X-Industry

The Russian invasion of Ukraine in early 2022 appears to have led to a double-digit decrease in stolen payment card records published to the dark web, according to researchers.

In a recent report, investigators analyzed detailed threat intelligence gleaned from the cybercrime underground to compile a report.  It reported a 24% year-on-year decrease in the volume of card-not-present records on dark web carding shops in 2022 to 45.6 million and a 62% slump in card present records, to 13.8 million.

Activity Summary - Week Ending on 23 December 2022:

• Red Sky Alliance identified 44,282 connections from new IP’s checking in with our Sinkholes
• Frantech[.]ca In Las Vegas hit 16x (2^nd week)
• Analysts identified 1,046 new IP addresses participating in various Botnets
• MCCrash DDoS
• Glupteba Trojan
• Glupteba IoCs
• Epic Games
• Thyssenkrupp
• Russia and Oil
• Happy Holidays

Link to full report: IR-22-357-001_weekly357.pdf

A newly discovered web skimming campaign running for the past year has already compromised over 40 e-commerce sites, according to researchers.  The JavaScript protection vendor revealed that “Group X,” which exfiltrated card data to a server in Russia, used a novel supply-chain technique to compromise its victims.  The cyber-criminals exploited a third-party software named Cockpit, a free web marketing and analytics service that was discontinued in December 2014.   Cockpit is a JavaScript librar

Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021 that has alleged ties to Russia who attacks “With Love.”  Vice have crossed the line of what many hackers said was off limits – education and health care systems and facilities.  This past September, a ransomware attack on the Los Angeles Unified School District crippled its digital operations across their system, which includes more than 1,000 schools and serves roughly 600,000 students.  

Our friends at FortiGuard Labs have observed an increasing number of campaigns targeting either side of the ongoing Russian-Ukrainian conflict.  These may be a cyber element to the conflict or simply opportunistic threat actors taking advantage of the war to further their malicious objectives.  Recently, researchers encountered a malicious Excel document masquerading as a tool to calculate salaries for Ukrainian military personnel.  The shared practical report discusses the technical details of

Some of the largest airports in the US have been targeted for cyber-attacks; as recent as 10 October, by an attacker group within the Russian Federation.  It’s important to note that the airport operations IT systems targeted did not handle air traffic control, internal airline communications and coordination or transportation security.  "It's an inconvenience," the source said. The attacks have resulted in targeted "denial of public access" to public-facing web domains that report airport wait

When Belarusian activist Yuliana Shemetovets was offered a job as the spokesperson of the Belarusian Cyber Partisans hacktivist group, she didn’t rush to accept it. “To be honest, I was scared,” she said.  She had reasons to be. Belarus is an authoritarian state in which elections are openly rigged and civil liberties are severely restricted. The country is ruled by dictator Alexander Lukashenko, who has resorted to repression and corruption to stay in power for more than 30 years.

Belarusian Cy

Activity Summary - Week Ending on 16 September 2022:

• Red Sky Alliance identified 46,287 connections from new IP’s checking in with our Sinkholes
• hetzner[.]de in Finland hit 28x
• Analysts identified 3,147 new IP addresses participating in various Botnets
• Nomad Crypto
• EvilProxy
• Albania
• US – New York
• Kiwi Farms
• Russia
• Industrial Espionage

Link to full report: IR-22-259-001_weekly259.pdf

Just what is for sale on the Dark Web?  According to a published report, the North Atlantic Treaty Organization (NATO) is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web.  The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.  Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache b

Hacks tied to Russia and Ukraine war have had minor impact, researchers say.  Although politicians and cybersecurity experts have warned about the potential for widespread hacks in the wake of Russia’s invasion of Ukraine, a new study finds that attacks linked to the conflict have had minor impact and are unlikely to escalate further.[1]  This is some positive news for cyber security.

