This posting is here to collect cyber security news in February 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in February 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
511 Comments
Tomi Engdahl says:
Red Cross Hack Linked to Iranian Influence Operation?
https://krebsonsecurity.com/2022/02/red-cross-hack-linked-to-iranian-influence-operation/
A network intrusion at the International Committee for the Red Cross
(ICRC) in January led to the theft of personal information on more than 500, 000 people receiving assistance from the group.
KrebsOnSecurity has learned that the email address used by a cybercriminal actor who offered to sell the stolen ICRC data also was used to register multiple domain names the FBI says are tied to a sprawling media influence operation originating from Iran.
Red Cross: State hackers breached our network using Zoho bug https://www.bleepingcomputer.com/news/security/red-cross-state-hackers-breached-our-network-using-zoho-bug/
The International Committee of the Red Cross (ICRC) said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group. To beach the network, the attackers exploited an unpatched critical vulnerability (CVE-2021-40539) in Zoho’s ManageEngine ADSelfService Plus enterprise password management solution, which allowed them to remotely execute code without authentication.
Tomi Engdahl says:
FBI warns of BEC attackers impersonating CEOs in virtual meetings https://www.bleepingcomputer.com/news/security/fbi-warns-of-bec-attackers-impersonating-ceos-in-virtual-meetings/
The Federal Bureau of Investigation (FBI) warned today that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms. In a Public Service Announcement issued today, the FBI said it noticed scammers switching to virtual meeting platforms matching the overall trend of businesses moving to remote work during the pandemic. More:
https://www.ic3.gov/Media/Y2022/PSA220216
Tomi Engdahl says:
Journalist won’t be indicted for hacking for viewing a state website’s HTML https://blog.malwarebytes.com/hacking-2/2022/02/journalist-wont-be-indicted-for-hacking-for-viewing-a-state-websites-html/
This was a quick and foreseen win for St. Louis Post-Dispatch reporter Josh Renaud after a prosecutor from Cole County dismissed Missouri Governor Mike Parson’s criminal charges against him for allegedly hacking a government website by viewing its public HTML code something anyone can do by simply pressing the F12 button.
Tomi Engdahl says:
Hackers Had Access to Red Cross Network for 70 Days
https://www.securityweek.com/hackers-had-access-red-cross-network-70-days
One month after disclosing a data breach that affected roughly 515,000 people, the International Committee of the Red Cross (ICRC) announced that the hackers had access to its network for 70 days before the attack was discovered.
The attackers gained access to the Red Cross network on November 9, 2021, by exploiting CVE-2021-40539, a critical-severity authentication bypass flaw in Zoho’s ManageEngine ADSelfService Plus, ICRC explains in an updated FAQ.
ICRC says the attackers employed various techniques to pose as legitimate users and hide their presence in the environment, and to steal personal information such as names, contact details, and location.
“This was a sophisticated attack – a criminal act – breaching sensitive humanitarian data. We know that the attack was targeted because the attackers created code designed solely for execution on the concerned ICRC servers, a technique we believe was designed to shield the hackers´ activities from detection and subsequent forensic investigations,” ICRC says.
Tomi Engdahl says:
Malicious Emails Can Crash Cisco Email Security Appliances
https://www.securityweek.com/malicious-emails-can-crash-cisco-email-security-appliances
Cisco this week informed customers that its Email Security Appliance (ESA) product is affected by a high-severity denial of service (DoS) vulnerability that can be exploited using specially crafted emails.
The flaw, tracked as CVE-2022-20653, affects the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA. It can be exploited remotely without authentication.
The vulnerability is caused by insufficient error handling in DNS name resolution, Cisco said in its advisory.
“An attacker could exploit this vulnerability by sending specially formatted email messages that are processed by an affected device,” the company explained. “A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition. Continued attacks could cause the device to become completely unavailable, resulting in a persistent DoS condition.”
