This posting is here to collect cyber security news in March 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in March 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
888 Comments
Tomi Engdahl says:
https://mobile.twitter.com/thedeaddistrict/status/1500159255168565251
Tomi Engdahl says:
https://mobile.twitter.com/netblocks
Tomi Engdahl says:
https://www.newsweek.com/ddos-attack-definition-meaning-liveuamap-ukraine-russia-cyberattack-mapping-tool-1683978#aoh=16465476260551&referrer=https%3A%2F%2Fwww.google.com&_tf=Julkaisija%3A%20%251%24s&share=https%3A%2F%2Fwww.newsweek.com%2Fddos-attack-definition-meaning-liveuamap-ukraine-russia-cyberattack-mapping-tool-1683978
Tomi Engdahl says:
Senate passes major cybersecurity legislation to force reporting of cyberattacks and ransomware
https://www.cnn.com/2022/03/02/politics/senate-passes-major-cybersecurity-legislation/index.html
The Senate on Tuesday passed major cybersecurity legation, moving one step closer toward forcing critical infrastructure companies to report cyberattacks and ransomware payments.
The passage comes as federal officials have repeatedly warned of the potential for Russian cyberattacks against the United States amid the escalating conflict in Ukraine.
Tomi Engdahl says:
Asiantuntija arvioi: Tämä on Venäjän sotilaspoliittinen strategia Suomen suhteen https://www.iltalehti.fi/politiikka/a/484fd57f-9308-4da4-894b-1fd95f95d0e0
Tomi Engdahl says:
Analyysi: Putinin vaihtoehdot ovat nöyryyttävä rauhansopimus tai sodan kiihdyttäminen, mikä avaa hyvin pelottavia näkymiä
https://yle.fi/uutiset/3-12345773
Tomi Engdahl says:
https://yle.fi/uutiset/3-12345276
Tomi Engdahl says:
Samsung Seemingly Falls Victim to Nvidia Attackers
By Mark Tyson published about 16 hours ago
https://www.tomshardware.com/news/samsung-seemingly-falls-victim-to-nvidia-attackers
Lapsus$ has released what it claims to be some proprietary Samsung code.
Tomi Engdahl says:
Lapsus$ claims to have its hands on Knox authentication code, biometric unlock algorithms, bootloader code for all recent Samsung devices, Trusted Applet source code, code behind online services and Samsung accounts, and much more.
https://www.tomshardware.com/news/samsung-seemingly-falls-victim-to-nvidia-attackers
Tomi Engdahl says:
Hackers leak 190GB of alleged Samsung data, source code
https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/
Tomi Engdahl says:
Tällainen on mystinen Anonymous https://www.iltalehti.fi/digiuutiset/a/7d02473c-b035-4b47-b547-45583b18ece3
Tomi Engdahl says:
Analyysi: Me rahoitamme Venäjän sotaa öljy- ja kaasukaupalla – sille halutaan nyt nopeaa loppua
Muutoksen paine on valtava. Sadat kansalaisjärjestöt kirkoista Greenpeaceen vaativat maailmaa irtautumaan heti Venäjän fossiilisten polttoaineiden käytöstä, kirjoittaa Ylen ulkomaantoimittaja Mika Mäkeläinen.
https://yle.fi/uutiset/3-12345276
Tomi Engdahl says:
Security News This Week: A Major Internet Backbone Company Cuts Off Russia
Plus: A ransomware gang leak, an Nvidia hack, and more of the week’s top security news.
https://www.wired.com/story/cogent-internet-backbone-cuts-off-russia-nvidia-ransomware-conti-security-news/
Tomi Engdahl says:
Show me a 10ft paywall, I’ll show you a 12ft ladder
https://12ft.io/
Tomi Engdahl says:
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
https://thehackernews.com/2022/03/new-linux-kernel-cgroups-vulnerability.html
Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host.
The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical groups, thereby making it possible to limit and monitor the usage of resources such as CPU, memory, disk I/O, and network.
Tracked as CVE-2022-0492 (CVSS score: 7.0), the issue concerns a case of privilege escalation in the cgroups v1 release_agent functionality, a script that’s executed following the termination of any process in the cgroup.
“The issue stands out as one of the simplest Linux privilege escalations discovered in recent times: The Linux kernel mistakenly exposed a privileged operation to unprivileged users,” Unit 42 researcher Yuval Avrahami said in a report published this week.
