Security News

DHS Cybersecurity and Infrastructure Security Agency and the FBI today warned that a Russian state-sponsored APT threat group known as Energetic Bear has hacked and stolen data from US government networks during the last two months. Energetic Bear, a hacking group active since at least 2010, has targeted the networks of both US state, local, territorial, and tribal government organizations and aviation entities.

Image: Tauno Tõhk. The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services for their involvement in a 2015 hack of the German Federal Parliament. EU's sanctions include both travel bans and asset freezes and also block EU organizations and individuals from making fund transfers to sanctioned entities and individuals.

You've probably seen the news that six Russians, allegedly employed by the Russian Main Intelligence Directorate, better known as the GRU, have been charged with cybercrimes by the US Department of Justice. The indictment of the Russian GRU hackers related to the attacks referred to collectively as "Sandworm" is an interesting development in attempts by Western governments to rein in foreign adversary attacks.

The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses. The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate, have been accused of perpetrating the "Most disruptive and destructive series of computer attacks ever attributed to a single group," according to the Justice Department.

The U.S. Department of Justice on Monday announced charges against six Russian intelligence officers for their alleged role in several major cyberattacks conducted over the past years. The men are said to be members of Russia's GRU military intelligence agency, which has long been known to conduct hacking operations on behalf of Moscow.

The U.S. Department of Justice has charged six Russian intelligence operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the notorious NotPetya ransomware attack. Believed to be part of the elite Russian hacking group known as "Sandworm", the indictment states that all six individuals are part of the Russian Main Intelligence Directorate known as GRU. "No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite," said Assistant Attorney General for National Security John C. Demers.

A Russian goes on trial in Paris Monday accused of having defrauded nearly 200 victims across the world of 135 million euros using ransomware. In France, many of the victims were local councils, law or insurance firms and small local businesses such as driving schools or pharmacies.

Norway's Minister of Foreign Affairs Ine Eriksen Søreide today said that Russia is behind the August 2020 cyber-attack on the Norwegian Parliament. The attackers behind the cyber-attack on Norway's Parliament successfully gained access to a limited number of email accounts of representatives and employees as Stortinget director Marianne Andreassen said at the time.

Microsoft reported this week that it has spotted Zerologon attacks apparently conducted by TA505, a notorious Russia-linked cybercrime group. According to Microsoft, the Zerologon attacks it has observed involve fake software updates that connect to command and control infrastructure known to be associated with TA505, which the company tracks as CHIMBORAZO. The fake updates are designed to bypass the user account control security feature in Windows and they abuse the Windows Script Host tool to execute malicious scripts.

A previously unknown threat group whose members speak Russian has been launching attacks against Russian industrial organizations in a highly targeted espionage campaign, Kaspersky reported on Thursday. Denis Legezo, senior security researcher with Kaspersky's Global Research and Analysis Team, told SecurityWeek that the hackers have only been seen targeting the IT networks of industrial entities and there is no indication that they have also targeted industrial control systems.