ukraine (50)

12390151900?profile=RESIZE_400xSentinelLabs and ClearSky Cyber Security have been tracking a propaganda and disinformation campaign since late November 2023, highly likely orchestrated by Doppelgänger, a suspected Russia-aligned influence operation network known for its persistent and aggressive tactics.  Initially focusing on disseminating anti-Ukraine content following the onset of the Russo-Ukrainian conflict, Doppelgänger has since broadened its scope, targeting audiences in the US, Israel, Germany, and France.

Analysts o

12389946096?profile=RESIZE_400xCyber threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited Cross-Site Scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations.   According to investigators, these entities are primarily located in Georgia, Poland, and Ukraine and attributed the intrusion set to a threat actor known as Winter Vivern, also known as TA473 and UAC0114.  The cybersecurity firm tracks the hacki

12356665288?profile=RESIZE_400xAn official at the Bangladesh Election Commission has claimed that a cyber-attack “from Ukraine and Germany” caused an election information app to crash as voters went to the polls on 8 January.  There has not been an allegation that the incident affected votes in the country, where incumbent Prime Minister Sheikh Hasina secured her fourth straight term in office after a record low turnout, as reported by BBC News.

Hasina, who has held power since 2009, is currently the longest-serving female he

12346580278?profile=RESIZE_400xThe mass outage of Ukrainian mobile and internet provider Kyivstar on December 12 last year has now been attributed to the Russian state-sponsored Sandworm group by Ukraine’s Security Service (SBU).  The attack resulted in a total outage of the networks provided by Kyivstar, which included several early-warning attack systems and caused a surge in traffic on other network providers in Ukraine as people sought alternative means of connectivity.  It has now been determined that the group were ling

12345062692?profile=RESIZE_400xCybersecurity researchers at Deep Instinct Lab have revealed a new series of cyberattacks by ‘UAC-0099,’ specifically targeting Ukrainians.  These attacks employ common tactics, such as using fabricated court summons to entice targets into executing malicious files.

The group’s activities were initially revealed in May 2023 through the Ukrainian CERT advisory ‘#6710,’ and Deep Instinct has now provided exclusive insights into their latest attack.

According to a blog post from the company, on Dec

12309889482?profile=RESIZE_400xResearchers have tracked more activity by an influence campaign linked to Russia that spreads disinformation and propaganda in the US, Germany and Ukraine through a vast network of social media accounts and fake websites.

The campaign, attributed to the Russia-linked influence operation network called Doppelgänger, has been active since at least May 2022.  The US tech company Meta previously referred to Doppelgänger as the “largest” and “most aggressively persistent” malign network sponsored by

12264247482?profile=RESIZE_400xUkrainian hackers collaborated with the country's security services, the SBU, to breach Russia's largest private bank, a source within the department confirmed to Recorded Future News.  Last week, two groups of pro-Ukrainian hackers, KibOrg and NLB, hacked into Alfa-Bank and claimed to obtain the data of more than 30 million customers, including their names, dates of birth, account numbers, and phone numbers, according to a post on their official website.

Alfa-Bank was sanctioned by the United S

12253791881?profile=RESIZE_400xElon Musk’s SpaceX has received its first contract from the US Space Force to provide customized satellite communications for the military under the company’s new Starshield program, extending the provocative billionaire’s role as a defense contractor.

See:  https://redskyalliance.org/xindustry/starlink-to-the-rescue-1

Space Exploration Technologies Corp. is competing with 15 companies, including Viasat Inc., for $900 million in work orders through 2028 under the Space Force’s new “Proliferated

12148371273?profile=RESIZE_400xAs part of a recently identified cyber operation, the cybersecurity investigators report that a Russia-linked threat actor known as RomCom has been targeting entities supporting Ukraine, including guests at the 2023 NATO Summit taking place July 11-12.  The event takes place in Vilnius, Lithuania.  The NATO Summit has on the agenda talks focusing on the war in Ukraine and new memberships in the organization, including Sweden and Ukraine.

RomCom attackers are spoofing trusted software solutions t

11151738884?profile=RESIZE_400xResearchers have uncovered malware designed to disrupt electric power transmission that may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids.

