Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ukraine-Russia Conflict. Show all posts
Ukraine-Russia Conflict
ATM ATM Hacking Banking System attacked Cyber Attacks Cyber Warfare Russian Cyber Security Ukraine-Russia Conflict

Ukraine Hacks ATMs Across Russia in Massive Cyberattack



On July 23, 2024, a massive cyberattack launched by Ukrainian hackers targeted Russian financial institutions, disrupting ATM services across the country. According to a source within Ukrainian intelligence, the attack is “gaining momentum” as it continues to cripple banking services. By July 27, the fifth day of the cyberattack, customers of several prominent Russian banks found themselves unable to withdraw cash. When attempting to use ATMs, their debit and credit cards were immediately blocked, leaving them stranded without access to their funds. 

The intelligence source, who provided written comments to the Kyiv Post, indicated that the attack had affected numerous banks, including Dom.RF, VTB Bank, Alfa-Bank, Sberbank, Raiffeisen Bank, RSHB Bank, Rosbank, Gazprombank, Tinkoff Bank, and iBank. The widespread disruption has caused significant inconvenience for customers and highlighted vulnerabilities within Russia’s financial infrastructure. The source in Ukrainian intelligence mocked the situation, suggesting that the Kremlin’s long-desired “import substitution” might now include reverting to wooden abacuses, paper savings books, and cave paintings for accounting. 

This remark underscores the scale of the disruption and the potential for outdated methods to replace modern financial technologies temporarily. The cyberattack represents a significant escalation in the ongoing cyber conflict between Ukraine and Russia. While cyberattacks have been frequent on both sides, the targeting of ATM services and the subsequent blocking of debit and credit cards mark a notable shift towards directly impacting ordinary citizens’ daily lives. This attack not only disrupts financial transactions but also instills a sense of insecurity and distrust in the reliability of banking systems. 

The list of affected banks reads like a who’s who of Russia’s financial sector, including both state-owned and private institutions. The inability to withdraw cash from ATMs during the attack has put pressure on these banks to quickly resolve the issues and restore normal services to their customers. However, the continued nature of the cyberattack suggests that solutions may not be forthcoming in the immediate future. The Ukrainian hackers’ ability to sustain such a large-scale cyberattack over several days indicates a high level of coordination and technical expertise. It also raises questions about the preparedness and resilience of Russian banks’ cybersecurity measures. 

As the attack progresses, it is likely that both sides will escalate their cyber capabilities, leading to further disruptions and countermeasures. The broader implications of this cyberattack are significant. It highlights the increasingly blurred lines between cyber warfare and traditional warfare, where digital attacks can cause real-world consequences. The disruption of banking services serves as a stark reminder of how dependent modern societies are on digital infrastructure and the potential vulnerabilities that come with it. 

In response to the ongoing cyberattack, Russian banks will need to bolster their cybersecurity defenses and develop contingency plans to mitigate the impact of such attacks in the future. Additionally, international cooperation and dialogue on cybersecurity norms and regulations will be crucial in preventing and responding to similar incidents on a global scale. As the situation develops, the cyber conflict between Ukraine and Russia will likely continue to evolve, with both sides seeking to leverage their technological capabilities to gain an advantage. The ongoing cyberattack on Russian ATMs is a clear demonstration of the disruptive potential of cyber warfare and the need for robust cybersecurity measures to protect critical infrastructure.
Read more »
Ukraine-Russia Conflict
Bank Hacking Cyber Attacks data security DDoS DDOS Attacks Russian Cyber Security Ukraine-Russia Conflict

DDoS Attacks Disrupt Major Russian Banks: Ukraine Claims Responsibility

 

Several major Russian banks experienced distributed denial-of-service (DDoS) attacks, disrupting their online services and mobile apps. On Wednesday, local media reported that state-owned VTB Bank was among those affected. The bank informed the state news agency TASS that an attack “planned from abroad” caused disruptions for its clients trying to access online services. 

The Russian Agricultural Bank also reported being targeted by a DDoS attack on Tuesday. However, the bank noted that the impact was minimal due to their implementation of an enhanced system to combat such attacks. Gazprombank, the third-largest private bank in Russia, faced difficulties with its app’s transaction services due to the attack, though the issue was quickly resolved. Other banks, including Alfa Bank, Rosbank, and Post Bank, were also reportedly affected. 

