Europe News

thumbnail

Noname05716 targeting Polish science academy

On 8 November 2022, the pro-Russian hacktivist group Noname05716 claimed responsibility for a DDoS attack on the login page of the Nenetsky Institute of Experimental Biology website of the Polish Academy of Science. It is likely that this attack prevented people working at the institute from logging in for some time. This attack is part of a campaign of attacks by pro-Russian groups on Eastern European countries because of their commitment to the war in Ukraine against Russia.  Read more about it : here

thumbnail

Spanish Ministry of Economy under cyber attack

On 21 November 2022, the Spanish Ministry of Economy and Digital Transformation has suffered a cyber attack. Indeed, employees reportedly found that their computer equipment was acting independently of their will. This suggests that attackers were able to carry out an intrusion attack, possibly using phishing as the initial entry point, and then drop a malicious payload allowing them to control the compromised computer remotely via the SARA network.  The SARA network is the internal network of public institutions that allows for the rapid exchange of data between different departments. This type of network is often easy to use and considered by employees as a safe tool that they do not need to be wary of. Therefore, it is the perfect interface for an attacker to spread a malicious payload: fast, discreet and affecting all branches of public organisations.  This attack was possibly aimed at espionage or data theft, as according to the media investigating the attack, the targeted sector was the analysis department, where all economic forecasts are produced and distributed. For the moment it is not yet possible to know whether data was stolen, or who was behind the attack.  Nevertheless, it is likely that the attackers were not careful in their operation, as being detected by using live interfaces of a computer in use by employees crystallises a lack of professionalism.  In parallel, it is noted that during October 2022, the General Council of the Judiciary detected a cyber attack that affected the Judicial Neutral Point (JNP), the telecommunications network that connects the judicial bodies to other state institutions.   Read more about it : here

thumbnail

Attack on Tap airline, the customers data leaked

On 2 September, the airline TAP Air Portugal said it had suffered a cyber attack, which was "quickly reported to the competent authorities".  However, the Portuguese national airline recently admitted that the cyber attackers who attacked it in early September had stolen some of its customers' personal data and published it on the dark web. Despite this, the airline said all payment details appeared to be safe.  Read more about it : here

thumbnail

BackBone Link cut near Aix en Provence

On 18 October 2022, a backbone link carrying the Internet from the north to the south of France was physically cut near the town of Aix-en-Provence. According to the elements of the investigation reported by the police, this was an act of vandalism in which the criminals only had to lift a protective cover. After gaining access to the cables, the criminals cut them, thus destroying the backbone segment coming from Lyon, which is used to link the submarine cables in the Atlantic to the submarine cables that run from the Mediterranean to the sides of the Indian and Pacific Oceans. For the time being, no drop in internet throughput has been reported by Interxion, the region's data centre operator, which claims that the sabotage had no internet-wide consequences. The original information was made public on 20 October by a US company called Zscaler, which provides secure cloud access platforms. According to network tests carried out by this company following the incident, the outage would affect the delivery of Internet via submarine cables that leave the port of Marseille to serve Africa, the Middle East and Asia. Indeed, they suggest that some parts of the network are experiencing packet losses. Although the actual impact is minor, Zscaler warns that this could cause latency in users' internet requests. Zscaler also suggests, after testing, other possible degradations on two other backbone links, the one from Madrid that serves as a relay for other cables crossing the Atlantic and the one to Milan that serves South East Europe; although this has not yet been confirmed by investigators.   At the same time, there has been confusion between several incidents in the media, as another cable damage has been reported in Great Britain. A link between the Shetland Islands and Scotland was severed on 20 October, completely cutting off the islands' telecommunications links. Although these incidents occurred at the same time, at the moment there is every reason to believe that they are completely uncorrelated. The impact of the cable cuts has therefore had a minor impact on the French telecoms network and its intercontinental dependencies, as the data rate has not decreased and the cables are being replaced. However, this is not an isolated incident, as cables of the same type were also vandalised earlier in May 2020 in the Paris region. As a result, a massive blackout affected the Ile-de-France region. Free and Orange were among those affected, but so was Scaleway (Iliad), whose boss explained that at least four operators in all had been affected by the outage. Extremist anti-5g activists have been suspected of acts of vandalism since 2019 and it has been assumed that some of these acts of destruction could be their doing. More organised and simultaneous sabotage could have almost similar consequences to the Shetland incident. However, such an operation requires a certain professionalism, site reconnaissance and a thorough knowledge of the French telecommunications wire network. These skills are rarely within the reach of ordinary vandals or activists, and no private contractor seeking retribution for payment problems would risk such large-scale attacks. Read more about it : here