Known as CosmicEnergy, the malware has capabilities that are comparable to those found in malware known as Industroyer and Industroyer2, both of which have been widely attributed by researchers to Sandworm, the name of one of Russia’s most skilled and cutthroat hacking groups.  Sand

11136873077?profile=RESIZE_400xSeveral Polish media and news websites were hit by distributed denial-of-service (DDoS) attacks that the government said could be the action of Russian hacking groups, the digitalization minister was quoted as saying on 18 May.  Warsaw has positioned itself as one of Ukraine's staunchest allies since Russia invaded the country, and Poland says it frequently faces Russian attempts to destabilize the situation in the country.  Moscow has consistently denied that it carries out hacking operations.

11082519091?profile=RESIZE_400xThe risk of a cyber-attack is the “main worry” for broadcasters staging the Eurovision song contest on behalf of war-torn Ukraine, a BBC executive has said.  Experts from the UK’s National Cyber Security Centre have been drafted in to help thwart any attempts by pro-Russian hackers to sabotage the competition’s public vote on Saturday.

The UK’s BBC director of unscripted programs, said there was no specific intelligence about an attack but that there were “so many contingency plans” in place if

10961632855?profile=RESIZE_400xAn information and hacking campaign, called Ghostwriter, with links to a foreign state has potentially had a "significant cumulative impact" over many years, according to a report from Cardiff University.  The findings, from the Security, Crime and Intelligence Innovation Institute, provide the most comprehensive picture to date of the activities of the so-called Ghostwriter campaign.

Tracking its evolving activities via open-source data, the report demonstrates how it has impersonated multiple

10960601287?profile=RESIZE_400xThe first Linux variant of the Clop ransomware was rife with issues that allowed researchers to create a decryptor tool for victims.  SentinelOne said it observed the first Clop (also stylized as Cl0p) ransomware variant targeting Linux systems on 26 December 2022.  Clop has existed since about 2019, targeting large companiesfinancial institutionsprimary schools and critical infrastructure across the world. After the group targeted several major South Korean companies like e-commerce giant E

10960601287?profile=RESIZE_400xThe first Linux variant of the Clop ransomware was rife with issues that allowed researchers to create a decryptor tool for victims.  SentinelOne said it observed the first Clop (also stylized as Cl0p) ransomware variant targeting Linux systems on 26 December 2022.  Clop has existed since about 2019, targeting large companiesfinancial institutionsprimary schools and critical infrastructure across the world. After the group targeted several major South Korean companies like e-commerce giant E

10947151300?profile=RESIZE_400xAccording to trusted government sources, there is an increasing focus on US Cyber Command (CYBERCOM) to try and replicate the ability of the US Special Operations Command (SOCOM), the unified combatant command with the mission of overseeing the elements of the special operations in the US Armed Services to bring capabilities directly into the battlespace.  At a recent meeting, the chief of CYBEROM is quoted as saying that the command is “trying to build our authorities much in the same way Speci

10945933054?profile=RESIZE_400xThe Russian invasion of Ukraine in early 2022 appears to have led to a double-digit decrease in stolen payment card records published to the dark web, according to researchers.

In a recent report, investigators analyzed detailed threat intelligence gleaned from the cybercrime underground to compile a report.  It reported a 24% year-on-year decrease in the volume of card-not-present records on dark web carding shops in 2022 to 45.6 million and a 62% slump in card present records, to 13.8 million.

10841887054?profile=RESIZE_400xActivity Summary - Week Ending on 14 October 2022:

  • Red Sky Alliance identified 26,570 connections from new IP’s checking in with our Sinkholes
  • Netskope IAD hit 56x
  • Analysts identified 556 new IP addresses participating in various Botnets
  • Bisamware and Chile Locker
  • njRat, a.k.a. Bladabindi
  • Emotet 2022
  • Singtel
  • Pinnacle Hack
  • Ukraine War
  • Optus Part II

Link to full report:  IR-22-288-001_weekly288.pdf

10840156473?profile=RESIZE_400xOur friends at FortiGuard Labs have observed an increasing number of campaigns targeting either side of the ongoing Russian-Ukrainian conflict.  These may be a cyber element to the conflict or simply opportunistic threat actors taking advantage of the war to further their malicious objectives.  Recently, researchers encountered a malicious Excel document masquerading as a tool to calculate salaries for Ukrainian military personnel.  The shared practical report discusses the technical details of

10804163868?profile=RESIZE_400xJust what is for sale on the Dark Web?  According to a published report, the North Atlantic Treaty Organization (NATO) is investigating the leak of data reportedly stolen from a European missile systems firm, which hackers have put up for sale on the Dark Web.  The leaked data includes blueprints of weapons used by Ukraine in its current war with Russia.  Integrated defense company MBDA Missile Systems, headquartered in France, has acknowledged that data from its systems is a part of the cache b