While the vulnerability sounds serious, it’s worth noting that it only impacts devices that have the DANE feature enabled and downstream mail servers configured to send bounce messages. Cisco noted that the DANE feature is not enabled by default.
Tomi Engdahl says:
Suomi aloittaa harjoituksen kyberhäiriöiden varalta – miten meidän kävisi tositilanteessa? https://www.is.fi/digitoday/tietoturva/art-2000008621811.html
Tomi Engdahl says:
Canada’s major banks go offline in mysterious hours-long outage
https://www.bleepingcomputer.com/news/security/canadas-major-banks-go-offline-in-mysterious-hours-long-outage/
Five major Canadian banks went offline for hours blocking access to online and mobile banking as well as e-transfers for customers.
The banks reportedly hit by the outage include Royal Bank of Canada (RBC), BMO (Bank of Montreal), Scotiabank, and the Canadian Imperial Bank of Commerce (CIBC).
Online banking and e-Transfers down for many
Canada’s five major banks went offline yesterday impeding access to e-Transfers, online and mobile banking services for many.
Emergencies Act imposes rules on some transfers
The cause of the outage is yet to be known but its timing is rather interesting, just days after the Canadian Prime Minister Trudeau invoked the Emergencies Act amid ongoing ‘Freedom Convoy’ protests.
On Monday, at a Parliament Hill press conference, Deputy Prime Minister Chrystia Freeland explained the new regulations that payment service providers need to adhere to, under the newly invoked Emergencies Act.
Tomi Engdahl says:
This French dad wanted his kids off social media so badly that he accidentally turned off his town’s internet and now he’s facing jail time
https://notthebee.com/article/a-french-dad-wanted-his-kids-off-social-media-so-badly-that-he-accidentally-turned-off-his-towns-entire-internet
The unnamed papa faces up to six months in prison and a hefty fine for disconnecting the town’s internet access with a scrambler, which is illegal under French law.
The patriarch purchased the jammer to block connection to the web in his home between the hours of midnight and 3 a.m. when his children would be addictively scrolling social media, authorities said.
Unbeknownst to him, though, the device blocked not only the access to the internet for his house but for the entire beach town of Messanges, in southwestern France.
Tomi Engdahl says:
Emotet Now Spreading Through Malicious Excel Files https://threatpost.com/emotet-spreading-malicious-excel-files/178444/
An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December.
Tomi Engdahl says:
Valve bans Cities: Skylines modder accused of hiding malicious code in mods https://www.pcgamer.com/valve-bans-cities-skylines-modder-accused-of-hiding-malicious-code-in-mods/
That mod, they went on to explain, contained an automatic updater that could, [...], be used to remotely install “keyloggers, viruses, bitcoin mining softwareliterally anything.”
Tomi Engdahl says:
Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry https://threatpost.com/massive-linkedin-phishing-bot-attacks-hungry-job-seekers/178476/
The phishing attacks are spoofing LinkedIn to target Great Resignation job hunters, who are also being preyed on by huge data-scraping bot attacks.
Tomi Engdahl says:
Canada’s major banks go offline in mysterious hours-long outage https://www.bleepingcomputer.com/news/security/canadas-major-banks-go-offline-in-mysterious-hours-long-outage/
Five major Canadian banks went offline for hours blocking access to online and mobile banking as well as e-transfers for customers.
Tomi Engdahl says:
Suomi aloittaa harjoituksen kyberhäiriöiden varalta miten meidän kävisi tositilanteessa?
https://www.is.fi/digitoday/tietoturva/art-2000008621811.html
KYBERVALMIUSHARJOITUS Tieto22 alkaa tänään. Huoltovarmuuskeskuksen järjestämässä harjoituksessa valmistaudutaan toimimaan vakavassa kyberhäiriötilanteessa, ja siihen osallistuu suomalaisyrityksiä eri elinkeinoelämän sektoreilta.
