Category: russia

Deutsche Flugsicherung (DFS), based in Langen, Frankfurt, has recently experienced a cyber attack that had a minimal impact on its operations. As Germany’s Air Traffic Control agency, DFS has confirmed that its critical operations remained unaffected due to a robust business continuity plan.

Bayerischer Rundfunk, Munich’s official TV and radio broadcaster, has reported that the attack was carried out by a state-sponsored actor. Initial investigations have traced the attack to APT28, a notorious Russian hacking group also known as Strontium, Blue Delta, Pawn Storm, and Fancy Bear. This group was previously implicated in the 2015 cyber attack on the Bundestag.

Since 2007, this threat group has targeted various government, private, and military agencies. Notably, they were involved in the 2016 U.S. elections, which resulted in Donald Trump’s election as the 58th President of the United States.

Germany has faced an increase in cyber attacks, particularly since its support for Ukraine in the conflict with Russia. Reuters reports that Germany is now the third most targeted nation by Russian adversaries, following the United States and Australia.

In related cyber incident news, Bitkom, Germany’s leading digital association, has released a survey indicating that digital sabotage cost German companies approximately 267 billion euros in 2023—a 29% increase from 2022.

The survey highlights that about 70% of the affected companies were targeted by major cybercrime groups, leading to data theft, operational disruptions, and, in some cases, company closures due to data loss and subsequent legal issues.

Interestingly, China has emerged as the top adversary in terms of cyber threats to Germany, with Russia holding the second position.

The post Russia APT28 Cyber Attacks German Air Traffic Control appeared first on Cybersecurity Insiders.

A Spanish defense firm, Santa Barbara Systems, recently fell victim to a cyberattack allegedly originating from Russia. Reports suggest that the motive behind this attack was to disrupt support for Ukraine’s President, Volodymyr Zelenskyy.

Amidst the prolonged conflict between Kyiv and Moscow, spanning into its third year, Vladimir Putin appears to be growing increasingly impatient. With an estimated 500,000 Russian casualties in the ongoing war, Putin’s resolve seems to be wavering.

In response to international support for Ukraine, various hacking groups sympathetic to Putin have been mobilized to launch cyber campaigns targeting nations deemed adversarial to Moscow.

Santa Barbara Systems, a subsidiary of General Dynamics, found itself in the crosshairs due to its planned supply of Leopard tanks to Ukraine. These tanks possess formidable capabilities, capable of wreaking havoc on enemy territories within a matter of days. The scheduled delivery prompted a Russian hacking group to breach the ammunition supplier’s web servers, resulting in the disruption of its official website.

However, such retaliatory cyber actions seem counterproductive. Engaging in cyber warfare against nations like Germany, Poland, and Spain serves no meaningful purpose. Instead, diplomatic efforts should be prioritized to pursue peace, benefiting the populations of both sides. War and digital aggression only yield bloodshed, economic downturns, and long-term underdevelopment.

Meanwhile, a hacking collective known as the NoName Hacking Group has claimed responsibility for a DDoS attack on the servers of a defense factory supplying battle tanks to Ukraine. However, they clarified that their intention was not to gather intelligence or steal data.

Despite the cyber tumult, Spain remains committed to supporting Zelenskyy’s administration. The country has pledged over 1 billion Euros in funding and promised to supply 19 refurbished Leopard 2A4 Tanks to bolster Ukraine’s defense capabilities.

The post Spain defense company servers hacked appeared first on Cybersecurity Insiders.

A group known as the Cyber Army of Russia Reborn (CARR) has issued a stark warning, asserting its capability to breach United States water facilities and unleash chaos. This ominous declaration was accompanied by details shared on Telegram, showcasing their control over a water tower that resulted in overflow.

Located in Muleshoe, a US drinking water facility in Texas and serving approximately 5,000 residents near the New Mexico border became a target of CARR’s hacking prowess earlier this year. The facility’s automation rendered it vulnerable, allowing CARR, allegedly supported by the Russian government, to manipulate its systems. The consequence was an hour-long overflow, prompting an emergency declaration and impacting the surrounding area reliant on this vital fresh water source.

While awaiting confirmation from the White House’s vigilance committee, if verified, this incident would mark a historic milestone as the first publicly acknowledged hack on North America’s critical infrastructure by Russia. Notably, it would follow similar cyber intrusions attributed to China and Iran.

Speculation linking CARR to the breach gains traction, with past exploits including disrupting the South Korea Olympics Opening Ceremony in 2018 and infiltrating the Chernobyl nuclear plant in 2017. The motive behind targeting water, nuclear, and power facilities remains unclear. However, security experts caution that such groups aim to exploit vulnerabilities for intelligence gathering and sow political discord domestically and internationally.

In light of these threats, stakeholders responsible for critical infrastructure must adopt proactive measures to mitigate risks and safeguard against potential disruptions.

The post Russian cyber forces cyber attack water tower just to make it overflow appeared first on Cybersecurity Insiders.

Russia implemented a sweeping ban on Microsoft Cloud services on March 20th, with plans to extend the prohibition to Google and Amazon web services in the coming weeks. While security analysts cite national security concerns as the primary motive, trade experts suggest it’s a retaliatory measure against sanctions imposed on the country on December 18, 2023, particularly in response to restrictions from the European Union that passed their March 20, 2024 deadline.

The ongoing conflict between Ukraine and Russia has exacerbated economic challenges for both nations, leading to soaring inflation and depletion of essential commodity reserves. Russia faces additional hurdles in procuring imported goods, with only India, Pakistan, and China offering any significant support.

Russian IT firm Softline has advised users of Microsoft, Google, and Amazon services to store their data on local servers. Additionally, they cautioned customers to utilize online services endorsed by the Kremlin for data storage and access.

Notably, Moscow previously halted the renewal of Microsoft 365 subscriptions in August 2023 amid escalating tensions with Western nations.

To fill the void left by Google, Russia has bolstered its domestically developed Yandex search engine and repositories. The Kremlin is also developing the “Sovereign Internet” project, aimed at monitoring citizen interactions with the West. Currently in beta testing, the service is geared towards both business and home users and operates under government surveillance.

The Russian Foreign Intelligence Service (SVR RF) has defended the ban on Western tech companies, citing concerns over misinformation and fake news circulating online, which they argue have strained relations between the Russian Federation and the White House of the United States.

The post Russia bans Microsoft followed by Amazon and Google appeared first on Cybersecurity Insiders.

Ukraine claims its hackers have gained possession of "the information security and encryption software" used by Russia's Ministry of Defence , as well as secret documents, reports, and instructions exchanged between over 2,000 units of Russia's security services. Read more in my article on the Hot for Security blog.

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives.

Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.

This is nutty. How does a “legacy non-production test tenant account” have access to executive e-mails? And why no try-factor authentication?