Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russia-Ukraine War. Show all posts
Threat Landscape
Global Airlines GPS Jamming GPS Spoofing Russia-Ukraine War Technology Threat Landscape

What is GPS Jamming, a Rising Concern for Global Aviation?

 

Estonia has accused neighbouring Russia of jamming GPS navigation equipment in airspace over the Baltic republics, echoing airline worries that they have been dealing with such interference for months. Estonian Foreign Minister Margus Tsahkna's accusation, for which he gave no evidence, came after Finnair's (FIA1S.HE) decision to suspend flights to Tartu in eastern Estonia for one month owing to GPS disruptions. The Kremlin did not immediately reply to calls for comment. There have been reports of an increase in GPS interference around the world, notably since last year, increasing concerns about a higher risk of mishaps if planes veer off course. 

What is GPS jamming and spoofing? 

GPS, or Global Positioning System, is a network of satellites and receiving devices used for positioning, navigation, and timing on Earth in anything from ships and planes to cars. GPS is one of the most essential navigation aids in aviation, having replaced costly ground devices that used radio beams to steer planes to landing. 

However, it is quite simple to block or distort GPS signals with store-bought tools, and the military has invested in technology capable of doing so. GPS jamming involves using a frequency transmitting device to obstruct or interfere with radio communications, typically by broadcasting signals from the ground that are stronger than satellite-based signals. 

Spoofing, which involves one country's military transmitting fake GPS signals to an enemy jet or drone to impede its ability to function, is frequently regarded as more disruptive and lethal than jamming.

Where does it occur? 

Last year in December, aviation advisory group OPSGROUP reported an increase in spoofing affecting private and commercial jets across the Middle East, including Iraq, Iran, Israel, and the Black Sea. It tends to hit areas near battle zones since the technology is employed to send suicide drones off track. Baltic countries have been reporting the issue for years, especially since the conflict in Ukraine began in 2022. 

Jamming around the Baltic Sea has gotten worse during the last six months, according to Finnair pilot and Finnish Pilots Association Safety and Security Committee chair Lauri Soini. GPS jamming is currently occurring in a region ranging from Poland to the Baltic nations to the Swedish and Finnish coasts, affecting lower altitudes as well as maritime traffic, Soini added. 

Airlines issue 

Most modern airliners use an array of sensors and sources to detect their position, in addition to GPS, so they can fly even if there is interference. However, according to pilots and industry analysts, airlines continue to rely heavily on GPS.

If jamming or spoofing occurs, GPS may have to be turned off and cannot be reset for the remainder of the flight. This might cause tension and delays during takeoff and landing because certain operations require GPS to perform. Some private jets rely solely on GPS navigation. 

However, AirBaltic safety manager and flight pilot Janis Kristops stated that the Tartu incident with Finnair was unusual. If GPS fails, most big airports have a range of other navigation systems accessible, he noted. 

And, given the various nature of jamming and spoofing devices, it is impossible for the aircraft industry to devise a comprehensive technological solution to limit the risk. Instead, officials intend to teach pilots to detect jamming and spoofing sooner.
Read more »
Telecom Giant
Cyber Attacks Russia-Ukraine War Russian Hackers SBU Telecom Giant

Prior to Cyber Attack, Russian Attackers Spent Months Inside the Ukraine Telecoms Giant

 

Kyivstar experienced a large-scale malfunction in December 2023, resulting in the outage of mobile communications and the internet for about 24 million users for several days. 

How? Russian hackers broke into the Ukrainian telecommunications giant's system in May 2023. Ilya Vityuk, the chief of the Security Service of Ukraine's (SBU) cyber security department, told Reuters that the attack's aim was to inflict a psychological blow on the public and gather intelligence information. 

“This attack is a big message, a big warning, not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable,” stated Vityuk. He said that hundreds of virtual servers and PCs were among the "almost everything" that the attack destroyed. 

Reuters writes this is most likely the first instance of a catastrophic cyberattack that destroyed a telecoms operator's core. This happened despite Kyivstar's significant investment in cyber security. The SBU discovered that hackers attempted to break into Kyivstar in March or earlier. 

“Now we can say [with certainty] that they were in the system at least since May 2023,” Vityuk added. “I cannot say right now, from when they had... full access: probably at least since November.” 

He leaves open the possibility that during the attack, Russian hackers may have located phones, intercepted SMS conversations, stolen personal information, and possibly stolen Telegram accounts. 

Kyivstar disputes the SBU's assessment of potential breaches, claiming that customer data was not exposed. The SBU further revealed that attempts continued to launch additional cyber attacks to inflict greater harm even after the provider's operations were resumed. 

The damage of the provider's system makes it difficult to investigate the situation at this time. However, the SBU thinks that a gang of Sandworm hackers, a cyberwarfare unit of Russian military intelligence, may have been responsible for the attack. 

According to Vityuk, SBU investigators are still trying to figure out how Kyivstar was hacked and what kind of tools or software might have been used to get inside the system. They also indicated that it might have been phishing, insider help, or something else entirely. 

Vityuk claims that because the Ukrainian Armed Forces (AFU) employ "different algorithms and protocols" and do not depend on consumer-level communication carriers, the cyberattack had no effect on them. 

Fortunately, this incident didn't have a significant impact on us in terms of missile and drone detection, he concluded. The SBU issues a warning, stating that there's a chance that Russian hackers might try to attack Ukrainian cell operators again.
Read more »
surveillance
DTEK Kyiv Privacy Russia-Ukraine War Russian intelligence Security Service of Ukraine(SBU) surveillance

Russia Hacks Surveillance Cameras to Monitor Attacks in Kyiv


During Tuesday's intense missile and drone strikes on Ukraine's capital, Kyiv, which left over 250,000 people without internet or electricity amid dropping winter temperatures, Russian military intelligence broke into surveillance cameras to spy on Ukrainian air defenses and Kyiv's vital infrastructure.

Security Service of Ukraine informed that it responded to the hack by blocking and dismantling the suspected camera. 

The agency further advised online users to cease transmitting and watching security camera feeds online, as Russian military intelligence is utilizing the "collected data for preparing and adjusting strikes on Kyiv."

Russia has been attacking Kyiv and Kharkiv since New Year’s holiday weekend, resulting in five casualties and over 130 injured. On Tuesday, around 100 missiles were fired on the two cities. 

These attacks were monitored by the Russian intelligence by hacking into the online surveillance cameras that are privately-owned. "According to SBU cyber specialists, one of the devices was located on the balcony of an apartment building and was used by a local condominium to monitor the surrounding area," the SBU reported.

