Security News
Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of malicious software distribution campaigns undertaken by cybercriminal groups to distribute Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish in Belgium and the U.S. Costing $250 a month, it's marketed on Russian underground forums as a traffic direction system to enable phishing redirection on a mass scale to rogue landing pages that are designed to deploy malware payloads on the targeted systems. "Prometheus can be considered a full-bodied service/platform that allows threat groups to purvey their malware or phishing operations with ease," BlackBerry Research and Intelligence Team said in a report shared with The Hacker News.
The U.S. Treasury Department announced today sanctions against Volodymyr Oliynyk, a former Ukrainian official, for collecting and sharing info on critical Ukrainian infrastructure with Russia's Federal Security Service."As in previous Russian incursions into Ukraine, repeated cyber operations against Ukraine's critical infrastructure are part of Russia's hybrid tactics to threaten Ukraine."
Russia's Federal Security Service has swooped in to "Liquidate" the REvil ransomware gang, it said on Friday. The move comes two weeks after a high-stakes phone call between Russian President Vladimir Putin and U.S. President Joe Biden, who has been calling for action against Russia-dwelling ransomware gangs for months.
The Federal Security Service of the Russian Federation says that they shut down the REvil ransomware gang after U.S. authorities reported on the leader. More than a dozen members of the gang have been arrested following police raids at 25 addresses, the Russian security agency says in a press release today.
Organizations need to be vigilant for such attacks and make sure they have the means to prevent or combat them. "The advisory doesn't mention the current Russian-Ukraine tensions, but if the conflict escalates, you can expect Russian cyber threats to increase their operations," said Rick Holland, chief information security officer at Digital Shadows.
One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible for bilateral relations with North and South America. The phishing campaign started since at least October 19, 2021, deploying Konni malware, a remote administration tool associated with the cyber activity from North Korean hackers known as APT37.
Amid renewed tensions between the U.S. and Russia over Ukraine and Kazakhstan, American cybersecurity and intelligence agencies on Tuesday released a joint advisory on how to detect, respond to, and mitigate cyberattacks orchestrated by Russian state-sponsored actors. To that end, the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency have laid bare the tactics, techniques, and procedures adopted by the adversaries, including spear-phishing, brute-force, and exploiting known vulnerabilities to gain initial access to target networks.
The FBI, CISA, and the NSA have warned critical infrastructure network defenders to be ready to detect and block incoming attacks targeting organizations from US critical infrastructure sectors, orchestrated by Russian-backed hacking groups. "In some cases, Russian state-sponsored cyber operations against critical infrastructure organizations have specifically targeted operational technology/industrial control systems networks with destructive malware."
A North Korean cyberespionage group named Konni has been linked to a series of targeted attacks aimed at the Russian Federation's Ministry of Foreign Affairs with New Year lures to compromise Windows systems with malware. The most recent attacks involved the actor gaining access to the target networks through stolen credentials, exploiting the foothold to load malware for intelligence gathering purposes, with early signs of the activity documented by MalwareBytes as far back as July 2021.
Both Russia and Ukraine are preparing for military operations in cyberspace.