Category: ukraine

Eurovision Song Contest has experienced multiple numbers of cyber threats from Russian Federation and the reason is that Ukraine had fair enough of chances to win the competition through Kalush Orchestra.

Killnet hacking group that is being funded by Kremlin was assigned the duty to disrupt the servers of Eurovision to block Ukraine winning all the accolades. As Moscow has been banned from participating in the contest because of its invasion on the Zelenskyy led nation from February 2022, Killnet was assigned digitally by bringing down the whole of the contest.

After winning the semi-finals in Italy, Karun Orchestra was aiming for a win in the finale as it will not only give a morale boost to all the participants, but will bring in a lot of cheers into the populace of Ukraine who are currently busy battling with the soldiers of Putin.

The IT Company that has been assigned the task to looking into the digital operations of the online voting systems related to the singing contest have declared it officially, that they were registering fake web traffic onto their website and it could be a resultant of the constant Ddos threats emerging from hackers working for Russian Intelligence.

Good news is that the command center neutralized all such attacks, as they were already prepared to counter such attacks proactively.

On May 14th, 2022 Eurovision Singing Contest was held in Turin, Italy and the Kalush Orchestra from Ukraine won the title for its incredible song titled “Stefania”. Thus, with the latest achievement, Ukraine joined the list of countries that won the singing contest for the third time, i.e. in 2004, 2016 and in 2022.

 

The post Russia launched multiple cyber attacks on Eurovision Song Contest appeared first on Cybersecurity Insiders.

Russia is not only indulging in a physical war with Ukraine, but has been consistently attacking it on a digital note via cyber attacks. But thankfully, God and Google seem to be on the side of Ukrainians, as the former has been saving most of them from the physical war, while the latter has been busy saving the nation from digital assaults.

Google’s Threat Analysis Group released a report on this note saying countries like North Korea, China, and Iran were also trying to use the situation by targeting the critical infrastructure of Ukraine. And the motive is simple, to check for susceptibilities in the critical infrastructure and to pass on the information to allies for more exploitation.

In March this year, the Alphabet Inc’s subsidiary issued an alert to CISA that many state-sponsored attacks were being targeted at the United States as it was supporting Ukraine in the war in all forms. Cozy Bear aka Fancy Bear is the state-sponsored group that was found targeting power stations and nuclear reactors in and around Ukraine.

The Biden-led nation knows well how to deal with the situation. But Ukraine needs help on this note, as many of its tech engineers are out of their jobs as they are busy saving the nation or their families.

For this reason, Russia assigned launching phishing attacks against the “Curious George” group against military, logistics, and manufacturing organizations in Ukraine, while its Ghostwriters group was seen sending phishing emails to innocent individuals by spoofing Google Drive and OneDrive websites and luring them to disclose their online service credentials.

Google is not only helping the people of Ukraine by protecting them from cyber attacks, but also assisting them on humanitarian grounds. As it has so far donated $45 million in donations and grants to the International Rescue Committee that is supervising the social work activities in Ukraine, especially in Kyiv and Mariupol.

 

The post Google is protecting Ukraine from State Sponsored Cyber Attacks of Russia appeared first on Cybersecurity Insiders.

Microsoft has issued a serious warning to companies serving the healthcare sector in the United States and Ukraine. And the alert is related to a wiper malware that has the potential to disrupt the IT infrastructure on an entire network.

John Riggi, the National Advisor for Cybersecurity at the American Hospital Association, said that the danger was currently lurking in the darkness and could hit its target soon.

Riggi mentioned a 2017 Wannacry Ransomware Attack on companies across the globe and said that such an attack is due to be launched by Russian hackers in the coming weeks and it can be much more disastrous than what it proved in the past.

Russia has started a hybrid war of attack on Ukraine on the ground, through the air, on water, and on the digital front and is leaving no stone unturned to win the battle.

Healthcare sector will be its primary target as it wants the Zelensky-led nation to knees within no time and surrender to its forces.

Russian hackers will also aim at the healthcare sector operating in the Biden-led nation as it is offering open support to Ukraine by sending funds, ammunition, and essentials to keep the military and civilians in Ukraine sustained.

If all these instances fail, then Putin might plan to take down Ukraine and its allies with Nuclear power and for that reason the President of the Russian Federation is always seen carrying a black-colored box with him that has the red button to launch nuclear bombs on western countries.

 

The post Wiper malware threat to the healthcare sector in US and Ukraine appeared first on Cybersecurity Insiders.

Microsoft’s Digital Security Unit has confirmed that Russian cyber attacks on Ukraine were timed in such a way that they coincided with the timing of military strikes. The American technology giant stated the attacks were timed just before military attacks to either weaken the target digitally or to double strike it in such a way that it never recovers from the assault.

A report released by the Digital Security Unit owned by the Windows giant states the two major attacks hitting a television broadcaster and a nuclear power plant in the first week of March were crafted to down the morale of the Ukraine, President Zelensky and his Ministers.

The plan was to strike the region’s critical infrastructure and the military strength both at a time.