Hackers secretly recorded all visual data inside the surveillance camera's viewing range by gaining remote access to the device and altering its viewing angle. According to the SBU, Russian intelligence then viewed the feed on YouTube to assist the military in tracking the airstrikes and informing soldiers about their targets.

The hacked surveillance camera used for monitoring the parking lot of other residential complex in Kyiv helped hackers to surveille the surrounding areas, which comprised vital infrastructure facilities.

Internet and Power Supply Affected

The energy company DTEK said that Russian missiles had damaged power grid equipment and overhead lines in Kyiv and the surrounding region, causing blackouts that affected nearly 260,000 Kyiv residents. Russian missiles, drones, and bombers also struck Ukrainian internet and power supply services.

DTEK tweeted, "Critical infrastructure, industrial, civilian and military facilities were attacked. The main focus of the attack was the capital of Ukraine[…]DTEK's power engineers are quickly restoring power after the attack."

As of Wednesday, DTEK Executive Director Dmytro Sakharuk announced that all 260,000 residents in Kyiv and an additional 185,000 residents in the surrounding districts had their power restored. "We are now continuing to repair networks after yesterday's shelling, because some consumers had to be connected via backup circuits."  

Read more »
WinRAR
Aerospace APT29 CVE vulnerability Data Breach Foreign policy Russia-Ukraine War Russian Hacker Software Bug supply chain security Ukraine WinRAR

APT29 Strikes: WinRAR Exploits in Embassy Cyber Attacks

During the latest wave of cyberattacks, foreign embassies have been the target of a malicious group known as APT29. They have employed a highly complex attack method that takes advantage of weaknesses in WinRAR, a widely used file compression software. There have been shockwaves throughout the cybersecurity world due to this worrisome disclosure, leading to immediate action to strengthen digital defenses.

According to reports from cybersecurity experts, APT29 has ingeniously employed the NGROK feature in conjunction with a WinRAR exploit to infiltrate embassy networks. The NGROK service, designed for secure tunneling to localhost, has been repurposed by hackers to conceal their malicious activities, making detection and attribution a formidable challenge.

WinRAR, a widely used application for compressing and decompressing files, has been targeted due to a specific vulnerability, identified as CVE-2023-38831. This flaw allows the attackers to execute arbitrary code on the targeted systems, giving them unfettered access to sensitive information stored within embassy networks.

The attacks, initially discovered by cybersecurity researchers, have been corroborated by the Ukrainian National Security and Defense Council (RNBO). Their November report outlines the APT29 campaigns, shedding light on the extent of the damage inflicted by these cyber intruders.

The fact that foreign embassies are specifically being targeted by this onslaught is very disturbing. Because these organizations handle so much private, political, and diplomatic data, they are often the focus of state-sponsored cyber espionage. The attackers' capacity to take advantage of flaws in popular software, such as WinRAR, emphasizes the necessity of constant watchfulness and timely software updates to reduce any threats.

Cybersecurity professionals advise companies, particularly those in delicate industries like diplomacy, to conduct extensive security assessments, quickly fix holes, and strengthen their defenses against ever-evolving cyber attacks in reaction to these disclosures. The APT29 attacks highlight the significance of a multi-pronged cybersecurity strategy that incorporates advanced threat detection methods, personnel awareness training, and strong software security procedures.

International cybersecurity organizations must work together as governments struggle with the ever-changing world of cyber threats. The APT29 attacks are a sobering reminder that the digital sphere has turned into a combat zone and that, in order to preserve diplomatic relations and maintain national interests, defense against such threats necessitates a united front.

Read more »
Threat Landscape
Cyber Security Kyiv Russia-Ukraine War Russian Navy Starlink Threat Landscape

Elon Musk Claims he Withheld Starlink to Deny Attack on Russian Navy Fleet

 

Elon Musk claimed that he turned down a proposal from the Ukrainian government to turn on his Starlink satellite network near Sevastopol, the port city of Crimea, last year in order to support an assault on the Russian navy there, citing his concern over being implicated in a "major" act of war. 

The billionaire businessman made the comment on his social media platform X after CNN highlighted an excerpt from a recent biography of Musk that claims he ordered the Starlink network turn off near the Crimean coast last year in order to thwart the Ukrainian covert operation. 

Musk wrote on the social media platform X, formerly known as Twitter, that he had to turn down a last-minute request from Ukraine "to activate Starlink all the way to Sevastopol." Both he and the excerpt omitted to include the request's date.

"The obvious intent being to sink most of the Russian fleet at anchor," Musk states. "If I had agreed to their request, then SpaceX would be explicitly complicit in a major act of war and conflict escalation." 

Since its full-scale invasion of Ukraine in 2022, Russia, which seized the strategically vital Crimea peninsula in 2014, has used the Black Sea Fleet, which is based in Sevastopol, to blockade Ukrainian ports. The Russian fleet launches cruise missiles against Ukrainian civilian sites, and Kiev has carried out marine drone attacks on Russian vessels. 

According to CNN, the latest biography of Elon Musk by Walter Isaacson, "Elon Musk," which will be published by Simon & Schuster next week, claims that when Ukrainian submarine drones carrying explosives last year approached the Russian fleet, they "lost connectivity and washed ashore harmlessly." 

It said Musk's decision, which left Ukrainian authorities pleading with him to activate the satellites, was motivated by a fear that Russia might respond to a Ukrainian invasion with nuclear weapons.

Musk's fears of a "mini-Pearl Harbour" were based on contacts with senior Russian officials and his fears of a "mini-Pearl Harbour." 

The first time the Ukrainian navy has extended its reach thus far from its borders was in August when a Ukrainian naval drone attacked the Russian Black Sea navy station in Novorossiysk, gravely damaging a Russian cruiser. 

Since the start of the war in 2022, SpaceX has been providing Ukrainians and the country's military with Starlink internet service, a rapidly increasing network of over 4,000 satellites in low Earth orbit, through private donations and a separate contract with a U.S. foreign aid agency. In June, the Pentagon announced that SpaceX's Starlink had been awarded a Department of Defence contract to purchase satellite services for Ukraine. 

Commenting on the reports on Ukrainian national television, Vadym Skybytskyi, an officer in the Ukrainian Defence Ministry's Intelligence Directorate GUR, did not explicitly address whether Musk had denied Ukraine's request. But he added it was vital to investigate and "appoint a specific group to examine what happened."
Read more »
Russian Ransomware
Cyber Security Data Leak Phishing Attacks Russia-Ukraine War Russian Hackers Russian Ransomware

Russian Cyber-Attacks and the Looming Threat of WW3

Russian cyberattacks have been on the rise alarmingly over the past few years, raising concerns among specialists about the possible repercussions. The threat that these cyberattacks will start a worldwide battle, commonly referred to as World War III, looms menacingly as tensions between Russia and its surrounding nations, particularly Ukraine, continue to simmer.

