Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Anonymous. Show all posts
zero-day
Anonymous Data Breach ICAN Italy Kali Linux PowerShell servers Software Trojan unauthorised access zero-day

Global Ransomware Attack Targets VMware ESXi Servers



Cybersecurity firms around the world have recently warned of an increase in cyberattacks, particularly those targeting corporate banking clients and computer servers. The Italian National Cybersecurity Agency (ACN) recently reported a global ransomware hacking campaign that targeted VMware ESXi servers, urging organisations to take action to protect their systems.

In addition, Italian cybersecurity firm Cleafy researchers Federico Valentini and Alessandro Strino reported an ongoing financial fraud campaign since at least 2019 that leverages a new web-inject toolkit called drIBAN. The main goal of drIBAN fraud operations is to infect Windows workstations inside corporate environments, altering legitimate banking transfers performed by the victims and transferring money to an illegitimate bank account.

These accounts are either controlled by the threat actors or their affiliates, who are then tasked with laundering the stolen funds. The fraudulent transactions are often realized by means of a technique called Automated Transfer System (ATS) that's capable of bypassing anti-fraud systems put in place by banks and initiating unauthorized wire transfers from a victim's own computer.

The operators behind drIBAN have become more adept at avoiding detection and developing effective social engineering strategies, in addition to establishing a foothold for long periods in corporate bank networks. Furthermore, there are indications that the activity cluster overlaps with a 2018 campaign mounted by an actor tracked by Proofpoint as TA554 targeting users in Canada, Italy, and the U.K.

Organisations need to be aware of these threats and take immediate action to protect their systems from cyberattacks. The ACN has reported that dozens of Italian organisations have been likely affected by the global ransomware attack and many more have been warned to take action to avoid being locked out of their systems.


Read more »
Yandex
Anonymous Cyber Attacks Russia Ukraine Yandex

Anonymous Attacks Russian Taxi Company, Causes Traffic Jam


Yandex Taxi Hacked

Russia has been one of the main targets of hackers since the country launched a war against Ukraine. The most recent attack was targeted against Yandex Taxi, a ride hailing service. 

The news first came out on reddit.com. Yandex Taxi belongs to Yandex, Russia's leading IT corporation, also known as Russian Google. 

One should note that the EU sanctioned the company's co-founder Arkady Volozh for “de-ranking and removing,” any info related to Russian attacks against Ukraine.

About the incident

Once Yandex Taxi app was hacked, the anonymous threat actors made a massive traffic jam in Moscow, Russia. 

On 1st September 2022, the drivers complained after they saw an unusual gathering of Taxis in Moscow's western area. 

It happened because the hackers booked all the available taxis to a same address, and a massive traffic jam happened as various Yandex Taxi drivers got stuck due to being trapped in a particular location. 

The cabs were directed towards Kutuzovsky Prospekt, one of the main avenues in Moscow, it is also famous for the Stalinist-era building known as Hotel Ukraina (Hotel Ukraine).

The traffic jam was there for three hours. Yandex's security team immediately looked into the issue and promised to better the algorithm to avoid such incidents from happening again in the future. 

Who is behind the attack?

The online hacktivist group Anonymous claims responsibility for the attack. Someone compromised the Yandex app and did a frustrating mix-up of taxis. 

The hackers avoided the company's security mechanisms and made multiple fake orders, directing all the drivers to a single location. 

In a similar incident that happened last year, Yandex in its blog post said:

"This is just one of many attacks aimed not only at Yandex but also at many other companies in the world. The attacks have been going on for several weeks, their scale is unprecedented, and their source is a new botnet about which little is known so far."


Read more »
Kiwi Farms
Anonymous Cyber Security DDoS Kiwi Farms

Kiwi Farms Offline Due to Targeted DDoS Attacks


Site accused of leaking personal information 

Kiwi Farms is a website that hosts user-generated content and discussion forums. It has been accused of doxing, cyberbullying, and harassment. Kiwi Farms has been blocked from various social media websites and domain providers. 

Since 26th August 2022, however, Kiwi Farms has not been online and is showing a note from its administrators which says why the site is offline and how Kiwi Farms has been hit by DDoS (distributed denial of service) and other types of cyber attacks. 