F-Secure jakautumassa kahdeksi yritykseksi
https://www.tivi.fi/uutiset/tv/d2571382-008b-44ca-986a-fd208f1cc8c6
Uuden yhtiön toiminimeksi otetaan F-Secure.
Yritystietoturvaliiketoiminta jää nykyiseen yhtiöön, joka on tarkoitus nimetä uudelleen WithSecureksi.
Tomi Engdahl says:
Mozilla warns Chrome, Firefox 100 user agents may break sites https://www.bleepingcomputer.com/news/software/mozilla-warns-chrome-firefox-100-user-agents-may-break-sites/
Mozilla is warning website developers that the upcoming Firefox 100 and Chrome 100 versions may break websites when parsing user-agent strings containing three-digit version numbers.
Tomi Engdahl says:
Google Introduces ‘Privacy Sandbox’ for Ads on Android
https://www.securityweek.com/google-introduces-privacy-sandbox-android
Tomi Engdahl says:
Intel Software and Firmware Updates Patch 18 High-Severity Vulnerabilities
https://www.securityweek.com/intel-software-and-firmware-updates-patch-18-high-severity-vulnerabilities
Intel has released software and firmware updates to address many vulnerabilities found in the company’s products.
The chipmaker last week released 22 security advisories, including seven that have an overall severity rating of “high.”
These advisories describe 18 high-severity vulnerabilities, most of which can be exploited for privilege escalation. Others can lead to information disclosure or a denial of service (DoS) condition. Exploitation of these flaws typically requires local access to the targeted device.
One advisory informs users that the BIOS firmware for some Intel processors is affected by 10 high-severity privilege escalation vulnerabilities.
Another advisory describes one serious security flaw that has been found in the Intel chipset firmware in Server Platform Services (SPS), Active Management Technology (AMT), and Power Management Controller (PMC).
High-severity issues have also been found in the Kernelflinger open source project, Intel Quartus Prime components, PROSet/Wireless WiFi and Killer WiFi products, and the AMT SDK, Setup and Configuration Software (SCS), and Management Engine BIOS eXtensions (MEBx).
The remaining advisories describe over a dozen medium- and low-severity vulnerabilities addressed by the company this month.
Some computer vendors, such as HPE, have also released advisories to inform their customers about some of the vulnerabilities affecting Intel hardware.
https://www.intel.com/content/www/us/en/security-center/default.html
Tomi Engdahl says:
FBI warns BlackByte ransomware gang is exploiting software vulnerabilities. They have compromised multiple U.S. and foreign businesses, including “at least” three attacks against U.S. critical infrastructure – government facilities, financial services, and food and agriculture.
Read more: https://tcrn.ch/3rVDg8z
Is your application secure? Komodo Consulting’s Black Box Penetration Testing helps you identify security vulnerabilities in your application before hackers do.
https://bit.ly/3tPCOdv
#cloudcomputing #ransomware
Tomi Engdahl says:
New cyberattack hits North Korea after hacker claims responsibility for outages
Researcher says attacks on internet servers are retaliation for DPRK phishing campaign against cybersecurity experts
https://www.nknews.org/2022/02/new-cyberattack-hits-north-korea-after-hacker-claims-responsibility-for-outages/
The cybersecurity researcher, who Wired magazine only identified by the pseudonym P4x, said he started disrupting servers hosted in the DPRK in retaliation after North Korean hackers targeted him just over a year ago in an attempt to steal information about unknown software vulnerabilities. He said that unpatched vulnerabilities in North Korean servers enabled him to launch a series of DDoS attacks that repeatedly took parts or all of the DPRK’s IT infrastructure off the internet.
Hours after Wired magazine published the claims, one of two known servers used by North Koreans to send email became completely unresponsive between 8 a.m. and 11 a.m. KST, logs reviewed by NK News show. Other domains hosted in the DPRK also showed signs of instability.
Tomi Engdahl says:
Interesting to see.
“CNN: Ukraine cyberattack is largest of its kind in country’s history, says official.”
