Security News

The Ukrainian Computer Emergency Response Team is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. The RTF document used in the APT28 campaign attempts to exploit CVE-2022-30190, aka "Follina," to download and launch the CredoMap malware on a target's device.

Ukraine's Computer Emergency Response Team is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool currently tracked as CVE-2022-30190. It is worth noting that Ukraine's agency assesses with medium confidence that behind the malicious activity is the Sandworm hacker group.

Russia and China have each warned the United States that the offensive cyber-ops it ran to support Ukraine were acts of aggression that invite reprisal. The US has acknowledged it assisted Ukraine to shore up its cyber defences, conducted information operations, and took offensive actions during Russia's illegal invasion.

Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders. While the listings appear genuine and the offered weapons are priced realistically, the chances of them being created by pro-Russian actors for propaganda purposes are high.

Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders. While the listings appear genuine and the offered weapons are priced realistically, the chances of them being created by pro-Russian actors for propaganda purposes are high.

The Kremlin-backed cyberattack against satellite communications provider Viasat, which happened an hour before Russia invaded Ukraine, was "One of the biggest cyber events that we have seen, perhaps ever, and certainly in warfare," according to Dmitri Alperovitch, a co-founder of CrowdStrike and chair of security-centric think tank Silverado Policy Accelerator. The two suggested that the primary purpose of the attack on satellite comms provider Viasat was to disrupt Ukrainian communications during the invasion, by wiping the modems' firmware remotely, it also disabled thousands of small-aperture terminals in Ukraine and across Europe.

America's military conducted offensive cyber operations to support Ukraine in its response to Russia's illegal invasion, US Cyber Command chief General Paul Nakasone has said. "The US brings to bear the formidable capabilities of Cyber Command against rogue nation states. Cyberspace is a new domain for warfare."

An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT and stealing their data. These sites offer malicious documents that install a custom RAT that supports remote command execution and file operations.

That's the opinion of Jeff Moss, founder of the Black Hat and DEF CON security conferences, who has also served as chief security officer at ICANN, is a member of the Council on Foreign Relations, and was asked to serve on the Obama administration's Homeland Security Advisory Council. Speaking at the Black Hat Asia conference in Singapore today, Moss said the world is currently divided into three "Teams" of nations with different approaches to internet governance.

The US and the European Union have officially blamed Russia for a series of destructive data-wiping malware infections in Ukrainian government and private-sector networks - and said they will "Take steps" to defend against and respond to Kremlin-orchestrated attacks. Beginning in January, and continuing after Russian troops illegally invaded Ukraine the following month, as Ukrainian websites were vandalized or pummeled offline in distributed denial-of-service attacks, Russian cyberspies planted malicious data-destroying code in Ukraine's computers.