X-Industry

An inconspicuous office is in Moscow’s north-eastern suburbs.  A sign reads: “Business Centre.”  Nearby are modern residential blocks and a rambling old cemetery, home to ivy-covered war memorials.  The area is where Peter the Great once trained his mighty army.  Inside the six-story building, a new generation is helping Russian military operations.  Its weapons are more advanced than those of Peter the Great’s era, not pikes and halberds, but hacking and disinformation tools.[1]

The software en

A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research.  Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual Property Organization (WIPO).  The researchers also found that it attacked several embassies.  “Our assessment is that the operators of this

An information and hacking campaign, called Ghostwriter, with links to a foreign state has potentially had a "significant cumulative impact" over many years, according to a report from Cardiff University.  The findings, from the Security, Crime and Intelligence Innovation Institute, provide the most comprehensive picture to date of the activities of the so-called Ghostwriter campaign.

Tracking its evolving activities via open-source data, the report demonstrates how it has impersonated multiple

The Russian hacking group known as 'Nodaria' (UAC-0056) is using a new information-stealing malware called 'Graphiron' to steal data from Ukrainian organizations.  The Go-based malware can harvest a wide range of information, including account credentials, system, and app data.  The malware will also capture screenshots and exfiltrate files from compromised machines.  Symantec's threat research team discovered that Nodaria has been using Graphiron in attacks since at least October 2022 through m

A pro-Russian hacking group is claiming responsibility for cyber-attacks on several hospitals in the United States.  The attack came just days after the Federal Bureau of Investigation (FBI) said it took down a ransomware group that was also targeting hospitals in what was called “The Hive” attack.

The US Attorney General says they’ve seen how cyber-attacks on medical facilities can be very disruptive.  “The Hive ransomware attack was able to prevent the hospital from accepting new patients,” th

According to trusted government sources, there is an increasing focus on US Cyber Command (CYBERCOM) to try and replicate the ability of the US Special Operations Command (SOCOM), the unified combatant command with the mission of overseeing the elements of the special operations in the US Armed Services to bring capabilities directly into the battlespace.  At a recent meeting, the chief of CYBEROM is quoted as saying that the command is “trying to build our authorities much in the same way Speci

The Russian invasion of Ukraine in early 2022 appears to have led to a double-digit decrease in stolen payment card records published to the dark web, according to researchers.

In a recent report, investigators analyzed detailed threat intelligence gleaned from the cybercrime underground to compile a report.  It reported a 24% year-on-year decrease in the volume of card-not-present records on dark web carding shops in 2022 to 45.6 million and a 62% slump in card present records, to 13.8 million.

Activity Summary - Week Ending on 23 December 2022:

• Red Sky Alliance identified 44,282 connections from new IP’s checking in with our Sinkholes
• Frantech[.]ca In Las Vegas hit 16x (2^nd week)
• Analysts identified 1,046 new IP addresses participating in various Botnets
• MCCrash DDoS
• Glupteba Trojan
• Glupteba IoCs
• Epic Games
• Thyssenkrupp
• Russia and Oil
• Happy Holidays

Link to full report: IR-22-357-001_weekly357.pdf

A newly discovered web skimming campaign running for the past year has already compromised over 40 e-commerce sites, according to researchers.  The JavaScript protection vendor revealed that “Group X,” which exfiltrated card data to a server in Russia, used a novel supply-chain technique to compromise its victims.  The cyber-criminals exploited a third-party software named Cockpit, a free web marketing and analytics service that was discontinued in December 2014.   Cockpit is a JavaScript librar

Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021 that has alleged ties to Russia who attacks “With Love.”  Vice have crossed the line of what many hackers said was off limits – education and health care systems and facilities.  This past September, a ransomware attack on the Los Angeles Unified School District crippled its digital operations across their system, which includes more than 1,000 schools and serves roughly 600,000 students.  

Our friends at FortiGuard Labs have observed an increasing number of campaigns targeting either side of the ongoing Russian-Ukrainian conflict.  These may be a cyber element to the conflict or simply opportunistic threat actors taking advantage of the war to further their malicious objectives.  Recently, researchers encountered a malicious Excel document masquerading as a tool to calculate salaries for Ukrainian military personnel.  The shared practical report discusses the technical details of

Some of the largest airports in the US have been targeted for cyber-attacks; as recent as 10 October, by an attacker group within the Russian Federation.  It’s important to note that the airport operations IT systems targeted did not handle air traffic control, internal airline communications and coordination or transportation security.  "It's an inconvenience," the source said. The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait

When Belarusian activist Yuliana Shemetovets was offered a job as the spokesperson of the Belarusian Cyber Partisans hacktivist group, she didn’t rush to accept it. “To be honest, I was scared,” she said.  She had reasons to be. Belarus is an authoritarian state in which elections are openly rigged and civil liberties are severely restricted. The country is ruled by dictator Alexander Lukashenko, who has resorted to repression and corruption to stay in power for more than 30 years.

Belarusian Cy

Activity Summary - Week Ending on 16 September 2022:

• Red Sky Alliance identified 46,287 connections from new IP’s checking in with our Sinkholes
• hetzner[.]de in Finland hit 28x
• Analysts identified 3,147 new IP addresses participating in various Botnets
• Nomad Crypto
• EvilProxy
• Albania
• US – New York
• Kiwi Farms
• Russia
• Industrial Espionage

Link to full report: IR-22-259-001_weekly259.pdf

Just what is for sale on the Dark Web?  According to a published report, the North Atlantic Treaty Organization (NATO) is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web.  The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.  Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache b

Hacks tied to Russia and Ukraine war have had minor impact, researchers say.  Although politicians and cybersecurity experts have warned about the potential for widespread hacks in the wake of Russia’s invasion of Ukraine, a new study finds that attacks linked to the conflict have had minor impact and are unlikely to escalate further.[1]  This is some positive news for cyber security.

Researchers from the University of Cambridge, the University of Edinburgh and the University of Strathclyde exam

The Agency for National Security, ANB, said on Friday that Russian services have organized coordinated cyber-attacks on Montenegrin government servers twice since 22 August 2022.  The ANB told media that Montenegro is in what it called a hybrid war at the moment.  “Coordinated Russian services are behind the cyber-attack. This kind of attack was carried out for the first time in Montenegro, and it has been prepared for a long period of time,” the ANB told media.

On 22 August, the government repo

The Ukrainian energy agency responsible for the oversight and safe operation of the nation’s nuclear power plants said earlier this week that Russian hackers had launched their most ambitious effort yet on the company’s official website.  The attack appeared to fail and there was no indication that it threatened to disrupt the Ukrainian power grid or the company’s oversight of the nation’s 15 working  nuclear reactors.

The company, Energoatom,[1] said it had managed to keep the attack from being

During the current proxy ‘WWIII,’ Russia and Ukraine continue to battle on the cyber side of the war between the two nations.  Both sides have launched cyber-attacks against each other in offensive ways, such as Russian threat actors taking over radio stations to spread misinformation of Ukraine’s President.  Current events show that the hacking might be getting a lot more serious and could cost more lives.

Pro-Russia hacking groups claim that they have developed "a new type of attack" that can

A suspected cyber-attack on 7-Eleven stores, pervasive in large towns and at rail stations across Denmark, is reporting that “we cannot use cash registers and/or receive payments.”  This the company wrote on its Facebook page.  “We are therefore closed until we know the extent [of the attack].  We hope to be able to open stores again soon,” it wrote.

There are 176 7-Eleven stores in Denmark.  The company’s CEO told a Danish broadcaster that cash registers “suddenly” began to malfunction in store