Ukraine cyberattack is largest of its kind in country’s history, says official
https://edition.cnn.com/2022/02/16/europe/ukraine-cyber-attack-denial-service-intl/index.html
A high-volume cyberattack that temporarily blocked access to the websites of Ukrainian defense agencies and banks on Tuesday was “the largest [such attack] in the history of Ukraine,” according to a government minister.
Speaking at a press conference Wednesday, Ukrainian Minister of Digital Transformation of Ukraine Mykhailo Fedorov added that it is too early to tell who was responsible for the attack.
The so-called distributed denial of service (DDoS) attack — which bombarded Ukrainian websites with phony traffic — was coordinated and well planned, officials said.
DDoS attacks often disrupt access to IT systems, but their impact can be more psychological rather than having any direct effect on a country’s critical infrastructure.
While down for parts of Tuesday, the websites of Ukraine’s Ministry of Defense and Armed Forces, and those of two prominent banks, were back up Wednesday, according to CNN journalists in Ukraine. The DDoS attack, however, is ongoing, Ukrainian officials said.
Tomi Engdahl says:
Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code
https://threatpost.com/iranian-state-broadcaster-clumsy-buggy-code/178524/
Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran’s Supreme Leader was a clumsy and unsophisticated wiper attack.
Footage of opposition leaders calling for the assassination of Iran’s Supreme Leader ran on several of the nation’s state-run TV channels in late January after a state-sponsored cyber-attack on Iranian state broadcaster IRIB.
The incident – one of a series of politically motivated attacks in Iran that have occurred in the last year – included the use of a wiper that potentially ties it to a previous high-profile attack on Iran’s national transportation networks in July, according to researchers from Check Point Research.
“Among the tools used in the attack, we identified malware that takes screenshots of the victims’ screens, several custom-made backdoors, and related batch scripts and configuration files used to install and configure the malicious executables,” researchers wrote in the report. “We could not find any evidence that these tools were used previously, or attribute them to a specific threat actor.”
The attack managed to bypass security systems and network segmentation, penetrate the broadcaster’s networks, and produce and run the malicious tools that relied on internal knowledge of the broadcasting software used by victims, “all while staying under the radar during the reconnaissance and initial intrusion stages,” they noted.
Indeed, nearly two weeks after the attack happened, new affiliated with opposition party MEK published a status report of the attack claiming that state-sponsored radio and TV networks still had not returned to normal, and that more than 600 servers, advanced digital production, archiving, and broadcasting of radio and television equipment have been destroyed, according to the report.
Spate of Attacks
Iran’s national infrastructure has been the victim of a wave of attacks aimed at causing serious disruption and damage. Two incidents that targeted national transportation infrastructure occurred in two subsequent days in July.
Claiming Responsibility
It’s still unclear who, exactly, the perpetrators of the IRIB attack are, however. While Iranian officials believe the Iranian opposition political party MEK is behind the attack, the group itself has denied involvement, researchers said.
Further, hacktivist group Predatory Sparrow, which claimed responsibility for the previous three infrastructure attacks, also affiliated itself with the IRIB attack via its Telegram channel.
Hijacking the Video Stream
To interrupt the TV stream and play the opposition’s message, attackers used a program called SimplePlayout.exe, a .NET-based executable with a single functionality: to play a video file in a loop using the .NET MPlatform SDK by Medialooks.
To kill the video stream already playing so they could deploy their own, the attackers used a batch script called playjfalcfgcdq.bat, which killed the running process and deleted the executable of TFI Arista Playout Server, a software that the IRIB is known to use for broadcasting.
Attackers connected the dots with a script, layoutabcpxtveni.bat, that made the necessary connections to replace the IRIB video content with their own through a series of functions, including the launch of SimplePlayout.exe, researchers wrote.