Before the service was disrupted, according to the Kiwi Farm forum, it was targeted by a "DDoS attack" and other forms of network interruption attacks. 

The forum's administrators think that it was due to these cyberattacks and to safeguard other users, the internet service provider was compelled to ban their site.

Why is Kiwi Farms a target?

The website is infamous for doxing- or leaking personal information of users it considers "incels" (involuntary celibates), social justice warriors, feminists, and other users. 

It is believed that Kiwi Farms intently harass and humiliate people. A Twitch streamer and transgender activist Clara Sorrenti from Canada was arrested and swatted in London, Ontario, on 5th August. 

After a few days, the streamer's hotel address and location were exposed on Kiwi Farms. With the type of content that Kiwi Farms posts, it's no surprise that the site will be targeted by people who don't conform to its tactics. 

Who attacked Kiwi Farms with DDoS?

"Although it is unclear who was behind the DDoS attack against Kiwi Farms, @YourAnonNews, the largest social media representative of the Anonymous movement also tweeted about the incident," reports HackRead. 

Currently, it is not confirmed if Anonymous Hacktivists were behind the attack. 


Cloudfare and Kiwi Farms

Cloudfare offers security and DDoS protection to sites. It also offers services to Kiwi Farms and since the site has been alleged of doxing and leaking personal information of people without consent, the critics want Cloudfare to stop providing its services. 

In August 2017, Cloudfare immediately removed the neo-nazi and racist website DailyStormer from the platform. 

In 2019,  the infamous messageboard 8chan was alleged of sharing inciting content against minorities, and people of colour got ticked off by its hosting company Voxility, and Cloudfare withdrew its services. 

"However, at this moment there has been no statement from Cloudflare over the content Kiwi Farms has been accused of posting," said HackRead. 



Read more »
Hackers attack
Anonymous Data Breach Data Leak data security Hackers attack

Anonymous Leaks 82 GB Police Data as Protest Against Australian Detention Centre

Earlier this week, the Anonymous collective released 82 GB worth of emails that belonged to the Nauru Police Force. As per Anonymous, the data leak was a protest against the bad treatment of asylum seekers and refugees by Island authorities and the Australian government. 

Nauru is a small island country in Micronesia, Australia, infamous for an offshore refugee detention camp, for which Australia provides assistance. The total number of leaked emails is around 285,635 and open for direct and torrent downloads via the official website of "Enlace Hacktivista," a forum that tries to document hacker history. 

"Nauru agreed to assess people's claims for international protection and host the facilities required to detain them, while Australia committed to bearing the entirety of the cost. Nauru has a population of 10,000 people, with around 107 asylum seekers as of July 2021. 
 
The majority of asylum-seekers and refugees on Nauru are from Iran, while many are stateless, and others come from Afghanistan, Iraq, Myanmar, Pakistan, and Sri Lanka," says Enlace Hacktivista website. Experts couldn't find out the trove of emails, but Anonymous says that leaked data consists of details related to violence that the Nauru Police Force and the government of Australia tried to hide. 

Anonymous' statement asked authorities to start an inquiry into all accusations of abuse in the refugee detention camp and to compensate lifetime reparations to victims of abuse. It has also asked to end the policy of compulsory immigration detention and permanent shutting of immigration detention facilities, which includes the island of Nauru. DDoSecrets has confirmed the leak and said that the massive data leak is also available on DDoSecrets. 

Besides this @YourAnonNews, a media representative tweeted "anonymous hackers release 1/4 million Nauru Island Immigration Detention Center Police emails documenting abuses suffered by asylum seekers and refugees under successive Scott Morrison (Prime Minister of Australia since 24 August 2018) portfolios." As of now, there is no official statement from Nauru Police Force and the Australian government related to the leak.
Read more »
Ukraine
Anonymous Cyber Attacks Cyber War Russia Ukraine

Anonymous Wages a Cyber War Against Russia, Targets Oligarchs

Anonymous continues its attacks against Putin and Russia, recently, the latest attack is targeted against the Russian investment agency 'Marathon Group.' Anonymous keeps attacking Russian firms owned by oligarchs, last week, the group announced the hacking of Thozis Corp and in the most recent incident, the group claims responsibility behind the Marathon group hack. Marathon group is a Russian investment firm, the owner is oligarch Alexander Vinokuro, the EU sanctioned him recently. Vinokurov is the son-in-law of Russian Foreign Minister Lavrov. Anonymous breached the organization's systems and leaked 62,000 emails (a 52 GB archive) through DDoSecrets (Distributed Denial of Secrets). 

