The Sandworm Group, a Russian based APT, which recently made headlines after their botnet of machines infected with Cyclops Blink malware, was taken down by the US Department of Justice, has been busy crafting attacks targeting the Ukrainian power grid. The Computer Emergency Response Team of Ukraine (CERT-UA), had to step in and take action to thwart the attack on the country’s energy facilities. Blame for the attack has been placed on Sandworm in support of Russian military actions in Easter
russia (152)
The international Anonymous hacktivists group has targeted the Russian Ministry of Culture and leaked 446 GB worth of data online. The cyberattack was carried out as part of their collective’s ongoing operation OpRussia against the country’s invasion of Ukraine.
Anonymous is a group of hacktivists that publicly announced a cyberwar against Russia after the country invaded Ukraine in late February 2022. The latest to suffer a data leak is Russia’s Ministry of Culture. As seen by Hackread.com,
Any cyber professionals, at any level, will attest that what they desperately need is coffee to stay awake while working. Russian analysts, both good and bad, are now in serious trouble. Commodity traders are diverting coffee shipments that were initially expected to go to Russia, and some have stopped selling to that market altogether, attendees at a US coffee conference said.
Although food trade is not included in sanctions imposed on Russia after its invasion of Ukraine, difficulties in pr
A spokesman from the United States said on 07 April 2022 that it had secretly removed malware from computer networks around the world in recent weeks, a step to pre-empt Russian cyberattacks and send a message to President Vladimir V. Putin of Russia. The actions, made public by Attorney General Merrick B. Garland, comes as U.S. officials warn that Russia could try to strike American critical infrastructure including financial firms, pipelines and the electric grid in response to the sanctions
Understandable fears of an unparalleled Russian cyberwar began to grow around the same time Russia began staging its military on their border with Ukraine. Some people pictured a Russian digital assault not just on Ukraine but on all the West. At least a few people thought the Kremlin might team up with ransomware gangs to punish those who defied the invasion. Others were afraid that conflict between Putin’s hackers and Ukraine might spin out of control and spur a broader cyber melee around the
Microsoft says it's blocked GRU cyber operations directed against US, European, and Ukrainian targets. Redmond calls the group "Strontium," in its metallic naming convention for threat groups, but the threat actor is also known as APT28 and, of course, Fancy Bear. The disruption was a familiar (and entirely praiseworthy) takedown. Microsoft explained, "On Wednesday April 6th, we obtained a court order authorizing us to take control of seven internet domains Strontium was using to conduct these a
They say “Birds of a Feather, Flock Together.” This holds true with criminal hackers. Threat analysts have recently compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods.[1]
Link to full report: TR-22-095-002_Fin7.pdf
[1] https://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/
The US Federal Communications Commission (FCC) has added Russian cybersecurity company Kaspersky Lab to its list of entities that pose an “unacceptable risk to US national security,” according to a report from Bloomberg. This is the first time a Russian company has been added to the list, which is otherwise made up of Chinese companies, like Huawei and ZTE.[1]
Businesses in the US are barred from using federal subsidies provided through the FCC’s Universal Service Fund to purchase any products
Activity Summary - Week Ending on 25 March 2022:
- Red Sky Alliance identified 15,245 connections from new IP’s checking in with our Sinkholes
- Malicious Keylogger data is back with 24 Keylogged emails
- Analysts identified 1,081 new IP addresses participating in various Botnets
- CaddyWiper
- CryptBot
- Russian Cyber Attacks – Train your Machine
- IssacWiper
- A 3rd Wipper (after HermeticWiper and IzaakWiper)
- Wiper remediation
Link to full report: IR-22-084-001_weekly084.pdf
Since declaring cyberwar on Russia through the #OpRussia campaign, the hacktivist group Anonymous has been busy. It has been three weeks since the Anonymous collective tweeted their declaration of war, and in that time the decentralized group has been a mainstay of news headlines.
