X-Industry

In light of all of the Russian ransomware attacks on organizations worldwide, a dose of Schadenfreude is a welcome sign.  For our non-German readers: “Schadenfreude is the experience of pleasure, joy, or self-satisfaction that comes from learning of or witnessing the troubles, failures, or humiliation of another (especially an adversary). It is a borrowed word from German, with no direct translation, that originated in the 18th century.”

An unknown threat actor has been targeting Russian entitie

Even in the middle of a war, Ukrainian law enforcers claim to have dismantled a large bot farm used by Russian special services to spread disinformation and propaganda in the country.  The Secret Service of Ukraine (SSU) said the million-strong bot farm was used to “spin destabilizing content” on the country’s military and political leadership to an audience of over 400,000.

This included fake news on the situation at the front, an alleged conflict between the President’s Office and the commande

In the past five (5) years there has been a wide-ranging espionage operation in which more than 150 companies were targeted to be hacked in Germany alone: especially in the area of critical infrastructure companies.  Specifically, the hackers sought out electricity and water supply systems.  After years of investigation, the Germany’s State Criminal Police Office of Baden-Württemberg succeeded in identifying one of the suspected perpetrators: Pawel A.

This state backed hacker is said to belong t

A new cross-platform ransomware named Luna can encrypt files on Windows, Linux, and ESXi, but its developers only offer it to Russian-speaking affiliates.  The ransomware is fairly simple, according to researchers who analyzed the malware, but it uses an encryption scheme that is not typically used by ransomware a combination of X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm.  The Diffie-Hellman key ex

A Russian official threatened the West on 08 June 2022, asserting that a “direct military clash” could result if Western governments continue to mount cyberattacks against its infrastructure.  “The militarization of the information space by the West and attempts to turn it into an arena of interstate confrontation, have greatly increased the threat of a direct military clash with unpredictable consequences,” the Russian foreign ministry’s head of international information security said in a stat

Ever since the beginning of the Internet Age, the potential to weaponize digital technologies as tools of international aggression has been known.  This was exposed by Russia’s 2007 cyber-attack on Estonia, which was widely recognized as the first such act by one state against another.  In 2016, NATO officially recognized cyberspace as a field of military operations alongside the more traditional domains of land, sea and air.

The current Russia-Ukraine War demonstrates the next major milestone i

There is serious legal reasoning that cyber-attacks against a nation’s critical infrastructure could be reasoned as a war crime.[1]  The University of California (UC), Berkeley Human Rights Center’s recent recommendations for war crime charges against the Sandworm hacking group, which was sent to the International Crimes Commission (ICC) before some of the most recent cyberattacks fully came to light, single out Sandworm’s two blackout attacks in 2015 and 2016 for legal and practical reasons: Sa

Tesla Inc. CEO Elon Musk said SpaceX’s high-speed Internet service, Starlink, has held out against Russia’s cyberwar tactics amid the country’s ongoing invasion of Ukraine. 

What Happened - Musk said last week that Starlink has resisted Russia’s “jamming & hacking attempts,” even as the Vladimir Putin-led country is ramping up efforts.  Musk linked his comment to a Reuters report that said Russia was behind a massive cyberattack against a satellite internet network that took tens of thousands of

Just yesterday, I gave a very brief talk on the ethics and morals of hackers.  My focus was centered on the criminality of hacking, but the same holds true with nation-state level cyber actors.  The Russia Matters publication has provided a series of opinions on why Russia has not initiated a full scale cyber-attack, often called ‘cybergeddon’ upon its adversaries.  Russia’s war in Ukraine, now nearing its 10-week mark, has been devastating, killing thousands of civilians, and forcing millions t

When one of your enemies begins attacking another one of your other enemies, does this mean that your first enemy is now an ally?   I will let the philosophers answer this question.  A China-linked state-sponsored cyberespionage group has started targeting the Russian military in recent attacks, which aligns with China’s interests in the Russia-Ukraine war.  Tracked as Mustang PANDA, Bronze President, RedDelta, HoneyMyte, Red Lichand TA416, the government-backed hacking group previously focused

