Europe News

The Governmental Computer Emergency Response Team of Ukraine CERT-UA received a notification from the coordinating entities about the mass distribution of e-mails on behalf of the state bodies of Ukraine with instructions on how to increase the level of information security. The body of the letter contains a link to the website hxxps: // forkscenter [.] Fr /, from which it is proposed to download "critical updates" in the form of a file "BitdefenderWindowsUpdatePackage.exe" of about 60 MB. Read more about it here. 

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerability. Read more about it here.

An international law enforcement operation has seized the servers of VPNLab.net, a virtual private network provider that advertised its services on the criminal underground and catered to various cybercrime groups, including ransomware gangs. CYBER THREAT INTELLIGENCE –NEWSLETTER – 2021/01/19 Europol said it seized 15 servers operated by the VPNLab team in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US, and the UK. No arrests were announced, but the company’s services were rendered inoperable, and its main website now shows a Europol seizure banner.   Read more about it here.

Russia’s invasion of Ukraine has taken place both on and offline, blending physical devastation with escalating digital warfare. Ransomware gangs and other hacking groups have taken to social media to announce where their allegiances lie. Many of the pronouncements from these groups include threats against critical government infrastructure. Some collectives are state-sponsored while others are decentralized — but all are able to take down computer systems and breach organizations.    Read more about it here. 

The BlackCat ransomware group, aka ALPHV, has claimed responsibility for the recent cyberattack on Swissport that caused flight delays and service disruptions. The €3 billion revenue firm, Swissport, has a presence across 310 airports in 50 countries and provides cargo handling, maintenance, cleaning, and lounge hospitality services. Tuesday, BlackCat (ALPHV) ransomware group posted a small set of sample files that the group claims to have obtained from Swissport. The threat actor has announced they are willing to sell the entire 1.6 TB "data dump" to a prospective buyer.   Read more about it here.

Vladimir Putin’s attack on Ukraine has been met with fierce resistance throughout the country’s towns and cities. As Russian forces have moved closer to Kyiv, lawyers, students, and actors have taken up arms to defend their country from invasion. They are not the only ones: Volunteers have also flocked to join a Ukrainian volunteer “IT Army” that’s fighting back online. At around 9 pm local time on February 26, Ukraine’s deputy prime minister and minister for digital transformation, Mykhailo Fedorov, announced the creation of the volunteer cyber army. Read more about it here.

The Ministry of Defense and the Armed Forces of Ukraine and state-owned banks, Privatbank (Ukraine’s largest bank) and Oschadbank were hit by Distributed Denial-of-Service (DDoS) attacks. While the website of the Oschadbank bank initially remained accessible, the customers were not able to access their online banking accounts. At the time of this writing, the website of the financial institution is not reachable.   Read more about it here.

Viasat said Monday that it believes “a cyber event” disrupted its satelliteinternet service in Ukraine, with an ongoing outage under investigation. “Viasat is experiencing a partial network outage — impacting internet service for fixed broadband customers in Ukraine and elsewhere on our European KA-SAT network,” the California-based company said in a statement to CNBC The outage began on Feb. 24, the day Russia invaded Ukraine, according to the company, which said it notified “law enforcement and government partners,” adding it has “no indication that customer data is involved.” Read more about it here.

The French national data protection authority, CNIL, issued a formal notice to managers of an unnamed local website today arguing that its use of Google Analytics is in violation of the European Union’s General Data Protection Regulation, following a similar decision by Austria last month. The root of the issue stems from the website’s use of Google Analytics, which functions as a tool for managers to track content performance and page visits. CNIL said the tool’s use and transfer of personal data to the U.S. fails to abide by landmark European regulations because the U.S. was deemed to not have equivalent privacy protections.   Read more about it here. 

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations that data wiping attacks targeting Ukraine could spill over to targets from other countries. The two federal agencies issued this warning in the form of a joint cybersecurity advisory published over the weekend following the Although the two malware strains have only been deployed against Ukrainian networks so far, the threat actors deploying them could also accidentally hit other targets, and US organizations should be ready to prevent such devastating attacks. * Read more about it here.