Tomi Engdahl says:
Where Does Open Source Fit into Russia’s War with Ukraine?
https://thenewstack.io/where-does-open-source-fit-into-russias-war-with-ukraine/
Earlier this week, open source gateway Scarf began limiting access to open source packages for Russian government and military entities, via its gateway. In the company’s announcement, Scarf CEO and founder Avi Press wrote that “Scarf will be blocking all package and container downloads originating from Russian Government sources until further notice.”
The company is not the only one to make such a move this week, with Oracle suspending all operations in the Russian Federation, Hashicorp prohibiting access to its products, and Apple stopping all sales in Russia. There were numerous others, but Scarf’s actions stand out — in that the restriction here applies to open source, not proprietary, software.
Architecture
Development
Operations
Search The New Stack
OPEN SOURCE / SOFTWARE DEVELOPMENT / TECHNOLOGY
Where Does Open Source Fit into Russia’s War with Ukraine?
4 Mar 2022 6:22am, by Mike Melanson
Ukraine
Earlier this week, open source gateway Scarf began limiting access to open source packages for Russian government and military entities, via its gateway. In the company’s announcement, Scarf CEO and founder Avi Press wrote that “Scarf will be blocking all package and container downloads originating from Russian Government sources until further notice.”
The company is not the only one to make such a move this week, with Oracle suspending all operations in the Russian Federation, Hashicorp prohibiting access to its products, and Apple stopping all sales in Russia. There were numerous others, but Scarf’s actions stand out — in that the restriction here applies to open source, not proprietary, software.
When it comes to open source software, the Open Source Initiative’s definition is quite clear: there must be “no discrimination against persons or groups” and “no discrimination against fields of endeavor.” Each of these criteria applies to the license of said open source software, while the distribution of that same software may be a different matter entirely, argues Press.
“There’s a difference between the code and the repositories where we collaborate on the code, versus the distribution channels where that code gets distributed,” said Press in an interview. “Just because you have the free permission to pull down the source code itself, versus, say, pull down a Dockerized application so that I can spin up an entire infrastructure ecosystem within my firewall and it all just works at the click of the button, those are two completely different things. Having more control over that distribution channel, that doesn’t really impact the nature of what the scope of these licenses are talking about.”
Tomi Engdahl says:
Pääkirjoitus: Yhdysvallat on nyt Suomen turvallisuuden ykköspolku – Nato voi olla se toinen https://www.is.fi/paakirjoitus/art-2000008662920.html
Tomi Engdahl says:
Putin convinced the Chinese to help with the finance sector to counter the sanctions, at great profit to the Chinese of course.
Mastercard and Visa out, Chinese UnionPay systems in.
https://m.benzinga.com/article/26009491?utm_referrer=https%3A%2F%2Flm.facebook.com%2F&utm_source=https%3A%2F%2Flm.facebook.com%2F
Tomi Engdahl says:
https://techcrunch.com/2022/03/06/tiktok-suspends-content-in-russia-in-response-to-fake-news-law/?tpcc=tcplusfacebook
Tomi Engdahl says:
The law, which the lower chamber of Russia’s parliament approved on Friday, threatens prison time for anyone who publishes what the Kremlin deems to be false information about the country’s invasion of Ukraine. Those who are found guilty of disseminating false data about Russia’s armed forced would face up to 15 years in prison or a fine of 1.5 million rubles, or USD $14,000.
https://techcrunch.com/2022/03/06/tiktok-suspends-content-in-russia-in-response-to-fake-news-law/?tpcc=tcplusfacebook
Tomi Engdahl says:
Hackers leak 190GB of alleged Samsung data, source code https://www.bleepingcomputer.com/news/security/hackers-leak-190gb-of-alleged-samsung-data-source-code/
The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer.
Tomi Engdahl says:
Privacy activists launch new offensive against non-compliant cookie banners https://www.euractiv.com/section/data-protection/news/privacy-activists-launch-new-offensive-against-non-compliant-cookie-banners/
The privacy activists that took down Google Analytics sent 270 draft complaints on Friday (4 March) to website operators who use cookie banners that do not comply with the EU data protection rules. The batch is the second of a series of complaints by NOYB, the NGO led by Max Schrems, the Austrian activist who become famous for initiating the legal proceedings that brought down the EU-US data transfer agreements in two separate lawsuits.
Tomi Engdahl says:
Russia blocks access to Facebook, several foreign news outlets https://www.bleepingcomputer.com/news/technology/russia-blocks-access-to-facebook-several-foreign-news-outlets/
Russia has blocked access to the Facebook social network after Meta, Facebook’s parent company, deactivated or restricted access to accounts belonging pr-Kremlin media outlets and news agencies, including RIA Novosti, Sputnik, and Russia Today. Today, Roskomnadzor has also blocked access to multiple foreign news outlets, some of them designated as foreign agents, including Voice of America, BBC, DW, Meduza, and Radio Free Europe/Radio Liberty. Russia justified the media outlets’ ban saying that they spread fake news regarding the ongoing invasion of Ukraine, the methods used by its military against Ukrainian civilians and infrastructure, and the number of casualties suffered by the Russian army.
