Category: russia

Mandiant is reporting on a trojaned Windows installer that targets Ukrainian users. The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system:

Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers. The trojanized ISOs were hosted on Ukrainian- and Russian-language torrent file sharing sites. Upon installation of the compromised software, the malware gathers information on the compromised system and exfiltrates it. At a subset of victims, additional tools are deployed to enable further intelligence gathering. In some instances, we discovered additional payloads that were likely deployed following initial reconnaissance including the STOWAWAY, BEACON, and SPAREPART backdoors.

One obvious solution would be for Microsoft to give the Ukrainians Windows licenses, so they don’t have to get their software from sketchy torrent sites.

The Ukrainian army has released an instructional video explaining how Russian soldiers should surrender to a drone:

“Seeing the drone in the field of view, make eye contact with it,” the video instructs. Soldiers should then raise their arms and signal they’re ready to follow.

After that the drone will move up and down a few meters, before heading off at walking pace in the direction of the nearest representatives of Ukraine’s army, it says.

The video also warns that the drone’s battery may run low, in which case it will head back to base and the soldiers should stay put and await a fresh one.

That one, too, should be met with eye contact and arms raised, it says.

Incredible.

Foremost is the cyber attack that hit a third party IT service provider that operates most of the websites of government agencies related to New Zealand. And the most affected among them were the health services.

Cybersecurity Insiders has learnt from its sources that Te Whatu Ora-health New Zealand was targeted by threat actors resulting in a breach. And among those affected were firms related to healthcare services delivery, resulting in a delay in delivering autopsy and body scan reports.

New Zealand’s National Cyber Security Centre (NCSC) has launched a probe on this note and is suspecting the hand of foreign state hackers.

Second is the news related to Russia’s VTB Bank that has made it official that it was suffering from a cyber attack. This comes when Kremlin was thinking to intensify the potential of cyber warfare on Ukraine as it was thinking of taking control of the entire Ukraine by January 5th of this year.

Going deep into the details, the bank’s IT servers were targeted by a DDoS attack that might have been launched by Anonymous Hacking Group or by a team of pro-Ukrainian hacktivists.

Good news is that the bank suffered a temporary downtime, but recovered from the incident via a business continuity plan.

Third is the news related to a Cyber Threat Predictions report released by renowned Cybersecurity firm McAfee. It mentioned in its report that AI propelled fake news aka misinformation will top the threat charts in the coming year and will be enriched with images, videos and voices to make it look authentic.

The firm also underlined a point as a fact that cryptocurrency related scams will rise and most of them will be related to BTC because of its high value against the US dollar.

Last but not the least is the rise in attacks on devices operating on Chrome OS such as tablets and other computing devices. As most of the malware can run android apps.

 

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.

Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks.

The Trojan corrupts any data that’s not vital for the functioning of the operating system. It doesn’t affect files with extensions .exe, .dll, .lnk, .sys or .msi, and ignores several system folders in the C:\Windows directory. The malware focuses on databases, archives, and user documents.

So far, our experts have seen only pinpoint attacks on targets in the Russian Federation. However, as usual, no one can guarantee that the same code won’t be used against other targets.

Nothing leading to an attribution.

News article.

Slashdot thread.

For the past seven to eight months, we have been constantly reading or listening to Russia’s negative involvement in cybersecurity. Now, the latest that has been published by Group-IB claims Moscow’s involvement in the password stealing of over 50 million users.

Yes, according to a report compiled after analyzing over 34 telegram groups’ involvement in cybercrime, researchers from Group-IB have confirmed the involvement of hacking groups linked to the Kremlin stealing 50m passwords from about 890,000 user devices. And the report affirmed that the siphoning off credentials reportedly occurred in the first 9 months of this year.

Group-IB claims that many of the hackers were active members taking part in organized crime and were involved in automated scam-as-a-service campaigns spreading malware and espionage-related tools.

One such campaign is seen operating by spreading embedded links into popular gaming and music videos on YouTube, where victims are scammed and diverted to websites that coax customers into downloading mining software or data-stealing malware.

FYI, most of the stolen credentials were related to PayPal and Amazon, and some were related to gaming and crypto wallet-service offering websites.

Group IB’s Digital Risk Protection Team claims that the value of the stolen data could be $6 million and is urging online users to follow basic cyber hygiene while crafting passwords and securing an account with multi-factor authentication.

NOTE– Better to craft a password that has a minimum of 14 characters. It must be an alpha-numeric mixture of characters and must include 2-3 special characters. Using a 2FA such as an OTP authentication makes complete sense in securing an account from hackers.

 

The post Russia stole the passwords of 50 million users appeared first on Cybersecurity Insiders.

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian.

According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian town of Novosibirsk, where it is registered as a software company that also carries out data processing. It employs around 40 people and reported revenue of 143,270,000 rubles ($2.4 mln) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia.

On social media and in US regulatory filings, however, it presents itself as a US company, based at various times in California, Maryland, and Washington, DC, Reuters found.

What does the code do? Spy on people:

Pushwoosh provides code and data processing support for software developers, enabling them to profile the online activity of smartphone app users and send tailor-made push notifications from Pushwoosh servers.

On its website, Pushwoosh says it does not collect sensitive information, and Reuters found no evidence Pushwoosh mishandled user data. Russian authorities, however, have compelled local companies to hand over user data to domestic security agencies.

I have called supply chain security “an insurmountably hard problem,” and this is just another example of that.

Russian war with Ukraine seems to be never ending and news is now out that state sponsored threat actors have targeted about 42 countries and 128 government agencies so far that were supporting Kyiv with essentials, ammunition and finances.

United States along with the UK are urging Zelensky to conduct a dialog with Putin for peace, as they seem to be vexed with the threatening demands of the Volodymyr Zelenskyy to support his nation with $1 billion funding all throughout this year, at any cost.

Coming back to the content related to this news, EU Agency for Cybersecurity (ENISA) has revealed that governments that are supporting Ukraine in the war with Moscow were facing many cyber-attacks from state sponsored actors including zero day and vulnerability exploits, attacks on Operational technology through malware, data wiper attacks and disruption of networks of federal governments through Denial-of-service attacks.

Threats are emerging via social engineering attacks, to spread disinformation and create geo-political differences.

Almost all countries from Asia, Japan, Australia, Taiwan, are being targeted by state sponsored actors says a special study made by ENISA.

Concerningly, no victimized country can take action against Vladimir Putin and his allies, as doing so might trigger a nuclear war anytime that can lead to a doomsday.

NOTE- War between Ukraine and Russia turned gruesome at the end of a last week. Some parts of Kyiv were pushed into extreme darkness, with Kremlin launching a missile attack on energy infrastructure and supply chain. Innocent citizens were seen suffering as they have to brace the harsh winter with no help from electronic heating appliances and they are in a dilemma on when this misery is going to end. As leaders of both sides are putting their egos forward, instead of solving the crisis met by their populace, respectively. FYI, the prices of essential supplies have quadrupled for the populace of Russian federation as well- all because of the economic sanctions put forward by the west.

 

The post Russian Cyberwar targeted 42 countries that support Ukraine appeared first on Cybersecurity Insiders.

Someone's election-fiddling is uncovered with an Apple AirTag, a cyber scandal rocks Germany, and a swindler steals a fortune due to trains being delayed. All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by runZero's Chris Kirsch. Plus don't miss our featured interview with Akamai's Patrick Sullivan talking about bots in the retail sector.