A new worm that spreads via USB sticks is infecting computers in Ukraine and beyond.
The group—known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm—has been active since at least 2014 and has been attributed to Russia’s Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn’t care to. Its espionage-motivated campaigns targeting large numbers of Ukrainian organizations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware that aims to obtain as much information from targets as possible.
One of those tools is a computer worm designed to spread from computer to computer through USB drives. Tracked by researchers from Check Point Research as LitterDrifter, the malware is written in the Visual Basic Scripting language. LitterDrifter serves two purposes: to promiscuously spread from USB drive to USB drive and to permanently infect the devices that connect to such drives with malware that permanently communicates with Gamaredon-operated command-and-control servers.
Louisiana vehicle owners’ data was leaked in a massive cyber-attack
A massive cyber-attack has exposed the personal data of Louisiana vehicle owners, marking what appears to be the largest breach in the history of the U.S. automotive industry. According to a report in The Guardian, Clop Ransomware hackers gained access to the data of over 6 million Louisiana residents in August of this year. Now, they threaten to leak this stolen information unless their demands are met promptly.
The attack is said to have originated in Russia, where the hackers infiltrated and pilfered a wide range of personal information, including names, addresses, social security numbers, vehicle registration dates, driver’s license details, dates of birth, height, eye color, gender information, and even car ownership details.
The Clop ransomware group, hailing from Russia, has publicly stated their intent to release more of the data they obtained from the Louisiana Department of Transportation and Development’s database if their demands are not addressed swiftly.
Royal Family Website taken down by Killnet
In a separate incident, the Royal Family Website came under attack, reportedly orchestrated by pro-Kremlin hackers in Moscow. This assault was carried out through a distributed denial of service (DDoS) attack, seemingly in response to Britain’s condemnation of Russia’s actions in Ukraine.
While the Palace administration did acknowledge the disruption of their website, they refrained from officially categorizing it as a state-funded cyber attack in the form of a DDoS attack. According to our sources in Cybersecurity, the website was inaccessible for approximately 3 hours before being restored to normalcy, a process that took over 45 minutes.
A subsequent report in The Telegraph shed light on the incident, linking it to state-funded hackers. They published a screenshot from a Telegram resource named ‘Killmilk,’ purportedly the owner of Killnet, who claimed responsibility for the attack on behalf of the Soviet Intelligence Agency.
It is noteworthy that this digital assault occurred just two weeks after King Charles publicly voiced his support for Ukraine, stating, “Ukraine must prevail.”
The post Cyber Attack on Louisiana Vehicle Owners data and Royal Family Website crash by Russia appeared first on Cybersecurity Insiders.
Over the past 48 hours, media outlets have been abuzz with reports of Russian cyber-attacks targeting government websites. However, what remains shrouded in relative obscurity is a puzzling incident involving more than 20 passenger trains being abruptly immobilized, sparking public unease.
According to verified sources, a seemingly straightforward radio signal effectively halted all railway operations, unveiling a previously undisclosed hack that triggered the emergency stop mechanism.
Delving deeper, it emerges that all train services operating within Poland and globally are equipped with an emergency stop feature that can be initiated via a remote radio command originating from a nearby transit station. Yet, it’s important to note that specialized equipment is required to enact such commands, as these actions are carried out under meticulous technical oversight.
However, malevolent cyber actors have managed to seize control of the command station using an easily accessible $30 device obtainable online with just a single click. This device is capable of emitting three VHF tones at the frequency of 150.100 megahertz.
Authorities from Polish Intelligence divulge that these hackers harnessed this equipment to forcibly halt both freight and passenger trains on the 25th and 26th of August this year.
Compounding the intrigue, the compromised control servers were overtaken by a Russian national anthem and snippets from Vladimir Putin’s speeches. This conspicuous turn of events has incited suspicions that point towards Moscow and its associated Kremlin intelligence.
Given that Poland’s railway infrastructure plays a pivotal role in supplying essential resources and military equipment to Ukraine, it is plausible that Russia may have directed these rail-based cyber assaults at the NATO-affiliated nation. Such calculated attacks have disrupted the transit networks significantly and triggered concerns that could potentially destabilize the Polish government as a whole.
Acknowledging the gravity of the situation, Poland’s National Transportation Agency has pledged to enhance the communication systems and digital networks of its transit systems by the year 2025.
The post Criminals hack radio commands to stop Poland Trains appeared first on Cybersecurity Insiders.
Turns out that it’s easy to broadcast radio commands that force Polish trains to stop:
…the saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as $30 of off-the-shelf radio equipment can broadcast the command to a Polish train—sending a series of three acoustic tones at a 150.100 megahertz frequency—and trigger their emergency stop function.
“It is three tonal messages sent consecutively. Once the radio equipment receives it, the locomotive goes to a halt,” Olejnik says, pointing to a document outlining trains’ different technical standards in the European Union that describes the “radio-stop” command used in the Polish system. In fact, Olejnik says that the ability to send the command has been described in Polish radio and train forums and on YouTube for years. “Everybody could do this. Even teenagers trolling. The frequencies are known. The tones are known. The equipment is cheap.”
Even so, this is being described as a cyberattack.