Security News
Security researchers claim to have uncovered "Several previously undocumented post-compromise tools" used by a Russia-linked APT to target Microsoft Office and Outlook through Visual Basic for Applications. The Gamaredon hacking crew is said to be targeting Outlook through Visual Basic for Applications, allowing attackers to access the target account's contact book so they can forward phishing emails to a new batch of potential victims.
The Russian Foreign Ministry on Thursday angrily rejected Germany's allegations over Russian intelligence involvement in a cyberattack against the German parliament. The ministry's spokeswoman, Maria Zakharova, said the claim concerning a 2015 hacking attack on the German parliament was "Absurd" and "Unfounded."
Several vulnerabilities affecting the Exim mail transfer agent have been exploited by Russia-linked hackers, and administrators have been urged to patch immediately, but hundreds of thousands of servers remain unpatched. The U.S. National Security Agency issued an alert last week to urge users to update their Exim servers to version 4.93 or newer, as earlier versions are impacted by vulnerabilities that have been exploited by a hacker group with ties to the Russian military.
The startling prediction came from Tobias Ellwood MP, chairman of the Defence Committee, as he presided over a hearing on 5G security and Huawei's involvement. "To put it in cruder terms, Russia is going to become more subservient to China." He added: "If Russia understands the weaknesses, the vulnerabilities or the back doors that China provides, it can be Russia continuing to do those cyber attacks at the behest of China."
If you thought the Mirai botnet was bad, what about a version under the control of Russia's military that it could point like an electronic cannon at people it didn't like? That's the prospect we could face after the reported emergence of secret Russian project documents online last week. The documents, which come from hacking group Digital Revolution but haven't been verified, suggest that Russia's Federal Security Service, has been working on an internet of things botnet of its own called Fronton.
Earlier this year, Prevailion's security researchers identified a TA505 campaign targeting German companies with fake job application emails, but the attacks appear to have started in June 2019, or even the month before. Through the use of legitimate tools that are unlikely to be removed by traditional security software, the attackers can perform a broad range of activities, such as stealing files, capturing screens, and even recording audio.
The Russia-linked threat group known as Turla was observed using two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019, ESET reports. Also known as Waterbug, KRYPTON, Snake, and Venomous Bear, and active for more than a decade, Turla is known for the targeting of various diplomatic and military organizations, with a focus on NATO and Commonwealth of Independent States nations.
Data from ESET telemetry suggests that, for this campaign, only a very limited number of visitors were considered interesting by Turla's operators. The two compromised government websites and another pair of poisoned civilian websites have been active since early 2019.
UNITED NATIONS - The United States, United Kingdom and Estonia accused Russia's military intelligence Thursday of conducting cyber attacks against the Georgian government and media websites in an attempt "To sow discord and disrupt the lives of ordinary Georgians." Estonian Ambassador Sven Jurgenson read a statement afterward, flanked by UK Ambassador Karen Pierce and acting U.S. deputy ambassador Cherith Norman Chalet, saying the cyber attacks "Are part of Russia's long-running campaign of hostile and destabilizing activity against Georgia and are part of a wider pattern of malign activity."
Russia wants to watch Americans "Tear ourselves apart" as the United States heads toward elections, an FBI official warned Monday. Porter spoke at an election security conference on Capitol Hill just days after conflicting accounts emerged of a closed-door briefing intelligence officials had given to House lawmakers on threats from Russia and other nations in the 2020 election.