Security News

The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. Out of the six individuals sanctioned by the EU include two Chinese citizens and four Russian nationals.

FireEye security researchers have linked a series of disinformation operations that have been ongoing since at least March 2017. While some of the aspects of the campaign resemble those of the Secondary Infektion operation, the researchers did not observe cyber threat activity to support the previously detailed operations, and many other attributes of the newly detailed attacks are different.

Russian intelligence services are using a trio of English-language websites to spread disinformation about the coronavirus pandemic, seeking to exploit a crisis that America is struggling to contain ahead of the presidential election in November, U.S. officials said Tuesday. Two Russians who have held senior roles in Moscow's military intelligence service known as the GRU have been identified as responsible for a disinformation effort meant to reach American and Western audiences, U.S. government officials said.

An influential UK Parliamentary committee has called on social media companies to remove covert hostile state material and said the government must "Name and shame" those that fail to act. We are concerned that there is no clear coordination of the numerous organisations across the UK intelligence community working on , this is reinforced by an unnecessarily complicated wiring diagram of responsibilities amongst ministers.... The focus of political attention because of its relevance to the EU referendum and subject to delay at the hands of Prime Minister and his office, the report also details use of technology and social media for nefarious Russian activity.

The Kremlin-backed APT29 crew, also known by a variety of other names such as Cozy Bear, Iron Hemlock, or The Dukes, depending on which threat intel company you're talking to that week, is believed by most reputable analysts to be a wholly owned subsidiary of the FSB, modern-day successor to the infamous Soviet KGB. NCSC ops director Paul Chichester said in a statement: "We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic." Foreign Secretary Dominic Raab added: "It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic. While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health."

Britain, the United States and Canada accused Russian hackers on Thursday of trying to steal information from researchers seeking a coronavirus vaccine, warning scientists and pharmaceutical companies to be alert for suspicious activity. Intelligence agencies in the three nations alleged that the hacking group APT29, also known as Cozy Bear and said to be part of the Russian intelligence services, is attacking academic and pharmaceutical research institutions involved in COVID-19 vaccine development.

Security researchers claim to have uncovered "Several previously undocumented post-compromise tools" used by a Russia-linked APT to target Microsoft Office and Outlook through Visual Basic for Applications. The Gamaredon hacking crew is said to be targeting Outlook through Visual Basic for Applications, allowing attackers to access the target account's contact book so they can forward phishing emails to a new batch of potential victims.

The Russian Foreign Ministry on Thursday angrily rejected Germany's allegations over Russian intelligence involvement in a cyberattack against the German parliament. The ministry's spokeswoman, Maria Zakharova, said the claim concerning a 2015 hacking attack on the German parliament was "Absurd" and "Unfounded."

Several vulnerabilities affecting the Exim mail transfer agent have been exploited by Russia-linked hackers, and administrators have been urged to patch immediately, but hundreds of thousands of servers remain unpatched. The U.S. National Security Agency issued an alert last week to urge users to update their Exim servers to version 4.93 or newer, as earlier versions are impacted by vulnerabilities that have been exploited by a hacker group with ties to the Russian military.

The startling prediction came from Tobias Ellwood MP, chairman of the Defence Committee, as he presided over a hearing on 5G security and Huawei's involvement. "To put it in cruder terms, Russia is going to become more subservient to China." He added: "If Russia understands the weaknesses, the vulnerabilities or the back doors that China provides, it can be Russia continuing to do those cyber attacks at the behest of China."