Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ukrainian Cyber Security. Show all posts
Ukrainian Cyber Security
Call Center Scam cryptocurrency Cyber Crime Cyber police unit European law enforcement Europol Phishing Attacks Ukraine Ukrainian Cyber Security

Ukrainian Police Arrests Suspects Accused of Stealing $4.3M From Victims Across Europe


The Ukrainian police have detained 10 suspects, arresting two for allegedly being involved in a cybercrime group that conducted phishing campaigns and was a part of fraudulent online marketplaces, stealing more than $4.3 million from over 1,000 users across Europe. 

According to Ukraine’s cyber police unit, which collaborated with Czech Republic law enforcement on the bust, the threat group created more than 100 phishing sites to acquire victims’ bank credentials and access to their accounts. 

These websites provided a range of products for sale at discounts from market value. But, instead of obtaining a good price when customers entered their bank card information to pay for the fraudulent products, they had their account information stolen and probably had all of their money stolen from them. 

Additionally, the scammers established two Ukrainian call centers, in Vinnytsia and Lviv, and employed operators to persuade clients to make purchases as part of the scam. Too bad they were not assisting to defend their country instead of taking advantage of people. As per the police report, the victims include individuals from several European countries like the Czech Republic, France, Spain, and Portugal. The threat group scammed the victims of 160 million hryvnias or more, i.e. nearly $4.36 million. 

Following the event of the arrest, the Ukrainian police also shared a video where the police officers were seen busting down doors of a suspect’s residence and an empty call center. 

The law enforcement teams searched the houses, cars, and two call centers of the accused in a total of around 30 searches, seizing mobile phones, SIM cards, and computer hardware involved in illicit activity. 

The two suspected heads of the crime gang are facing up to 12 years in prison on charges of fraud and establishing a criminal organization. The European Union has captured ten more accused gang members, and according to international law enforcement organizations, the investigation is still underway. 

The aforementioned arrest is followed by another call center scan in Europe, that was announced by Europol in January this year. In the case, the European police detained 15 suspects and closed down a multi-country channel of call centers selling fabricated cryptocurrency that the law enforcement claimed to have stolen more than hundreds of million euros from victims.  

Read more »
VPN
Data Breach Data Wiping Malware ESET Microsoft Russian Hackers Supply Chain Ukraine Ukrainian Cyber Security VPN

Viasat: Acid Rain Virus Disable Satellite Modems

 

The cyberattack which targeted the KA-SAT satellite broadband service to erase SATCOM modems on February 24 used a newly discovered data wiper virus. It impacted thousands in Ukraine and thousands more across Europe. 

A cybersecurity firm, SentinelOne, claims to have discovered a malware sample, which disrupted internet connectivity on February 24. The malware, called AcidRain, which was also likely utilized in the Viasat breach, is a Unix executable application which is meant to attack MIPS-based devices. This could indicate the attackers' lack of experience with the filesystem and firmware of the targeted devices, or their desire to create a reusable tool.

The same sample came from SkyLogic, the Viasat operator in charge of the damaged network, which is also situated in Italy. The software sample was also tagged with the moniker "ukrop," which could be a reference to the Ukraine Operation. 

The researchers underscored that Viasat did not offer technical indicators of compromise or a detailed incident response report. Instead, rogue commands damaged modems in Ukraine and other European countries, according to the satellite industry. The SentinelOne duo were perplexed as to how valid orders could produce such mayhem in the modem, "scalable disruption is more feasibly performed by delivering an update, script, or executable," they added. 

The program wipes the system and various storage device files completely. AcidRain executes an initial repetitive replacement and removal of non-standard files in the filesystem if the malware is launched as root "Juan Andres Guerrero-Saade and Max van Amerongen," SentinelOne threat experts, revealed. 

The wipers overwrite file structures with up to 0x40000 bytes of data or utilize MEMGETINFO, MEMUNLOCK, MEMERASE, and MEMWRITEOOB input/output control (IOCTL) service calls to erase data on compromised devices. 

