Sunday, January 29, 2023 // (IG): BB // BSidesCharm// Coffee for Bob
Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group
FROM THE MEDIA: The Russian cyber-espionage group Gamaredon has been linked to a phishing attack on Latvia's Ministry of Defense last week. French cybersecurity company Sekoia.io first shared an example of the malicious email on Twitter, and it was later determined that the same domain (admou[.]org) used in past cyberattacks was used in this attack as well. Latvia's Ministry of Defense confirmed that the attack was "most likely" linked to Gamaredon, and the Latvian computer emergency response team, CERT-LV, noted that the hackers sent a meme to researchers in the final stages of the attack when they learned they were being investigated. Gamaredon have been targeting Latvian organizations since the start of the war in Ukraine, and other former Soviet Union members have reported an increase in cyberattacks. Ukraine's CERT reported that Gamaredon is responsible for the largest number of cyberattacks on the country, and the group conducts targeted cyberintelligence operations.
READ THE STORY: The Record
Gootkit Malware Continues to Evolve with New Components and Obfuscations
FROM THE MEDIA: The threat actors associated with the Gootkit malware have made notable changes to their toolset, including adding new components and obfuscations to their infection chains. These changes demonstrate their active development and growth in capabilities, as they continue to use new variants of the malware such as GOOTLOADER.POWERSHELL and three different flavors of FONELAUNCH to execute DLLs, .NET binaries, and PE files. This malware is spread through SEO poisoning and is used to target the Australian healthcare sector.
READ THE STORY: THN
Left-wing think tank responsible for thousands of fake Russia stories: new Twitter Files
FROM THE MEDIA: The recently disclosed Twitter Files reveal how the Hamilton 68 "dashboard" operated by the Alliance for Securing Democracy, a left-wing think tank with members including Clinton ally John Podesta and Obama-era acting CIA Director Michael Morell, falsely claimed to track Russian online activity. This resulted in thousands of bogus stories asserting the nation’s influence in US politics. According to Yoel Roth, Twitter's then-head of trust and safety, the dashboard was "bulls–t" and falsely accused many legitimate right-leaning accounts of being Russian bots. Despite wanting to publicly push back against Hamilton 68, Twitter executives were warned against taking on the politically connected group. This private sector Russia-baiting follows a similar approach from the United States government, which also demanded the company find Russian influence which its internal audits consistently revealed to be nonexistent.
READ THE STORY: NYPOST
Iran-linked Cyber Group Aims To Disrupt Saudi-Israeli Ties: Report
FROM THE MEDIA: Secureworks Counter Threat has recently reported on an effort by a group affiliated to the Islamic Republic to disrupt relations between Saudi Arabia and Israel. The group, called Cobalt Sapling, created a new persona called "Abraham's Ax" and used it to attack Saudi government ministries with malicious software designed to encrypt data without offering a key in exchange for payment. This development is part of a trend by Iran to use proxy groups and personas to target its perceived enemies while attempting to provide plausible deniability. To mitigate their exposure, organizations should review and restrict access to the indicators listed in the Advisory.
READ THE STORY: Iran International
Data Privacy Day: Best practices for protecting privacy
FROM THE MEDIA: On Data Privacy Day, it is important to consider the risks associated with data privacy and the various methods organizations are using to protect it. It is necessary to balance performance and cost-effectiveness with constructive security solutions, such as the use of encryption, access controls, monitoring, and auditing systems, as well as an Unbreakable Backup solution with encryption and WORM capabilities. Additionally, identity-based access control, SDP, ZTNA, and zero trust models are also important for organizations to protect their data. Furthermore, organizations must ensure that their data is properly secured, and that they have visibility into their IT environments. Finally, organizations must limit data sharing and take a holistic approach to ensure data privacy.
READ THE STORY: The Cyberwire
FBI gains control of organization claiming responsibility for NPS cyber attack
FROM THE MEDIA: The FBI has recently assumed control of operations run by Hive, a group of hackers responsible for the ransomware attack of Norman Public Schools in November of 2022. Hive have extorted more than $100 million from a number of organizations, and have targeted over 1,500 victims around the world. After victims pay the ransom, Hive splits the money 80-20 between them and their workers. NPS first reported the attack, which disabled many of their operating systems, and warned families to discontinue using district-issued laptop computers and other devices. The FBI has released an affidavit which details the strategies Hive used to penetrate schools, hospitals and other organizations. NPS has been working in cooperation with the FBI to hold those involved accountable, and hopes that those responsible will be prosecuted to the full extent of the law.
READ THE STORY: The Norman Transcript
Russian TV Discusses if Economy Now 'Equal' to Iran, North Korea or Cuba
FROM THE MEDIA: Recently, Russian State TV discussed how Iran, North Korea, and Cuba survived international sanctions imposed on them, and debated on whether or not the Russian economy is now "equal" to any of these countries. The discussion focused on the nature of the economic policy and domestic resources of Iran, and the similarities between the two countries in being multi-ethnic states with difficult neighbors. The report also mentioned the U.S. sanctions on Iran, which were imposed in 1979 and expanded in 1987, and the U.S. trade embargo imposed on Cuba in 1962. Through this report, the TV host and guest speakers highlighted the three paths for countering Western sanctions and how each of these countries relied on manufacturing their own products, using informal payment systems and taking control of privately owned properties in order to survive.