Tomi Engdahl says:
Amid Russian invasion, Ukraine granted formal role with NATO cyber hub https://therecord.media/amid-russian-invasion-ukraine-granted-formal-role-with-nato-cyber-hub/
Ukraine was granted the formal role of “contributing participant” to the hub, known as the Cooperative Cyber Defence Centre of Excellence (CCDCOE), by its 27-member steering committee, the organization announced. “Ukraine’s presence in the Centre will enhance the exchange of cyber expertise, between Ukraine and CCDCOE member nations, ” Col.
Jaak Tarien, the institution’s director, said in a statement.
Tomi Engdahl says:
Social media phishing attacks are at an all time high https://www.bleepingcomputer.com/news/security/social-media-phishing-attacks-are-at-an-all-time-high/
The targeting of social media is the highlighted finding in the 2021 Phishing report by cybersecurity firm Vade, who analyzed phishing attack patterns that unfolded throughout 2021. Vade also recorded a rise in the sophistication of phishing attacks, especially those targeting Microsoft 365 credentials, an evolution in the tech support scams, and the inevitable dominance of COVID-19 and item shipping lures. See also:
https://info.vadesecure.com/hubfs/Ressource%20Marketing%20Website/eBooks/Phishers%20Favorites%202021%20Year%20in%20Review/Vade-Phishers%20Favorites%202021%20Year-in-Review-EN.pdf
Tomi Engdahl says:
This Ukrainian cyber firm is offering hackers bounties for taking down Russian sites https://therecord.media/this-ukrainian-cyber-firm-is-offering-hackers-bounties-for-taking-down-russian-sites/
In the days following Russia’s invasion of Ukraine, dozens of hacking groups have taken sides in the conflict, launching attacks on various organizations and government institutions. Cyber Unit Technologies, a Kyiv-based cybersecurity startup, has been particularly outspoken on Tuesday, the company started a campaign to reward hackers for taking down Russian websites and pledged an initial $100, 000 to the program.
Tomi Engdahl says:
High Above Ukraine, Satellites Get Embroiled in the War https://www.wired.com/story/ukraine-russia-satellites/
While the Russian invasion rages on the ground, companies that operate data-collecting satellites find themselves in an awkward position.
Some researchers are worried that the reliance on satellite imagery has given too much power to the companies that control this technology. “There’s companies like Maxar and Planet that are privately owned and they have the final say on whether or not they want to share the information, ” says Anuradha Damale. The role of private companies in conflicts such as Ukraine means commercial satellites could become targets. In the days before Russia invaded, US space officials warned satellite companies that the conflict could extend into space.
Tomi Engdahl says:
Malware campaign impersonates VC firm looking to buy sites https://www.bleepingcomputer.com/news/security/malware-campaign-impersonates-vc-firm-looking-to-buy-sites/
BleepingComputer was recently contacted by an alleged “venture capitalist” firm that wanted to invest or purchase our site. However, as we later discovered, this was a malicious campaign designed to install malware that provides remote access to our devices. As this type of campaign looked similar to other campaigns that have pushed remote access and password-stealing trojans in the past, BleepingComputer reached out to cybersecurity firm Cluster25 who has previously helped BleepingComputer diagnose similar malware attacks in the past.
Tomi Engdahl says:
Tehostettua seurantaa finanssisektorin tilanteeseen, pakotteiden toimeenpanoon ja kyberriskeihin varautumiseen https://www.finanssivalvonta.fi/tiedotteet-ja-julkaisut/lehdistotiedotteet/2022/tehostettua-seurantaa-finanssisektorin-tilanteeseen-pakotteiden-toimeenpanoon-ja-kyberriskeihin-varautumiseen/
Kansainvälisen turvallisuustilanteen kiristyminen lisää kyberhyökkäysten mahdollisuutta myös finanssialan toimijoita ja palveluntuottajia vastaan. Finanssivalvonta kehottaa valvottavia varmistamaan, että niiden suojaukset erilaisia kyberuhkia vastaan ovat ajan tasalla.
