Security News

Ukraine's security agency has shut down five bot farms since the start of Russia's invasion of the country almost five weeks ago, slowing down a Russian operation designed to spread disinformation in the war-torn country and to sow panic among its frightened residents. In a statement this week, Ukraine's Security Service said the bot farms were located in Kharkiv - a city near the northern border of Russia that has been the site of some of the fiercest fighting - Cherkasy along the Dnieper River that cuts through the country, and the Ternopil and Zakarpattia regions in the western part of Ukraine.

Researchers have compared Triton's targeting of industrial control systems to malware used in the watershed attacks Stuxnet and Industroyer/Crashoverride, the latter of which is a backdoor that targets ICS and which took down the Ukrainian power grid in Kiev in 2016. The indictment that names the FSB officers alleges that, between 2012 and 2017, Akulov, Gavrilov, Tyukov and their co-conspirators engaged in computer intrusions, including supply chain attacks, "In furtherance of the Russian government's efforts to maintain surreptitious, unauthorized and persistent access to the computer networks of companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies."

The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data," the U.S. government said, attributing the attacks to an APT actor known as Energetic Bear.

The United States Department of Justice has unsealed a pair of indictments that detail alleged Russian government hackers' efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure around the world - including at least one nuclear power plant. The trio allegedly spent 2012 to 2014 working on a project code-named "Dragonfly" during which a supply chain attack targeted updates of industrial control systems and supervisory control and data acquisition systems.

The U.S. has indicted four Russian government employees for their involvement in hacking campaigns targeting hundreds of companies and organizations from the global energy sector between 2012 and 2018. "In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries," the Department of Justice said.

A 23-year-old Russian national has been indicted in the U.S. and added to the Federal Bureau of Investigation's Cyber Most Wanted List for his alleged role as the administrator of Marketplace A, a cyber crime forum that sold stolen login credentials, personal information, and credit card data. "Marketplace A specialized in the sale of unlawfully obtained access devices for compromised online payment platforms, retailers, and credit card accounts, including providing the data associated with those accounts such as names, home addresses, login credentials, and payment card data for the victims, who are the actual owners of those accounts," the U.S. Justice Department said in a statement.

A Russian national has been indicted by the US DOJ and added to the FBI's Cyber Most Wanted list for allegedly creating and managing a cybercrime marketplace. Igor Dekhtyarchuk, a resident of Russia, was indicted in the Eastern District of Texas for running the cybercrime marketplace that sold credit cards, access to compromised devices or accounts, and personal information.

A Russian national was indicted in the US on Tuesday for allegedly running an online marketplace selling access to credit card, shopping, and web payment accounts belonging to tens of thousands of victims. Marketplace A functioned like any other online store, and even had bundle deals, such as an offer to buy access to two online retail accounts and get some credit card information thrown in, for the same victim, it was claimed.

The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future. With the U.S. imposing strict sanctions against Russia and aiding Ukraine in the war, the White House is expecting the Kremlin to retaliate with cyberattacks against critical infrastructure and U.S. interests.

The U.S. government on Monday once again cautioned of potential cyber attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month. "It's part of Russia's playbook," U.S. President Joe Biden said in a statement, citing "Evolving intelligence that the Russian Government is exploring options."