Bringing cybersecurity globally to critical and complex key activities
Russia : Anonymous leaked 69,000 emails from the Public Chamber of Krasnoyarsk. The city of Krasnoyarsk is an important junction of the Trans-Siberian Railway and is a major aluminum producer. Read more about it: here
Russian President Vladimir Putin was forced to delay a highly anticipated speech at the St. Petersburg International Economic Forum on Friday after a cyberattack disrupted the system handling access badges to the venue, Kremlin spokesman Dmitry Peskov said. Read more about it: here Picture Credit : @oleg-illarionov-Unsplash
Russia-linked APT group Turla was observed targeting the Austrian Economic Chamber, a NATO eLearning platform, and the Baltic Defense College. Experts discovered the word document “War Bulletin April 27, 19:00 CET” in every directory, the document included an external PNG file dubbed logo.png which was not reachable during the investigation. The document does not contain any malicious macros, a circumstance thatsuggests the PNG is used to for reconnaissance purposes. “It is quite interesting that the request to the file is performed via the HTTP protocol and not an SMB inclusion. Therefore,this campaign does not leverage any malicious code but has been used for reconnaissance purposes only.” reads the analysis published by the experts. Read more about it: Here
In an attempt to eliminate the infrastructure used to launch attacks against Ukrainian targets, Microsoft has taken down seven domain names used by the Russian hacking group APT28 to disrupt the attacks. All these domains were used by Strontium (aka Fancy Bear and APT28) to target multiple Ukrainian institutions, including the media outlets, and this hacking group is affiliated with Russia’s GRU. Read more about it: here
Threat analysts have compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods. FIN7 (a.k.a. Carbanak) is a Russian-speaking, financially motivated actor known for its resourceful and diverse set of tactics, custom-made malware, and stealthy backdoors. Although some members of the group were indicted in 2018, followed by the sentencing of one of its managers in 2021, FIN7 did not disappear and kept developing new tools for stealthy attacks. Read more about it here.
A Ukrainian security researcher has leaked over 60,000 internal messages belonging to the Conti ransomware operation after the gang sided with Russia over the invasion of Ukraine. Cisco Talos’ researcher Azim Khodjibaev tweeted that the chats were stolen from the Jabber chat app. Some claim that a Ukrainian security researcher leaked the files, while others believe it is an insider’s job and a Ukrainian member of the gang probably leaked Conti gang members’ chats. Read more about it here.
Anonymous and other hacker groups continue to target Russia, in a recent attack the collective has taken over more than 400 Russian cameras in support of Ukraine. The hacktivist shared the live feed of the hacked cameras on the website behindenemylines.live, the hacked cams are grouped in various categories based on their location (Businesses, Outdoor, Indoor, Restaurants, Offices, Schools, and Security Offices). Read more about it here.
Coinbase, one of the most popular cryptocurrency exchange platforms, announced today that it's blocking access to more than 25,000 blockchain addresses linked to Russian individuals and entities. The company also shared all the block addresses with the US government to "further support sanctions enforcement. Paul Grewal, Coinbase's Chief Legal Officerlaos, added that the crypto exchange is blocking sanctioned actors from opening new accounts and actively detecting attempts to evade the ban. Read more about it here.
The Computer Emergency Response Team of Ukraine is warning of a massive spearphishing campaign targeting private accounts of Ukrainian military personnel and related individuals. CERT-UA attributes the activities to the UNC1151 group, which consists of officers of the Ministry of Defense of the Republic of Belarus. Read more about it here.
Authorities in Russia have charged at least eight individuals with crimes tied to the REvil ransomware operation. REvil, aka Sodinokibi, has been one of the most notorious ransomware operations in recent years, amassing more than $200 million in illicit profits, according to the U.S. Department of Justice. The group's victims have included Apple device manufacturer Quanta, IT managed service software vendor Kaseya and meat processing giant JBS - which paid it an $11 million ransom - among many others. Read more about it here.