Tomi Engdahl says:
Amazon: Charities, aid orgs in Ukraine attacked with malware https://www.bleepingcomputer.com/news/security/amazon-charities-aid-orgs-in-ukraine-attacked-with-malware/
Charities and non-governmental organizations (NGOs) providing critical support in Ukraine are targeted in malware attacks aiming to disrupt their operations and relief efforts seeking to assist those affected by Russia’s war. Amazon has detected these attacks while working with the employees of NGOs, charities, and aid organizations, including UNICEF, UNHCR, World Food Program, Red Cross, Polska Akcja Humanitarna, and Save the Children.
Tomi Engdahl says:
Beware of malware offering “Warm greetings from Saudi Aramco”
https://blog.malwarebytes.com/threat-intelligence/2022/03/beware-of-malware-offering-warm-greetings-from-saudi-aramco/
Recently, the Malwarebytes Threat Intelligence Team found a Formbook campaign targeting oil and gas companies. The campaign was delivered by a targeted email that contained two attachments, one is a pdf file and the other an Excel document. The email pretends to be from Saudi Aramco, a Saudi Arabian public petroleum and natural gas company, and one of the largest companies in the world by revenue. The email asks the receiver to provide an offer for refinery renovations that requires a swift response.
Tomi Engdahl says:
Russian military intelligence hacks Dutch people https://www.archynewsy.com/russian-military-intelligence-hacks-dutch-people/
A unit of the Russian military intelligence service GRU has hacked routers belonging to Dutch private individuals and small and medium-sized companies. The Military Intelligence Service (MIVD) has discovered this, writes de Volkskrant. The routers are part of a global attack network and can, for example, destroy or paralyze the network of ministries. It is estimated that there are thousands of hacked devices in the hands of the Russian unit worldwide. In the Netherlands, this would involve a few dozen routers.
Tomi Engdahl says:
Malware now using NVIDIA’s stolen code signing certificates https://www.bleepingcomputer.com/news/security/malware-now-using-nvidias-stolen-code-signing-certificates/
After Lapsus$ leaked NVIDIA’s code-signing certificates, security researchers quickly found that the certificates were being used to sign malware and other tools used by threat actors. According to samples uploaded to the VirusTotal malware scanning service, the stolen certificates were used to sign various malware and hacking tools, such as Cobalt Strike beacons, Mimikatz, backdoors, and remote access trojans.
Tomi Engdahl says:
Kaikesta saa tarpeen tullen sodankäyntivälineen Näin sota Ukrainassa näkyy ja tallentuu somepalveluihin
https://www.kauppalehti.fi/uutiset/kaikesta-saa-tarpeen-tullen-sodankayntivalineen-nain-sota-ukrainassa-nakyy-ja-tallentuu-somepalveluihin/f61dac4a-7756-480c-8c92-77dc5c21eb78
Ukrainan sota on näyttänyt, kuinka ihan tavallisina pidettäviä peruspalveluita voidaan käyttää eduksi sotatoimissa. Tämä pitää kutinsa etenkin informaatiosodankäynnissä.
Avoimia sisältöjä Ukrainan sodan taustojen ymmärtämiseen https://www.jyu.fi/it/fi/opiskelu/maisteriohjelmat/turvallisuus-ja-strateginen-analyysi/avoimia-luentoja
Tälle sivulle on koottu mm. Turvallisuus ja strateginen analyysi
- -maisteriohjelman julkiset luennot ja muuta materiaalia, jotka taustoittavat meneillään olevaa Ukrainan sotaa. Julkaisemme mahdollisuuksien mukaan myös lisää sisältöä, johon tulee linkki tälle sivulle.
Tomi Engdahl says:
HermeticWiper: A detailed analysis of the destructive malware that targeted Ukraine https://blog.malwarebytes.com/threat-intelligence/2022/03/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine/
The day before the invasion of Ukraine by Russian forces on February 24, a new data wiper was unleashed against a number of Ukrainian entities. This malware was given the name “HermeticWiper” based on a stolen digital certificate from a company called Hermetica Digital Ltd. This wiper is remarkable for its ability to bypass Windows security features and gain write access to many low-level data-structures on the disk. In addition, the attackers wanted to fragment files on disk and overwrite them to make recovery almost impossible.
Tomi Engdahl says:
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/
On Feb. 4, Linux announced CVE-2022-0492, a new privilege escalation vulnerability in the kernel. CVE-2022-0492 marks a logical bug in control groups (cgroups), a Linux feature that is a fundamental building block of containers. The issue stands out as one of the simplest Linux privilege escalations discovered in recent times: The Linux kernel mistakenly exposed a privileged operation to . Unit 42 recommends users upgrade to a fixed kernel version. For those running containers, enable Seccomp and ensure AppArmor or SELinux are enabled.
