Thursday, March 24, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
Teen Suspected by Cyber Researchers of Being Lapsus$ Mastermind
FROM THE MEDIA: Cybersecurity researchers investigating a string of hacks against technology companies, including Microsoft Corp. and Nvidia Corp., have traced the attacks to a 16-year-old living at his mother’s house near Oxford, England. Four researchers investigating the hacking group Lapsus$, on behalf of companies that were attacked, said they believe the teenager is the mastermind. Lapsus$ has befuddled cybersecurity experts as it has embarked on a rampage of high-profile hacks. The motivation behind the attacks is still unclear, but some cybersecurity researchers say they believe the group is motivated by money and notoriety. The teen is suspected by the researchers of being behind some of the major hacks carried out by Lapsus$, but they haven’t been able to conclusively tie him to every hack Lapsus$ has claimed. The cyber researchers have used forensic evidence from the hacks as well as publicly available information to tie the teen to the hacking group.
READ THE STORY: Bloomberg
A QUICK LOOK:
Hundreds of companies potentially hit by Okta hack
FROM THE MEDIA: Hundreds of organizations that rely on Okta to provide access to their networks may have been affected by a cyber-attack on the company. Okta said the "worst case" was 366 of its clients had been affected and their "data may have been viewed or acted upon" - its shares fell 9% on the news. It says it has more than 15,000 clients - from big companies, including FedEx, to smaller organizations, such as Thanet District Council, in Kent. Cyber-gang Lapsus$ is behind the hack. The ransomware group "is a South American threat actor that has recently been linked to cyber-attacks on some high-profile targets", according to Ekram Ahmed, of cyber-security company Checkpoint. "The cyber-gang is known for extortion, threatening the release of sensitive information, if demands by its victims are not made" he said.
READ THE STORY: BBC
A QUICK LOOK:
Nestlé: Anonymous Can't Hack Us, We Leaked Our Own Data
FROM THE MEDIA: A hacker group claims to have stolen and leaked a trove of Nestlé’s data. The company says that can’t possibly be true. Why? Because the data was actually leaked by Nestlé itself several weeks ago. In emails to Gizmodo, a Nestlé spokesperson disavowed allegations from the hacktivist collective Anonymous, which claimed this week to have stolen and leaked a 10 gigabyte tranche from the global food and beverage conglomerate. Anonymous said it was punishing Nestlé for its reticence to withdraw from Russia, as a host of other major companies have done. The data, which Anonymous said included internal emails, passwords, and information on Nestlé’s customers, was posted to the web on Tuesday. Anonymous says it’s on a mission to punish any company that won’t boycott Russia over the devastating war in Ukraine, and Nestlé—which had previously expressed reluctance to scale back operations in the country—has apparently been at the top of its list.
READ THE STORY: Gizmodo
A QUICK LOOK:
Israel Rejected Ukrainian Plea for Pegasus Hacking Software Fearing Russian Retaliation
FROM THE MEDIA: Israeli defense officials blocked an effort by Ukraine to obtain NSO Group’s Pegasus surveillance software over fears doing so could inflame tensions with Russia. Sources cited by The Guardian and The Washington Post claim Ukraine has been trying to get its hands on the coveted hacking tools since 2019. They aren’t alone. Intelligence agencies worldwide jockey over access to Pegasus, which is viewed as one of the most advanced zero-click hacking tools on the market. Once infected, Pegasus software allows the end-user to surveil the target’s photos, documents, and even encrypted messages without the target ever knowing. Getting access to the software can be tricky, though. According to sources cited by The Guardian, Israel’s ministry of defense must first grant permission to NSO before the company can market its software to clients from other countries. Researchers at The Citizen Lab have identified at least 45 counties where Pegasus has been deployed in the past. Many of these countries have used Pegasus to target journalists, human rights activists, political dissidents, and even children with alarming frequency.
