Friday, March 25, 2022 // (IG): BB //Weekly Sponsor: DiyGarage SoCal
Ukrainian Cyber Lead Says ‘At Least 4 Types of Malware’ in Use to Target Critical Infrastructure and Humanitarian Aid
FROM THE MEDIA: Hackers allegedly affiliated with Russia are persistently targeting Ukraine’s government, energy and communications systems, and humanitarian efforts amid the ongoing invasion, a senior Ukrainian cybersecurity official told reporters on Wednesday. “The attackers focus on critical infrastructure, both state-owned and private, and mainly with a connection to land-to-air invasion. Especially weighing are attacks on the logistic circuits and supply of the food and humanitarian support for the cities, where civilians are shelled and bombed,” Victor Zhora, deputy chief of Ukraine’s information protection service, explained. “So, this all is crucial for the prevention of humanitarian catastrophes and we see these logistic circuits are being attacked with the cyberattackers—hackers—financed and basically owned by the government of the Russian Federation.” Zhora provided this information during an hour-long press briefing hosted by the State Service of Special Communication and Information Protection of Ukraine, regarding cyberattacks the country faced between March 15 and March 22. Observed attackers are also targeting organizations that publish information about war crimes online and at least four types of malware have been deployed. According to the official, they’re called HermeticWiper, IsaacWiper, CaddyWiper and Double Zero.
READ THE STORY: Nextgov
A QUICK LOOK:
Google, Mandiant detail threat from North Korea cyber groups
FROM THE MEDIA: Mandiant and Google’s Threat Analysis Group this week issued separate blog posts on North Korea’s cyber capabilities in support of its political, financial and national security goals. In a Thursday post, the Google TAG team reported discovering state-backed attackers exploiting a remote code execution vulnerability in Chrome, CVE-2022-0609. The campaigns, dubbed Operation Dream Job and Operation AppleJues, targeted U.S.-based organizations in the news media, information technology, cryptocurrency and financial tech industries. The earliest evidence of the exploit was Jan. 4 and a patch was issued Feb. 14. The TAG team said it suspected the groups worked for the same entity with a shared supply chain, but had different mission sets and techniques. The infrastructure of one of the campaigns overlapped with another campaign from last year that targeted security researchers. Google contacted all of the targets notifying them of the activity.
READ THE STORY: SCMAG
A QUICK LOOK:
The Cyber Resistance To Russia’s Ukraine Invasion Is In LA, Too
FROM THE MEDIA: In the month since Russian troops invaded Ukraine, a cyber resistance movement has emerged around the world — including in Los Angeles. One of the many volunteers in the online resistance is Oleksiy, a Ukrainian immigrant whose day job is in property management. For weeks, he’s been working long hours online in what he calls an “info war” against the Kremlin’s blackout of independent media. “We are trying to share truthful information about what is going on in Ukraine into Russia,” said Oleksiy, who didn’t want his last name used to protect his family in Ukraine. From his home in downtown L.A. he connects with a team of other volunteers around the globe, many of them Ukrainian, in San Francisco, New York, Germany, Poland, and also Ukraine, he said. Oleksiy said his group of volunteers is part of the broader cyber resistance to the war, which includes a global movement of hackers taking on Vladimir Putin’s government. Some activists claim to have hacked Russian state television and government servers.
READ THE STORY: LAIST
A QUICK LOOK:
Anonymous claims it hacked Russia’s central bank and will soon release thousands of files
FROM THE MEDIA: A Twitter account claiming to be connected with the activist collective Anonymous announced this week that it hacked Russia’s central bank, and it is planning to release 35,000 documents over the next 48 hours detailing “secret agreements.” The Central Bank of the Russian Federation did not immediately respond to Fortune’s request for comment. The international collective of hackers declared cyber war on Russian President Vladimir Putin in a video shortly after Russia invaded Ukraine a month ago. “Soon you will feel the wrath of the world’s hackers,” Anonymous declared in a video on Twitter in late February. So far, the group says it has made good on its threat. In an interview with the BBC earlier this week, hackers linked to Anonymous said they hacked Russian state TV channels and briefly interrupted programming to show a video of Ukrainian buildings being bombed. Rostelecom, the Russian company that runs the allegedly hacked TV channels, did not respond to BBC’s requests for comment.