DDoSecrets is a non for profit whistleblower website launched in 2018. "JUST IN: #Anonymous has hacked & released 62,000 emails from the Marathon Group, a Russian investment firm owned by oligarch Alexander Vinokurov, currently under EU sanctions. Vinokurov is also the son-in-law of Russian Foreign Minister Lavrov" tweets @YourAnonTV. The group also takes responsibility for the hacking of Belarus government website associated with Volozhin Economy, a city in the Minsk region of Belarus. 

"Anonymous makes an intrusion into a website of the Government of Belarus dedicated to the Economy of Volozhin, a Belarusian city in the Minsk region" tweets @Anonymous_Link. The Anonymous group tweeted that due to the nature of the leak, DDoSecrets is willing to offer the data to journalists and researchers. "Hackers leaked 15GB of data stolen from the Russian Orthodox Church's charitable wing & released roughly 57,500 emails via #DDoSecrets. #DDoSecrets noted that due to the nature of the data, at this time it is only being offered to journalists & researchers," tweets @YourAnonTV What else has Anonymous done to Russia? 

In March, Anonymous declared to wage a "cyber war" against a Russia. Since then, Anonymous has claimed responsibility for launching various attacks on the Russian government, news websites and organizations, and leaked data of prominent firms like Roskomnadzor, a federal agency which censors Russian media. "Many CIS files were erased, hundreds of folders were renamed to "putin_stop_this_war" and email addresses and administrative credentials were exposed," said Jeremiah Fowler, cybersecurity company Security Discovery's Co-founder.

Read more »
Russia-Ukraine War
Anonymous Bank Hacking Cyber Attacks cybercriminals Russia-Ukraine War

Anonymous Plan to Release 35,000 Documents, Targeting Russia's Central Bank

 

Hackers stole $31 million ($2 billion) from Russian Central Bank client accounts, but officials were able to recover $26 million ($1.66 billion) of the assets, according to the bank in a report issued, originally reported by Reuters.

On Thursday, a Twitter account linked to the hacker-activist organization Anonymous claimed Russia's central bank had been hacked and that 35,000 files on "secret deals" will be revealed within 48 hours. 

The report does not say how Russian Central Bank officials detected the breach, but they did so in time to freeze some of the funds while they were being transferred between bank accounts to avoid being traced. 

Anonymous is a loosely organized organization of hackers from all over the world which has been active since at least 2008 when it targeted the Church of Scientology. It then shifted to 'hacktivism,' in which it targeted governments and corporations over key concerns. Members are known to wear Guy Fawkes masks and conceal one's voices with voice changers or text-to-speech tools. 

The gang does not appear to have a clearly defined hierarchy or set of regulations, making it difficult to credit cyber operations effectively. Since before the Russian invasion, Ukraine's government, army, and banks had been subjected to Russian-sponsored cyber attacks. Mykhailo Fedorov, Ukraine's Minister of Digital Transformation, told the press the main purpose of these attacks is to destabilize the country, stir panic, and create anarchy. 

The incident is similar to one that occurred earlier this year when hackers attempted to steal over $1 billion from the Bangladesh Central Bank but only succeeded in stealing $81 million. The majority of the funds were sent to Philippine casinos. The Bangladesh Central Bank has so far been able to retrieve $18 million in stolen funds. 

The study by the Russian Central Bank came on the same day the FSB (Federal Security Service) issued a warning about foreign intelligence services may try to destabilize Russia's financial system by spreading rumors of a false crisis, fake news about bank collapses, SMS alerts, and cyber-attacks. 

The FSB claimed its agents discovered servers held by a Ukrainian web hosting company in the Netherlands which were supposed to be utilized in the alleged campaign. Officials from the FSB said they were prepared to take any steps necessary to fight the danger.
Read more »
VPNS
Anonymous Email Russia Telegram Ukraine Ukraine Websites VPNS

Anonymous Rises Again Amid Russia Ukraine War

 

Anonymous, the international hacktivists collective has surfaced again, this time, the group claims to have hacked RoskoAmnadzor (known as Federal Service for Supervision of Communications, Information Technology and Mass Media), a federal Russian agency. Anonymous has also claimed that it stole more than 360,000 files. You have mostly read about Russian banning VPNs, Telegram, or email services, however, there's a particular agency that bans these services. 

