Security News
The US government, in full pre-presidential election high alert, has issued a warning about an evolved strain of backdoor malware from a Russian offensive cyber unit. The Zebrocy backdoor, warned the CISA infosec agency, has evolved - and while the agency didn't explicitly link it to Russia, previous research from the private sector made it abundantly clear who the malware's operators are.
US Cyber Command today shared information on malware implants used by Russian hacking groups in attacks targeting multiple ministries of foreign affairs, national parliaments, and embassies. The malware samples were identified by US Cyber Command's Cyber National Mission Force unit and the Cybersecurity and Infrastructure Security Agency and uploaded today to the Virus Total online virus scan platform.
The advanced persistent threat known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access. Russia-tied Turla is a cyber-espionage group that's been around for more than a decade.
Russian-speaking hacking group Turla has hacked into the systems of an undisclosed European government organization according to a new Accenture Cyber Threat Intelligence report. Government entities are advised by ACTI to check network logs for indicators of compromise included at the end of the report and to build detections capable of blocking future Turla attacks.
The United States Department of the Treasury's Office of Foreign Assets Control has announced sanctions against a Russian government institute connected to the destructive Triton malware. Initially identified in 2017 on the systems of a Saudi Arabian oil and gas company and also referred to as Trisis and HatMan, Triton is known for the targeting of Schneider Electric's Triconex Safety Instrumented System controllers.
The latest in a flurry of actions this week, tied to foreign threats against U.S. computer systems, includes sanctions by the Department of the Treasury. The Trump administration sanctioned a Russia government research institution on Friday claiming it was behind a series of cyberattacks using the highly destructive Triton malware.
The European Union has imposed sanctions on a Russian military malware developer and the commander of Russia's MI6 equivalent, a mere five years after the two targeted Germany's parliament with a cyberattack. The pair, an admiral commanding the GRU spy agency and a malware dev already on international sanctions lists for targeting the MH17 mass murder investigation, are now subject to yet another travel ban.
The United States says Russian state-sponsored hacking group Energetic Bear has successfully compromised state, local, territorial, and tribal government networks and stole data from at least two servers. The attacks, conducted since at least September 2020, "Targeted dozens of SLTT government and aviation networks, attempted intrusions at several SLTT organizations, successfully compromised network infrastructure, and as of October 1, 2020, exfiltrated data from at least two victim servers," the alert reads.
The European Union on Thursday imposed sanctions on two Russian officials and part of Russia's GRU military intelligence agency over a cyberattack against the German parliament in 2015. EU headquarters said in a statement that travel bans and asset freezes have been imposed on the two men: Igor Kostyukov, head of the Main Directorate of the General Staff of the Russian Armed Forces, and Dmitry Badin, a military intelligence officer.
The FBI and the US government's Cybersecurity and Infrastructure Security Agency on Thursday issued a joint warning that a Kremlin hacking crew is probing or breaking into systems belonging to the US government and aviation industry. The joint advisory states that the team, known as Energetic Bear among other monikers, has been specifically going after US state, local, territorial, and tribal government networks, as well as aviation, since at least September 2020.