russia (13)

The FBI and the Cybersecurity and Infrastructure Security Agency are warning of continued cyber threats stemming from Russia's Foreign Intelligence Service, or SVR, which the Biden administration accused of carrying out the SolarWinds supply chain attack.

In a joint alert issued 26 April 2021, the agencies warn that despite economic and other sanctions against Russia announced by the White House on 15 April 2021, attackers associated with the SVR likely will continue to target government network

8872293089?profile=RESIZE_400xChina, Russia, North Korea, and Iran continue to pose significant cybersecurity threats to the US, because each is capable of launching disruptive attacks, according to a report published 13 April 2021 by the Office of the Director of National Intelligence.

Threats include disinformation campaigns that target elections and try to undermine democratic institutions as well as aggressive hacking campaigns, such as the SolarWinds supply chain attack, according to the report. In many cases, criminal

8837471697?profile=RESIZE_400xThe new cooperation agreement between Russia and Iran on cybersecurity and information technology is likely to create new hurdles for the United States and its allies in the Middle East. In January 2021, Russian Foreign Minister Sergey Lavrov and his Iranian counterpart Javad Zarif signed a cooperation agreement on cybersecurity and information and communications technology (ICT).

The agreement includes cybersecurity cooperation, technology transfer, combined training, and coordination at multil

8511885296?profile=RESIZE_400xA Russian-speaking "Scam-as-a-Service" (SaaS) operation called, "Classiscam" is expanding globally, with 40 interconnected gangs in about a dozen countries using fake product advertisements to launch phishing schemes, the security firm Group-IB reports.  This “SaaS” is adding to the long list of hacker services for anyone to buy with some spare Bitcoin.

The fraud actors are posting fake online classified advertisements for products to trick interested buyers into visiting phishing pages, where t

8321594296?profile=RESIZE_400xThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework.  See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020.  This APT actor has demonstrated

8083672063?profile=RESIZE_400xAlmost five years ago, the Russian hackers known as Sandworm hit western Ukraine with the first-ever cyberattack to cause a blackout.  A never-before-seen act of cyber warfare that turned out the lights for over 250,000 Ukrainians.  Since then, Sandworm has perpetrated countless destructive attacks; another blackout on the Ukrainian capital of Kyiv, the release of the NotPetya worm in 2017 that spread globally and eventually caused $10 billion in damage, and an attack that temporarily crippled t

8011615880?profile=RESIZE_400xOur friends from the US Department of Homeland Security have provided an open source Threat Assessment for October 2020 - which is Cyber Security Awareness Month.  The following is the Cyber Threat Assessment Section. 

Cyber threats to the Homeland from both nation-states and non-state actors will remain acute. U.S. critical infrastructure faces advanced threats of disruptive or destructive cyber-attacks. Federal, state, local, tribal and territorial governments, as well as the private sector, w

7969571052?profile=RESIZE_400xA new cybercriminal group called OldGremlin has been targeting Russian companies including banks, industrial enterprises and medical firms with ransomware attacks.

Researchers have said that OldGremlin’s first activities began between late March and early April 2020.  The group took advantage of the COVID-19 pandemic in early lures (a common theme for ransomware strains during this time period, sending financial institutions purported recommendations on how to organize a safe working environment

7968972674?profile=RESIZE_400xArtem Lifshits is allegedly a part of Project Lakhta/IRA: the ongoing disinformation campaign targeting the upcoming US election.  Lifshits is facing US criminal charges to commit wire fraud as he was accessing cryptocurrency exchange accounts created using stolen US persons’ personal data.

 

Artem Lifshits Profile

Name:                           Artem Mikhaylovich Lifshits, Artem Lifshits, Artyom Lifshits.

Name in Russian:               Лифшиц Артем Михайлович, Артем Михайлович Лифшиц, Артем Ли

3821144092?profile=RESIZE_710xSUMMARY

On 27 Dec 2019, the United Nations General Assembly approved a resolution proposed by Russia for the formation of an “ad hoc intergovernmental committee of experts to elaborate a comprehensive international convention on countering the use of information and communications technologies for criminal purposes.” The first meeting of this committee is scheduled for August 2020.

The US has objected to this effort, and many democratic countries have also spoken against this proposal yet is als

 

3740884159?profile=RESIZE_710x 

By 12 November 2019, hacker Alexei Burkov was extradited from Israel to the US to face major credit card fraud charges.  Originally arrested in 2015 for his role in Cardplanet, his extradition was delayed several times as the Russian government was fighting against his extradition to the US. Israel subsequently received a competing extradition request from Russia.  Then, Russia arrested and sentenced to prison an Israeli/US citizen and offered Israel to exchange her for Burkov.  This case show

3516858995?profile=RESIZE_710x

Figure 1. Internet blackout area during Moscow opposition protests 

Governments, especially authoritarian ones, consider cutting the Internet as one of the ways to deal with political opposition and separatists.  Major Internet disruptions were recently detected in India (Kashmir), Indonesia (Papua), Sudan, and, on a smaller scale, in Russia. Severing or completely stopping the Internet becomes more popular, as more rude methods (DDoS, BGP hijacking, or fake certificates) get a stronger push back

 

On 1 May 2019, Russian President Vladimir Putin signed “Internet sovereignty” bill.  New requirements to use ISPs to track traffic origin will likely force traffic decryption and support of internal censorship efforts.  In the future, Russia will develop its own DNS system to conduct special Internet controls.  Currently, LinkedIn is banned in Russia.  Russian national payment system, Mir, was developed after several Russian banks were denied services by US-based Visa and MasterCard.  Future st