An alarm has been raised by the persistent nature of these Russian cyberattacks. Government officials and cybersecurity experts have frequently sounded the alarm and urged countries to strengthen their digital defenses. These assaults are a new kind of warfare that has the potential to develop into a major global disaster since they target vital infrastructure, governmental organizations, and private businesses.

Ukraine's vulnerability to sophisticated cyberattacks is one of the main worries. The majority of these digital offensives have targeted the nation, which has been in conflict with Russia over territorial concerns. Numerous high-profile cyberattacks against Ukraine have been linked to Russian hackers, including data leaks and devastating power outages. In addition to causing regional instability, these attacks attract other people.

The situation is exacerbated by Russia's evolving cyber capabilities. Russian state-sponsored hacking groups are constantly evolving and improving their tactics, making it increasingly challenging for cybersecurity experts to defend against them. These groups often operate with the support and protection of the Russian government, further complicating the issue.

While the term World War III may conjure images of a large-scale military conflict, it's essential to recognize that modern warfare has evolved. Cyber-attacks have become a potent tool in international disputes, capable of causing significant damage without traditional military engagement. The interconnectedness of our world means that a cyber-attack can have far-reaching consequences, affecting not only the target nation but also its allies and even neutral parties.

Nations must make significant investments in cybersecurity measures to reduce the prospect of World War III provoked by these unrelenting Russian cyberattacks. This involves enhancing information exchange and international cooperation, protecting vital infrastructure, and creating cutting-edge cybersecurity tools. Additionally, it is important to employ diplomacy to address the underlying reasons behind the hostilities between Russia and its neighbors while fostering communication and dispute resolution.

The persistent Russian cyberattacks pose a serious threat to world security and have sparked worries about the possibility of a third world war starting. Nations must work proactively to protect themselves from these attacks and look for peaceful ways to settle the underlying problems. The world must adjust to the blurring of the lines between peace and conflict in this digital age.

Read more »
ThreatCloud AI
Check Point Cyber Attacks Cyber space Hacktivism Russia-Ukraine War ThreatCloud AI

'Cyber Battlefield' Map Shows Attacks Being Played in Real Time


A live map is all set to monitor cyberattacks around the globe as the conflict in Ukraine fuels a 'significant surge' in hostile activity.

Apparently, the technology utilizes intelligence gathered from a high-end AI-powered system – ThreatCloud AI.

The maps shows countries and companies that are particularly targeted with cyber incidents like malware attacks, phishing or exploitation.

How are Cyber Activities Impacted by the War According to a US-Israeli cyber security firm, Check Point, cyber activities have increased at an alarming rate in the past 17 months, reason being the Ukraine war.

Over the previous six months, the UK was attacked 854 times on average every week. As of May 2023, ransomware attacks have a negative effect on one out of every 77 organizations in the country.

According to Muhammad Yahya Patel, lead security engineer and evangelist for Check Point, “The threat landscape has continued to evolve in sync with the digital world as we are more connected to the internet than ever before. This has led to multi-vector cyberattacks and well thought out campaigns by criminals who want to cause maximum damage to organizations[…]Sometimes they use advanced tools and methods, while other times it’s a simple method like getting someone to click a link in an email."

Moreover, the UK has been suffering an online conflict as a group of hackers, have targeted prominent British organizations, frequently with links to the Kremlin that are either verified or rumored.

“Hacktivism has played a much bigger role globally with several state-sponsored groups and cyber criminals actively fighting a war in cyberspace[…]We had the Ukrainian government taking an unprecedented step by using a Telegram channel to call for international volunteers to help fight the cyber war by joining the “IT Army of Ukraine,” Patel said.

In regards to the Russia based group Killnet, Patel says, ”This is a properly established group with organizational structure and hierarchy. As an organised operation this group have been carrying out disruptive attacks to gain more attention and have recently targeted NATO.”

ThreadCloud AI

The ThreatCloud AI system continuously scans the environment and develops defenses against the numerous and diverse kinds of assaults. The creators provide customers with what they call a "comprehensive prevention-first architecture," which is appropriate for various devices, networks, and systems.

This live ‘battleground’ was presented at the Midland Fraud Forum’s annual conference in Birmingham last week as a segment informing audience regarding the various threats and methods to prevent them.

The multinational company based in Tel Aviv found that the ransomware operators have become more ruthless with their tactics to profit from victims.

One of the recent cases was when the University of Manchester suffered a cyber attack last month, where allegedly the students’ confidential data was compromised. In response, the university claimed that a ‘small proportion of data’ was copied and that ‘it had written directly to those individuals who may have been affected.’

Looking at the current scenarios, universities in the UK seems to have found themselves in the frontline of the ever developing threat landscape at a level greater than any other country.

In regards to this, Patel comments, ”The attacks against the education and research sector are highly concerning because this is higher than what we are seeing globally in this industry[…]It raises questions about what the UK is doing specifically for this sector to help it have a better cyber security baseline as I like to call it.”  

Read more »
SolarWinds Attack
Cyber Attacks cyber espionage Russia-Ukraine War Russian Hackers SolarWinds Attack

Russian SolarWinds Attackers Launch New Wave of Cyber Espionage Attacks

 

Russian intelligence has once more employed hacker outfit Nobelium/APT29 as part of its ongoing invasion of Ukraine, this time to spy on foreign ministries and diplomats from NATO-member states as well as additional targets in the European Union and Africa. 

The time also coincides with a wave of attacks against Canadian infrastructure that are thought to have a Russian connection. 

The possible targets of the espionage campaign were alerted to the threat on April 13 by the Polish Military Counterintelligence Service and the CERT team in Poland, along with indicators of compromise. The organisation known by Microsoft as Nobelium, also known by Mandiant as APT29, is not new to the game of nation-state espionage; it was responsible for the infamous SolarWinds supply chain attack over three years ago. 

The Polish military and CERT alert said that APT29 is now back with a completely new set of malware tools and reported marching orders to infiltrate the diplomatic corps of nations that support Ukraine. 

APT29 returns with fresh orders

According to the Polish notice, the advanced persistent threat (APT) always starts its attack with a clever spear-phishing email. 

"Emails impersonating embassies of European countries were sent to selected personnel at diplomatic posts," authorities explained. "The correspondence contained an invitation to a meeting or to work together on documents." 

