Cybersécurité dans l'espace: comment Thales relève les défis à venir
According to a report on December 12, 2022, Ukrainian railways and state agencies have been targeted by the DolphinCape malware, which is currently being distributed via a phishing campaign that uses fake messages from the Ukrainian state emergency service with advice on how to identify a kamikaze drone. Then the DolphinCape malware collects information about the compromised computer, including hostname, username, bitrate and operating system version, launches executable files, extracts other data and takes screenshots of the targeted device. Ukrainian security officials believe that Russian actors are behind most of the attacks. Among their most popular targets are transport companies, government agencies and security services. Read more about it : here
According to a report on December 20, 2022, it has been confirmed that the Russian sponsored group Gamaredon attempted an attack in August against a major oil refining company in a NATO country, but failed in its attempt. The group reportedly uses phishing campaigns to infect targets with information-stealing malware. The group mainly uses e-mails with lures in Ukrainian. More recently, the group has reportedly also started using lures in English. This type of attack confirms the Russian orientation that has been in place for possibly a few months now, which prioritises targeting energy sector organisations that are related to NATO countries or Ukraine. It is possible that other attack campaigns, successful or not, will be launched during the winter period in order to put pressure on countries such as the European Union which are already affected by the energy and economic crisis. Read more about it : here
On 15 November 2022, the group cyber army of russia claimed to have attacked with a probable DDoS attack the Hacken group, an information systems security company because of its support for Ukraine and the Ukrainian computer army since the beginning of the war. In addition, it claims an attack on the web page of a redprice trading name that sells, among other things, independent power generators. The attack is said to be aimed at preventing Ukrainian citizens from buying power generation facilities after the recent Russian strikes on Ukrainian energy infrastructure. Read more about it : here and here
On 19 November 2022, the pro-Russian hacktivist group KillNet claimed responsibility for an attack on the website of the telecommunications and aerospace company SpaceX. In particular, the group allegedly targeted the Starlink division's databases, flooding it with unwanted data and files until it was no longer usable. In addition, KillNet may have launched a DDoS attack on the site's login page, preventing users from logging in for a time. Read more about it : here
On November 4 and 5, the pro-Ukrainian hacktivist group IT army of Ukraine claimed to have carried out an attack campaign against the Russian central bank linked to Vladimir Putin's regime. The group would have succeeded has to extract data coming from several financial transactions of the ministry for Russian defense. These documents would contain personal data of soldiers, telephone numbers and numbers of identity cards. The impact of this attack could be severe for certain members of the Russian armies, especially if this data is used by the Ukrainian intelligence services to target personalities or senior officers. Read more about it : here
On 16 October 2022, the pro-Ukrainian hacktivist group TeamOneFist claimed to have launched a new operation against several research programmes of the Russian Academy of Sciences in Moscow. TeamOneFist claims that one of the routers connected to the academy's network was misconfigured and connected to the Internet, which allowed them to access the Russian network. No security or passwords would have prevented them from breaking into the routers and destroying them from the inside. The aim was to slow down Russian research in the field of artificial intelligence. Read more about it : here
On 26 October 2022, according to a report by the Russian company Kaspersky Lab, a large-scale cyberattack campaign is targeting Russia. According to Kaspersky, the objective of this campaign is espionage, and for this the attackers use phishing techniques with malicious Word documents sent by email to employees of Russian companies. The shared document is called a "delayed draft". If this document is opened, a macro is run and downloads a trojan which then passes information to the attackers. The impact of this campaign of attacks is for the moment impossible to define as long as the targeted companies are not clearly defined and as long as the targeted data are not defined. Nevertheless, it is likely that this campaign is being carried out by a country used to spying on Russia, whether it is an ally like China or an adversary like Ukraine. Read more about it : here
The pro-Ukraine cyberHacktivist group "GhostSec" claimed responsibility for the explosion at a Russian power plant in Gysinoozerskaya, Buryatia region. The explosion took place on June 23 and was not claimed until July 20. The GhostSec group considers itself a group without a nation and associates itself only with ideological movements of circumstance: pro-Palestinian and anti-Israeli struggle, support for the anonymous group, and in this case pro-Ukraine and anti-Russian. The group claims that its ICS attack was successful, causing a malfunction and then a fire that led to the explosion, and that there were ultimately no civilian casualties. Read more about it: here and here
The pro-Ukraine hacktivist group KromSec posted on its twitter account on July 25 a claim of a DDoS attack operation against the official Chechen government website. The site is currently unavailable, making all services it could provide unavailable. Read more about it: here
On July 28, the Computer Army of Ukraine announced that it was redirecting its efforts towards the Russian banking system and in particular Russian online banks. In addition, it is asking its supporters for any information on the means used by the Russians to circumvent the sanctions. Read more about it: here