Activity Summary - Week Ending on 29 April 2022:

• Red Sky Alliance identified 10, 907 connections from new IP’s checking in with our Sinkholes
• msk.ru has issues
• Analysts identified 3,698 new IP addresses participating in various Botnets
• Vice & Industrial Spy
• US Agriculture under Attack
• T-Mobile Hit (again)
• Oil India LTD
• Getting Annoyed?
• Lapsus$

Link to full report: IR-22-119-001_weekly119.pdf

The financial sector is a prime target for criminal cartels and nation-state actors. Criminals seek a lucrative market, and nation-states treat profit as a form of sanctions-busting. The high volume of Russian-speaking gangs and the current sanctions against the Russian state makes Russia a major threat to financial institutions today.

The reason that financial institutions are under constant attack is simple: that’s where the money is today.  This is no different than the statement made by the

The Sandworm Group, a Russian based APT, which recently made headlines after their botnet of machines infected with Cyclops Blink malware, was taken down by the US Department of Justice, has been busy crafting attacks targeting the Ukrainian power grid.  The Computer Emergency Response Team of Ukraine (CERT-UA), had to step in and take action to thwart the attack on the country’s energy facilities.  Blame for the attack has been placed on Sandworm in support of Russian military actions in Easter

The international Anonymous hacktivists group has targeted the Russian Ministry of Culture and leaked 446 GB worth of data online.  The cyberattack was carried out as part of their collective’s ongoing operation OpRussia against the country’s invasion of Ukraine.

Anonymous is a group of hacktivists that publicly announced a cyberwar against Russia after the country invaded Ukraine in late February 2022.  The latest to suffer a data leak is Russia’s Ministry of Culture.  As seen by Hackread.com,

Any cyber professionals, at any level, will attest that what they desperately need is coffee to stay awake while working.  Russian analysts, both good and bad, are now in serious trouble.  Commodity traders are diverting coffee shipments that were initially expected to go to Russia, and some have stopped selling to that market altogether, attendees at a US coffee conference said. 

Although food trade is not included in sanctions imposed on Russia after its invasion of Ukraine, difficulties in pr

A spokesman from the United States said on 07 April 2022 that it had secretly removed malware from computer networks around the world in recent weeks, a step to pre-empt Russian cyberattacks and send a message to President Vladimir V. Putin of Russia.  The actions, made public by Attorney General Merrick B. Garland, comes as U.S. officials warn that Russia could try to strike American critical infrastructure including financial firms, pipelines and the electric grid in response to the sanctions

Understandable fears of an unparalleled Russian cyberwar began to grow around the same time Russia began staging its military on their border with Ukraine.  Some people pictured a Russian digital assault not just on Ukraine but on all the West. At least a few people thought the Kremlin might team up with ransomware gangs to punish those who defied the invasion. Others were afraid that conflict between Putin’s hackers and Ukraine might spin out of control and spur a broader cyber melee around the

Microsoft says it's blocked GRU cyber operations directed against US, European, and Ukrainian targets. Redmond calls the group "Strontium," in its metallic naming convention for threat groups, but the threat actor is also known as APT28 and, of course, Fancy Bear. The disruption was a familiar (and entirely praiseworthy) takedown. Microsoft explained, "On Wednesday April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these a

They say “Birds of a Feather, Flock Together.”  This holds true with criminal hackers.  Threat analysts have recently compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods.[1]

Link to full report: TR-22-095-002_Fin7.pdf

[1] https://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/

The US Federal Communications Commission (FCC) has added Russian cybersecurity company Kaspersky Lab to its list of entities that pose an “unacceptable risk to US national security,” according to a report from Bloomberg.  This is the first time a Russian company has been added to the list, which is otherwise made up of Chinese companies, like Huawei and ZTE.[1]

Businesses in the US are barred from using federal subsidies provided through the FCC’s Universal Service Fund to purchase any products