The recipient would next be instructed to follow a link or download a PDF in order to view the ambassador's calendar or obtain meeting information. Both actions would direct the targets to a malicious website that was loaded with the threat group's "signature script," which the report refers to as "Envyscout".

"It utilizes the HTML-smuggling technique — whereby a malicious file placed on the page is decoded using JavaScript when the page is opened and then downloaded on the victim's device," Polish officials added. "This makes the malicious file more difficult to detect on the server side where it is stored." 

The malicious site also informs its victims through a message that they downloaded the right file. 

"Spear-phishing attacks are successful when the communications are well written, use personal information to demonstrate familiarity with the target, and appear to come from a legitimate source," Patrick Harr, CEO of SlashNext, stated. "This espionage campaign meets all of the criteria for success." 

For instance, one phishing email claimed to be from the Polish embassy. The Polish authorities also noticed that the Envyscout programme had been modified three times using better obfuscation techniques during the period of the observed campaign. 

The organisation, once infiltrated, employs modified versions of the Snowyamber downloader, Halfrig, which has Cobalt Strike as embedded code, and Quarterrig, which shares code with Halfrig, according to the Polish alert. 

In light of this and other Russian espionage activities, governments, diplomats, international organisations, and non-governmental organisations (NGOs) should be on high alert. 

Along with warnings from Polish cybersecurity authorities, Canadian Prime Minister Justin Trudeau has recently spoken out publicly about a recent wave of cyberattacks linked to Russia that targeted Canadian infrastructure. These attacks included denial-of-service assaults on the websites of Hydro-Québec, an electric utility, his office, the Port of Québec, and Laurentian Bank. According to Trudeau, Canada's backing for Ukraine is a factor in the cyberattacks. 

Although there was no harm to Canada's infrastructure, Sami Khoury, the director of the Canadian Centre for Cyber Security, emphasised during a news conference last week that "the threat is real.""You must protect your systems," said Khoury, "if you run the critical systems that power our communities, provide Internet access to Canadians, provide health care, or generally operate any of the services Canadians can't live without." "Watch your network traffic. Implement mitigations."
Read more »
Vulnerabilities and Exploits
Advance Tools Russia-Ukraine War Russian Hackers Security flaw Vulnerabilities and Exploits

Winter Vivern Hackers Exploit Zimbra Flaw to Siphon NATO Emails

 

Since February 2023, a Russian hacking group known as TA473, also identified as "Winter Vivern," has been actively stealing the emails of NATO leaders, governments, soldiers, and diplomats by taking advantage of flaws in unpatched Zimbra endpoints.

Sentinel Labs published a report on 'Winter Vivern's' recent operation two weeks ago, detailing how the group propagated malware that poses as a virus scanner by imitating websites run by European organisations that fight online crime. 

The threat actor used Zimbra Collaboration servers to exploit CVE-2022-27926, according to a new report released by Proofpoint today. This vulnerability allowed the threat actor to access the communications of individuals and organisations that are NATO allies.

Taking aim at Zimbra 

Before launching a Winter Vivern attack, the threat actor first uses the Acunetix tool vulnerability scanner to look for unpatched webmail platforms. 

After there, the hackers send a phishing email from a compromised account that is faked to look like it is from a person the target knows or is somehow connected to their business. A link in the emails uses the CVE-2022-27926 vulnerability in the target's compromised Zimbra infrastructure to inject additional JavaScript payloads into the webpage. 

When cookies are received from the hacked Zimbra endpoint, these payloads are then exploited to steal usernames, passwords, and tokens. These details give the threat actors unrestricted access to the targeted' email accounts. 

"These CSRF JavaScript code blocks are executed by the server that hosts a vulnerable webmail instance," the Proofpoint report reads. Further, this JavaScript replicates and relies on emulating the JavaScript of the native webmail portal to return key web request details that indicate the username, password, and CSRF token of targets.In some instances, researchers observed TA473 specifically targeting RoundCube webmail request tokens as well."

This particular aspect illustrates the diligence of the threat actors in pre-attack reconnaissance, ascertaining which portal their target utilises before constructing the phishing emails and establishing the landing page function. 

In addition to the three layers of base64 obfuscation used to obfuscate the malicious JavaScript to complicate analysis, "Winter Vivern" also incorporated pieces of the legal JavaScript that runs on a native webmail interface, blending in with regular activities and lowering the risk of detection. 

Ultimately, the threat actors have access to confidential data on the compromised webmails or can keep their hold in place to watch communications over time. In addition, the hackers can utilise the compromised accounts to conduct lateral phishing attacks and further their penetration of the target companies. 

Researchers claim that "Winter Vivern" is not very sophisticated, but they nonetheless employ a successful operating strategy that is effective even against well-known targets who are slow to deploy software updates. In this instance, Zimbra Collaboration 9.0.0 P24, which was released in April 2022, corrected CVE-2022-27926.

The delay in implementing the security update is estimated to have been at least ten months long given that the earliest assaults were discovered earlier this year in February.
Read more »
Russia-Ukraine War
CNI Cyber Security Dark Web Energy Security Russia-Ukraine War

Protecting the World's Energy Systems: Physical and Cybersecurity Need to Coexist

 

Critical national infrastructure (CNI) is under greater physical threat than ever. It is still unknown who was responsible for the attack that destroyed at least 50 metres of the Nord Stream 1 and 2 underground pipelines that once carried Russian gas to Germany. 

More recently, Russia has also changed the focus of its conflict in Ukraine to attack energy infrastructure with its own missiles and drones supplied by Iran, known as the Shahed-136. Volodymyr Zelensky, the president of Ukraine, stated in a tweet on October 18 that "30% of Ukraine's power stations have been destroyed, causing massive blackouts throughout the country," and in a meeting with Kadri Simson, the European Commissioner for Energy, on November 1, Zelensky stated that between "30% and 40% of [the country's] energy systems had been destroyed." 

Increasing threat to cybersecurity

The conflict in Ukraine and the escalating tensions between the East and West aren't the only significant threats to our CNI, though. A growing cybersecurity threat is also present. The Houston, Texas-based Colonial Pipeline, which transports gasoline and jet fuel to the southeast of the United States, had to halt all of its operations on May 7, 2021, in order to stop a ransomware attack. 

Hackers gained access to the company's systems through a VPN (virtual private network) account in this attack, which allowed staff to log in remotely using a single username and password obtained from the Dark Web. Shortly after the attack, Colonial paid the hackers—affiliates of the cyberterrorist organisation Darkside with ties to Russia—a $4.4 million ransom. 

