Europe News

Spain's National Police Department, the Policía Nacional, says it has arrested eight members of an unnamed cybercriminal gang over SIM swapping fraud. The suspects posed as trustworthy representatives of banks and other organizations and used traditional phishing and smishing techniques to obtain personal information and bank details of victims before siphoning off money from their bank accounts, the police say. One of the detainees is from Seville and the rest are from Barcelona, the police say, adding that they have been operating from these cities since March, targeting bank customers across the country. The timeline of their activities is based on two complaints of fraud the police received.   Read more about it here.

TrickBot appears to have become a casualty of the ongoing war in the Ukraine. Yesterday, a member of the Conti cybergang decided to go against the rest of the group by leaking all of the group’s IoCs (Indicator of Compromise), source codes, and chats. The @ContiLeaks Twitter handle leaked Trickbot’s source code, taken from its servers and data collection servers, as well as chat messages between the Conti and the TrickBot groups. This leak shows a strong link between the two gangs and malware operators. These leaks will give researchers all around the globe a deep understanding of both groups’ operations, and the superpowers to end one of the most annoying botnets in the world. Read more about it here.

Vodafone Portugal is slowly working to recover following a "deliberate and malicious cyberattack" that brought down services used by millions of people and businesses in that country, including those for ambulances and other emergency services. Vodafone Portugal—a subsidiary of UKbased Vodafone Group with 4.3 million cellphone subscribers and 3.4 million fiber subscribers—said in a statement that the attack began last Monday. The attack quickly took down the subsidiary's 4G and 5G networks and halted fixed voice, television, SMS, and voice and digital answering services.   Read more about it here.

Feb 24 - The government of Ukraine is asking for volunteers from the country's hacker underground to help protect critical infrastructure and conduct cyber spying missions against Russian troops, according two people involved in the project. As Russian forces attacked cities across Ukraine, requests for volunteers began to appear on hacker forums on Thursday morning, as many residents fled the capital Kyiv.   Read more about it here.

France is grouping the country's top cybersecurity experts in Paris' business district of La Defense, bringing together startups and household names to tackle the scourge of hacking, Finance Minister Bruno Le Maire said on Tuesday. The project has drawn inspiration from a similar set up in Israel, CyberSpark, which has served as a model for Michel Van Den Berghe, the head of France's Campus Cyber. The campus will be a base for cyber startups and experts from some of country's biggest listed companies such as LVMH, L'Oreal and largest banks.   Read more about it here.

German wind turbine operators have reportedly been confronted with a fault in the satellite connection of their systems. Dominik Bertrams, MD of wind farm operator Tobi Windenergie Verwaltungs GmbH, yesterday announced on Twitter the remote monitoring and control of thousands of wind turbines had failed. With the outage having occurred between 5 a.m. and 6 a.m. on Thursday – when the Russian army invaded Ukraine – Bertrams suspected a cyberattack by Russian hackers. The reason for the failure has not yet been clarified.    Read more about it here.

The defacement of multiple Ukrainian government websites last week may have been intended as cover for a destructive malware attack that failed to execute or has yet to be unleashed, some security experts warn. The defacements occurred Thursday night and Friday morning - local time in Ukraine - as approximately 100,000 Russian troops remained massed on the country's border. On Saturday, Microsoft reported that it had found multiple attempts to infect Ukrainian government sites with a type of destructive malware it had never seen before, and that the first attack attempts appear to have begun Thursday.   Read more about it here.

Alerting the Thales group in early January, the Lockbit ransomware group released stolen data to the French group. The French group said the stolen files were copied from a code repository server hosting low-sensitivity data. In early January, the group behind the Lockbit ransomware claimed responsibility for an attack on the Thales group. It gave the French company until 13 January to pay a ransom or else the gang promised to publish stolen data.   Read more about it here.

The German government said on Tuesday that a Chinese cyberespionage group known as APT27 has repeatedly attacked German companies over the past few months using vulnerabilities in software like Microsoft Exchange and Zoho SelfService. The attacks, which have been taking place since at least March 2021, have aimed to install a version of the HyperBro malware inside corporate networks for the purpose of intelligence collection from infected hosts, the Federal Office for the Protection of the Constitution (BfV) said in a press release.  

A large-scale ransomware attack has disrupted operations at oil terminals in Belgium, Germany and the Netherlands. This massive attack crippled IT systems affecting dozens of terminals affecting oil storage and transport around the world, including Oiltanking in Germany, SEAInvest in Belgium and Evos in the Netherlands. This cyberattack has also resulted in difficulty loading and unloading refined product cargoes at six oil storage terminals in the Amsterdam-Rotterdam-Antwerp refining hub, according to news reports. Read more about it here.