Cybersécurité dans l'espace: comment Thales relève les défis à venir
On June 20, 2022, the Chargé d'Affaires of Lithuania was summoned by the Russian state, to be informed that they must restore the passage of Russian goods through the Kaliningrad railway station. Otherwise, they threatened Lithuania to "take actions to protect [Russia’s] national interests." A few hours later, the DDoS criminal syndicate Killnet tasked their squads to target a selection of Lithuanian institutions' websites with full power. Among other victims are the national police, two mobile network providers (BITE and Telia) and a bank (LPB). Read more about it: here and here
Black Basta Ransomware Victim: The Wiener Zeitung media group Read more about it: here
A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched Follina vulnerability. According to researchers at Proofpoint, statesponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-based exploit at U.S. and E.U. Proofpoint researchers spotted the attacks and believe the adversaries have ties to a government, which it did not identify. The malicious attachment targets the remote code execution bug CVE-2022-30190 , dubbed Follina. Read more about it: here
While tracking the mobile banking trojan FluBot, F5 Labs recently discovered a new strain of Android malware which we have dubbed “MaliBot”. While its main targets are online banking customers in Spain and Italy, its ability to steal credentials, cookies, and bypass multi-factor authentication (MFA) codes, means that Android users all over the world must be vigilant. Some of MaliBot’s key characteristics include: ... Read more about it: here
Germany's Green political party was the victim to a large-scale cyberattack last week. The attackers gained access to the party's IT infrastructure and the party's internal platform called "Green network". The members of the political party use this platform to exchange about the ongoing negotiations within the coalition. Members’ email accounts were impacted as well as some of the party’s leaders. During the attack, several emails were allegedly forwarded to an external server. No malicious actor has yet claimed responsibility for the attack. However, without having technical details of the attack, it could be that a state-sponsored malicious actor was behind the attack. An investigation was conducted by the Federal Office for It Security (BSI) and a private company specializing in cybersecurity to obtain more information about the attack. Read more about it: here
Iberdrola, a Spanish energy provider, has suffered a data breach affecting over one million customers, local reports suggest. The company is headquartered in Bilbao and is the parent company of Scottish Power. They have reported that the attack took place on March 15 this year. The breach reportedly resulted in the theft of customer ID numbers, phone numbers and home and email addresses. Fortunately, it does not seem as if financial information was stolen. Read more about it here.
The Ukraine’s computer emergency response team (CERTUA), in collaboration with researchers from ESET and Microsoft, last week foiled a cyberattack on an energy company that would have disconnected several high-voltage substations from a section of the country’s electric grid on April 8. The attack, by Russia’s infamous Sandworm group, involved the use of a new, more customized version of Industroyer, a malware tool that the threat actor first used in Dec. 2016 to cause a temporary power outage in Ukraine’s capital Kyiv. In addition to the ICS-capable malware, the latest attack also featured destructive disk-wiping tools for the energy company’s Windows, Linux, and Solaris operating system environments that were designed to complicate recovery efforts. Read more about it: here
Activists from the hacker group Anonymous attacked the energy company Rosneft Germany and claimed they stole 20 terabytes of data. According to SPIEGEL information, the Berlin public prosecutor's office has initiated proceedings because of the hacker attack and has commissioned the Federal Criminal Police Office (BKA) to carry out further investigations. Read more about it here.
Security researchers are urging pro-Ukrainian actors to be wary of downloading DDoS tools to attack Russia, as they may be booby-trapped with info-stealing malware. In late February, Ukrainian vice prime minister, Mykhailo Fedorov, called for a volunteer “IT army” of hackers to DDoS Russian targets. However, Cisco Talos claimed that opportunistic cyber-criminals are looking to exploit the subsequent widespread outpouring of support for the Eastern European nation. Specifically, it detected posts on Telegram offering DDoS tools which were actually loaded with malware. One such tool, dubbed “Liberator,” is offered by a group calling itself “disBalancer.” Although legitimate, it has been spoofed by others, said Cisco. Read more about it here.
The Governmental Computer Emergency Response Team of Ukraine CERT-UA received a notification from the coordinating entities about the mass distribution of e-mails on behalf of the state bodies of Ukraine with instructions on how to increase the level of information security. The body of the letter contains a link to the website hxxps: // forkscenter [.] Fr /, from which it is proposed to download "critical updates" in the form of a file "BitdefenderWindowsUpdatePackage.exe" of about 60 MB. Read more about it here.