Europe News

thumbnail

Ransomware : l’attaque contre CCR revendiquée par un groupe inconnu, Lilith

La cyberattaque lancée contre le groupe Caisse Centrale de Réassurance vient d’être publiquement revendiquée par un groupe inconnu à ce jour, dit « Lilith ». Il menace de divulguer plus de 1 To de données. Read more about it: here

thumbnail

Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

Organizations around the world rely on the use of trusted, reliable online storage services – such as DropBox and Google Drive – to conduct day-to-day operations. However, our latest research shows that threat actors are finding ways to take advantage of that trust to make their attacks extremely difficult to detect and prevent. The latest campaigns conducted by an advanced persistent threat (APT) that we track as Cloaked Ursa (also known as APT29, Nobelium or Cozy Bear) demonstrate sophistication and the ability to rapidly integrate popular cloud storage services to avoid detection. The use of trusted, legitimate cloud services isn't entirely new to this group. Extending this trend, we have discovered that their two most recent campaigns leveraged Google Drive cloud storage services for the first time. The ubiquitous nature of Google Drive cloud storage services – combined with the trust that millions of customers worldwide have in them – make their inclusion in this APT’s malware delivery process exceptionally concerning. Read more about it: here

thumbnail

Follina Exploited by State-Sponsored Hackers

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched Follina vulnerability. According to researchers at Proofpoint, statesponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-based exploit at U.S. and E.U. Proofpoint researchers spotted the attacks and believe the adversaries have ties to a government, which it did not identify. The malicious attachment targets the remote code execution bug CVE-2022-30190 , dubbed Follina. Read more about it: here

thumbnail

F5 Labs Investigates MaliBot

While tracking the mobile banking trojan FluBot, F5 Labs recently discovered a new strain of Android malware which we have dubbed “MaliBot”. While its main targets are online banking customers in Spain and Italy, its ability to steal credentials, cookies, and bypass multi-factor authentication (MFA) codes, means that Android users all over the world must be vigilant. Some of MaliBot’s key characteristics include: ... Read more about it: here

thumbnail

Cyber attack on the Greens

Germany's Green political party was the victim to a large-scale cyberattack last week. The attackers gained access to the party's IT infrastructure and the party's internal platform called "Green network". The members of the political party use this platform to exchange about the ongoing negotiations within the coalition. Members’ email accounts were impacted as well as some of the party’s leaders. During the attack, several emails were allegedly forwarded to an external server. No malicious actor has yet claimed responsibility for the attack. However, without having technical details of the attack, it could be that a state-sponsored malicious actor was behind the attack. An investigation was conducted by the Federal Office for It Security (BSI) and a private company specializing in cybersecurity to obtain more information about the attack. Read more about it: here

thumbnail

Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid

The Ukraine’s computer emergency response team (CERTUA), in collaboration with researchers from ESET and Microsoft, last week foiled a cyberattack on an energy company that would have disconnected several high-voltage substations from a section of the country’s electric grid on April 8. The attack, by Russia’s infamous Sandworm group, involved the use of a new, more customized version of Industroyer, a malware tool that the threat actor first used in Dec. 2016 to cause a temporary power outage in Ukraine’s capital Kyiv. In addition to the ICS-capable malware, the latest attack also featured destructive disk-wiping tools for the energy company’s Windows, Linux, and Solaris operating system environments that were designed to complicate recovery efforts.   Read more about it: here

thumbnail

Spanish energy giant hit by data breach

Iberdrola, a Spanish energy provider, has suffered a data breach affecting over one million customers, local reports suggest. The company is headquartered in Bilbao and is the parent company of Scottish Power. They have reported that the attack took place on March 15 this year. The breach reportedly resulted in the theft of customer ID numbers, phone numbers and home and email addresses. Fortunately, it does not seem as if financial information was stolen. Read more about it here.

thumbnail

Europol takes down VPNLab, a service used by ransomware gangs

An international law enforcement operation has seized the servers of VPNLab.net, a virtual private network provider that advertised its services on the criminal underground and catered to various cybercrime groups, including ransomware gangs. CYBER THREAT INTELLIGENCE –NEWSLETTER – 2021/01/19 Europol said it seized 15 servers operated by the VPNLab team in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US, and the UK. No arrests were announced, but the company’s services were rendered inoperable, and its main website now shows a Europol seizure banner.   Read more about it here.

thumbnail

New CaddyWiper data wiping malware hits Ukrainian networks

Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. "This new malware erases user data and partition information from attached drives," ESET Research Labs explained. "ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations." While designed to wipe data across Windows domains it's deployed on, CaddyWiper will use the DsRoleGetPrimaryDomainInformation() function to check if a device is a domain controller. If so, the data on the domain controller will not be deleted.  Read more about it here. 

thumbnail

BKA investigates data theft at Rosneft Germany

Activists from the hacker group Anonymous attacked the energy company Rosneft Germany and claimed they stole 20 terabytes of data. According to SPIEGEL information, the Berlin public prosecutor's office has initiated proceedings because of the hacker attack and has commissioned the Federal Criminal Police Office (BKA) to carry out further investigations. Read more about it here.