READ THE STORY: Gizmodo
A QUICK LOOK:
New Mustang Panda hacking campaign targets diplomats, ISPs
FROM THE MEDIA: Security analysts have uncovered a malicious campaign from China-linked threat actor Mustang Panda, which has been running for at least eight months with a new variant of the Korplug malware called Hodur and custom loaders. Also tracked as TA416, Mustang Panda is known to serve China-aligned interests and has been recently associated with phishing and espionage operations that targeted European diplomats. Korplug is a custom malware used extensively but not exclusively by this particular threat actor, first exposed in a 2020 report that examined the activity of Chinese hackers against Australian targets. In the latest known campaign, analyzed by cybersecurity company ESET, Mustang Panda focuses on European diplomats, ISPs (Internet Service Providers), and research institutes, using phishing lures with decoy documents. Since August 2021, when this campaign is believed to have started, the hackers refreshed their lures several times, the latest ones being topics related to Russia’s invasion of Ukraine, COVID-19 travel restrictions, or documents copied from the European Union Council’s website.
READ THE STORY: Bleepingcomputer
A QUICK LOOK:
Italy's state railway may have been target of cyber attack
FROM THE MEDIA: Italian railway company Ferrovie dello Stato Italiane (FS) said on Wednesday it had temporarily halted some ticket sale services as it feared they had been targeted by a cyber attack. "Since this morning, elements that could be linked to a cryptolocker infection have been detected on the computer network of Trenitalia and RFI," the company said in a statement. "The network is currently being checked." Italian news agency Ansa quoted unnamed security sources as saying that the type of attack suggested it was the work of Russian hackers. Contacted by Reuters, the interior ministry declined to comment on the report. The state-controlled FS said it had suspended the sale of tickets at its offices and self-service machines in train stations as a precautionary measure, while online sales were working as usual. The disruptions did not impact rail traffic which was running smoothly, FS added. The railway network managed by RFI is over 16,700 kilometres (10,400 miles) long, of which more than 700 km is dedicated to high-speed services.
READ THE STORY: Reuters
A QUICK LOOK:
Gas thieves in Florida accused of hacking pumps to get ‘basically free’ fuel
FROM THE MEDIA: Florida officials arrested four men this week, accusing them of using a device on gas pumps that allowed them to pump fuel for pennies on the dollar. The Florida Department of Agriculture and Consumer Services made the arrests on Wednesday. Commissioner Nikki Fried said she takes these types of crimes seriously. “Anytime that we’re seeing a theft like this or actual fraud, we have zero tolerance,” Fried said. “And we’re going to come in and it’s a very clear symbol to anyone that may be thinking of doing something like this — we’re going to catch you. The alleged incidents happened at a Circle K gas station in Lutz and a Circle K station in Lakeland. At the Lutz location, officers arrested Marlon Rosel-Rodriguez and Yordan Diaz Benitez of Tampa. At the Lakeland location, they arrested Yulier Garcia-Martinez and Rogelio Llarena of Orlando. Ned Bowman, the president of the Florida Petroleum Marketers Association, said the suspects were running a pretty sophisticated operation. “They go in and they change the pulsator. The pulsator is the device that is inside the gas pump that regulates the flow of the fuel,” Bowman explained. “So they’re able to change the price of the fuel down to a nickel or a penny to the gallon and fill the back of their trucks up — their bladders or spare tanks — with fuel that’s basically free.”
READ THE STORY: News 19
A QUICK LOOK:
Inside Ukraine’s cyber defense: the battle against Moscow’s online salvos
FROM THE MEDIA: As Russian troops massed on the border on January 14, dozens of Ukrainian government websites were defaced with the words “be afraid and wait for the worst”. The co-ordinated hack was viewed by Ukrainian and western cyber security officials as an initial warning that Russia would wage a fearsome digital war alongside a ground invasion of the country. Soon after, a series of major cyber attacks were detected on energy and communications groups — but then just as quickly repelled. A month into the Kremlin’s war, Ukrainian officials have taken solace that critical networks have withstood weeks of cyber assaults, but as one official warned, Russia’s vaster resources meant it could steadily wear down the online resistance. “Our networks are our people,” he said. “And Russia is killing our people.” This account of the first phase of Russia’s cyber war on Ukraine is based on interviews with Ukrainian and western officials with direct knowledge of the events, many of which have not been previously reported.
