Security News

Anton Napolsky and Valeriia Ermakova, two Russian nationals, were charged with intellectual property crimes linked to Z-Library, a pirate online eBook repository. Of the two defendants, Napolsky is burdened by evidence, based on records obtained from Google and Amazon, that he was in control of Z-Library.

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian.

The Ukrainian CERT has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are leveraging a specific version of the Somnia ransomware that, "According to the attackers' theoretical plan, does not provide for the possibility of data decryption."

Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware strain called 'Somnia,' encrypting their systems and causing operational problems. The group previously disclosed creating the Somnia ransomware on Telegram and even posted evidence of attacks against tank producers in Ukraine.

The U.S. Department of Justice has announced charges against a dual Russian and Canadian national for his alleged participation in LockBit ransomware attacks across the world.Also found were a text file with instructions to deploy LockBit ransomware, the malware's source code, and a website that's believed to be the control panel operated by the group to administer the ransomware.

Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group. The Microsoft Threat Intelligence Center is now tracking the threat actor under its element-themed moniker Iridium, citing overlaps with Sandworm.

A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group. Researchers with Microsoft Security Threat Intelligence pinned the ransomware attacks on the Russian Sandworm threat group based on forensic artifacts and victimology, tradecraft, capabilities, and infrastructure overlapping with the group's previous activity.

Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide. "One of the world's most prolific ransomware operators has been arrested on 26 October in Ontario, Canada," Europol said today.

While the FBI alert doesn't name said hacktivists in its latest cyber squad notification [PDF] for private industry, the Feds may be talking about Killnet, a "Relatively unsophisticated" gang whose "Nuisance-level DDoS attacks" don't live up to its rhetoric, according to security researchers. These attacks are generally opportunistic in nature and, with DDoS mitigation steps, have minimal operational impact on victims; however, hacktivists will often publicize and exaggerate the severity of the attacks on social media.

A phishing-as-a-service platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet.