russia (72)

10817078071?profile=RESIZE_400xWhen Belarusian activist Yuliana Shemetovets was offered a job as the spokesperson of the Belarusian Cyber Partisans hacktivist group, she didn’t rush to accept it. “To be honest, I was scared,” she said.  She had reasons to be. Belarus is an authoritarian state in which elections are openly rigged and civil liberties are severely restricted. The country is ruled by dictator Alexander Lukashenko, who has resorted to repression and corruption to stay in power for more than 30 years.

Belarusian Cy

10813742095?profile=RESIZE_400xActivity Summary - Week Ending on 16 September 2022:

  • Red Sky Alliance identified 46,287 connections from new IP’s checking in with our Sinkholes
  • hetzner[.]de in Finland hit 28x
  • Analysts identified 3,147 new IP addresses participating in various Botnets
  • Nomad Crypto
  • EvilProxy
  • Albania
  • US – New York
  • Kiwi Farms
  • Russia
  • Industrial Espionage

Link to full report: IR-22-259-001_weekly259.pdf

10804163868?profile=RESIZE_400xJust what is for sale on the Dark Web?  According to a published report, the North Atlantic Treaty Organization (NATO) is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web.  The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.  Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache b

10803337089?profile=RESIZE_400xHacks tied to Russia and Ukraine war have had minor impact, researchers say.  Although politicians and cybersecurity experts have warned about the potential for widespread hacks in the wake of Russia’s invasion of Ukraine, a new study finds that attacks linked to the conflict have had minor impact and are unlikely to escalate further.[1]  This is some positive news for cyber security.

Researchers from the University of Cambridge, the University of Edinburgh and the University of Strathclyde exam

10795817281?profile=RESIZE_400xThe Agency for National Security, ANB, said on Friday that Russian services have organized coordinated cyber-attacks on Montenegrin government servers twice since 22 August 2022.  The ANB told media that Montenegro is in what it called a hybrid war at the moment.  “Coordinated Russian services are behind the cyber-attack. This kind of attack was carried out for the first time in Montenegro, and it has been prepared for a long period of time,” the ANB told media.

On 22 August, the government repo

10778400060?profile=RESIZE_400xThe Ukrainian energy agency responsible for the oversight and safe operation of the nation’s nuclear power plants said earlier this week that Russian hackers had launched their most ambitious effort yet on the company’s official website.  The attack appeared to fail and there was no indication that it threatened to disrupt the Ukrainian power grid or the company’s oversight of the nation’s 15 working  nuclear reactors.

The company, Energoatom,[1] said it had managed to keep the attack from being

10766572081?profile=RESIZE_400xDuring the current proxy ‘WWIII,’ Russia and Ukraine continue to battle on the cyber side of the war between the two nations.  Both sides have launched cyber-attacks against each other in offensive ways, such as Russian threat actors taking over radio stations to spread misinformation of Ukraine’s President.  Current events show that the hacking might be getting a lot more serious and could cost more lives.

Pro-Russia hacking groups claim that they have developed "a new type of attack" that can

10758134088?profile=RESIZE_400xA suspected cyber-attack on 7-Eleven stores, pervasive in large towns and at rail stations across Denmark, is reporting that “we cannot use cash registers and/or receive payments.”  This the company wrote on its Facebook page.  “We are therefore closed until we know the extent [of the attack].  We hope to be able to open stores again soon,” it wrote.

There are 176 7-Eleven stores in Denmark.  The company’s CEO told a Danish broadcaster that cash registers “suddenly” began to malfunction in store

10754604654?profile=RESIZE_400xIn light of all of the Russian ransomware attacks on organizations worldwide, a dose of Schadenfreude is a welcome sign.  For our non-German readers: “Schadenfreude is the experience of pleasure, joy, or self-satisfaction that comes from learning of or witnessing the troubles, failures, or humiliation of another (especially an adversary). It is a borrowed word from German, with no direct translation, that originated in the 18th century.”

An unknown threat actor has been targeting Russian entitie

10752642088?profile=RESIZE_400xEven in the middle of a war, Ukrainian law enforcers claim to have dismantled a large bot farm used by Russian special services to spread disinformation and propaganda in the country.  The Secret Service of Ukraine (SSU) said the million-strong bot farm was used to “spin destabilizing content” on the country’s military and political leadership to an audience of over 400,000.