On Wednesday, Ukraine’s military intelligence (HUR) claimed responsibility for the DDoS campaign targeting the Russian banking sector. An anonymous source within HUR, speaking to Ukrainian media, mentioned that the attacks also affected several Russian payment systems and large telecom operators such as Beeline, Megafon, Tele2, and Rostelecom. While this claim has not been independently verified, the HUR official stated that the attack “is still ongoing and far from over.” 

This incident is part of a series of cyberattacks by Ukrainian entities against Russian targets. In October, pro-Ukrainian hackers and Ukraine’s security service (SBU) claimed to have breached Russia’s largest private bank, Alfa-Bank. In January, data allegedly belonging to 30 million Alfa-Bank customers was released by attackers involved in the breach. Earlier this year, the hacker group Blackjack, in cooperation with the SBU, breached a Moscow internet provider in retaliation for a Russian cyberattack on Ukraine’s largest telecom company, Kyivstar. 

While not all reports from Ukrainian hackers or intelligence officials can be independently verified, the recent DDoS attacks on Russian banks had noticeable consequences, despite Russian claims of minimal impact. DDoS attacks are generally easier to mitigate, but this campaign stands out for its broad impact on multiple financial institutions and service providers. The ongoing cyber warfare between Ukraine and Russia underscores the escalating digital conflict between the two nations. Both sides have been leveraging cyber capabilities to disrupt each other’s critical infrastructure. 

The recent attacks highlight the necessity for robust cybersecurity measures and swift response strategies to minimize the impact on essential services and ensure the security of digital transactions. As cyber threats evolve, both nations will likely continue to enhance their defenses to protect against such incursions.
Read more »
Ukraine-Russia Conflict
Cyber Attacks Data Leak Ransomware group Ukraine-Russia Conflict

Conti Ransomware Assault Continues Despite the Recent Breach

 

The notorious ransomware group Conti has continued its assaults on businesses despite the exposure of the group’s operations earlier this year. 

Researchers from Secureworks state that the Conti ransomware gang, tracked as a Russia-based threat actor Gold Ulrick, is the second most prevalent group in the ransomware landscape, responsible for 19% of all assaults in the three months between October and December 2021. 

Conti is one of the most prolific ransomware groups of the last year along with LockBit 2.0, PYSA, and Hive, and has blocked hospital, corporate, and government agency networks while demanding ransom for sharing the decryption key as part of their name-and-shame scheme. 

After the ransomware gang sided with Russia in February to invade Ukraine, an anonymous pro-Ukraine hacktivist under the Twitter handle ContiLeaks released the malware source code, credentials, chat logs, and operational workflows. 

"The chats reveal a mature cybercrime ecosystem with multiple threat groups that often collaborate and support each other," Secureworks said in a report published in March. Groups include Gold Blackburn (TrickBot and Diavol), Gold Crestwood (Emotet), Gold Mystic (LockBit), and Gold Swathmore (IcedID). 

According to Secureworks researchers, Conti has targeted more than 100 organizations in March after the ransomware gang claimed that half of their victims pay ransoms averaging $700,000. More than 30 new victims have already been published on the Conti website in April. 

Recent attacks targeted wind turbine giant Nordex, industrial components provider Parker Hannifin, and cookware and bakeware distribution giant Meyer Corporation. The group has also taken responsibility for a highly disruptive attack on Costa Rican government systems. 

"If GOLD ULRICK operations continue at that pace, the group will continue to pose one of the most significant cybercrime threats to organizations globally," said SecureWorks. 

Meanwhile, technical monitoring of Emotet campaigns by Intel 471 between December 25, 2021, and March 25, 2022, revealed that more than a dozen Conti ransomware targets were in fact victims of Emotet malspam attacks, showing just how close the two operations are intertwined. 

"While not every instance of Emotet means that a ransomware attack is imminent, our research shows that there is a heightened chance of an attack if Emotet is spotted on organizations' systems," said Intel 471.
Read more »
Ukraine-Russia Conflict
Anonymous Hacker Conti Ransomware Cyber Attacks Cyberattack DDOS Attacks Source Code leak Ukraine-Russia Conflict

Anonymous : 900,000 Emails From Russian State Media Were Leaked

 

Anonymous which has been trying to target Russia since the invasion of Ukraine has reported more attacks against critical infrastructure sectors, including one which used an "improved" version of Russian Conti ransomware, and has called for the targeting of companies for proceeding to do business in Russia after the slaughter of Ukrainian civilians in Bucha. 