The fact Viasat has supplied nearly 30,000 modems to get clients back online since the February 2022 attack and is still shipping more to speed up service restoration, suggests that SentinelOne's supply-chain threat scenario is correct. The IOCTLs used by this virus also resemble those used by the VPNFilter malware 'dstr' wiper plugin, a destructive program linked to Russian GRU hackers. 

The Ukrainian Computer Emergency Response Team recently stated a data wiper known as DoubleZero had been used in assaults on Ukrainian businesses. On the same day that Russia invaded Ukraine, they discovered IsaacWiper, a data wiper, and HermeticWizard, a new worm which dropped HermeticWiper payloads. ESET has discovered a fourth data-destroying malware strain called CaddyWiper, which wipes data across Windows domains and eliminates user data and partition information from associated drivers. 

Microsoft discovered a sixth wiper, now known as WhisperGate, in mid-January, which was being used in data-wiping attacks targeting Ukraine while masquerading as ransomware.
Read more »
Ukrainian Cyber Security
Cyber Attacks data security IT army Moscow Russia Russian Ukraine Ukrainian Cyber Security

Moscow Exchange Downed by Cyber-Attack

 

On Monday morning, the website for the Moscow Stock Exchange went down, becoming inaccessible. 
The Ukraine crowdsourced community of hackers operated by the Kyiv officials took responsibility for the outage in a message posted to Telegram while claiming the responsibility behind the attack.  

According to the officials early on Monday, the Kyiv officials called on its IT army members to launch attacks on the website. Following the attack, on Telegram, the IT Army claimed that it took only five minutes to knock the site down. However, as of now, its claims could not be verified. 

NetBlocks, a global internet connectivity tracking company reported that the site went offline on early Monday. However, the root cause behind the incident is still unknown. Mykhailo Fedorov, Ukraine’s deputy prime minister made a formal public statement on the incident and celebrated the formation of the IT army on Facebook. “The mission has been accomplished! Thank you!” the statement read. 

Also, last week Mykhailo Fedorov announced the formation of the IT Army and listed names of prominent Russian websites that the state-sponsored hackers could look to attack. 

In the middle of Monday afternoon, Sberbank, Russia’s largest lender website also went offline. The outage was reported by NetBlocks and celebrated by Fedorov, who declared: “Sberbank fell!” on social media. 

Further, Bloomberg reports that depositary receipts for Sberbank of Russia PJSC sank as much as 77%, while Gazprom PJSC dropped by 62%. 

Following the ongoing Russian war in Ukraine, the cyber threat Intelligence in their latest reports explained threats on cyberspace while saying that the outcome of this will affect every nation in the coming days, not just Ukraine. For now, the current situation changes the cybersecurity picture and worries the nations with the latest developments in cyberspace. 

Ultimately, critical infrastructures like power, banking, military infrastructures, and telecom are being targeted by the state actors, and the assets of several countries are increasingly coming under its grip. The US and UK have already issued warnings of potential cyber-attacks coming in the backdrop of the Russian military invasion in Ukraine.
Read more »
United States
Cyber Attacks CyberWar DDOS Attack Fancy Bear NATO Russia Ukraine Ukraine Websites Ukrainian Cyber Security United States

Ukraine: DDoS Attacks on State Websites Continue

 

Since February 23, some Ukrainian government websites have been subjected to DDoS attacks: web resources of the Ministry of Defense, the Verkhovna Rada of Ukraine, the Ministry of Foreign Affairs and others have suffered interruptions. 

The Insider publication (the organization is included in the list of foreign agents by the Ministry of Justice of Russia), referring to the data of the independent cyber analyst Snorre Fagerland, stated that the hacker group ART23 (Fancy Bear), which is attributed to links with the Main Intelligence Directorate of the Russian Federation, was behind the attacks. 

However, Igor Bederov, head of the Information and Analytical Research Department at T.Hunter, called this statement a provocation. "The investigation of a cyberattack (attribution) is a long and complex process that cannot be carried out from beginning to end in hours. Analysis of hacker software and malicious code is always a long and painstaking process," Mr. Bederov said. 