This included fake news on the situation at the front, an alleged conflict between the President’s Office and the commande

10732911664?profile=RESIZE_400xIn the past five (5) years there has been a wide-ranging espionage operation in which more than 150 companies were targeted to be hacked in Germany alone: especially in the area of critical infrastructure companies.  Specifically, the hackers sought out electricity and water supply systems.  After years of investigation, the Germany’s State Criminal Police Office of Baden-Württemberg succeeded in identifying one of the suspected perpetrators: Pawel A.

This state backed hacker is said to belong t

10669951688?profile=RESIZE_400xA new cross-platform ransomware named Luna can encrypt files on Windows, Linux, and ESXi, but its developers only offer it to Russian-speaking affiliates.  The ransomware is fairly simple, according to researchers who analyzed the malware, but it uses an encryption scheme that is not typically used by ransomware a combination of X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm.  The Diffie-Hellman key ex

10586267683?profile=RESIZE_400xA Russian official threatened the West on 08 June 2022, asserting that a “direct military clash” could result if Western governments continue to mount cyberattacks against its infrastructure.  “The militarization of the information space by the West and attempts to turn it into an arena of interstate confrontation, have greatly increased the threat of a direct military clash with unpredictable consequences,” the Russian foreign ministry’s head of international information security said in a stat

10579688677?profile=RESIZE_400xEver since the beginning of the Internet Age, the potential to weaponize digital technologies as tools of international aggression has been known.  This was exposed by Russia’s 2007 cyber-attack on Estonia, which was widely recognized as the first such act by one state against another.  In 2016, NATO officially recognized cyberspace as a field of military operations alongside the more traditional domains of land, sea and air.

The current Russia-Ukraine War demonstrates the next major milestone i

10513781884?profile=RESIZE_400xThere is serious legal reasoning that cyber-attacks against a nation’s critical infrastructure could be reasoned as a war crime.[1]  The University of California (UC), Berkeley Human Rights Center’s recent recommendations for war crime charges against the Sandworm hacking group, which was sent to the International Crimes Commission (ICC) before some of the most recent cyberattacks fully came to light, single out Sandworm’s two blackout attacks in 2015 and 2016 for legal and practical reasons: Sa

10491226470?profile=RESIZE_400xTesla Inc. CEO Elon Musk said SpaceX’s high-speed Internet service, Starlink, has held out against Russia’s cyberwar tactics amid the country’s ongoing invasion of Ukraine. 

What Happened - Musk said last week that Starlink has resisted Russia’s “jamming & hacking attempts,” even as the Vladimir Putin-led country is ramping up efforts.  Musk linked his comment to a Reuters report that said Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of

10466096655?profile=RESIZE_400xJust yesterday, I gave a very brief talk on the ethics and morals of hackers.  My focus was centered on the criminality of hacking, but the same holds true with nation-state level cyber actors.  The Russia Matters publication has provided a series of opinions on why Russia has not initiated a full scale cyber-attack, often called ‘cybergeddon’ upon its adversaries.  Russia’s war in Ukraine, now nearing its 10-week mark, has been devastating, killing thousands of civilians, and forcing millions t

10464656892?profile=RESIZE_400xWhen one of your enemies begins attacking another one of your other enemies, does this mean that your first enemy is now an ally?   I will let the philosophers answer this question.  A China-linked state-sponsored cyberespionage group has started targeting the Russian military in recent attacks, which aligns with China’s interests in the Russia-Ukraine war.  Tracked as Mustang PANDA, Bronze President, RedDelta, HoneyMyte, Red Lichand TA416, the government-backed hacking group previously focused

10448521073?profile=RESIZE_400xActivity Summary - Week Ending on 29 April 2022:

  • Red Sky Alliance identified 10, 907 connections from new IP’s checking in with our Sinkholes
  • msk.ru has issues
  • Analysts identified 3,698 new IP addresses participating in various Botnets
  • Vice & Industrial Spy
  • US Agriculture under Attack
  • T-Mobile Hit (again)
  • Oil India LTD
  • Getting Annoyed?
  • Lapsus$

Link to full report: IR-22-119-001_weekly119.pdf

10440901073?profile=RESIZE_400xThe financial sector is a prime target for criminal cartels and nation-state actors. Criminals seek a lucrative market, and nation-states treat profit as a form of sanctions-busting. The high volume of Russian-speaking gangs and the current sanctions against the Russian state makes Russia a major threat to financial institutions today.

The reason that financial institutions are under constant attack is simple: that’s where the money is today.  This is no different than the statement made by the