Security News
Ukraine is recruiting a volunteer "IT army" of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks. A Telegram channel created to organize the IT Army's operations released a list of Russian targets.
As the Russian invasion of Ukraine continues, the latter's government is reportedly seeking cybersecurity volunteers to help defend itself. The Russian National Coordination Center for Computer Incidents has issued an advisory warning of "The threat of an increase in the intensity of computer attacks on Russian information resources."
The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. The agency didn't share more specifics on the nature of the attacks or their provenance.
Intelligence agencies in the U.K. and the U.S. disclosed details of a new botnet malware called Cyclops Blink that's been attributed to the Russian-backed Sandworm hacking group and deployed in attacks dating back to 2019. "Cyclops Blink appears to be a replacement framework for the VPNFilter malware exposed in 2018, which exploited network devices, primarily small office/home office routers, and network-attached storage devices," the agencies said.
New malware dubbed Cyclops Blink has been linked to the Russian-backed Sandworm hacking group in a joint security advisory published today by US and UK cybersecurity and law enforcement agencies. "The malware dubbed Cyclops Blink appears to be a replacement for the VPNFilter malware exposed in 2018, and its deployment could allow Sandworm to remotely access networks," the UK National Cyber Security Centre said today.
Today, the White House has linked the recent DDoS attacks that knocked down the sites of Ukrainian banks and defense agencies to Russia's Main Directorate of the General Staff of the Armed Forces. Neuberger also added that, although "Of limited impact" these incidents could be part of a more significant Russian effort to prepare for other, "Laying groundwork" for more disruptive attacks that would come together with a potential invasion of Ukraine's territory.
State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. Compromised entities include contractors that dabble in command, control, communications, and combat systems; surveillance and reconnaissance; weapons and missile development; vehicle and aircraft design; and software development, data analytics, and logistics.
Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities. Since January 2020, Russian hacking groups have breached multiple CDC networks and, in some cases, have maintained persistence for at least six months, regularly exfiltrating hundreds of documents, emails, and other data.
Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities. Since January 2020, Russian hacking groups have breached multiple CDC networks and, in some cases, have maintained persistence for at least six months, regularly exfiltrating hundreds of documents, emails, and other data.
The Russia-linked threat actor known as APT29 targeted European diplomatic missions and Ministries of Foreign Affairs as part of a series of spear-phishing campaigns mounted in October and November 2021. The spear-phishing attacks commenced with a COVID-19-themed phishing email impersonating the Iranian Ministry of Foreign Affairs and containing an HTML attachment that, when opened, prompts the recipients to open or save what appears to be an ISO disk image file.