More than 900,000 emails by the All-State Television and Radio Broadcasting Company were purportedly leaked by the NB65 or Network Battalion 65 group, which is linked to the famed hacker collective Anonymous (VGTRK). 

DDoSecrets, a non-profit whistleblower site for news leaks, has rendered the 786.2 GB cache accessible to the public as a torrent file after NB65 apparently shared the hacked emails with them on Monday. In this regard, Emma Best, a co-founder of DDoSecrets said, "An unprecedented expose of state-owned media and propaganda which the Russian government views crucial to the state security."

A hacker organization called NB65 has been infiltrating Russian entities, collecting private data, and exposing it online for the past month, claiming the attacks are related to Russia's occupation of Ukraine. The emails, according to the Everyday Dot, span more than 20 years of correspondence and include discussions about daily operations as well as sanctions put on Russia by many other countries in reaction to its invasion of Ukraine.

Tensor, the Russian space program Roscosmos, and VGTRK, the state-owned Russian Television and Radio broadcaster, are among the Russian organizations said to have been targeted by the hacking group. The stated theft of 786.2 GB of data, comprising 900,000 emails and 4,000 files, was released on the DDoS Secrets website following the attack on VGTRK. Since the end of March, the NB65 hackers have been using a new tactic that is attacking Russian institutions with ransomware assaults. 

Conti's source code was released after the company allied with Russia in the Ukraine invasion, and a security researcher obtained 170,000 internal chat conversations and source code for the company's operation. 

Threat analyst Tom Malka first alerted to NB65's activities but was unable to locate a ransomware sample, and the hacking gang refused to provide it. This changed when a sample of the NB65's updated Conti ransomware executable was published to VirusTotal, letting us see how it functions. 

On VirusTotal, almost all antivirus vendors identify this sample as Conti, and Intezer Analyze discovered it shares 66% of the code with other Conti ransomware samples. When encrypting files, gives NB65's malware a run for its money.

The All-Russian State Television and Radio Broadcaster (VGTRK) is Russia's largest media conglomerate, with five national television channels, two major international networks, five radio shows, and over 80 regional television and radio networks under its umbrella. The ransomware will also leave R3ADM3.txt ransom notes all over the encrypted device, with threat actors accusing President Vladimir Putin of invading Ukraine for the attacks. 

Read more »
Ukraine-Russia Conflict
Chinese Hackers Cyber Attacks Ukraine Government Ukraine-Russia Conflict

China-Sponsored Hacking Groups are Targeting Ukrainian government

 

Google's Threat Analysis Group (TAG) has unearthed a cyberespionage operation sponsored by the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies targeting Ukrainian government to gather information on the ongoing conflict.

Billy Leonard, a security engineer at Google TAG, said Google has informed that Ukrainian government agencies are targeted by China-sponsored hacking groups. 

"Over the last few weeks Google TAG has identified a govt backed actor from CN targeting Ukrainian govt orgs, and we provided notifications to impacted parties,"  Billy Leonard said. “While our priority is providing notifications to impacted parties, we've provided related IOCs to community partners, and we will publish more details for the security community in the near future." 

Group leader Shane Huntley also confirmed Leonard’s assessment, saying that “the Ukrainian war has not only attracted the attention of European threatening players, but China is working hard here too.”

Last week, the hacktivist collective group Intrusion Truth stated that the campaign was directly sponsored by the Chinese government. The group announced that it is sharing IOCs with community partners and plan to provide additional details on the ongoing attacks in the future. 

Google TAG’s report on China’s ongoing cyber activity in Ukraine follows another warning issued a week ago regarding a Chinese-sponsored hacking group tracked as APT31 targeting Gmail users linked with the U.S. government. A day ago, Google security researchers disclosed that Russia and Belarus targeted Ukrainian and European government and military organizations in extensive phishing and DDoS assaults. 

"In the last 12 months, TAG has issued hundreds of government-backed attack warnings to Ukrainian users alerting them that they have been the target of government-backed hacking, largely emanating from Russia," stated Shane Huntley.

Google also reported China-backed Mustang Panda cyberespionage group (also known as Temp.Hex and TA416) have also switched to phishing assaults on European entities using lures linked with the invasion of Ukraine. 

In some attacks identified by Google, hackers employed malicious attachments with file names such as ‘Situation at the EU borders with Ukraine.zip’. On the same day, Proofpoint revealed that Mustang Panda was found phishing “European diplomatic organizations, including refugees and individuals involved in migrant services.”
Read more »
Subscribe to: Posts (Atom)