It was a pre-planned war as the digital attacks emerged in early 2021 and were launched by Nobelium and Strontium group to access the digital strength of government and private companies serving the critical infrastructure.

After the war started on February 24th, 2022, Kremlin involved two other groups in cyber attack campaigns. First, it was the Iridium group that was assigned spreading disinformation by stealing info from government networks and leaking their projects to the world. Second, it was Bromine, whose primary duty was to infiltrate nuclear facilities of Ukraine and take control of servers, thereafter customizing them to run on the commands of Vladimir Putin.

Microsoft recommends companies to install endpoint detection and response solutions having potential to identify and remediate intrusions having malicious intent.

 

The post Microsoft confirms Russian Cyber Attacks on Ukraine coincided with Military Strikes appeared first on Cybersecurity Insiders.

Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war:

At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating. However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions.

[…]

Threat groups with known or suspected ties to the GRU have continuously developed and used destructive wiper malware or similarly destructive tools on targeted Ukrainian networks at a pace of two to three incidents a week since the eve of invasion. From February 23 to April 8, we saw evidence of nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.

Microsoft released a press update last week that it has stopped a hacking group linked to Russian GRU military unit from targeting Ukraine’s critical infrastructure and some dignitaries and think tanks linked to United States.

The company seems to spy on the activities that are taking place on all Windows machines operating in the Putin led nation. But it already announced that it will withdraw sales and support from Russia, as it lodged an illogical and inhuman war invasion into Ukraine.

Tom Burt, the Corporate Vice President serving for customer security and Trust of Microsoft announced that the hacking group in discussion is Strontium and it has been spying on Ukraine’s digital infrastructure from the past few months, way before the war between Russia and Ukraine started i.e. in the early hours of February 24th, 2022.

Meanwhile, in another analysis conducted and released by security researchers from ESET, a new malware named Industroyer2 was seen infecting the IT infrastructure of Ukraine’s energy suppliers.

An alert was issued by ESET to the Computer Emergency Response Team (CERT) of Ukraine and is believed that the malware is being spread by Sandworm APT Group to create a blackout in the Kiev, the capital of Ukraine.

Such attempts targeting Ukraine’s power firms were also seen in the year 2016 and they were linked to activities conducted by Kremlin to retaliate against the stand of Ukraine military in Donbas region.  

On April 8th, 2022 Sandworm tried to install a new version of Industroyer malware on the management systems of high voltage electrical substations across Ukraine. And the sole purpose of such activity was to trigger power outages and push the Zelensky led a nation into darkness.

 

The post Microsoft stops Russian from cyber targeting Ukraine further appeared first on Cybersecurity Insiders.

A Russian cyberweapon, similar to the one used in 2016, was detected and removed before it could be used.

Key points:

  • ESET researchers collaborated with CERT-UA to analyze the attack against the Ukrainian energy company
  • The destructive actions were scheduled for 2022-04-08 but artifacts suggest that the attack had been planned for at least two weeks
  • The attack used ICS-capable malware and regular disk wipers for Windows, Linux and Solaris operating systems
  • We assess with high confidence that the attackers used a new version of the Industroyer malware, which was used in 2016 to cut power in Ukraine
  • We assess with high confidence that the APT group Sandworm is responsible for this new attack

News article.

EDITED TO ADD: Better news coverage from Wired.

For the past three days, a group of government officials from Ukraine are getting telegram alerts urging them to look at the security of their respective accounts, as some unlawful login into their accounts was being noticed by Russia.

Highly placed sources state that the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine received an SMS about an unauthorized login from Russia.

The cybercriminals further coaxed the SMS to refer to click on the embedded link to key in critical information. And once done, the account ownership goes into the hands of the criminals who later can use it for malevolent purposes.

Ukraine intelligence attributed the attacks to a hacking group named “UAC-0094” and is 100% sure that such acts must have originated from the Russian Federation and were launched by Kremlin-backed hackers.

“It is a clear cut of phishing attack to gain credentials to launch attacks on a further note”, says Bridget Jones, an independent researcher working for a security firm in Ukraine, now taking shelter in Poland.

Ddos attacks, malware attacks, and digital attempts to compromise or disrupt the critical infrastructure are being observed from the past 40 days or since the time the war started and there seems to be no end to such fraudulent activities added Ms. Jones.

Another attack campaign that was uncovered recently by Ukraine’s Computer Emergency Response Team(CERT-UA) is about malware spread via phishing emails through government agencies. The government agency attributed the attacks to Armageddon, a Russia-based threat actor working closely with FSB.

Historically speaking, Armageddon was also found compromising Latvian government officials with malware spread through phishing attacks.

And the research carried out by the cobalt strike states that the same threat actor was also behind the spread of GraphSteel, GrimPlant, HeaderTip, LoadEdge, and Spectr malware installed after exploiting Cobalt Strike vulnerability.

 

The post Ukraine now faces cyber threats through Telegram messages appeared first on Cybersecurity Insiders.