Security News

The U.S. Department of Justice announced that it neutralized Cyclops Blink, a modular botnet controlled by a threat actor known as Sandworm, which has been attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. "The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command-and-control of the underlying botnet," the DoJ said in a statement Wednesday.

This includes Kremlin-backed operations looking to spy on and influence specific Ukrainian industries, including defense, energy, and telecoms, as well as journalists and activists in Ukraine, Russia and abroad. In one example, Meta says it removed fake-news posts linked to the Belarusian KGB. This account began posting misinformation in Polish and English about Ukrainian troops surrendering without a fight and the nation's leaders fleeing the country on February 24 when Russia began its "Special military operation" against the neighboring state. Ghostwriter has tried to hack into "Dozens" of Ukrainian military personnel's Facebook accounts, according to Meta's new threat report.

US chipmaker Intel announced Tuesday night that it had suspended all business operations in Russia, joining tech other companies who pulled out of the country due to the invasion of Ukraine. Intel had already suspended all shipments to customers in Russia and Belarus last month after the US government issued sweeping sanctions that prevented the export of technology to the countries.

The U.S. Treasury Department on Tuesday sanctioned Hydra, the same day German law enforcement authorities disrupted the world's largest dark web marketplace as part of a coordinated operation in partnership with U.S. officials. The sanctions are part of an "International effort to disrupt proliferation of malicious cybercrime services, dangerous drugs, and other illegal offerings available through the Russia-based site," the Treasury Department said in a statement.

How phishing attacks are exploiting Russia's invasion of Ukraine. A new round of phishing attacks analyzed by email security provider Tessian aims to steal cryptocurrency under the guise of requesting charitable donations toward the Ukrainian cause.

The US and its NATO allies should expect a "Long tail of retaliation," in the form of cyberattacks, for the sanctions imposed on Russia, says cloud security shop ExtraHop's CEO Patrick Dennis. CISA's Shields Up alert about the Russian invasion of Ukraine potentially spilling over into cyber-offensives against the US should have served as a wake-up call to organizations to improve their security posture, Dennis said in an interview with The Register.

The director of UK intelligence agency Government Communications Headquarters, Sir Jeremy Fleming, has warned that China is trying to introduce "Undemocratic values as the default for vast swathes of future tech and the standards that govern it." China believes Russia will support its digital markets and technology plans.

Russia, Iran and Saudi Arabia are the top three proliferators of state-linked Twitter misinformation campaigns, according to a report released Wednesday by the Australian Strategic Policy Institute. The think tank's International Cyber Policy Centre report and corresponding website examined datasets in Twitter's Information Operations Archive to understand state willingness, capability and intent to drive disinformation campaigns.

A China-based threat group is likely running a month-long campaign using a variant of the Korplug malware and targeting European diplomats, internet service providers and research institutions via phishing lures that refer to Russia's invasion of Ukraine and COVID-19 travel restrictions. The ongoing campaign was first seen in August 2021 and is being tied to Mustang Panda - a Chinese APT unit also known as TA416, RedDelta and PKPLUG - due to similar code and common tactics, techniques and procedures used by the group in the past, according to researchers with the cybersecurity firm ESET. Mustang Panda is known for targeting governmental entities and non-governmental organizations, with most of its victims being in East and Southeast Asia.

Russia's RSPP Commission for Communications and IT, the country's largest entrepreneurship union, has warned of imminent large-scale service Internet service outages due to the lack of available telecom equipment. With the western equipment suppliers exiting the market and not selling parts to Russian entities anymore, the first notable service outages may start as early as this summer.