilities and essential services, further exacerbating the country’s vulnerability in times of war.

Google’s cybersecurity division, Mandiant, has confirmed the involvement of Xaknet, which is also known by the alias “CyberArmyofRussia_Reborn.” According to Mandiant’s research, the group is being funded by the Russian Main Intelligence Directorate (GRU), which has reportedly been developing tools designed to wipe critical data.

In addition to these cyber attacks, the GRU has tasked the hacker group APT44 with launching digital invasions against Ukraine’s electrical distribution services, with the ultimate objective of causing widespread blackouts. Such disruptions would not only damage Ukraine’s infrastructure but also intensify the country’s ongoing crisis by depriving citizens of basic services.

In summary, Russia’s efforts to destabilize Ukraine have escalated in both conventional military attacks and digital warfare. As the war continues, Russia’s strategy seems to be focused on undermining Ukraine’s political stability, eroding public trust, and disrupting essential services—all in an attempt to force Ukraine into submission and to prevent further international support.

The post Russia targets Ukraine sensitive data servers with Cyber Attacks appeared first on Cybersecurity Insiders.

Stoli Group USA, the US subsidiary of vodka maker Stoli, has filed for bankruptcy – and a ransomware attack is at least partly to blame. The American branch of Stoli, which imports and distributes Stoli brands in the United States, as well as the Kentucky Owl bourbon brand it purchased in 2017, was hit by a ransomware attack in August 2024. Learn more in my article on the Exponential-e blog.

In an increasingly interconnected world, it has become a common phenomenon for hackers to orchestrate sophisticated cyber attacks targeting significant global events. The motives behind these cyber offensives often range from gaining notoriety to making a statement about pressing national or international issues. Recently, this trend manifested itself during the Russian-hosted BRICS summit, scheduled to take place in Kazan, from October 22 to 24, 2023. This pivotal gathering is set to bring together leaders from several influential countries, including China, India, Brazil, South Africa, and a few nations from the Middle East, underscoring its importance on the world stage.

As the BRICS summit approached, details emerged regarding a major cyber attack that disrupted the official website of the Russian Foreign Ministry. According to Maria Zakharova, the spokesperson for the Ministry, this incident involved a Distributed Denial of Service (DDoS) attack, which overwhelmed the site with traffic, rendering it inaccessible. Given that this assault coincided with a high-profile international event, it has drawn significant attention from the media and political commentators alike.

While the identity of the perpetrators remains uncertain, suspicions have arisen regarding a Ukrainian hacking group. Analysts suggest that this attack may be a form of retaliation, reflecting the ongoing repercussions of the conflict in Ukraine under President Volodymyr Zelenskyy’s administration. Such acts of cyber aggression not only serve to disrupt but also to send a clear message about the hardships faced by the Ukrainian populace amid the war.

In her statements, Zakharova highlighted that cyber attacks targeting Russian infrastructure are not unprecedented. However, she emphasized that the scale and intensity of this particular incident were notably severe. The apparent goal of the attack seemed to be to disrupt the live streaming services of the BRICS summit, potentially causing embarrassment to the Russian government led by President Vladimir Putin. The intent behind such actions underscores a broader trend in cyber warfare, where virtual battles can have significant implications for national pride and international relations.

For those unfamiliar with the BRICS summits, it is crucial to understand their purpose. This coalition of nations aims to showcase their achievements in trade and business while also fostering bilateral relations among member states. Political analysts often view the BRICS coalition as a counterbalance to the G7, a group comprising the United Kingdom, the United States, Japan, Italy, Germany, France, and Canada. As BRICS continues to gain prominence, the juxtaposition of these two groups reflects shifting dynamics in global power and influence.

In conclusion, the cyber attack on the Russian Foreign Ministry’s website during the BRICS summit illustrates the intersection of technology, politics, and international relations. As global events unfold, the potential for cyber warfare to influence political narratives and international diplomacy will likely continue to grow.

The post DdoS Attack on Russian Foreign Ministry during BRICS summit appeared first on Cybersecurity Insiders.

It's a case of algorithm and blues as we look into an AI music scam, Ukraine believes it has caught a spy high in the sky, and a cocaine-fuelled bear goes on the rampage. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.