Security News
Russia's Nobelium group - fingered as being a Russian state actor by both the United States and Britain - has massively ramped up phishing and password spraying attempts against managed service providers and cloud resellers, Microsoft's security arm has warned. The Windows maker said the group's targeted attacks against "Resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers" had trebled over the past three months.
The United States has kicked off meetings attended by representatives of nations that all hope to address the scourge of ransomware - without Russia or China in the room. An expression of the US National Security Council's Counter-Ransomware Initiative, the two-day meetings will occupy Wednesday and Thursday.
The Counter-Ransomware Initiative meetings come in response to ongoing attacks, including ransomware attacks on Colonial Pipeline, JBS Foods, and Kaseya in the U.S., which have revealed significant vulnerabilities across critical worldwide infrastructure. Disrupt Ransomware Infrastructure and Actors: The Administration is bringing the full weight of U.S. government capabilities to disrupt ransomware actors, facilitators, networks, and financial infrastructure;.
A new national cyber strategy will be launched by year-end, the National Cyber Security Centre's chief exec has promised - while calling out spyware vendor NSO Group as a "Red flag" for the UK infosec community. Lindy Cameron told the Chatham House international affairs think tank that NSO Group was "Something we raised a red flag about before, that the commercial market for sophisticated cyber exploitation products is an issue."
Iran, Turkey and both North and South Korea are bases for nation-state cyber attacks, Microsoft has claimed - as well as old favourite Russia. "After Russia, the largest volume of attacks we observed came from North Korea, Iran and China; South Korea, Turkey and Vietnam were also active but represent much less volume," said MS in a post announcing its findings.
Russian authorities on Wednesday arrested and detained Ilya Sachkov, the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28. The Russian company, which is headquartered in Singapore, confirmed the development but noted the "Reason for the search was not yet clear," adding "The decentralized infrastructure of Group-IB allows us to keep our customer's data safe, maintain business operations and work without interruption across our offices in Russia and around the world."
Russian law enforcement on Tuesday has arrested Ilya Sachkov, the co-founder and CEO of cybersecurity company Group-IB, on suspicion of high treason resulting from sharing data with foreign intelligence. Authorities carried out searches at Group-IB offices in Moscow that started early morning on Tuesday and lasted till evening.
In the wake of cyberattacks targeting the recently held German elections, the European Union has blamed Russia for an ongoing disinformation campaign called "Ghostwriter." Germany is the latest target in an effort that for years has tried to discredit NATO, and which has both smeared and cyberattacked Parliament members, other politicians and government officials, and journalists. It's not the first time the campaign has been attributed to Russia, but on Friday, the EU Council made the link official.
The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public. "These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data," European Council officials said in a press release today.
Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service attack by a new botnet called M?ris. The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second, dwarfing a recent botnet-powered attack that came to light last month, bombarding an unnamed Cloudflare customer in the financial industry with 17.2 million RPS. Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called M?ris - meaning "Plague" in the Latvian language - a "Botnet of a new kind."