Security News

A new spear phishing campaign is taking place in Russia targeting dissenters with opposing views to those promoted by the state and national media about the war against Ukraine. The campaign targets government employees and public servants with emails warning of the software tools and online platforms that are forbidden in the country.

The UK's National Cyber Security Centre has advised users of Russian technology products to reassess the risks it presents. In advice that builds on 2017 guidance about technology supply chains that include links to hostile states, NCSC technical director Ian Levy stated that the agency has not found evidence "That the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests."

Ukraine's security agency has shut down five bot farms since the start of Russia's invasion of the country almost five weeks ago, slowing down a Russian operation designed to spread disinformation in the war-torn country and to sow panic among its frightened residents. In a statement this week, Ukraine's Security Service said the bot farms were located in Kharkiv - a city near the northern border of Russia that has been the site of some of the fiercest fighting - Cherkasy along the Dnieper River that cuts through the country, and the Ternopil and Zakarpattia regions in the western part of Ukraine.

Researchers have compared Triton's targeting of industrial control systems to malware used in the watershed attacks Stuxnet and Industroyer/Crashoverride, the latter of which is a backdoor that targets ICS and which took down the Ukrainian power grid in Kiev in 2016. The indictment that names the FSB officers alleges that, between 2012 and 2017, Akulov, Gavrilov, Tyukov and their co-conspirators engaged in computer intrusions, including supply chain attacks, "In furtherance of the Russian government's efforts to maintain surreptitious, unauthorized and persistent access to the computer networks of companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies."

The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data," the U.S. government said, attributing the attacks to an APT actor known as Energetic Bear.

The United States Department of Justice has unsealed a pair of indictments that detail alleged Russian government hackers' efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure around the world - including at least one nuclear power plant. The trio allegedly spent 2012 to 2014 working on a project code-named "Dragonfly" during which a supply chain attack targeted updates of industrial control systems and supervisory control and data acquisition systems.

The U.S. has indicted four Russian government employees for their involvement in hacking campaigns targeting hundreds of companies and organizations from the global energy sector between 2012 and 2018. "In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries," the Department of Justice said.

A 23-year-old Russian national has been indicted in the U.S. and added to the Federal Bureau of Investigation's Cyber Most Wanted List for his alleged role as the administrator of Marketplace A, a cyber crime forum that sold stolen login credentials, personal information, and credit card data. "Marketplace A specialized in the sale of unlawfully obtained access devices for compromised online payment platforms, retailers, and credit card accounts, including providing the data associated with those accounts such as names, home addresses, login credentials, and payment card data for the victims, who are the actual owners of those accounts," the U.S. Justice Department said in a statement.

A Russian national has been indicted by the US DOJ and added to the FBI's Cyber Most Wanted list for allegedly creating and managing a cybercrime marketplace. Igor Dekhtyarchuk, a resident of Russia, was indicted in the Eastern District of Texas for running the cybercrime marketplace that sold credit cards, access to compromised devices or accounts, and personal information.

A Russian national was indicted in the US on Tuesday for allegedly running an online marketplace selling access to credit card, shopping, and web payment accounts belonging to tens of thousands of victims. Marketplace A functioned like any other online store, and even had bundle deals, such as an offer to buy access to two online retail accounts and get some credit card information thrown in, for the same victim, it was claimed.