A threat group known as Sandworm, which is allegedly run by the Russian GRU's cybermilitary division, attempted to shut down an unnamed Ukrainian power company less than a year later. The State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said in a statement that the attackers "attempted to take down several infrastructure components of their target, including: Electrical substations, Windows-operated computing systems, Linux-operated server equipment, [and] active network equipment." 

The attempted intrusion involved the use of ICS-capable malware and regular disc wipers, according to Slovak cybersecurity firm ESET, which worked with Ukrainian authorities to analyse the attack. The adversary also released an updated version of the Industroyer malware. 

According to ESET, "the Sandworm attackers attempted to use the Industroyer2 malware against high-voltage electrical substations in Ukraine." It is believed that the victim's power grid network was breached twice, with the first intrusion occurring around the time of Russia's invasion of Ukraine in February 2022 and the second intrusion taking place in April, which enabled the attackers to upload Industroyer2. 

Environmental Digitization

It is now beyond question that cybercriminals pose an ever-increasing threat to critical national infrastructure, according to John Vestberg, CEO of Clavister, a Swedish company that specialises in network security software. CNI, such as oil and gas, is a key target for ransomware gangs, he continues. He thinks that energy companies and their suppliers need to use predictive analytics, tools like artificial intelligence (AI), and machine learning (ML), and a more proactive approach to cybersecurity as opposed to a reactive one. 

The CEO and founder of Flexxon brand X-PHY, Camellia Chan, agrees: "It's crucial that CNI organizations never take their eyes off the ball." In order to detect every type of attack and contribute to the development of a more effective cybersecurity framework, it is crucial to embrace emerging technology, such as AI, as part of a multilayered cybersecurity solution. Neither are the well-organized, frequently state-sponsored ransomware gangs CNI organisations deal with the only issue. Part of the problem is that as industrial organisations (including utilities like water and energy companies) digitise their environments, they are much more exposed than in the past to potential security flaws and vulnerabilities. 

Grid Edge Danger 

The potential for large rewards is one of the things that draws cybercriminals to target energy companies, according to Trevor Dearing, director of critical infrastructure solutions at zero-trust segmentation company Illumio. Many gangs are realising that businesses are more likely to pay the ransom if they can stop the service from being delivered to customers rather than just stealing data, he claims. 

He adds that the fact that energy systems no longer only consist of the conventional grid with power plants and power lines is another issue. The "grid edge," which consists of decentralised devices like smart metres, solar panels, and batteries in people's homes and businesses, is what's emerging in its place. When threat actors used a known vulnerability in Cisco firewalls to disrupt communications over the course of about 12 hours in March 2019, the Utah-based company sPower, which owns and operates more than 150 generators in the US, was thought to be the first renewable energy provider to be targeted by a cybersecurity attack. 

The inverters in renewable energy systems are one area where they are particularly open to attack. These act as a bridge between solar panels and the grid, converting the DC (direct current) energy produced by PV (photovoltaic) solar panels into AC (alternating current) electricity supplied to the mains. The inverter's data could be intercepted and manipulated in a manner similar to earlier attacks in the US and Ukraine if its software isn't up to date and secure. Additionally, a hacker could insert malicious code into an inverter to spread throughout the larger power system, causing even more harm. 

The co-author of a 2018 paper evaluating the cybersecurity risk of solar PV, Ali Mehrizi-Sani, an associate professor at Virginia Polytechnic Institute and State University, claims that hackers can artificially cause a PV system to malfunction in order to launch cyberattacks against the inverter controls and monitoring system. In November 2020, he told the website PV Tech, "This is a vulnerability that can be, and has been, exploited to attack the power system." Since the technology hasn't yet reached critical mass, the risk of a cybersecurity attack on solar power networks is currently low. 

However, as the industry becomes more decentralised, with solar panels installed in public spaces and on top of buildings, managing networks will depend more and more on strong, cloud-based IoT security.

Greater Control 

Implementing standards is one way that both organisations and governments can guarantee the highest levels of CNI protection. The ISO 27001 family of standards for information security management systems (ISMS) are required of all network providers, operators, and other CNI businesses in Germany, for instance, and there are obligations set forth in the UK's BSI Criticality Ordinance to demonstrate a comprehensive IT security strategy to secure the operation of critical infrastructure. 

Similar to how NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) governs critical infrastructure in the US, this set of regulations only applies to the electricity sector and excludes the oil and gas sectors. Cliff Martin, head of cyber incident response at GRCI Law, a legal, risk, and compliance consultancy firm, asserts that personnel in charge of CNI must receive the appropriate training and comprehend that their actions may have real repercussions. This means they are unable to simply transfer existing traditional IT cybersecurity measures to the IT environment because that is simply not how it works.

But according to Illumio's Dearing, an increasing number of businesses are creating a single strategy for both OT and IT environments. "He explains that the secret is to prepare as though you will be attacked. An attack on one part of your infrastructure won't necessarily have an impact on the other parts if you segment it by separating out all the various components." 

Companies have been made aware of the physical threat to energy infrastructure, especially during the coldest months of the year in the northern hemisphere, thanks to the conflict in Ukraine and the attacks on the Nord Stream pipelines. That's not the only issue, though. Attacks on CNI's cybersecurity are on the rise, in part due to a rising threat from nation-state actors but also because cybercriminals are becoming more aware of the potential financial rewards of depriving customers of a crucial service. The convergence of OT and IT technologies is also giving cybercriminals a potentially much bigger attack surface to work with.

While historically security has not been viewed as a crucial factor for OT, this needs to change with a greater focus on technical solutions like network traffic segmentation and continuous monitoring. Only then will businesses be able to stop a potentially catastrophic breach to CNI.
Read more »
User Privacy
China Covid Cyber Security Cyptocurrency Elon Musk FTX GRU Russia-Ukraine War User Privacy

5 Most Significant Online Influencers of 2022

The Wired portal has taken the initiative to publish a list of the individuals that sparked the most online debates in 2022. Controversies motives, false information, and online turmoil will also be on the minds of many people going forward. 

Despite some issues that appear to be fading, such as the COVID-19 outbreak and the world of cryptocurrency, these issues frequently come up on social media. Money laundering, theft, and fraud are among the issues frequently in these debates. 

1. Sam Bankman-Fried

Money laundering, theft, and scams have been rampant in the cryptocurrency sector, from the Crypto dark-web drug trade to billions of dollars being taken from crypto firms by cybercriminals. Sam Bankman-Fried is currently charged with fraud of more than $8 billion in connection with the fall of the bitcoin exchange FTX. The exact extent of the misuse of user cash in FTX's collapse is still unknown, and even the new CEO of the firm, John Ray, claims he's never witnessed a greater catastrophe. This could have far-reaching effects on the cryptocurrency economy. 