Researchers from the University of Cambridge, the University of Edinburgh and the University of Strathclyde exam

The Agency for National Security, ANB, said on Friday that Russian services have organized coordinated cyber-attacks on Montenegrin government servers twice since 22 August 2022.  The ANB told media that Montenegro is in what it called a hybrid war at the moment.  “Coordinated Russian services are behind the cyber-attack. This kind of attack was carried out for the first time in Montenegro, and it has been prepared for a long period of time,” the ANB told media.

On 22 August, the government repo

The Ukrainian energy agency responsible for the oversight and safe operation of the nation’s nuclear power plants said earlier this week that Russian hackers had launched their most ambitious effort yet on the company’s official website.  The attack appeared to fail and there was no indication that it threatened to disrupt the Ukrainian power grid or the company’s oversight of the nation’s 15 working  nuclear reactors.

The company, Energoatom,[1] said it had managed to keep the attack from being

During the current proxy ‘WWIII,’ Russia and Ukraine continue to battle on the cyber side of the war between the two nations.  Both sides have launched cyber-attacks against each other in offensive ways, such as Russian threat actors taking over radio stations to spread misinformation of Ukraine’s President.  Current events show that the hacking might be getting a lot more serious and could cost more lives.

Pro-Russia hacking groups claim that they have developed "a new type of attack" that can

A suspected cyber-attack on 7-Eleven stores, pervasive in large towns and at rail stations across Denmark, is reporting that “we cannot use cash registers and/or receive payments.”  This the company wrote on its Facebook page.  “We are therefore closed until we know the extent [of the attack].  We hope to be able to open stores again soon,” it wrote.

There are 176 7-Eleven stores in Denmark.  The company’s CEO told a Danish broadcaster that cash registers “suddenly” began to malfunction in store

In light of all of the Russian ransomware attacks on organizations worldwide, a dose of Schadenfreude is a welcome sign.  For our non-German readers: “Schadenfreude is the experience of pleasure, joy, or self-satisfaction that comes from learning of or witnessing the troubles, failures, or humiliation of another (especially an adversary). It is a borrowed word from German, with no direct translation, that originated in the 18th century.”

An unknown threat actor has been targeting Russian entitie

Even in the middle of a war, Ukrainian law enforcers claim to have dismantled a large bot farm used by Russian special services to spread disinformation and propaganda in the country.  The Secret Service of Ukraine (SSU) said the million-strong bot farm was used to “spin destabilizing content” on the country’s military and political leadership to an audience of over 400,000.

This included fake news on the situation at the front, an alleged conflict between the President’s Office and the commande

In the past five (5) years there has been a wide-ranging espionage operation in which more than 150 companies were targeted to be hacked in Germany alone: especially in the area of critical infrastructure companies.  Specifically, the hackers sought out electricity and water supply systems.  After years of investigation, the Germany’s State Criminal Police Office of Baden-Württemberg succeeded in identifying one of the suspected perpetrators: Pawel A.

This state backed hacker is said to belong t

A new cross-platform ransomware named Luna can encrypt files on Windows, Linux, and ESXi, but its developers only offer it to Russian-speaking affiliates.  The ransomware is fairly simple, according to researchers who analyzed the malware, but it uses an encryption scheme that is not typically used by ransomware a combination of X25519 elliptic curve Diffie-Hellman key exchange using Curve25519 with the Advanced Encryption Standard (AES) symmetric encryption algorithm.  The Diffie-Hellman key ex

A Russian official threatened the West on 08 June 2022, asserting that a “direct military clash” could result if Western governments continue to mount cyberattacks against its infrastructure.  “The militarization of the information space by the West and attempts to turn it into an arena of interstate confrontation, have greatly increased the threat of a direct military clash with unpredictable consequences,” the Russian foreign ministry’s head of international information security said in a stat

Ever since the beginning of the Internet Age, the potential to weaponize digital technologies as tools of international aggression has been known.  This was exposed by Russia’s 2007 cyber-attack on Estonia, which was widely recognized as the first such act by one state against another.  In 2016, NATO officially recognized cyberspace as a field of military operations alongside the more traditional domains of land, sea and air.

The current Russia-Ukraine War demonstrates the next major milestone i