Saturday, March 19, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
Cyber Attack Targeted 21 Natural Gas Producers on the Eve of the Russian Invasion of Ukraine
FROM THE MEDIA: A new report says that hackers executed a major cyber attack campaign against multiple natural gas producers in the United States ahead of Russia’s invasion of Ukraine. Bloomberg News reported that the cyber attacks targeted at least 21 companies involved in the production, exportation, and distribution of liquified natural gas. The cyberattack targeted major energy companies, including Chevron, Cheniere Energy, and Kinder Morgan. The outlet reported that the hackers gained access to at least 100 computers belonging to current and former employees two weeks before the invasion. Most of the victims were mid-level employees, including technology workers and control system engineers. Gene Yoo, CEO of security firm Security told Bloomberg that the campaign was the “first stage” in an effort to disrupt the energy industry. Although apparent, Yoo declined to confirm whether Russia was responsible for attacking natural gas producers, he believes that nation-state actors were responsible for the cyber attack.
READ THE STORY: CPO Magazine // Initial Report
A QUICK LOOK:
Anonymous has unleashed a successful cyber war to undermine Putin’s Ukraine invasion
FROM THE MEDIA: Anonymous has claimed that it successfully infiltrated Russian state TV to show citizens the devastation of Putin's invasion of Ukraine. It also leaked emails and files from government agency Roskomnadzor, responsible for censoring Russian media. Anonymous has since gained the support of more than 500,000 followers on its Twitter account, which now boasts more than 7.9 million followers. A study conducted by Jeremiah Fowler, the co-founder of the cybersecurity company Security Discovery, finds that Anonymous' claims of hacking Russia are accurate. Attacks on Russian servers and websites coincide perfectly with Anonymous' hacking timeline. 92 out of 100 Russian databases analyzed had been compromised, and file names were changed to "Glory to Ukraine," "Putin stop this war," "stop war," "no war," "HackedByUkraine," and other pro-Ukrainian messages. Most of the files reviewed in the databases were wiped out. Hacktivists used a script resembling the "MeowBot," which deletes the content of files and changes their names. One of the compromised databases was The Commonwealth of Independent States (CIS) which is made up of 11 republics and used to coordinate information on finance, trade, lawmaking, and security between member states. Hundreds of files in the database were renamed to "putin_stop_this_war." Emails and weak administrative credentials were also leaked.
READ THE STORY: Fortune
A QUICK LOOK:
Elon Musk’s Starlink is keeping Ukrainians online when traditional Internet fails
FROM THE MEDIA: Elon Musk recently challenged Russian President Vladimir Putin to a one-handed fistfight for the future of Ukraine. But the entrepreneur’s real defense of the besieged country is his effort to keep Ukrainians online with shipments of Starlink satellite Internet service. Starlink is a unit of Musk’s space company, SpaceX. The service uses terminals that resemble TV dishes equipped with antennas and are usually mounted on roofs to access the Internet via satellite in rural or disconnected areas. When war broke out in Ukraine, the country faced threats of Russian cyberattacks and shelling that had the potential to take down the Internet, making it necessary to develop a backup plan. So the country’s minister of digital transformation, Mykhailo Fedorov, tweeted a direct plea to Musk urging him to send help. Musk replied just hours later: “Starlink service is now active in Ukraine. More terminals en route.” Ukraine has already received thousands of antennas from Musk’s companies and European allies, which has proved “very effective,” Fedorov said in an interview with The Washington Post Friday.
READ THE STORY: Washingtonpost
A QUICK LOOK:
Google Equiano: Fiber Optics Underwater Cable to Connect Togo to Europe’s Portugal, To Deliver Internet to Region
FROM THE MEDIA: Google announced its venture that already arrived in Lome, Togo, and it is with the Equino underwater fiber optics cable that aims to bring a fast internet connection for the users of the region. It will connect Togo to Europe's Portugal, and that would fulfill the connection that will expand it up to 20 times more than the current speeds in the African region. The fishing village of Agebkope and other seaside communities along Togo's coast have long lived with the consequences of erosion from the strong winds and waves of the Atlantic Ocean. Locals blame the damage on the construction and expansion of the deep sea port in Lome since the late 1960s, others point the finger at a new nearby fishing port that has been under construction since April last year. Google Cloud initially introduced the Equiano venture back in 2019, and it announced interconnectivity that will come from Europe's Lisbon, Portugal down to Lome, Togo, to Lagos, Nigeria, and finally, Cape Town in South Africa.