In addition to the staggering losses, Bankman-Fried stands in as a particularly alarming example of the problems with the crypto economy.  He seemed to really embrace increased government controls of the business, unlike so others in the crypto sphere.

2. Elon Musk

After the purchase of Twitter, Musk's dark side was exposed, and the erratic power of the world's richest person suddenly put a major online institution in danger. Elon fired at least 4,400 contract workers after letting go of nearly 50% of the Twitter personnel, jeopardizing the operations of a service that acts as Twitter's main artery.

Additionally, Twitter has drastically reduced the size of its team of content moderators, creating scenarios where only one employee is left to monitor child abuse-related tweets across the entirety of Japan and the Asia-Pacific area. Twitter has also outlawed left-wing accounts under Musk's supervision which goes against his support for free speech. He provides a glimpse of the conspiracy-minded ideas and trolling that really motivates his behavior. 

3. Xi Jinping

Every wave of brutality under Xi Jinping has been accompanied by a tightening of online restrictions as censors combed social media for any mention of protests. Han Chinese authorities in Xinjiang have even insisted that Uyghurs install an app that checks their phones for prohibited information.

This year's protests against China's oppressive zero-Covid lockdowns have sparked a new round of online repression, in which it is now illegal to even like a protest-related post, and any indication of wrongdoing is monitored through a controlled credit system with the potential to result in users' immediate expulsion from online platforms. He's made it quite apparent that dictatorial control will infiltrate the Chinese digital life.

4. Narendra Modi

India has begun to resemble China ever more in how it suppresses both offline and online protests under Modi and the BJP. The Indian government has recently taken steps to tighten its control over social media, including temporarily shutting down the internet in the disturbed region of Kashmir, banning several Chinese apps, including TikTok, and giving a three-person group control over social media moderation policy choices.

The government can use the new IT regulations as a tool to challenge the platforms when it wants. It's the initial step toward making it possible to restrict online speech like in China.

5. GRU

In the past seven years, Russia's GRU military intelligence units known as Sandworm and APT28 caused two blackouts in Ukraine. In 2022, it started a plethora of cyberattacks aimed at erasing data from the Ukrainian government and business networks, frequently concurrent with direct physical assaults by the invading army. In a NotPetya-like incident of collateral damage, one GRU malware operation even managed to shut down connectivity to 5,000 wind turbines spread around Germany. A third blackout strike in Ukraine was also attempted by GRU's Sandworm hackers, but this time, at least in the view of the Ukrainian government, defenses were able to prevent it.

The year 2022 will be regarded as a time of major global events with several noteworthy events and occasions. Despite some issues that appear to be fading, such as the COVID-19 outbreak and the world of cryptocurrency, money laundering, theft, and fraud are among the issues frequently on social media. 
Read more »
Russian Hackers
Cyber Attacks NATO Oil Refinery Russia-Ukraine War Russian Hackers

Russian Hackers Targeted an Oil Refinery in a NATO Nation

 

A hacker gang with Russian ties attempted to enter a petroleum refining business in a NATO member state in late August, the latest report by Palo Alto’s Unit 42 revealed. 

According to the report, the attempted intrusion, which appears to have been unsuccessful, took place on August 30 by a hacking group called “Trident Ursa" and was executed through spear phishing emails using English-named files with words like "military assistance." 

The news of Trident Ursa's most recent moves came just after National Security Agency Cyber Director Rob Joyce issued a warning that Russian state-sponsored hackers may target NATO nations' energy sectors in the upcoming months. 

According to Joyce, these attacks could have "spillover" effects on Ukraine's neighbors, such as Poland, where Microsoft recently issued a warning that Russian-backed hackers had intensified their operations on the nation's logistics sector, a crucial supporter of the Ukrainian military effort. 

Triton Ursa, also known as "Gamaredon" or "Armageddon," has connections to Russia's Federal Security Service and has been operating since at least 2014. It is primarily recognized for its phishing operations that gather intelligence. Since the commencement of the war in Ukraine, the gang has been quite active, and it has previously attempted to phish Ukrainian entities. 

The infiltration of a petroleum refining company was likely done to boost "intelligence gathering and network access against Ukrainian and NATO partners," according to the Unit 42 assessment. 

Trident Ursa is still one of the most "pervasive, intrusive, continually active and targeted APTs targeting Ukraine," according to Unit 42 researchers, who told CyberScoop, a cybersecurity portal, in an email that they don't think it has more than 10 members. 

“This group’s operations are regularly caught by researchers and government organizations, and yet they don’t seem to care. They simply add additional obfuscation, new domains, and new techniques and try again — often even reusing previous samples,” the report reads. 

Researchers claim that Trident Ursa is not technically advanced and instead relies on enticements and freely accessible resources. The gang uses geo-blocking to restrict their assaults, allowing users to download infected files only in selected nations. This lowers the visibility of their attacks and makes it harder to spot their efforts. 

The Russian hacker organization also exhibits some unusual preferences for choosing domain names that make pop culture references. According to Unit 42's analysts, some of the domains contain names of American basketball teams, well-known rock bands like Metallica and Papa Roach, and characters from the hit TV programme "The Big Bang Theory." 

The gang also has a pattern of harassing and abusing its rivals online. A Trident Ursa member going by the name "Anton" issued a warning on Twitter shortly after the Russian invasion of Ukraine, saying, "I'm coming for you." The gang appears to have named their subdomains after a Ukrainian cybersecurity expert.
Read more »
Signal Disruption
Cyber Security Eastern Russia GPS GPS Jamming Russia-Ukraine War Signal Disruption

Russian Cities are Experiencing GPS Signal Disruption

 

The recent data analysis by Wired revealed that many severe GPS outages occurred over the course of the previous week in several Russian cities. 

The disruption in the transmission was used to destroy drones that require GPS for navigation after Ukraine launched long-range drone attacks deep into Russian territory, security analysts explained.

According to Erik Kannike, GPS interference has reached a level that has never been seen before. The program manager for SensusQ, an Estonian military intelligence company, is Kannike. Since a week ago, GPS jamming bubbles have been encircling strategic cities for hundreds to thousands of kilometers. 

The first to identify the GPS outages was GPSJam, a monitoring system that keeps track of problems with the satellite navigation system using data from airplanes. 

More GPS hiccups have occurred in Saratov, Volgograd, and Penza since December. These cities are all located in eastern Russia, close to the Ukrainian border. 

On December 5, there was hardly any interference in Russia, according to the GPSJam database. The majority of the interference was found in and near Moscow, where the Kremlin has long been known to tamper with GPS communications. 

