Security News
A Russian man was sentenced Monday to what amounted to time already served and will be deported after pleading guilty to trying to pay a Tesla employee $500,000 to install computer malware at the company's Nevada electric battery plant in a bid to steal company secrets for ransom. Egor Igorevich Kriuchkov, appearing by videoconference from jail, apologized after U.S. District Judge Miranda Du in Reno acknowledged the attempted hack was not successful and the company network was not compromised.
The United States Department of Justice this week announced the sentencing of a Russian national for his role in a group that attempted to obtain $1.5 million in tax refunds from the Department of the Treasury. According to court documents, between June 2014 and November 2016, Bogdanov and co-conspirators hacked into the computers of private tax preparation firms in the US and stole personally identifiable information, including Social Security numbers and dates of birth.
A Russian spymaster has denied that his agency carried out the infamous SolarWinds supply chain attack in a public relations move worthy of the Internet Research Agency. Sergei Naryshkin, head of the SVR spy agency, made his denial in a BBC interview broadcast on Tuesday.
A lot of Russian malware - the malware that targeted the Colonial Pipeline, for example - won't install on computers with a Cyrillic keyboard installed. In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country's borders files an official complaint as a victim.
In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed - such as Russian or Ukrainian. Simply put, countless malware strains will check for the presence of one of these languages on the system, and if they're detected the malware will exit and fail to install.
Russian Alexander Vinnik, jailed last year for money laundering, begins an appeal at a Paris court Tuesday, as prosecutors challenge his acquittal on charges that he masterminded massive ransomware attacks. While a lower court in December sentenced him to five years in jail for money laundering, it acquitted Vinnik, 41, of 13 out of 14 charges of cyber piracy.
One of the most popular Russian-speaking hacker forums, XSS, has banned all topics promoting ransomware to prevent unwanted attention. XSS is a Russian-speaking hacking forum created to share knowledge about exploits, vulnerabilities, malware, and network penetration.
President Joe Biden said Thursday that Vladimir Putin was not connected to a Russia-based criminal cyber attack on a huge US fuel pipeline but that he will raise the issue at an expected summit. Washington believes a criminal group based in Russia targeted the Colonial pipeline, which delivers gasoline through much of the south eastern United States, with ransomware.
Cyber operatives affiliated with the Russian Foreign Intelligence Service have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operators appear to have reacted by changing their TTPs in an attempt to avoid further detection and remediation efforts by network defenders," the National Cyber Security Centre said.
Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise. A couple of weeks ago, Britain and the US joined forces to out the SVR's Tactics, Techniques and Procedures, giving the world's infosec defenders a chance to look out for the state-backed hackers' fingerprints on their networked infrastructure.