Security News

The U.S. government on Tuesday attributed several past attacks involving industrial control systems to Russian, Chinese and Iranian state-sponsored threat actors. "CISA and the FBI assess that these actors were specifically targeting U.S. pipeline infrastructure for the purpose of holding U.S. pipeline infrastructure at risk. Additionally, CISA and the FBI assess that this activity was ultimately intended to help China develop cyberattack capabilities against U.S. pipelines to physically damage pipelines or disrupt pipeline operations," the agencies said.

Late last week, President Biden said he brought up the epidemic of ransomware hitting American businesses in a phone call with his Russian counterpart, and hinted the United States may start hitting back. "These focus areas helped us not only discover and fix risks to customer privacy and security, but also offer researchers top awards for their high-impact work."

The warning to Putin was largely a repetition of the tough rhetoric Biden had used during their meeting in Geneva last month, when he warned that there would be consequences for continuing cyberattacks emanating from Russia. The dual prongs of the agenda show how even as Biden pledges to get tough on Russia over hacking, there's an inherent desire to avoid aggravating tensions as the administration looks for Russia to cooperate, or at least not interfere, with U.S. actions in other areas, including Syria, the Afghanistan withdrawal and climate change.

White House Press Secretary Jen Psaki says that the US will take action against cybercriminal groups from Russia if the Russian government refuses to do so. She also said that high-level US and Russian officials will meet again next week to address the recent attacks that have targeted US organizations this year.

U.S. and U.K. authorities are warning that the APT28 advanced-threat actor - a.k.a. Fancy Bear or Strontium, among other names - has been using a Kubernetes cluster in a widespread campaign of brute-force password-spraying attacks against hundreds of government and private sector targets worldwide. The attackers are after the passwords of people who work at sensitive jobs in hundreds of organizations worldwide, including government and military agencies in the U.S. and Europe, defense contractors, think tanks, law firms, media outlets, universities and more.

Russia's telecommunications and media regulator Roskomnadzor on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021," the state agency said in a statement.

Poland's deputy prime minister Jaros?aw Kaczy?ski says last week's breach of multiple Polish officials' private email accounts was carried out from servers within the Russian Federation. "After reading the information provided to me by the Internal Security Agency and the Military Counterintelligence Service, I inform you that the most important Polish officials, ministers, and deputies of various political options were subject to a cyber attack," Kaczy?ski said in a statement published today.

Roskomnadzor, Russia's telecommunications watchdog, has banned the use of Opera VPN and VyprVPN after classifying them as threats according to current Russian law. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal, pro-narcotic and other prohibited content, restrictions on the use of VPN services VyprVPN and Opera VPN will be introduced from June 17, 2021," the Roskomnadzor said.

The G7 summit of western countries has called upon Russia to "Identify, disrupt, and hold to account those within its borders who conduct ransomware attacks, abuse virtual currency to launder ransoms, and other cybercrimes." Coming after an 18-month period where ransomware gangs mostly operating out of Russia and Russian-allied countries have wrought havoc on the West, the statement is part of an increasing willingness to confront Russia's inaction over criminal gangs based on its turf.

G7 leaders have asked Russia to urgently disrupt ransomware gangs believed to be operating within its borders, following a stream of attacks targeting organizations from critical sectors worldwide. "We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions," the G7 leaders said at the G7 Cornwall Summit.