However, data gathered by GPSJam indicates that the guidance system has been impacted in various areas since December 11. A wireless data analytics firm called Aurora Insight also discovered an increase in GPS signal strength in the area around the beginning of December, which may indicate GPS interference. 

Vulnerability of the system 

Only Moscow experienced GPS jamming during the outset of Russia's extensive invasion of Ukraine in February. The database shows that there have recently been few signal interruptions in Russia. In the vicinity of Finland's border with Russia, GPS issues have been reported. 

All satellite-based navigation systems collectively referred to as GNSS, are susceptible to disruption for a number of reasons. 

While spoofing generates false radio signals, jamming weakens them. Jamming could make it impossible for drones to fly and destroy mapping software. Meanwhile, spoofing has caused the positions of hundreds of warships to be fabricated since 2020. 

As the most widely used GNSS system, GPS has developed into an "international utility." As a result, it is more "vulnerable and likely to be interrupted," according to Dana Goward, CEO of the foundation that safeguards critical infrastructure. He thinks that doing so makes many systems more chaotic.

Tracker for GPS outages 

Few large-scale projects, according to reports, keep an eye on GPS disturbances. According to John Wiseman, the engineer who created GPSJam, the technology exploits ADS-B signals sent by airplanes to let users know where they are and follow them. 

GPSJam makes use of ADS-B information from the network of aviation enthusiasts known as ADS-B Exchange. Wiseman gathers this information every day to identify GPS interference. 

Potential interference is shown on the GPSJam map in red hexes, light interference in yellow, and no interference in green. Most red zones, according to Wiseman, are found in areas where GPS manipulation has been established. 

GPS failures can also be monitored from space. Wired was given data from Aurora Insight, which uses satellites to identify GNSS outages, showing a rise in signal strength in eastern Russia since August. According to the company, an increase in GPS signal strength may cause some GPS receivers to malfunction, but this does not mean that jamming has occurred.
Read more »
User Privacy
Cisco Cyber Security data security Russia-Ukraine War Safety Measures User Privacy

CISO Discuss Main Safety Concerns

 

In terms of cyber threats, 2022 was a crucial year. Enterprises are under increased pressure to enhance their security operations in order to stay up with the republic hackers and skilled cybercriminals who have been encouraged by the Russia-Ukraine conflict.

Frank Kim, a professional and fellow of SANS Institute, has joined YL Ventures as the organization's new full-time CISO-in-residence. In order to offer assistance and direction as companies develop their cybersecurity solutions and expand their businesses, YL Ventures links startup entrepreneurs with CISOs.

Former CISO of the SANS Institute and founder of ThinkSec, a security consulting and CISO consultancy firm, Kim will focus on the financial implications of enhancing security in his new position.

An increasing number of users are worried about data security, particularly how securely organizations may use, share, and exploit data. The key to encouraging and facilitating the adoption and use of data, looking at future revenue streams for businesses. It is justified in being a top priority for CISOs because it has grown to be such a crucial component of the company and a highly profitable target for attackers. Kim said, "We have to stay up with the changing and moving data in the modern, dynamic corporate climate with M&As and consolidation."

Top characteristics of a future chief data security officer:

Exhibit strategic focus
The most effective will approach problems from a business standpoint as opposed to a technical or tactical one. They present themselves as visionary leaders rather than firefighters who are only called in during emergencies.

Assess opportunity and risk
Risk need not always be nasty or destructive, but the risk that is not handled can be. If the CISO insists that all risk is bad and must be eliminated, they risk losing the support of their colleagues and impeding forward-thinking initiatives.

Permits the display of leadership ability
The organization as a whole and the security sector esteem next-gen CISOs for their charisma, ingenuity, connections, and respectability. They never miss a chance to highlight the benefits information security has for the company.

Possesses business skills, strengthens trust, and demonstrates empathy
Through routine interaction and cooperation, they should contribute to increasing the trust of their team members, clients, partners, and other company stakeholders.






Read more »
US
Cyber Security Disinformation War IRA Russia Russia-Ukraine War US

Battling the Russian Disinformation War

 

Over the years, the US- Russian ties have been in fluctuation mode. Donald Trump, the former US president was lenient towards Kremlin from 2017-2020 during which the White House seemed to take a backseat to cybersecurity issues. 

However, the Joe Biden regime is ready to take on Russia on every possible front. After Russia invaded Ukraine last February, the American-led European Union moved blocked RT and Sputnik, two of the Kremlin’s top channels for spreading misinformation about the war. 

Blake Dowling, CEO at Florida- based Aegis Business Technologies blamed Russian-backed hackers for staging cyberattacks against American infrastructure (Colonial Pipeline), businesses and government (SolarWinds and others), and elections. 

According to Dowling, Russian Internet Research Agency has also played in propagating disinformation around the globe.

The IRA is an army of internet trolls based in an old arms factory in St Petersburg founded by Yevgeny Prigozhin. The internet operatives in IRA work as regular employees during their shifts of 8 hours per day. 

During their shifts employees must meet quotas which would be something like designing a dozen social media accounts, and posting five political posts and 10 nonpolitical posts. At the same time, they must comment and like hundreds of their colleague’s posts. 

One IRA employee published a blog about a new video game in the U.S. that had a theme of slavery, aiming to stir up anti-U.S. feelings in Russia. In reality, there was no such game, but that is what the job was. 

Apart from social media trolls, a Russian hacktivist group called Killnet is also playing a major role in disrupting services in the United States. They are looking to cause chaos to the enemies of Russia, specifically those entities that side with Ukraine. 

The standard modus operandi of the hacking group is to launch distributed denial of service attacks (DDoS) toward their victims, causing their web presence to break down. Earlier targets include the European song contest Eurovision and this month fourteen airports in the United States. 

To counter this cyber onslaught, the Department of Homeland Security and Cyber Security and Infrastructure Security Agency recommends a Shields Up approach for American citizens. 

The Shield Up technique refers to a heightened cyber defensive posture when protecting data and technical assets. This includes updating your network and hardware for known exploits and vulnerabilities and using robust passwords that are changed regularly.
Read more »
User Privacy
Cyber Crime FSB Russia-Ukraine War Russian Hacker Scam User Privacy

Russian Scam Industry Expands as a Result of Mobilization

 

After experiencing setbacks on the Ukrainian front, Russian President Vladimir Putin ordered a partial mobilization. Russian men who are eligible for enlistment have turned to illegal channels that grant them fabricated exemptions, whereas those fleeing the country to neighboring regions have turned to using identity masking tools.

Due to the aforesaid circumstance, it is now highly profitable for people to sell illegal services. In a similar vein, scammers and hackers see a good opportunity to take advantage of anxious people in haste.