thumbnail

Cyber attack shuts down information systems of Barcelona's health centres

On 8 October, the computer systems of three hospitals in Barcelona were disabled as a result of a cyber ransomware attack. As of 10 October, the system was still reportedly inoperative.  The information systems of all departments of the Consorci Sanitari Integral (CSI), which includes several health centres, nursing homes and hospitals, were affected.  The attack is said to be "serious" and to have hampered the functioning of the health centres. Staff were unable to access personal data and illness histories, or perform tests on devices running on the system. The group behind the attack has not yet claimed responsibility.  From the feedback on the consequences of the attack, it would appear that the impact is severe and that all the resources of the different hospitals are in a degraded mode, reducing their capacity to admit patients with speed. The health of patients in the Madrid region is therefore possibly at risk.  Read more about it : here

thumbnail

Russian forces are preparing a massive cyberattack campaign

According to an article on the website of the Ukrainian Military Intelligence Directorate, Russian forces are preparing a massive campaign of cyber attacks against critical infrastructure of Ukrainian companies and allies. These attacks should target the energy sector in order to support ballistic strikes in the eastern and southern regions of Ukraine. These attacks will be accompanied by a greater number of DDoS attacks against Ukraine's closest allies, namely Poland and the Baltic States.  Read more about it : here

thumbnail

Cyberattack Disrupts Trains in Denmark

On 05 November 2022, all trains operated by DSB, the country's largest rail operating company, were stopped for several hours.   According to a DSB press release, the security incident originated at Supeo, another Danish company that provides various services to railway companies and other public and private transport organisations. The attack was therefore not directly directed against DSB but probably against this service provider. Indeed, Supeo provides DSB with a train driver application to access essential operational information when operating railway lines. The service provider suddenly decided to shut down its servers following the security incident, blocking the services they provide and forcing the drivers to stop. The nature of the cyber attack has not yet been communicated by Supeo, which is probably awaiting the conclusions of the cyber research teams. Supeo's response methodology suggests that they were trying to prevent malware from spreading across their various working platforms. This is a classic reaction to a ransomware attack to freeze the situation and prevent it from escalating. It is possible that a claim of attack will soon appear on one of the leak sites of a ransomware group.  Read more about it : here

thumbnail

Seine Maritime Department targeted by a cyber attack

On Monday 10 October 2022, the management of the French department of Seine Maritime issued a press release announcing that its networks would be cut off and that its services would be severely degraded. An investigation was opened by the cybercrime prosecutor's office for cyberattacks. Although no ransom demand has been communicated for the moment, the modus operandi of the attack strongly suggests ransomware. While it will still be possible to deal with the department by telephone and on paper, many online services, particularly for disabled people, will remain offline for an indefinite period, which will have a significant impact on many citizens of Seine-Maritime.  Read more about it : here  

thumbnail

TeamOneFist claim to have attacked russian Satelite

One of the spokesmen for the pro-Ukraine hacktivist group TeamOneFist claimed responsibility for a major attack on the Russian satellite network "Gonets" during the "Pleiades" cyberoperation. The attack would have disabled the satellite network.  He claims to have penetrated the CRM/customer database, which is referenced by the network in order to send/receive messages. Having failed to download the database, which was under heavy surveillance, the group decided to destroy it without being detected.  From this data, the group discovered that the Gonets network was used by 97 organizations to transmit sensitive data, including fishing companies, energy companies and the FSB.  Read more about it : here

thumbnail

KillNet blocked the website of some european countries intelligence service

On 6 November 2022, the pro-Russian hacktivist group KillNet launched a campaign of DDoS attacks on the websites of the intelligence services and state committees of several Baltic states. The targets include Estonia, Poland, Romania, Bulgaria and Moldova. KillNet claims responsibility for these attacks, considering the Baltic states as rotten states. As the targeted sites are the platforms of several entities of possible intelligence interest, it is likely that this prevented some services from working during the time of the attack. During this time, the impact was likely to be significant for those affected services, which may not have been able to connect to the platforms.  Read more about it : here