According to him, even if traces leading to Fancy Bear were indeed found, it's still impossible to say that this particular group was behind the attack. Mr. Bederov thinks that other hackers could have also taken advantage of the malware previously used by Fancy Bear. It's possible because hacker tools are openly resold on the Darknet. 

"Primary attribution is based on matching the hacker code used in today's attack with the code used in yesterday's attack, as well as special characters specific to a language group. This approach is fundamentally wrong, because the code can be stolen or bought, and the linguistic features can be imitated," said the expert. 

Mr. Bederov also noted that within the framework of pro-state activity, mainly Chinese groups like to engage in substitution of attribution. In addition, according to him, the NATO cyber intelligence center located in Tallinn was previously noticed for the substitution of attribution. 

Earlier it was reported that DDoS attacks on the website of the Ministry of Defense of Ukraine could have been deliberately set up by the United States. Earlier, Viktor Zhora, Deputy Chairman of the State Service for Special Communications and Information Protection of Ukraine, said that the government of Ukraine is ready for the scenario of forced destruction of secret data on servers. According to him, the authorities do not want to take risks and are not going to leave documentation and detailed information about the population of Ukraine to the enemy. 

He also said that if Russia gets access to government passwords, Ukrainian specialists "will quickly block access to hacked accounts."
Read more »
Ukrainian Cyber Security
Cyber Security Ukrainian Cyber Security

United States and Britain have sent specialists to Ukraine to prevent Russian cyber attacks

US intelligence believes that Russia, instead of invading Ukrainian territory, can carry out a cyberattack that will disable the power grid, banking system and "other important components of the economy and government of Ukraine." To prevent this, the United States and the United Kingdom sent cybersecurity experts to Ukraine.

According to the New York Times newspaper, citing US intelligence assessments, Russia would thus try to expose Ukrainian President Vladimir Zelensky as "inept and defenseless, and possibly provide a pretext for an invasion."

It is not specified how many people are included in this group. In addition, the US authorities are also considering the possibility of attracting the resources of the US Cyber ​​Command.

One of the representatives of American intelligence explained that conducting a cyberattack "will not require the occupation" of Ukraine, and can also help Russia avoid sanctions that "almost certainly will follow" in the event of an invasion. The sources of the publication believe that the Russian side may carry out a cyberattack after Orthodox Christmas, at the end of the first week of January.

Washington has not officially confirmed the information about sending a team of specialists. The US administration stated that it "has long supported Ukraine's efforts to strengthen cyber defense and increase its cyber resilience."

The media wrote that the United States expects 175 thousand Russian troops to attack Ukraine in early 2022. Russian President Vladimir Putin, commenting on this topic, said that Moscow pursues a peaceful foreign policy, but has the right to protect its security.

The press secretary of the President of the Russian Federation Dmitry Peskov stated that Russia moves troops within its territory and at its discretion. According to him, this does not threaten anyone and should not worry anyone.

Read more »
Ukrainian Cyber Security
Crypto Currency Cryptocurrencies Technology Ukraine Ukrainian Cyber Security

Ukraine legalized cryptocurrency

The Verkhovna Rada of Ukraine adopted the bill "On virtual assets", which will legalize cryptocurrency and virtual hryvnia.

The bill on its legal use for settlement operations was supported by 276 deputies, six voted against, 71 deputies abstained. The document regulates the circulation of virtual assets in the country, which allows market participants to use banking services, pay taxes on income from "crypto", as well as receive legal protection in courts in case of violation of rights.

According to the Telegram channel of the Rada, the purpose of the law is a comprehensive regulation of relations arising during the circulation and conclusion of transactions with digital currency, as well as ensuring a unified approach to the organization of cryptocurrency trading.

Owners of cryptocurrencies will receive a number of benefits. Due to the fact that there will be a legislative regulation of this area, they will at least be able to protect their fortune in virtual assets if something happens.

They will also be able to legally exchange crypto assets, declare them. This process will be absolutely legal. In addition, it is expected that a whole market of intermediary services will appear for paying for goods with cryptoassets, their storage, exchange. This will expand the possibilities of their use.

The new law will make virtual assets an absolutely legal and familiar phenomenon for the authorities and society.

