Ciberseguridad en #espacio: cómo se está enfrentando Thales a los desafíos que están por llegar
On 15 November 2022, according to a Kaspersky study, North Korean hackers Lazarus are using a new version of the DTrack backdoor to attack organisations in Europe and Latin America. DTrack is a modular backdoor with a keystroke logger, screenshot logger, browser history retriever, running process spy, IP address logger, network connection information logger and more. In addition to spying, it can also execute commands to perform file operations, retrieve additional payloads, steal files and data and run processes on the compromised device. Finally, Dtrack hides in an executable that looks like a legitimate program, and there are several decryption steps before the malware payload begins. Targeted sectors include government research centres, policy institutes, chemical manufacturers, IT service providers, telecommunication providers, utility providers and education. Read more about it : here
On November 5, 2022, an unknown threat actor announced on a hacker forum on the darkweb that the German company Scm-Pc-Card and the website of Evas Schatztruhe had suffered major data breach that would have affected about 1900 users for Scm-Pc-Card, and 1400 users for Evas Schatztruhe. The stolen data includes phone numbers, physical addresses, email addresses and password hashes for Scm-Pc-Card. For Evas Schatztruhe, the stolen data includes Nicknames, Usernames, UID, User Country, User Websites, User Email and Passwords.No details are given in the claim as to how the data was obtained, but it is announced that the data will be made available online for free. The impact of this attack could be significant for the users of the companies site who thus see their data exposed, with now a risk of possible future phishing campaigns or other various attacks more serious and more malicious than the original leak. Read more about it : here and here
On 10 November 2022, the AlphV ransomware group added the French company Conforama to its list of victims. Conforama is a major European home furnishings retailer. The group claims to have stolen 1 terabyte of data, including financial documents, customer credit card data, marketing data, analytical strategies, logistics data, but also personal data of customers. The group has given Conforama 48 hours to contact them or all the data will be published and used for malicious purposes. Read more about it : here
On 8 November 2022, the cybercriminal group BlackBasta, which specialises in ransomware, claimed responsibility for an attack on the wholesale company Metro. The data they claimed to have stolen contained ID cards, agreements and passports. Metro's IT infrastructure was effectively blocked by the attack and the company was experiencing problems with in-store payments and delivery of online orders. Read more about it : here
On 15 November 2022, the pro-Russian hacktivist group KIlNet called on its affiliates to carry out a DDoS attack campaign on all possible organisations and entities in Poland and keep them inaccessible until 20 November 2022. In order to select targets, Killnet advises to perform a google search including "Online Poland, Login Poland, Poland commerce Online, Poland Health, Poland gov". Read more about it : here
On November 5, 2022, the cybercriminal group BlackByte ransomware added the Swedish company Peterson & Hansson Byggnads to the list of its victims on its website. This construction company is based in Falkenberg and the data allegedly stolen from it includes invoices, employment contracts, and other administrative documents. No details on the damage caused by the ransomware have yet been communicated, and the company's site is still accessible. However, it is possible that some systems for making appointments, orders or even the means of communication have been affected. The impact would then be significant for the image of the company. Read more about it : here
On 9 November 2022, starting at 11pm, a large-scale DDoS attack targeted the Polish website of the Institute of National Remembrance for several hours. On 10 November it was accessible again. The attack is believed to have taken down the websites linked to the Institute's homepage but spared the acrhives website. After investigation, it seems that the first attempts to attack the site failed on the morning of the 9th before resuming in the evening. Read more about it : here
On 8 November 2022, the pro-Russian hacktivist group Noname05716 claimed responsibility for a DDoS attack on the login page of the Nenetsky Institute of Experimental Biology website of the Polish Academy of Science. It is likely that this attack prevented people working at the institute from logging in for some time. This attack is part of a campaign of attacks by pro-Russian groups on Eastern European countries because of their commitment to the war in Ukraine against Russia. Read more about it : here
On 21 November 2022, the Spanish Ministry of Economy and Digital Transformation has suffered a cyber attack. Indeed, employees reportedly found that their computer equipment was acting independently of their will. This suggests that attackers were able to carry out an intrusion attack, possibly using phishing as the initial entry point, and then drop a malicious payload allowing them to control the compromised computer remotely via the SARA network. The SARA network is the internal network of public institutions that allows for the rapid exchange of data between different departments. This type of network is often easy to use and considered by employees as a safe tool that they do not need to be wary of. Therefore, it is the perfect interface for an attacker to spread a malicious payload: fast, discreet and affecting all branches of public organisations. This attack was possibly aimed at espionage or data theft, as according to the media investigating the attack, the targeted sector was the analysis department, where all economic forecasts are produced and distributed. For the moment it is not yet possible to know whether data was stolen, or who was behind the attack. Nevertheless, it is likely that the attackers were not careful in their operation, as being detected by using live interfaces of a computer in use by employees crystallises a lack of professionalism. In parallel, it is noted that during October 2022, the General Council of the Judiciary detected a cyber attack that affected the Judicial Neutral Point (JNP), the telecommunications network that connects the judicial bodies to other state institutions. Read more about it : here
On 4 November 2022, the cybercriminal group LockBit 3.0 ransomware revealed a second wave of attack claims targeting three European companies and organisations, among others. This second wave of claims follows the first one on 29 October. The companies affected are as follows: Hettich, a manufacturing company from Netherland Continental, an IT provider company from Germany Tekniplex, an industrial of advanced plastic & rubber polymer technology company, from Belgium. These four companies were added to the victims at the same time, and each has between 1 and 9 days to meet LockBit's requirements. The impact of this attack could be significant for businesses and have a high financial cost if they agree to pay the ransom. The data stolen or the status of the companies' platforms has not been disclosed, but it is assumed that some of the victims' connected work features will be unusable. Read more about it : here, here, here and here