Tomi Engdahl says:
https://threatpost.com/ukrainian-ddos-attacks-should-put-us-on-notice-researchers/178498/
Tomi Engdahl says:
Vulnerability found in WordPress plugin with over 3 million installations
UpdraftPlus patched the vulnerability on Thursday with version 1.22.3.
https://www.zdnet.com/article/vulnerability-found-in-wordpress-plugin-with-over-3-million-installations/
Tomi Engdahl says:
Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators
https://threatpost.com/golang-botnet-pulling-in-3k-month/178509/
Tomi Engdahl says:
Critical vulnerabilities in Zabbix Web Frontend allow authentication bypass, code execution on servers
https://portswigger.net/daily-swig/critical-vulnerabilities-in-zabbix-web-frontend-allow-authentication-bypass-code-execution-on-servers
Tomi Engdahl says:
Irony alert! PHP fixes security flaw in input validation code
https://nakedsecurity.sophos.com/2022/02/18/irony-alert-php-fixes-security-flaw-in-input-validation-code/
If you’re using PHP in your network, check that you’re using the latest version, currently 8.1.3.
Released yesterday [2022-02-17], this version fixes various memory mismanagement bugs, including CVE-2021-21708, which is a use-after-free blunder in a function called php_filter_float().
(Versions 8.0 and 7.4 are still supported, and are vulnerable too; if you aren’t using the latest 8.1 flavour of PHP then you need 8.0.16 and 7.4.28 respectively.)
A proof-of-concept exploit based on using PHP to query a database shows that the bug can be used to crash the PHP process, so a working Denial of Service (DoS) attack is already known to be possible.
Tomi Engdahl says:
Devious hackers are using NFT hype to hijack your PC and webcam
https://www.zdnet.com/article/hackers-are-using-nft-lures-to-trick-victims-into-downloading-intrusive-trojan-malware/
Cybersecurity researchers warn that criminals are using hype around NFTs to trick victims into downloading password-stealing BitRAT malware that allows them to hijack infected machines.
Tomi Engdahl says:
AirTags are being used to track people and cars. Here’s what is being done about it
https://www.npr.org/2022/02/18/1080944193/apple-airtags-theft-stalking-privacy-tech
Apple’s AirTags were billed as a cheap and easy way to track everything from your keys and wallet to your backpack, but in recent months there have been a number of reports of the small button-sized device being used by stalkers and thieves to track people.
Last December, Canadian law enforcement announced that AirTags were being found in luxury vehicles to later be stolen. Over recent months, numerous stories have also surfaced on across social media of people finding AirTags hidden in their belongings.
Tomi Engdahl says:
https://www.immuniweb.com/blog/japanese-sports-brand-mizuno-hit-with-ransomware-attack.html
Tomi Engdahl says:
Researchers Warn of a New Golang-based Botnet Under Continuous Development
https://thehackernews.com/2022/02/researchers-warn-of-new-golang-based.html
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisa-tells-federal-agencies-to-patch-actively-exploited-chrome-magento-bugs/
Tomi Engdahl says:
https://www.zdnet.com/article/squirrelwaffle-loader-leverages-microsoft-exchange-server-vulns-for-financial-fraud/
Tomi Engdahl says:
Startup Virsec Systems says it can eliminate the need for most cybersecurity tools
https://siliconangle.com/2022/02/12/startup-virsec-systems-says-can-eliminate-need-cybersecurity-tools/
Tomi Engdahl says:
https://thehackernews.com/2022/02/high-severity-rce-security-bug-reported.html
Tomi Engdahl says:
https://siliconangle.com/2022/02/12/startup-virsec-systems-says-can-eliminate-need-cybersecurity-tools/
Tomi Engdahl says:
https://www.theguardian.com/news/2022/feb/20/credit-suisse-secrets-leak-unmasks-criminals-fraudsters-corrupt-politicians
Tomi Engdahl says:
https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations
Tomi Engdahl says:
https://thehackernews.com/2022/02/master-key-for-hive-ransomware.html
InfoSecDude says:
Q4/21: Sees More DDoS Attacks Than Ever Before
DDoS attacks hit a sad all-time high in the last quarter of 2021. According to Kaspersky telemetry, The number of attacks in Q4 increased by 52% against the previous quarter and more than 4.5 times against the same period last year. The numbers look scary, but instead of rushing to conclusions, better to figure out why they are so.