READ THE STORY: Techtimes
A QUICK LOOK:
China's New Laser Weapon That Could Destroy Satellites In Space
FROM THE MEDIA: Researchers in China have developed a microwave machine "Relativistic Klystron Amplifier (RKA)", that could jam or destroy satellites in space. The device can generate a wave burst measuring 5-megawatts in the Ka-band, a portion of the electromagnetic spectrum increasingly used for both civil and military purposes, citing Asia Times, Taiwan News reported. Although not powerful enough to shoot targets out of the sky from the ground, the RKA can be mounted onto satellites, which could then be used to attack enemy assets in space by burning out their sensitive electronics. Directed Energy Weapons (DEW) are systems that use concentrated electromagnetic energy rather than kinetic energy to damage or destroy enemy equipment and/or personnel in a physical conflict. Although China denies the RKA is a Directed Energy Weapon (DEW), if the system were built at scale, it could send beams strong enough to rip through metallic materials moving at speed, reported Taiwan News. In fact, a Beijing-based space scientist told the media anonymously this tech could function as a high-powered weapon, saying its power was "overwhelming just to think about."
READ THE STORY: NDTV
A QUICK LOOK:
What the great maple syrup heist can teach us about cyber security
FROM THE MEDIA: his year marks the 10th anniversary since the infamous Great Maple Syrup Heist. In the province of Quebec in Canada, 3,000 tons of maple syrup were stolen from the Federation of Quebec Maple Syrup. At $2,000 per barrel (the equivalent of around 13 times the price of crude oil), it was a significant theft – it raised eyebrows and earned media attention around the world. The total stolen volume was estimated at an incredible $18.7 million, and much of it was never recovered. The criminals of 2012 were ultimately tracked down, though it took considerable effort for the police to determine the full scale of the crime. 26 arrests were made and the police interviewed more than 200 witnesses, creating a bizarre story surrounding one of Quebec’s major resources—and its sweetest. In the end, in court, one of the thieves, Richard Vallières, was found guilty of theft, fraud, and trafficking stolen goods. It’s an interesting story but the message points to something more fundamental – understanding your business or organization, where its value lies, and making sure it is protected. The truth is that all organizations are vulnerable to potential criminal activity. And like maple syrup, there is a need to give customers what they want, but understand attacks can come from all sides. The key is protecting what is most valuable.
READ THE STORY: Techradar
A QUICK LOOK:
Cryptocurrency – Russia's Sanctions Loophole?
FROM THE MEDIA: Regulators across the globe have this week stepped up their messaging in relation to sanctions on cryptocurrency. This comes in the wake of pleas from Ukraine’s minister of digital transformation via Twitter on Sunday for crypto exchanges to not only target sanctioned individuals, but to impose blanket bans on Russian users: “It’s crucial to freeze not only the addresses linked to Russian and Belarusian politicians but also to sabotage ordinary users.” In the United States, senators wrote to the treasury secretary on Wednesday 2 March to ask about plans to monitor crypto networks, and at the same time, U.S. Attorney General Merrick Garland announced a new interagency task force ‘KleptoCapture.’ The aim of KleptoCapture is to enforce sanctions placed on Russia, and would include cryptocurrencies within its focus. The European Union has also said through Bruno Le Maire the French Finance Minister, that any sanctions against Russia will incorporate cryptocurrencies. The FCA are “actively monitoring” crypto brokerages, and an FCA spokesman said: “As you would expect […] we have made it clear to crypto firms, banks and others that we expect them to focus on their sanction controls and, with our partners, we will be supervising their actions.” The Treasury has also spoken out to note that sanctions cover economic resources of every type, including crypto assets.
READ THE STORY: National Law Review
A QUICK LOOK:
After invasion of Ukraine, US warns of cyber attacks on global satellite networks
FROM THE MEDIA: After the Russian invasion of Ukraine, the US government has warned about "possible threats" on global satellite communication networks. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning, saying they are aware of possible threats to the US and international satellite communication (SATCOM) networks. Successful intrusions into SATCOM networks could create risk in network providers' customer environments. The fresh warning came as satellite modems belonging to thousands of customers in Europe went offline as Russia began the invasion of Ukraine on February 24. The attack affected US telecommunications firm Viasat that owned the affected network. "Given the current geopolitical situation, CISA's 'Shields Up' initiative requests that all organizations significantly lower their threshold for reporting and sharing indications of malicious cyber activity," it said in a statement. CISA and FBI strongly encouraged critical infrastructure organizations and other organizations that are either SATCOM network providers or customers to review and implement the mitigations outlined in this CSA to strengthen SATCOM network cybersecurity.
READ THE STORY: Free Press Journal
A QUICK LOOK:
Critical Vulnerabilities in the U.S. Food Sector and the Next Crippling Attack
FROM THE MEDIA: The U.S. Department of Homeland Security defines 16 critical infrastructure sectors vital to the physical and economic security of the United States. Any destruction or disruption to one of these sectors would impart a massive, negative impact on U.S. national security. One of these 16 critical infrastructure sectors is the food and agricultural sector. Although not one of the first sectors to come to mind as “critical” to most people, this sector nonetheless touches the lives of all Americans. It is almost entirely privately owned yet accounts for one-fifth of the nation’s economic activity. It is composed of more than 2 million farms, more than 900,000 restaurants, and more than 200,000 food manufacturing, processing, and storage facilities.[1] In addition, this sector is closely linked with many other critical infrastructure sectors, including water and wastewater systems (for irrigation), transportation systems (for movement of food and animals), the energy sector (for powering the processing of food), and the chemical sector (for fertilizers and pesticides). Any disturbance to the food and agricultural sector will cause additional effects to the other critical infrastructure sectors. As such, it is of vital importance to protect food and agricultural operations in the U.S.
