Security News

An unidentified whistleblower has provided several media organizations with access to leaked documents from NTC Vulkan - a Moscow IT consultancy - that allegedly show how the firm supports Russia's military and intelligence agencies with cyber warfare tools. According to The Guardian, this latest whistleblower chose to distribute the secret Russian documents due to anger over Russia's bloody invasion of Ukraine and a desire to see the information reveal some of what is going on inside Russia.

Millions of Russians in almost a dozen cities throughout the country were greeted Wednesday morning by radio alerts, text messages, and sirens warning of an air raid or missile strikes that never occurred. According to reports from news operations in Russia, a woman's voice was broadcast through a number of radio stations - including Relax FM, Avatoradio, Yumor FM, and Comedy Radio - saying, "Attention, an air raid warning is being announced. Go to the shelter immediately. Attention, Attention, threat of a missile strike."

Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers. The CyberAzov app promises to "Help stop Russian aggression against Ukraine" by deploying Denial of Service attacks against set Russian targets, according to the phony website.

Kremlin-backed criminals are trying to trick people into downloading Android malware by spoofing a Ukrainian military group, according to Google security researchers. The CyberAzov app promises to "Help stop Russian aggression against Ukraine" by deploying Denial of Service attacks against set Russian targets, according to the phony website.

Coca-Cola confirmed it's probing a possible network intrusion after the Stormous cybercrime gang claimed it stole 161GB of data from the beverage giant. The ransomware gang, which has declared its support for the Russian government's illegal invasion of Ukraine, this week bragged it "Hacked some of the company's servers and passed a large amount of data inside them without their knowledge." It's now trying to sell the stolen data for about $64,000, or nearest offer "Depending on the amount of data you want," Stormous wrote on its website where it leaks pilfered information.

The US Justice Department today revealed details of a court-authorized take-down of command-and-control systems the Sandworm cyber-crime ring used to direct network devices infected by its Cyclops Blink malware. The move follows a joint security alert in February from US and UK law enforcement that warned of WatchGuard firewalls and ASUS routers being compromised to run Cyclops Blink.

One big reason: Ransomware rackets are dominated by Russian-speaking cybercriminals who are shielded - and sometimes employed - by Russian intelligence agencies, according to security researchers, U.S. law enforcement, and now the Biden administration. On Thursday, as the U.S. slapped sanctions on Russia for malign activities including state-backed hacking, the Treasury Department said Russian intelligence has enabled ransomware attacks by cultivating and co-opting criminal hackers and giving them safe harbor.

Russia's infamous APT 29, aka Cozy Bear, was behind the SolarWinds Orion attack, the US and UK governments said today as America slapped sanctions on Russian infosec companies as well as expelling diplomats from that country's US embassy. "The Russian Intelligence Services' third arm, the SVR, is responsible for the 2020 exploit of the SolarWinds Orion platform and other information technology infrastructures. This intrusion compromised thousands of US government and private sector networks," said the US Treasury.

The NSA reckons Russian government hackers are actively abusing a critical security hole in VMWare's software to infiltrate victims' networks. "Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication," a cybersecurity notice [PDF] published on Monday warns.

Six men have been named as Russian military hackers and accused of spreading malware, disrupting the Olympics in retaliation for Russia's doping ban, and meddling with elections as well as probes into Novichok poisonings. Targeted South Koreans, athletes, the International Olympic Committee officials, and more, with spear-phishing and malicious mobile apps in the run-up to the 2018 Winter Olympics in Pyeongchang, South Korea.