Cybercriminals selling fake documents on the dark web, Telegram, and other encrypted channels are the initial scams to attempt to profit from the situation.

The scammers have even gone to the point of actively publicizing their phony services on social media and making direct contact with individuals through channels that preach about mobilization. The hackers allegedly offer people certificates of ineligibility for military duty, which they claim will enable them to avoid enlistment, according to a report by RIA Novosti.

For the recruitment officers to never hunt for the buyer, the agreement also calls for updating the regional enlistment office's database within 48 hours. The scammers demand 27,000 rubles ($470) in exchange for the same, as well as a copy of the client's passport.

Once the funds are paid, the con artists cut off contact with the victim and probably utilize the identity they have stolen to commit more fraud or sell it on the dark web. These advertisements claim to be able to produce fake HIV and hepatitis certificates for 33,000 and 38,000 rubles ($630), respectively.

According to Russian news site Kommersant, there is a 50% increase in demand for so-called 'gray' SIM cards as a result of the widespread migration of Russians. These SIM cards support 'pay-as-you-use' plans and thus are compatible with the networks of MTS, MegaFon, Beeline, Tele2, and Yota. Since the government can use regular SIMs to trace young men liable for military duty and potentially halt them at the border, Russians are eagerly looking for these cards.

IMEI (International Mobile Equipment Identity), is a special 15-digit number that is connected to the device's hardware instead of the SIM card. Roskomsvoboda, a Russian internet rights group, says there have been numerous cases of people being forced by FSB officers to divulge their IMEI numbers while entering Georgia, Kazakhstan, and Finland. IMEI monitoring is aided by using telecommunication stations for approximate location triangulation. 

Law enforcement has used IMEI for several years, and tracking software that promises to find your lost or stolen device also employs it. Except for a few Huawei, Xiaomi, and ZTE models that store the IMEI in a rewritable memory region in violation of the technology's rules and allow users to flash it with specific tools, assigned IMEIs are not interchangeable or editable.

As an alternative, Roskomvoboda advises evacuating Russians to either submit a burner phone at the border or purchase a new device once they have left the nation.


Read more »
User Privacy
Botnet Dark Web Data Breach Hacktivists Misinformation Phishing Attacks Russia-Ukraine War SSU User Privacy

30 Million Data Theft Hacktivists Detained in Ukraine

The Security Service of Ukraine's (SSU) cyber division has eliminated a group of hackers responsible for the data theft or roughly 30 million people. 

According to SSU, its cyber branch has dismantled a group of hacktivists who stole 30 million accounts and sold the data on the dark web. According to the department, the hacker organization sold these accounts for about UAH 14 million ($375,000). 

As stated by the SSU, the hackers sold data packs that pro-Kremlin propagandists bought in bulk and then utilized the accounts to distribute false information on social media, generate panic, and destabilize Ukraine and other nations. 

YuMoney, Qiwi, and WebMoney, which are not permitted in Ukraine, were used by the group to receive funds.The police discovered and seized many hard drives containing stolen personal data, alongside desktops, SIM cards, mobile phones, and flash drives, during the raids on the attackers' homes in Lviv, Ukraine. 

By infecting systems with malware, fraudsters were able to gather sensitive data and login passwords. They targeted systems in the European Union and Ukraine. According to Part 1 of Article 361-2 of the Ukrainian Criminal Code, unauthorized selling of material with restricted access, the group's organizer has been put under investigation.

The number of people detained is still unknown, but they are all charged criminally with selling or disseminating restricted-access material stored in computers and networks without authorization. There are lengthy prison terms associated with these offenses.

The gang's primary clients were pro-Kremlin propagandists who utilized the stolen accounts in their destabilizing misinformation efforts in Ukraine and other nations.

The SSU took down five bot farms that spread misinformation around the nation in March and employed 100,000 fictitious social media profiles. A huge bot farm with one million bots was found and destroyed by Ukrainian authorities in August.

The SSU discovered two further botnets in September that were using 7,000 accounts to propagate false information on social media.

Malware producers are frequently easier to recognize, but by using accounts belonging to real people, the likelihood that the operation would be discovered is greatly reduced due to the history of the posts and the natural activity.






Read more »
Ukraine
Cyber Security Fake news Radio Station Russia-Ukraine War Ukraine

Hacked Ukrainian Radio Stations Propagates Misinformation Regarding President Zelensky’s Health

 

The hackers targeted Ukrainian radio operator TAVR Media on Thursday to spread fake news that Ukrainian President Volodymyr Zelensky was hospitalized and is in a critical condition. 

Anonymous attackers broadcasted reports that the Ukrainian President was in an intensive care ward and that his duties were being temporarily performed by the Chairman of the Ukrainian parliament Ruslan Stefanchuk, the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) stated. 

"Cybercriminals spread information that the President of Ukraine, Volodymyr Zelenskyy, is allegedly in intensive care, and his duties are performed by the Chairman of the Verkhovna Rada, Ruslan Stefanchuk," the SSSCIP said in an update. 

The Kyiv-based holding firm is one of Ukraine’s largest broadcasters and manages nine major radio stations, including Hit FM, Radio ROKS, KISS FM, Radio RELAX, Melody FM, Nashe Radio, Radio JAZZ, Classic Radio, and Radio Bayraktar. 

TavrMedia wrote on Facebook that it is working “to solve the problem,” but did not provide additional details. The company also emphasized that "no information about the health problems of the President of Ukraine Volodymyr Zelenskyy is true." 

The false reports, which were broadcasted during prime time, between 12 and 2 p.m., also forced Zelenskyy to take to Instagram, stating, "I have never felt as healthy as I do now." 

It remains unclear how the hackers breached TAVR Media. Multiple hackers from across the globe have tried to capitalize on the ongoing conflict between Russia and Ukraine to launch a barrage of cyberattacks. 

In a related development, the Computer Emergency Response Team of Ukraine (CERT-UA) also issued a warning regarding macro-laden PowerPoint documents being leveraged to deploy Agent Tesla malware targeting state organizations of Ukraine. 

This is not the first instance that hackers have targeted Ukrainian media. According to Cloudflare, online media, publishing, and broadcasting firms were targeted by more distributed denial-of-service attacks (DDoS) in the second quarter of 2022 than in any other industry. 

Earlier this year in June, the malicious actors also targeted the Ukrainian streaming service Oll.tv and replaced the broadcast of a football match between Ukraine and Wales with Russian propaganda. In February, Ukraine’s national public broadcaster suffered a DDoS attack, according to its general producer Dmytro Khorkin.
Read more »
Subscribe to: Posts (Atom)