Security News
Russian authorities on Wednesday arrested and detained Ilya Sachkov, the founder of cybersecurity firm Group-IB, for two months in Moscow on charges of state treason following a search of its office on September 28. The Russian company, which is headquartered in Singapore, confirmed the development but noted the "Reason for the search was not yet clear," adding "The decentralized infrastructure of Group-IB allows us to keep our customer's data safe, maintain business operations and work without interruption across our offices in Russia and around the world."
Russian law enforcement on Tuesday has arrested Ilya Sachkov, the co-founder and CEO of cybersecurity company Group-IB, on suspicion of high treason resulting from sharing data with foreign intelligence. Authorities carried out searches at Group-IB offices in Moscow that started early morning on Tuesday and lasted till evening.
In the wake of cyberattacks targeting the recently held German elections, the European Union has blamed Russia for an ongoing disinformation campaign called "Ghostwriter." Germany is the latest target in an effort that for years has tried to discredit NATO, and which has both smeared and cyberattacked Parliament members, other politicians and government officials, and journalists. It's not the first time the campaign has been attributed to Russia, but on Friday, the EU Council made the link official.
The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public. "These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data," European Council officials said in a press release today.
Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service attack by a new botnet called M?ris. The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second, dwarfing a recent botnet-powered attack that came to light last month, bombarding an unnamed Cloudflare customer in the financial industry with 17.2 million RPS. Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called M?ris - meaning "Plague" in the Latvian language - a "Botnet of a new kind."
SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business. Financial newswire Reuters reported that the suit was originally filed over allegations that former SolarWinds chief exec Kevin Thompson cut cybersecurity efforts in the hope of driving greater dividends into the pockets of major investors, Silver Lake and Thoma Bravo, who each reportedly held around 40 per cent of SolarWinds' stocks at the time.
China-linked hacking group APT31 has been using new malware in recent attacks targeting Mongolia, Belarus, Canada, the United States, and - for the first time - Russia, according to enterprise cybersecurity firm Positive Technologies. In July 2021, the group was officially accused of targeting vulnerabilities in Microsoft Exchange servers, on behalf of China, and France warned of APT31's continuous abuse of hacked routers in malicious attacks.
Russia has put forward a draft convention to the United Nations ostensibly to fight cyber-crime. The proposal, titled "United Nations Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes," [PDF] calls for member states to develop domestic laws to punish a far broader set of offenses than current international rules recognize.
The Russian cyberespionage group known as APT29 and Cozy Bear is still actively delivering a piece of malware named WellMess, despite the fact that the malware was exposed and detailed last year by Western governments. WellMess was attributed to Russia's APT29 in 2020, when the United States, the United Kingdom and Canada said it had been used by Russian hackers in attacks aimed at academic and pharmaceutical research institutions involved in COVID-19 vaccine development.
Western cybersecurity agencies have published a list of 30 of the most exploited vulnerabilities abused by hostile foreign states in 2020, urging infosec bods to ensure their networks and deployments are fully patched against them. Number one on the US, UK, and Australia's jointly published [PDF] list was the well-known Citrix arbitrary code execution vuln in Application Delivery Controller, aka Netscaler load-balancer.