READ THE STORY: fortune
A QUICK LOOK:
North Korea Gov Hackers Caught Sharing Chrome Zero-Day
FROM THE MEDIA: Malware hunters at Google have spotted signs that North Korean government hackers are sharing zero-day browser exploits for use in waves of targeted attacks hitting U.S. news media, crypto-banks and IT organizations. According to new data published by Google’s TAG (Threat Analysis Group), two distinct North Korean hacker groups separately used a Chrome browser zero-day flaw in organized malware campaigns. The Chrome vulnerability in question – CVE-2022-0609 – was patched by Google last month with the company issuing a barebones advisory to warn of the zero-day in-the-wild exploitation. On Thursday, the search giant linked those attacks to North Korea’s government-backed hacking groups, warning that the earliest evidence of attacks date back to early January of this year. "We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques. It is possible that other North Korean government-backed attackers have access to the same exploit kit," said Google researcher Adam Weidemann.
READ THE STORY: SecurityWeek
A QUICK LOOK:
US charges four Russian hackers over cyber-attacks on global energy sector
FROM THE MEDIA: The US has unveiled criminal charges against four Russian government officials, saying they engaged in two major hacking campaigns between 2012 and 2018 that targeted the global energy sector and affected thousands of computers across 135 countries. In one now-unsealed indictment from August 2021, the justice department said three alleged hackers from Russia’s Federal Security Service (FSB) carried out cyber-attacks on the computer networks of oil and gas firms, nuclear power plants, and utility and power transmission companies across the world between 2012 and 2017. The three accused Russians in that case are Pavel Aleksandrovich Akulov, 36, Mikhail Mikhailovich Gavrilov, 42, and Marat Valeryevich Tyukov, 39. In a second unsealed indictment from June 2021, the DoJ accused Evgeny Viktorovich Gladkikh, a 36-year-old Russian ministry of defense research institute employee, of conspiring with others between May and September 2017 to hack the systems of a foreign refinery and install malware known as “Triton” on a safety system produced by Schneider Electric.
READ THE STORY: The Guardian
A QUICK LOOK:
Hackers Attacked Satellite Terminals Through Management Network, Viasat Officials Say
FROM THE MEDIA: The cyberattack that cut communications for thousands of European users of Viasat’s satellite broadband service last month was carried out by hackers compromising and exploiting the system that manages customer terminals, two Viasat officials told Air Force Magazine. The attack, which happened as Russian forces rolled into Ukraine on Feb. 24, affected tens of thousands of terminals in Ukraine and across Europe, which were part of the KA-SAT network, a satellite broadband provider that Viasat bought last year from French satcom giant Eutelsat. End users affected included some in the Ukrainian military, and the attack dramatically demonstrated the vulnerability of commercial satellite communications capabilities on which the U.S. military increasingly relies. “The ground management network … that manages the KA-SAT network, and manages other Eutelsat networks—that network was penetrated,” said one Viasat official. “And from there, the hackers were able to launch an attack against the terminals using the normal function of the management plane of the network.”
READ THE STORY: Airforcemag
A QUICK LOOK:
Russian military behind hack of satellite communication devices in Ukraine at war’s outset, U.S. officials say
FROM THE MEDIA: U.S. intelligence analysts have concluded that Russian military spy hackers were behind a cyberattack on a satellite broadband service that disrupted Ukraine’s military communications at the start of the war last month, according to U.S. officials familiar with the matter. The U.S. government, however, has not announced its conclusion publicly. “We do not have an attribution to share at this time and are looking at this closely,” said Saloni Sharma, a spokeswoman for the National Security Council. “As we have already said, we are concerned about the apparent use of cyber operations to disrupt communications systems in Ukraine and across Europe and affect businesses and individuals’ access to the Internet.” President Biden on Monday warned U.S. businesses that they needed to maintain vigilance in light of “evolving intelligence” that the Russians are “exploring options” for potential cyberattacks. Several federal government agencies have highlighted protective security measures that companies can put in place to protect against such attacks.