https://www.realinfosec.net/cybersecurity-news/q4-21-sees-more-ddos-attacks-than-ever-before/
Tomi Engdahl says:
Microsoft SQL servers hit by Cobalt Strike attacks
By Sead Fadilpašić published about 8 hours ago
All attacks point to a single threat actor
https://www.techradar.com/uk/news/microsoft-sql-servers-hit-by-cobalt-strike-attacks
Tomi Engdahl says:
These new hacking groups are striking industrial, operational tech targets
Two of the new groups are sophisticated enough to directly reach ICS/OT networks.
https://www.zdnet.com/article/these-new-hacking-groups-are-striking-industrial-operational-tech-targets/
Researchers say that three new threat groups targeting the industrial sector have appeared, but over half of all attacks are the work of only two known cybercriminal outfits.
Cyberattacks launched against industrial players, providers of critical infrastructure, utilities, and energy companies — whether oil, gas or renewables — are often less about making a quick buck and more about data theft or causing real-world disruption.
The ransomware incidents experienced by Colonial Pipeline and JBS called attention to the ramifications of digital attacks on supply chains.
After Colonial Pipeline temporarily halted delivery services to investigate a cyberattack, fuel panic-buying took place across parts of the United States. JBS, a global meatpacker, paid an $11 million ransom, but this was not enough to prevent delays in meat pricing and a drop in cattle slaughter due to market uncertainty.
There is brewing tension between Russia and Ukraine, and the former has been accused of responsibility for ongoing cyberattacks, including a distributed denial-of-service (DDoS) assault on government websites. Financial services in the country have also been impacted.
The Kremlin has denied any involvement. Russia has also been accused of a 2015 cyberattack that took down Ukraine’s power grid.
Tomi Engdahl says:
The discovery comes on the heels of last year’s research which detailed the exploits of four other activity groups, dubbed Stibnite, Talonite, Kamacite, and Vanadinite.
Dragos’ new activity groups are called Kostovite, Petrovite and Erythrite.
https://www.zdnet.com/article/these-new-hacking-groups-are-striking-industrial-operational-tech-targets/
Tomi Engdahl says:
Microsoft SQL servers hit by Cobalt Strike attacks
By Sead Fadilpašić published about 8 hours ago
All attacks point to a single threat actor
https://www.techradar.com/uk/news/microsoft-sql-servers-hit-by-cobalt-strike-attacks
Tomi Engdahl says:
Phosphorus Cybersecurity raises $38 million to secure IoT devices
https://venturebeat.com/2022/02/22/phosphorus-cybersecurity-raises-38-million-to-secure-iot-devices/
Tomi Engdahl says:
https://thehackernews.com/2022/02/chinese-experts-uncover-details-of.html
Tomi Engdahl says:
Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike
https://thehackernews.com/2022/02/hackers-backdoor-unpatched-microsoft.html
Tomi Engdahl says:
Urgent warning for Chrome, Firefox, Edge users as browsers prepare for update
https://www.the-sun.com/tech/4727926/warning-for-chrome-firefox-edge-users/
The three sites will move to version number “100,” and the transition could cause some of the web’s most-visited sites to fail.
This is because these sites will not be able to process visits from browsers with three-digit version numbers.
The websites for T-Mobile, HBO Go and Yahoo! have been affected, Forbes reported.
Usually, websites check your browser’s version number.
So, if your browser is older or unsupported, it’s likely you won’t be able to open certain sites.
For Chrome, the usual cut-off point is 40.
Because the outdated code in these sites only checks the first two digits, Chrome, Edge and Firefox 100 will be read as “10” and thus blocked.