READ THE STORY: HSTODAY
A QUICK LOOK:
Google says China's state-sponsored hackers are targeting Ukraine
FROM THE MEDIA: Hackers funded by state money have been fighting battles online for years. With the ongoing Russian invasion of Ukraine, the cyber warfare front went from a simmer to a boil. While the combatants on the ground and in the air at the moment are primarily from two countries, reports from Google's Threat Analysis Group (TAG) indicate there are more players involved in cyberspace, including hackers working for China's military. According to Bleeping Computer, Google informed Ukraine earlier this week about a hacking threat from attackers employed by the Chinese government. TAG engineer Billy Leonard tweeted that the team had managed to identify government-backed actors based in China going after Ukrainian state organizations and sounded the alarm. The "CN PLA" Leonard refers to in the tweet is the Chinese People's Liberation Army (PLA). In a tweet of his own, Shane Huntley, the head of TAG, confirmed the news, noting that Russia's assault on Ukraine "isn't only attracting interest from European threat actors. China is working hard here too." Google had already warned of China-based hacking threats against Ukraine on March 7 in a TAG "update on the threat landscape." In this case, it came from a group that calls itself Mustang Panda. Google noted that this was a shift in focus for these hackers, who reportedly tend to go after victims based in Southeast Asia.
READ THE STORY: Android Police
A QUICK LOOK:
NRA Confirms It Got Pwned by Cybercriminals
FROM THE MEDIA: The National Rifle Association, defender of gun-loving maniacs everywhere, has confirmed that it did, in fact, get hacked by cybercriminals last year. On Friday, the organization’s political action committee (PAC) submitted a filing to the Federal Election Commission confirming the attack. The PAC made the filing to the FEC in an effort to explain a recent financial discrepancy—it had failed to report thousands of dollars in donations to the government. A ransomware gang calling itself “Grief” bragged to the digital underworld last October about compromising the gun lobby’s servers and stealing sensitive internal documents. It leaked screenshots of what it claimed were documents that had been stolen during the incident. At the time, the NRA did not confirm or deny that it had been hacked, issuing an evasive statement about how it “does not discuss matters related to physical or electronic security.” Now, however, the NRA has admitted that it got pwned. The hackers were telling the truth. According to the filing, the ransomware attack hit the NRA on October 20, 2021, taking the entire organization offline. NRA employees did not regain full access to the internet, their email inboxes, or their networked files until the second week of November. Grief leaked additional documents that month, including bank account numbers and other “sensitive personal and financial information,” seemingly still waiting for the NRA to pay up.
READ THE STORY: Gizmodo
A QUICK LOOK:
Items of interest
Conti Ransomware Group Helping Russia? 60,000 Files, Chat Messages Reveal Alarming Details(Article)
FROM THE MEDIA: Conti ransomware group might actually be helping Russia during the ongoing conflict between it and Ukraine. This detail was claimed after thousands of chat messages and files were leaked. Russian President Vladimir Putin speaks to the media with Hungarian Prime Minister Viktor Orban at Parliament on February 17, 2015 in Budapest, Hungary. Putin is in Budapest on a one-day visit, his first visit to an EU-member country since he attended ceremonies marking the 70th anniversary of the D-Day invasions in France in June, 2014. These files were acquired, thanks to the efforts made by an anonymous Ukrainian cybersecurity expert. This tech expert was able to breach the system of Conti, allowing him to gather the alarming chat messages and files.
READ THE STORY: Tech Times
Fake DDoS Tool Targets Ukraine Hacker Army(Video)
As is common with malware distributors, threat actors are taking advantage of current events, such as the IT Army, to promote a fake DDoS tool on Telegram that installs a password and information-stealing trojan. In a new report by Cisco Talos, researchers warn that threat actors are mimicking a DDoS tool called the “Liberator”, which is a website bomber for use against Russian propaganda outlets. While the versions downloaded from the real site are “clean”, and likely illegal to use, those circulated in Telegram hide malware payloads, and there’s no way to tell the difference before executing them as neither is digitally signed.
Effectiveness Of Ukraine's Drones Against Russian Forces Following Successful Attack Overnight(Video)
FROM THE MEDIA: NBC's Ken Dilanian reports on how Ukraine's "cheap drones" claim to be successful against Russian forces, and how effective they are with taking out Russian targets following a successful attack overnight.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com