X-Industry

Researchers have uncovered malware designed to disrupt electric power transmission that may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids.

Known as CosmicEnergy, the malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm, the name of one of Russia’s most skilled and cutthroat hacking groups.  Sand

Several Polish media and news websites were hit by distributed denial-of-service (DDoS) attacks that the government said could be the action of Russian hacking groups, the digitalization minister was quoted as saying on 18 May.  Warsaw has positioned itself as one of Ukraine's staunchest allies since Russia invaded the country, and Poland says it frequently faces Russian attempts to destabilize the situation in the country.  Moscow has consistently denied that it carries out hacking operations.

The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets.  To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide.  Many systems in this P2P network serve as relay nodes that route disguised operational traffic to and from Snake implants on the FSB’s ultimate targe

Ransomware, which was a novelty just a few years ago, is now endemic.  We will have to learn to live with the malicious file-encrypting code, even as we all struggle to limit it.  Why this matters: Ransomware attacks, which take an organization's data hostage and shut down its systems until the hackers receive payment, have exacted an escalating price on law enforcement, policymaking and financial resources around the world.

Ransomware remains the top cyber threat on the minds of cyber defenders

Companies in Finland are increasingly the target of cyber-attacks, Finnish authorities said last week.  Firms are reporting an uptick in cyber-attacks, the Finnish Transport and Communications Agency (Traficom[1]) and the Finnish Security and Intelligence Service (SUPO[2]) said in a joint press conference.  But despite the greater frequency of corporate cyber-attacks, the agencies said an event that could paralyze systems in Finland was highly unlikely.

The SUPO chief reported that Russia is inc

In the era of cyber wars, AI, and drones, wars are still being fought with 20th-century weapons that require massive amounts of ammunition.  Russia is sending a delegation to North Korea to offer food in exchange for weapons, US national security spokesman.  He said any arms deal between North Korea and Russia would violate UN Security Council resolutions.  The US has previously accused North Korea of supplying arms to the Russian military in Ukraine and the Wagner group of Russian mercenaries.

An inconspicuous office is in Moscow’s north-eastern suburbs.  A sign reads: “Business Centre.”  Nearby are modern residential blocks and a rambling old cemetery, home to ivy-covered war memorials.  The area is where Peter the Great once trained his mighty army.  Inside the six-story building, a new generation is helping Russian military operations.  Its weapons are more advanced than those of Peter the Great’s era, not pikes and halberds, but hacking and disinformation tools.[1]

The software en

A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research.  Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual Property Organization (WIPO).  The researchers also found that it attacked several embassies.  “Our assessment is that the operators of this

An information and hacking campaign, called Ghostwriter, with links to a foreign state has potentially had a "significant cumulative impact" over many years, according to a report from Cardiff University.  The findings, from the Security, Crime and Intelligence Innovation Institute, provide the most comprehensive picture to date of the activities of the so-called Ghostwriter campaign.

Tracking its evolving activities via open-source data, the report demonstrates how it has impersonated multiple

The Russian hacking group known as 'Nodaria' (UAC-0056) is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations.  The Go-based malware can harvest a wide range of information, including account credentials, system, and app data.  The malware will also capture screenshots and exfiltrate files from compromised machines.  Symantec's threat research team discovered that Nodaria has been using Graphiron in attacks since at least October 2022 through m

A pro-Russian hacking group is claiming responsibility for cyber-attacks on several hospitals in the United States.  The attack came just days after the Federal Bureau of Investigation (FBI) said it took down a ransomware group that was also targeting hospitals in what was called “The Hive” attack.

The US Attorney General says they’ve seen how cyber-attacks on medical facilities can be very disruptive.  “The Hive ransomware attack was able to prevent the hospital from accepting new patients,” th

According to trusted government sources, there is an increasing focus on US Cyber Command (CYBERCOM) to try and replicate the ability of the US Special Operations Command (SOCOM), the unified combatant command with the mission of overseeing the elements of the special operations in the US Armed Services to bring capabilities directly into the battlespace.  At a recent meeting, the chief of CYBEROM is quoted as saying that the command is “trying to build our authorities much in the same way Speci

The Russian invasion of Ukraine in early 2022 appears to have led to a double-digit decrease in stolen payment card records published to the dark web, according to researchers.

In a recent report, investigators analyzed detailed threat intelligence gleaned from the cybercrime underground to compile a report.  It reported a 24% year-on-year decrease in the volume of card-not-present records on dark web carding shops in 2022 to 45.6 million and a 62% slump in card present records, to 13.8 million.

Activity Summary - Week Ending on 23 December 2022:

• Red Sky Alliance identified 44,282 connections from new IP’s checking in with our Sinkholes
• Frantech[.]ca In Las Vegas hit 16x (2^nd week)
• Analysts identified 1,046 new IP addresses participating in various Botnets
• MCCrash DDoS
• Glupteba Trojan
• Glupteba IoCs
• Epic Games
• Thyssenkrupp
• Russia and Oil
• Happy Holidays

Link to full report: IR-22-357-001_weekly357.pdf

A newly discovered web skimming campaign running for the past year has already compromised over 40 e-commerce sites, according to researchers.  The JavaScript protection vendor revealed that “Group X,” which exfiltrated card data to a server in Russia, used a novel supply-chain technique to compromise its victims.  The cyber-criminals exploited a third-party software named Cockpit, a free web marketing and analytics service that was discontinued in December 2014.   Cockpit is a JavaScript librar

Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021 that has alleged ties to Russia who attacks “With Love.”  Vice have crossed the line of what many hackers said was off limits – education and health care systems and facilities.  This past September, a ransomware attack on the Los Angeles Unified School District crippled its digital operations across their system, which includes more than 1,000 schools and serves roughly 600,000 students.  

Our friends at FortiGuard Labs have observed an increasing number of campaigns targeting either side of the ongoing Russian-Ukrainian conflict.  These may be a cyber element to the conflict or simply opportunistic threat actors taking advantage of the war to further their malicious objectives.  Recently, researchers encountered a malicious Excel document masquerading as a tool to calculate salaries for Ukrainian military personnel.  The shared practical report discusses the technical details of

Some of the largest airports in the US have been targeted for cyber-attacks; as recent as 10 October, by an attacker group within the Russian Federation.  It’s important to note that the airport operations IT systems targeted did not handle air traffic control, internal airline communications and coordination or transportation security.  "It's an inconvenience," the source said. The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait

When Belarusian activist Yuliana Shemetovets was offered a job as the spokesperson of the Belarusian Cyber Partisans hacktivist group, she didn’t rush to accept it. “To be honest, I was scared,” she said.  She had reasons to be. Belarus is an authoritarian state in which elections are openly rigged and civil liberties are severely restricted. The country is ruled by dictator Alexander Lukashenko, who has resorted to repression and corruption to stay in power for more than 30 years.

Belarusian Cy

Activity Summary - Week Ending on 16 September 2022:

• Red Sky Alliance identified 46,287 connections from new IP’s checking in with our Sinkholes
• hetzner[.]de in Finland hit 28x
• Analysts identified 3,147 new IP addresses participating in various Botnets
• Nomad Crypto
• EvilProxy
• Albania
• US – New York
• Kiwi Farms
• Russia
• Industrial Espionage

Link to full report: IR-22-259-001_weekly259.pdf