Security News

Red Cross lays down hacktivism law as Ukraine war rages on
2023-10-04 19:03

The International Committee of the Red Cross, the humanitarian protection organization responsible for promoting international law, has set out eight rules for hacktivists and another four for states to discourage civilian involvement in cyberattacks against other countries. The rate at which civilians are becoming involved in international conflicts has been described as "a worrying trend" by the ICRC - a phenomenon exacerbated by the ongoing war in Ukraine, which has seen for the first time conflict taking place in both the physical and digital space concurrently.

Ukraine accuses Russian spies of hunting for war-crime info on its servers
2023-09-26 08:00

"Their primary objectives were to identify which evidence of Russian war crimes and exercise control over potential ground-deployed spies have our law enforcement teams," states the report [PDF], which was released on Monday. Intruders linked to Russia's Federal Security Service, Main Intelligence Directorate, and Foreign Intelligence Service also sought out material that could be used in criminal proceedings against Russian spies, other specific individuals, institutions, and organizations "Potentially leading to sanctions or other actions," the SSSCIP reports.

Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure
2023-09-06 08:02

The Computer Emergency Response Team of Ukraine on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. "Visiting the link will download a ZIP archive containing three JPG images and a BAT file 'weblinks.cmd' to the victim's computer," CERT-UA said, attributing it to the Russian threat actor known as APT28.

Chinese companies evade sanctions, fuel Moscow’s war on Ukraine, says report
2023-07-28 19:27

Chinese companies, including state-owned defense companies, are evading tech sanctions and fueling Moscow's war in Ukraine, according to a US report released on Thursday. "Beijing is pursuing a variety of economic support mechanisms for Russia that mitigate both the impact of Western sanctions and export controls," states the report.

Ukraine busts bot farm spreading Russian infowar propaganda and fraud
2023-07-20 07:30

Ukrainian cops have disrupted a massive bot farm with more than 100 operators allegedly spreading fake news about the Russian invasion, leaking personal information belonging to Ukrainian citizens, and instigating fraud schemes. "The Cyber Police established that the attackers used special equipment and software to register thousands of bot accounts in various social networks and subsequently launch advertisements that violated the norms and legislation of Ukraine," according to machine translation of the news alert issued by the police.

Ukraine takes down massive bot farm, seizes 150,000 SIM cards
2023-07-19 11:03

The Cyber ??Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations. Since the start of the war in Ukraine, Russian threat actors have been involved in disinformation campaigns targeting Ukraine and have invested in Ukraine-based bot farms.

PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland
2023-07-13 16:07

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023, leverages phishing lures and decoy documents to deploy a downloader malware called PicassoLoader, which acts as a conduit to launch Cobalt Strike Beacon and njRAT. "The attacks used a multistage infection chain initiated with malicious Microsoft Office documents, most commonly using Microsoft Excel and PowerPoint file formats," Cisco Talos researcher Vanja Svajcer said in a new report.

RomCom RAT Targeting NATO and Ukraine Support Groups
2023-07-10 06:42

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad. The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023. RomCom, also tracked under the names Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed staging cyber attacks against politicians in Ukraine who are working closely with Western countries and a U.S.-based healthcare organization involved with aiding refugees fleeing the war-torn country.

Russia-Ukraine war sending shockwaves into cyber-ecosystem
2023-06-13 08:31

The war has been described as the first to deploy significant - if largely immeasurable - levels of cyber operations by the belligerent parties. Despite the disparity in state size and military might, it's a contest in which both sides appear almost equally matched in terms of human and cyber resources; neither side, it seems, has established cyber dominance - yet.

Ukraine war blurs lines between cyber-crims and state-sponsored attackers
2023-06-01 05:40

A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine, according to Trend Micro analysts. The infosec vendor pointed out that RomCom's operators, threat group Void Rabisu, also has links to the notorious Cuba ransomware, and therefore assessed it was assumed to be a financially driven criminal organization.