READ THE STORY: FT
A QUICK LOOK:
Native technologies used in Russia-Ukraine cyber attacks
FROM THE MEDIA: Native technologies are being used in Russia-Ukraine cyber attacks, according to new analysis from Aqua Security. The conflict between Russia and Ukraine is raging not only in the physical realm but also on the cyber front, where governments, hacktivist groups, and individuals are trying to play their part. Russian cyber warfare: Wiper malware - According to Team Nautilus, part of Aqua Security, the military campaign was preceded by a sophisticated cyberattack launched by Russia against multiple Ukrainian organizations. It included highly destructive malware called IsaacWiper and HermeticWizard, which are new variants of the wiper malware. The malware attack, alongside the military campaign, aimed to make an impact on the conflict. The malware was installed on hundreds of machines in Ukraine and was followed by a wave of distributed denial-of-service attacks. The new wipers can corrupt the data on a machine and make it inaccessible. In addition to the worm ability of spreading across a local network to infect more machines, they can also launch a ransomware attack and encrypt files on the compromised machine.
READ THE STORY: Security Brief
A QUICK LOOK:
Russian hackers targeting humanitarian efforts, Ukraine says
FROM THE MEDIA: A top Ukrainian cybersecurity official said Wednesday that Russian hackers are attacking logistical lines in the war-torn country, including those delivering food and humanitarian support. Victor Zhora, deputy chief of Ukraine’s information protection service, said the cyberattacks are mostly linked to Russia’s ground and air campaign. He declined to provide specifics on the attacks, citing security concerns. Zhora, who has provided regular updates on the role of cyberattacks in the conflict, said Russian hackers have targeted government and private-sector organizations, including internet-service providers and energy companies. The attacks have mostly been unsuccessful or caused minor disruptions, he said. He also said that despite efforts by Russia to knock out Ukrainian communication networks, most areas have maintained cellular coverage, or restored outages quickly.
READ THE STORY: Stripes
A QUICK LOOK:
Items of interest
Anonymous Says It Has Hacked The Central Bank Of Russia(Article)
FROM THE MEDIA: Hacktivist group Anonymous has threatened to release files after hacking the Central Bank of Russia. The bank, also known as the Central Bank of the Russian Federation, is responsible for protecting and ensuring the safety of the Russia's currency, the ruble, which took a nosedive following Russia's invasion of Ukraine last week. News of Anonymous’s hack was shared on Twitter last night, 23 March, by one of the group's accounts, @YourAnonTV. The post included an image of the smiling mask associated with the group and read: "JUST IN: The #Anonymous collective has hacked the Central Bank of Russia. More than 35.000 files will be released within 48 hours with secret agreements. #OpRussia." The exact nature of the files threatened for release has not been revealed, but Anonymous claims they include 'secret agreements'. News of the hack comes after reports emerged about central bank Governor Elvira Nabiullina having sought to resign from the role in the wake of the Ukrainian invasion, only to have President Vladimir Putin tell her to stay in the role.
READ THE STORY: LAbible
'Picking them off': Petraeus explains how Ukrainians are taking out Russian generals(Video)
Retired US Army Gen. David Petraeus tells CNN's Jake Tapper how the Ukrainian people have aided their army in killing multiple Russian generals. CNN has not been able to confirm the killings.
Ukraine captured Russian LEO satellite destroyer Krasukha EW.(Video)
FROM THE MEDIA: The Ukrainian army captured the control unit of the low Earth orbit satellite destroyer electronic warfare system Krasukha 4 of the Russian Federation near the capital Kyiv, learned Bulgarian Military, citing own sources.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com