READ THE STORY: Washington Post
A QUICK LOOK:
Feds: Russian spies tried to hack into Kan. nuclear power plant
FROM THE MEDIA: A federal indictment made public Thursday accuses four men with ties to Russian spy outfits of trying to gain control of U.S. nuclear power plants — including one in Kansas — through cyber sabotage. Prosecutors contend the defendants targeted both software and hardware to cripple critical infrastructure in the U.S., including the Wolf Creek nuclear plant near Burlington, Kansas. The U.S. Justice Department describes a pair of concerted attacks that involved, among other tactics, planting malware on more than 17,000 devices. That alleged hacking, the indictment says, had some success that gave saboteurs unauthorized access to networks and computers across the energy sector. All of the men are Russian nationals accused of working for their Ministry of Defense to wreck parts of the global energy sector between 2012 and 2018. Justice officials say the hacking campaigns sought to infiltrate thousands of computers at hundreds of private companies and government agencies across roughly 135 countries.
READ THE STORY: SalinaPost
A QUICK LOOK:
New Vidar Infostealer Campaign Hidden in Help File
FROM THE MEDIA: Researchers discovered an email malware campaign in February 2022 that demonstrates the complexity attackers are introducing to the delivery mechanism in order to avoid detection. The new campaign delivers an old but frequently updated infostealer: Vidar. The initial approach is standard – an email with a malicious attachment. The attachment, ‘request.doc’, is a disguised ISO file. If the target can be persuaded to click on request.doc, two files are exposed: a CHM file (Microsoft’s stand-alone help file format), and ‘app.exe’. app.exe launches the Vidar malware. Most users today could be trusted not to open a strange .exe delivered to them by email. But this isn’t necessary for the attacker. CHM files are generally more recognized and trusted by users. If this is opened, an apparently innocuous content is exposed. However, say the Trustwave researchers in an associated blog, “This HTML has a button object which automatically triggers the silent re-execution of the CHM “pss10r.chm” with mshta.” When it is re-executed, JavaScript included within the file automatically executes the app.exe file, and the initial stage of Vidar is loaded. The final launcher is hidden in the Help file.
READ THE STORY: Security Week
A QUICK LOOK:
Items of interest
How Ukraine and Russia use the information space to shape public opinion(Article)
FROM THE MEDIA: A month into Russia's invasion of Ukraine, both sides continue to wage active information campaigns online, providing daily updates on their respective military accomplishments and even enemy casualties. While the Ukrainian and Russian defence ministries may differ in how they present the war to their respective followers on traditional and social media, parsing through the two information streams can be telling as far as who their target audience is and where they think the conflict is going. When it comes to reported casualties since the Feb. 24 invasion, the Russian military on March 2 reported that it had lost 498 soldiers, with another 1,597 wounded, but has not updated that toll since. The Ukrainian military consistently releases its own cumulative tally of Russia's estimated losses, which as of March 24 include about 15,800 troops. A senior NATO military official on Wednesday estimated that between 7,000 and 15,000 Russian troops have been killed. That same official also projected Russian casualties, including those killed, wounded, taken prisoner or missing, at between 30,000 and 40,000.
READ THE STORY: CTVNEWS
"I Will Stop Russia!" Elon Musk Revealed!(Video)
Ever since the Kremlin launched a devastating attack on Ukraine, Elon Musk, known for his big bets on successful business ventures as he is known for his audacious eccentricities, has picked a side and from the look of things, Russia is not in his good books. And now, he’s challenged the Russian president, Vladimir Putin, to a fight plus making a bold claim that he’s going to stop Russia. Tesla and SpaceX CEO Elon Musk challenged the Russian President, Vladimir Putin to “single combat” via Twitter. “I hereby challenge Vladimir Putin to single combat, Stakes are Ukraine.” He tweeted, writing the country's name in its language. “Do you agree to this fight?”, he wrote in Russian, tagging the Kremlin’s official English language Twitter account.
Why Global Supply Chains May Never Be the Same(Video)
FROM THE MEDIA: Every day, millions of sailors, truck drivers, longshoremen, warehouse workers and delivery drivers keep mountains of goods moving into stores and homes to meet consumers’ increasing expectations of convenience. But this complex movement of goods underpinning the global economy is far more vulnerable than many imagined.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com