Since Russia invaded Ukraine the Anonymous twitter account, @YourAnonNews has gained close to 500,000 followers. In the hybrid war format where both acts of kinetic war and cyber war have been documented many hack
A provocative piece from Vox, explains the current state of the Russian Cyber War. After three weeks of fighting, Russia is beginning to deploy increasingly brutal tactics in Ukraine, including indiscriminate shelling of cities and “medieval” siege warfare. Other elements of its military strategy, however, are conspicuously absent in cyberwarfare. Russia has a history of employing cyberwarfare tactics, which some experts believed could feature prominently in its invasion of Ukraine. The cyber
Activity Summary - Week Ending on 18 March 2022:
- Red Sky Alliance identified 16,707 connections from new IP’s checking in with our Sinkholes
- Malicious Keylogger data is back with 20 Keylogged emails
- Analysts identified 3,8171 new IP addresses participating in various Botnets
- Soul Searcher
- SharkBot
- Blue, Yellow and Gray Zones
- Open-Source Reverse Tunneling Tool
- Strengthening American Cybersecurity Act
- Vessel Impersonation
Link to full report: IR-22-077-001_weekly077.pdf
The US president signed an executive order (E.O.) on 9 March for “ensuring responsible innovation in digital assets.” The E.O. is designed to, among other things, crack down on the use of cryptocurrency among cybercriminals.[1]
This long-awaited directive orders federal agencies, including the Department of Justice and the Treasury Department, to coordinate their approach to the booming cryptocurrency sector. Although the order does not lay out specific policy suggestions, it takes aim at cons
At the start of March, residents of Kyiv had been bracing themselves for a 40-mile-long convoy of Russian tanks, armored vehicles, and towed artillery to arrive for an assault on the Ukrainian capital. Days later, they are still waiting. Perhaps Russian men are too disinclined to ask for directions
On 03 March 2022, US intelligence suggested that the convoy was still stalled some distance from Kyiv, backing claims made by both the Ukrainian government and UK's defense ministry. "We still ass
The Russian government announced on 04 March 2011 that it will begin to “partially restrict” access to Facebook, according to an announcement from its internet regulatory agency Roskomnadzor. Russia claimed that it would implement the measures, which were not specified after Facebook put its own restrictions on four Russian state-linked media outlets, the television network Zvezda, news agency RIA Novosti, and the websites Lenta.ru and Gazeta.ru.
“On 24 February 2022, Roskomnadzor sent requests
Last week, Russia blocked access to BBC website and the media outlet resorted to broadcasting news bulletins over shortwave radio in the country. According to a UK media report, the BBC said it was bringing back the WWII-era broadcasting technology in the region, just hours before its sites were banned. "It's often said truth is the first casualty of war. In a conflict where disinformation and propaganda is rife, there is a clear need for factual and independent news people can trust and in a
Activity Summary - Week Ending on 4 March 2022:
- Red Sky Alliance identified 5,761 connections from new IP’s checking in with our Sinkholes
- Malicious Keylogger data is back
- Analysts identified 5,700 new IP addresses participating in various Botnets
- Kraken Botnet
- TA2541 Part II
- Russian Hackers
- Indian Port hit with Malware
- Anonymous: Good or Bad Guys?
- Popular Journalist Hacked
- Bridgestone Americas
- US Banks on High Alert
Link to full report: IR-22-063-001_weekly063.pdf
As news continues to break about the ongoing crisis in Western Europe, Cyber Security professionals have been busy making sense of the role that presumably planned cyber-attacks have played in the conflict between Russia and Ukraine. A number of Russian cyber-attacks have served as a prelude to a physical invasion of Ukraine. There is a lot of information from the past two months to unpack and new events are continuing to be reported.
A quick review of the cyber events leading up to boots on t
The common definition of Guerrilla Warfare is a form of ‘irregular’ warfare in which small groups of combatants, such as paramilitary personnel, armed civilians, or irregulars, use military tactics including ambushes, sabotage, raids, petty warfare, hit-and-run tactics, and mobility, to fight a larger and less-mobile traditional military. Now enter cyber guerrilla warfare. A Ukrainian cyber guerrilla warfare group is in the process of launching digital sabotage attacks against critical Russian
A member of the Conti ransomware group, believed to be Ukrainian of origin, has leaked the gang’s internal chats after the group’s leaders posted an aggressive pro-Russian message on their official site, on February 25th, in the aftermath of Russia’s invasion of Ukraine. The message appears to have rubbed Conti’s Ukrainian members the wrong way, and one of them has hacked the gang’s internal Jabber/XMPP server. Internal logs were leaked earlier today via an email sent to multiple journalists an