Tomi Engdahl says:
Meet The Secretive Surveillance Wizards Helping The FBI And ICE Wiretap Facebook And Google Users
https://www.forbes.com/sites/thomasbrewster/2022/02/23/meet-the-secretive-surveillance-wizards-helping-the-fbi-and-ice-wiretap-facebook-and-google-users/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie
Tomi Engdahl says:
Anonymous launches attacks against Russia and pledges support for Ukraine against ‘Kremlin’s brutal invasion’
The hacking group claimed to take down the state-owned outlet RT in a DDoS attack
https://www.independent.co.uk/tech/anonymous-attacks-russia-ukraine-invasion-rt-ddos-b2023177.html#aoh=16458000432989&referrer=https%3A%2F%2Fwww.google.com&_tf=Julkaisija%3A%20%251%24s&share=https%3A%2F%2Fwww.independent.co.uk%2Ftech%2Fanonymous-attacks-russia-ukraine-invasion-rt-ddos-b2023177.html
Tomi Engdahl says:
Hackers from across the world, even Russia, come together to fight for Ukraine against the invasion, says a Kyiv entrepreneur.
‘If Kyiv Falls, We Keep Hacking Putin’: On The Cyber Frontline In Ukraine
https://www.forbes.com/sites/thomasbrewster/2022/02/25/if-kyiv-falls-we-keep-hacking-putin-on-the-cyber-frontline-in-ukraine/
A shadow war is raging in Ukraine, invisible to most people but critical to the outcome. Its warriors vow that no matter who wins the bloody battles on the streets, they will fight on.
In this war of cyberattacks, waves of phishing emails hit Ukraine’s military personnel, allegedly originating with a Belarussian hacking crew. Distributed denial of service attacks, or DDoS, which flood websites with traffic until they collapse, continue to inundate government targets. Wiping malware spreads across the nation, capable of destroying a computer’s memory in seconds. Some reports citing a U.S. official have indicated power plants have been under attack, though no detail was provided. Even cybercriminals – the Conti ransomware crew, namely – have threatened to hit critical infrastructure in response to attacks on Russia.
And physical attacks are having an impact
Like a guerrilla army, Ukrainian cyberattackers like Yegor Aushev vow to hit their targets and move on, even if the larger battle looks lost. Aushev, the founder of numerous cybersecurity companies in Ukraine, said Thursday he’d recruited a group of guerrilla hackers inside and outside Ukrainian borders that even includes a handful of Russians who oppose President Vladimir Putin’s invasion.
Together, they’ll be playing offense and defense – trying to protect resources and break into Russian systems. Aushev said he has a direct line to government defense officials in the capital Kyiv who can tell him what needs protecting and what needs targeting. Ukrainian officials declined to comment to Forbes and to Reuters, which first reported Aushev’s project.
“It’s offense, defense and training,”
If Kyiv falls, Aushev said the army won’t disband. It will continue to defend Ukrainians and attack the Kremlin. “This project will not stop in any case, as long as Putin is the president and as long as Russia will keep talking about Ukraine in the same manner as they’re doing it now – like Ukraine is not a country,” he said. “As long as they keep going like this, we will not be friends, and that means we’re enemies.”
Aushev said Russians have joined his team alongside hundreds of others, from Ukraine, the U.S., the U.K. and beyond.
Such guerrilla resistance may be the last line of defense for Ukraine. It comes as government officials urge all citizens to take up arms where they can to fight the Russian army on the streets.
Meanwhile, other cybersecurity workers in Kyiv remain stoic. One tasked with protecting critical infrastructure told Forbes that the idea of Aushev’s volunteer force was “romantic,” but the hard work continued to be done by cybersecurity teams inside Ukraine. “So far we can perform all our regular services,” he said. “The best Ukrainian cyber professionals have been engaged and working hard in multiple ways.”
“So keep calm and be cyber-conscious,”
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/us-uk-link-new-cyclops-blink-malware-to-russian-state-hackers/