Bringing cybersecurity globally to critical and complex key activities
L’opérateur public ukrainien des centrales nucléaires, Energoatom, a dénoncé mardi dans un communiqué une cyberattaque russe « sans précédent » contre son site, en précisant que son fonctionnement n’avait pas été perturbé. « Le 16 août 2022, la cyberattaque la plus puissante depuis le début de l’invasion russe a eu lieu contre le site officiel d’Energoatom », a déclaré l’opérateur sur les réseaux sociaux. Le site « a été attaqué depuis le territoire russe », a-t-il ajouté. Le groupe russe « Cyberarmée populaire » a utilisé 7,25 millions de robots internet qui ont, pendant trois heures, attaqué le site d’Energoatom, a assuré la société ukrainienne, selon qui cette tentative de piratage « n’a pas eu d’impact considérable sur le travail du site d’Energoatom ». La chaîne Telegram baptisée Cyberarmée populaire en russe a appelé ses partisans à la mi-journée à attaquer le site d’Energoatom. Read more about it : here
The UK's National Health Service (NHS) is concerned about the leak of patient data. This is in relation to a cyber-attack that occurred last week. Cyber criminals attacked one of the service's subcontractors using ransomware (encryption software). We wrote about the cyber attack on a subcontractor operating the NHS 111 telephone line on our website. Read more about it : here
A DDoS (denial of service) cyber-attack was carried out on Tuesday against the Finnish parliament's website (Eduskunta). Authorities have confirmed the incident. The media point to a Russian group. It is meant to be a reaction to the country's entry into NATO. Read more about it : here
A hacktivist group claims to have hit a major Belarus company, aiming to impact the international influence of Lukashenko. According to the CyberKnow media a group of Belarusian attackers referred to as the "Joint Headquarter of the Resistance", launched an operation against the website of the Belarusian company "Belaruskali", one of the face of the Belarusian foreign exchange, in order to reduce the influence of the Lukashenko government internationally. Read more about it : here
Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations. In a report regarding recent cyber activity in Eastern Europe, Google TAG security engineer Billy Leonard revealed that hackers part of the Turla Russian APT group have also been spotted deploying their first Android malware. They camouflaged it as a DDoS attack tool and hosted it on cyberazov[.]com, a domain spoofing the Ukrainian Azov Regiment. Google TAG's analysts believe Turla's operators used the StopWar Android app developed by pro-Ukrainian developers (hosted at stopwar[.]pro) when creating their own fake 'Cyber Azov' DDoS application. "Join the Cyber Azov and help stop russian aggression against Ukraine! We are a community of free people around the world who are fighting against russia's aggression," the attackers prodded potential targets on the app's download page (still up when the article was published). "We recruit motivated people who are ready to help us in our cause. We have developed an Android application that attacks the Internet infrastructure of russia." Read more about it: here
The pro-Ukraine hacktivist group "Kromsec" claims responsibility for an attack on a Belarusian media website "Belarus.news". The attack is part of a wider campaign of cyber attacks by pro-Ukraine hacktivists targeting Belarus for its support of Russia in the war in Ukraine. Read more about it : here
We had recently spoken of an IT attack on the Unione dei Comuni Valdisieve e Valdarno, but we did not know which cybergang had attacked the union, nor the amount of ransom demanded. But as we have always said, ransomware is 'blatant' and lays bare all truths, even those we would never want to talk about. Here is in fact that the cybergang RansomHouse, after the ransom monetization with the union of the Valdisieve and Valdarno municipalities went unsuccessful, publishes after about 2 weeks the data within its data leak site (DLS). Read more about it : here
Due to a recent cyber attack the databases managed by Latvia’s Corruption Prevention and Combating Bureau (KNAB), including Electronic Data Entry Systems, and the institution’s official mobile app Ziņo KNAB have been disrupted, as confirmed by KNAB. KNAB reports that in the evening on 25 July multiple of the institution’s resources suffered a cyber attack. Public accessibility to those resources was disrupted by those cyber attacks. Read more about it: here
The ransomware group Lockbit claims to have released data allegedly stolen from LaPosteMobile. The data appears to include a database containing customer information including names, email and physical addresses, phone numbers, bank details and dates of birth. It is understood that negotiations with LockBit 3.0 have not yielded any results in the past month, resulting in the release of the data. Read more about it : here
Black Basta Ransomware Victim: The Wiener Zeitung media group Read more about it: here