READ THE STORY: Newsweek
Ukraine Links Media Center Attack to Russian Intelligence
FROM THE MEDIA: On Tuesday, the Ukrainian information protection agency experienced a cyberattack during a press briefing led by Yurii Shchyhol. The attack was linked to the Russian Sandworm hackers, who have close ties with the Russian GRU. The attackers used five types of malware, including CaddyWiper, ZeroWipe and SDelete, to disrupt the Ukrainian national Media Center. CERT-UA was able to promptly localize the threat, attributing the attack to UAC-0082, otherwise known as the Sandworm group. This attack serves as an example of the Sandworm hackers' continued attempts to disrupt critical infrastructure in Ukraine, and their use of malicious software to do so.
READ THE STORY: BankInfoSec
Inside the grim world of office spyware
FROM THE MEDIA: Kamil Rudnicki, founder of TimeCamp, a company selling time-tracking software, recently revealed his own hectic work schedule, making headlines around the world. TimeCamp's software has been used to monitor workers in the workplace, with one Canadian tribunal ruling an accountant owed her old employer money due to 'time theft.' Rudnicki insists his software is not always used in a sinister way, and can be beneficial to workers, allowing them to monitor their own productivity and potentially prove unpaid overtime. He also acknowledges the use of ruses to trick the software, suggesting monitoring alone is not enough to ensure a productive workforce.
READ THE STORY: FT
Senior Russian diplomat says Moscow, Ankara discussed creating gas hub
Analyst Comm: TASS is linked to RU government and has a likelihood or spreading propaganda.
FROM THE MEDIA: Russian Deputy Foreign Minister Oleg Syromolotov discussed the development of the Russian-Turkish energy cooperation and the potential for the construction of a gas hub in Türkiye. He also discussed the US and NATO's cyberwar capabilities, claiming they engage in espionage, recruit hackers, and simulate attacks on Russian infrastructure. Syromolotov also discussed the situation in Afghanistan, noting that Daesh/ISIS is strengthening its position there, profiting from the Taliban’s lack of finances. He stressed the importance of cooperation between Russia and China in the fight against terrorism.
READ THE STORY: Yeni Safak
Russia’s Footprint Grows in Africa as France Leaves Burkina Faso
FROM THE MEDIA: In the Sahel region, France's former colonial power is withdrawing its military presence from Burkina Faso after a request from the ruling junta. This follows their withdrawal from Mali last year, and signals Russia's increasing influence in the region. Russia has been increasingly seen as an effective partner in the war against jihadists, and their mercenary Wagner Group has been accused of human rights violations and using disinformation to influence African politics. This shift in power dynamics has caused resentment towards France and a desire for closer ties with Russia, creating an opportunity for the Wagner Group to gain a foothold in the region.
READ THE STORY: Bloomberg
Twitter and psychological warfare
FROM THE MEDIA: This article provides a detailed overview of the role of Twitter in psychological warfare, particularly its cooperation with the US military to spread propaganda in the Middle East. It highlights the company's censorship policy and its willingness to cooperate with government agencies to manipulate public opinion and shape human behavior. The article also raises questions about the legitimacy of Twitter as a platform for conducting psychological warfare.
READ THE STORY: Yeni Safak
Three seconds of audio could end up costing Fox $500,000
FROM THE MEDIA: Fox, a major US media company, has been accused of paying a $504,000 fine for playing the Emergency Alert System attention tone to promote an NFL show, violating FCC rules that prohibit their use or simulation for non-emergency purposes. This follows other fines made against Hollywood productions and a late night talk show for the same violation, showing that the FCC will take no chances when it comes to using the sound to protect its integrity.
READ THE STORY: The Register
Items of interest
Russian Information Operations Aim to Divide the Western Coalition on Ukraine
FROM THE MEDIA: Russia has been attempting to undermine and divide the Western coalition in support of Ukraine since at least early May 2022, in order to influence public opinion of Russia’s war against Ukraine and alleviate the impacts of international pressure on their economy and political affairs. We have identified multiple influence narratives employed by Russian influence networks, including blaming Western coalition governments for economic hardships their populations are enduring, in order to influence European populations to oppose their governments’ support of Ukraine and policies toward Russia. An unverified analytical note from the FSB provides further evidence that Russia is actively attempting to manipulate public opinion and destabilize Western responses. As the war against Ukraine is ongoing, it is likely that the Kremlin will continue to employ influence operations to undermine support for Ukraine and manipulate narratives in the future.
READ THE STORY: Recorded Future
Are CTFs even real? Featuring John Hammond (Video)
FROM THE MEDIA: In this YouTube video, John Hammond discusses the usefulness of Capture the Flag exercises for learning real world cyber security skills. He recommends them as a beginner-friendly way to get started in security research and practice blue team tactics.
Cybercrime & Dark Web Conversations (w/ Shmuel!) (Video)
FROM THE MEDIA: Shmuel, a security researcher, discusses cybercrime and the dark web in this YouTube video. He shares that ransomware gangs are currently the most prominent in the industry, and that Conti is the leading gangster. He also talks about how cybercriminals can attack their rivals, and how to protect against such attacks.
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com