It should be noted that in September last year, the government of Ukraine stated that the country has the highest level of use of virtual assets by the population in the world.

Earlier, E Hacking News reported that, according to the First Deputy Chairman of the Bank of Russia, Blockchain is not a panacea, and cryptocurrency is not money. So, the Central Bank of Russia is not going to change its negative attitude to these assets.

El Salvador was the first country in the world to recognize bitcoin. The relevant law entered into force there on September 7. Now it will be possible to pay with cryptocurrency along with dollars.


Read more »
Ukrainian Cyber Security
Cyber Security Ukraine Ukrainian Cyber Security

The National Security and Defense Council of Ukraine announced the imminent creation of cyber forces in the country

Secretary of the National Security and Defense Council (NSDC) Alexey Danilov said that in the near future, President of Ukraine Vladimir Zelensky may sign a decree on the creation of cyber forces in the country.

According to Danilov, this issue was discussed earlier on Friday at a closed meeting of the NSDC.

"I can say that this decision was unanimously supported by all 21 members who attended the meeting. I think there will be a presidential decree about it in the near future. You will hear from the president," he said.

Alexey Podberezkin, Director of the Center for Military and Political Studies of Moscow State Institute of International Relations (MGIMO), and political scientist Ivan Mezyuho commented on the possibility of creating national cyber forces in Ukraine.

"Programmers who were at a high level have now turned into semi-hackers, and the remnants of this potential, including military-technical, are in fact looted. Therefore, I do not really understand how this can be done in Ukraine. Moreover, Ukraine does not produce its own software,” Podberezkin explained.

In turn, Ivan Mezyuho expressed the opinion that the creation of cyber forces in Ukraine is likely to be funded or supervised by the United States.

He also added that such forces will be financed with the help of Ukrainian taxpayers.

In addition, a similar opinion was expressed by the Russian political scientist Bogdan Bezpalko. According to him, the appearance of special units for actions in cyberspace as part of the Armed Forces of Ukraine (AFU) is due to the anti-Russian course of Kiev.

"This kind of troops will be directed primarily against Russia, the Donbas and the Crimea, based on the political course pursued by the President of Ukraine, Vladimir Zelensky," Mr. Bezpalko said.

In his opinion, the organization of cyber troops will require significant financial resources, which can be partially allocated by Western "curators of Ukraine and Zelensky personally".

Recall that in February 2019, the Verkhovna Rada announced the actual creation of cyber forces. The NSDC of Ukraine noted that the cyber forces will become part of the Armed Forces of Ukraine (AFU).

Read more »
Ukrainian Cyber Security
Cyber Crime Cyber Crime Report Ransomware group Ukraine Ukrainian Cyber Security

Ukrainian police arrested members of a well-known cyber ransomware group

Members of the Egregor group, which provides the service using the Ransomware-as-a-Service (RaaS) model, have been arrested by the Ukrainian police.

The arrest is the result of a joint operation of the French and Ukrainian law enforcement systems. The names of the arrested citizens were not disclosed, but it is known that they provided logistical and financial support for the service.

It is worth noting that this ransomware has been active since the fall of 2020 and works according to the Ransomware-as-a-Service (RaaS) model. That is, the authors of the malware rent it out to other criminals, who are already hacking companies, stealing data, encrypting files, and then demanding a “double ransom” from victims (for decrypting files, as well as for not disclosing the data stolen in the process of hacking).

If the victims pay a ransom, the group that organized the hack keeps most of the funds, and the developers of Egregor receive only a small share. The attackers laundered funds through the Bitcoin cryptocurrency.

Those arrested are suspected, among other things, of providing such financial schemes.

According to Allan Liska, a cybersecurity researcher at Recorded Future, Recorded Future has discovered that the Egregor infrastructure, including the site and the management and control infrastructure, has been offline since at least Friday (February 12).

The French side joined the investigation after the Egregor software was used in attacks on the computer game developer Ubisoft and the logistics organization Gefco in 2020.

Although the Egregor system based on the RaaS model was launched in September 2020, a number of cybersecurity experts believe that the service operators are the well-known cyber ransomware group Maze.

Read more »
Subscribe to: Posts (Atom)