It's called Roskomnadzor, a major federal executive agency that is responsible for handling, managing, and censoring Russian media. "Anonymous also targeted and hacked misconfigured/exposed Cloud databases of Russian organizations. Tho shocking aspect of the attack was the fact that Anonymous and its affiliate hackers hacked 90% of Russian Cloud databases and left anti-war and pro Ukrainian messages," Hackread reports. 

Details about the attack 

The size of the leaked data is 820 GB, most of these database files in the database related to Roskomnadzor's data are linked to the Republic of Bashkortostan, Russia's largest provinces. The full dataset is now available on the official website of Distributed Denial of Secrets (aka DDoSecrets), a non for profit whistleblower organization. However, it should be noted that initially started as an Anonymous affiliate shared Roskomnadzor's data with DDoSecrets and the agency itself is not responsible for the attack. Besides this, the first announcement of the data leak came from a journalist and co-founder of DDoSecrets Emma Best in March 2022. 

YourAnonNews, a famous representative of the Anonymous collective also tweeted about the attack. Anonymous has openly sided with Ukraine over the ongoing war with Russia, the Russian government has restricted all important sources of information, especially news and media outlets, and Roskomnadzor was told to block Facebook, Twitter, and other online platforms. 

Hackread reports, "While Twitter launched its Tor onion service, authorities in Russia have also amended the Criminal Code to arrest anyone who posts information that contradicts the government’s stance. Nevertheless, since Roskomnadzor is a major government agency responsible for implementing government orders Anonymous believes the Russian public must have access to information about what is going on within Roskomnadzor."
Read more »
Ukraine Websites
Anonymous Cyber Security Government Killnet RaHDit Russia Russia-Ukraine War Russian Hacker Ukraine Websites

Ukrainian Government Websites Shut Down due to Cyberattack

 

Ukrainian state authorities' websites have stopped working. At the moment, the website of the Ukrainian president, as well as resources on the gov.ua domain are inaccessible. 
According to the source, a large-scale cyberattack by the Russian hacker group RaHDit was the reason. A total of 755 websites of the Ukrainian authorities at the gov.ua domain were taken offline as a result of the attack. 

Hackers posted on government websites an appeal written on behalf of Russian soldiers to soldiers of the Armed Forces of Ukraine and residents of Ukraine. "The events of the last days will be the subject of long discussions of our contemporaries and descendants, but the truth is always the same! It is absolutely obvious that what happened is a clear example of what happens when irresponsible, greedy, and indifferent to the needs of their people come to power," they wrote. 

Another of the hacked websites published an appeal on behalf of Zelensky. In it, the President of Ukraine allegedly stated that he had agreed to sign a peace treaty with Russia. "This is not treason to Ukraine, to the Ukrainian spirit, it is exclusively for the benefit of the Ukrainian people," the banner said. 

The third message called on civilians to "refuse to support national radical formations formed under the guise of territorial defense." It was warned that any attempts to create armed gangs would be severely suppressed. In another announcement, Ukrainian soldiers were asked not to open fire on the Russian army and lay down their weapons: "Return fire will kill you. You are guaranteed life, polite treatment, and a bus home after the war." 

This information could not be confirmed. Currently, when entering government websites, it is reported that access to them cannot be obtained.

Earlier it became known that Russian hackers from the Killnet group hacked the website of the Anonymous group, which had previously declared a cyberwar against Russia. They urged Russians not to panic and not to trust fakes. 

On February 25, hackers from Anonymous announced their decision to declare a cyberwar against Russia due to the start of a special operation in the Donbas. The attackers attacked Russian Internet service providers and government websites. They also hacked the websites of major media outlets: TASS, Kommersant, Izvestia, Forbes, Mela, Fontanka. 

As a reminder, the special operation in Ukraine began in the morning of February 24. This was announced by Russian President Vladimir Putin.
Read more »
Subscribe to: Posts (Atom)