Tomi Engdahl says:
Google WAF bypassed via oversized POST requests https://portswigger.net/daily-swig/google-waf-bypassed-via-oversized-post-requests
Security limitations in the default protection offered by Google’s web application firewall (WAF) make it possible to bypass the company’s cloud-based defenses. Researchers at security consultancy Kloudle found they were able to bypass both Google Cloud Platform (GCP) and Amazon Web Services (AWS) web app firewalls just by making a POST request more than 8KB in size. See also:
https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf
Tomi Engdahl says:
Adafruit discloses data leak from ex-employee’s GitHub repo https://www.bleepingcomputer.com/news/security/adafruit-discloses-data-leak-from-ex-employees-github-repo/
On Friday, March 4th, Adafruit announced that a publicly-accessible GitHub repository contained a data set comprising information on some user accounts. The data set, according to Adafruit, did not contain any user passwords or financial information such as credit cards.
However, the exposure of real user data, including order details, could be used by spammers and phishing actors to target Adafruit’s customers. Interestingly, the data leak did not occur from Adafruit’s GitHub repository but that of a former employee. It appears that a former employee was using real customer information for training and data analysis operations in their GitHub repo.
Tomi Engdahl says:
In Ukraine, Online Gig Workers Keep Coding Through the War https://www.wired.com/story/gig-work-in-ukraine/
Freelancers or gig workers who piece together work on online platforms are a hidden engine of the Ukrainian economyand the world’s. They work as software engineers, project managers, IT technicians, graphic designers, editors, and copywriters. And they work for everyone.
Invading Russian forces have plunged freelancers’ home offices into chaos and uncertainty. Vlad, a video editor in southern Ukraine, says he’s grown accustomed to the air alarm signal, and hiding until it has passed. Now there are battles 30 miles from his home. “But as long as there is water, electricity, and internet, I can work, ” he says.
“Because we all need to live for something, eat
Tomi Engdahl says:
Leaving Russia? Experts Say Wipe Your Phone Before You Go https://www.forbes.com/sites/thomasbrewster/2022/03/04/russians-escaping-putins-repression-urged-to-wipe-their-phones/
Russians fleeing President Vladimir Putin’s regime as it cracks down on anti-war sentimentand rumors of martial law grow louderare being advised to wipe their phones, especially of any traces of support for Ukraine. If they don’t, experts say they may face detention. They’re starting by deleting messages on Signal, Telegram or any app that promises security. For those leaving the country, they’re deleting the apps themselves, and urging others to do the same. Russian media has first-hand accounts of lengthy interrogations at the border, along with phone and laptop searches, though Forbes could not corroborate those claims.
Tomi Engdahl says:
Sota käänsi satelliitit kohti Ukrainaa tiedustelupalveluista riippumattomat kaupalliset satelliitit seuraavat sotaa https://www.hs.fi/tiede/art-2000008651317.html
Taistelukentän läpinäkyvyys on kasvanut viimeisten viiden vuoden aikana huimasti, arvioivat tutkijat. Uutta on se, että taivaalla on runsaasti myös armeijoista ja tiedustelupalveluista riippumattomia kaupallisia kamerasatelliitteja.
Tomi Engdahl says:
Why ICANN Won’t Revoke Russian Internet Domains
The organization says cutting the country off would have “devastating” effects on the global internet system.
https://www.wired.com/story/why-icann-wont-revoke-russian-internet-domains/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Ukraine’s request to cut Russia off from core parts of the internet has been rejected by the nonprofit group that oversees the Internet’s Domain Name System (DNS). CEO Göran Marby of the Internet Corporation for Assigned Names and Numbers (ICANN) said the group must “maintain neutrality and act in support of the global internet.”
“Our mission does not extend to taking punitive actions, issuing sanctions, or restricting access against segments of the internet—regardless of the provocations,” Marby wrote in his response to Ukraine Vice Prime Minister Mykhailo Fedorov.
https://www.icann.org/en/system/files/correspondence/marby-to-fedorov-02mar22-en.pdf
Tomi Engdahl says:
TikTok Was Designed for War
As Russia’s invasion of Ukraine plays out online, the platform’s design and algorithm prove ideal for the messiness of war—but a nightmare for the truth.
https://www.wired.com/story/ukraine-russia-war-tiktok/#intcid=_wired-bottom-recirc_8e802014-a05f-48c5-89e8-9dad931361ad_text2vec1-reranked-by-vidi
Tomi Engdahl says:
Ukraine Digital Army Brews Cyberattacks, Intel and Infowar
https://www.securityweek.com/ukraine-digital-army-brews-cyberattacks-intel-and-infowar
Formed in a fury to counter Russia’s blitzkrieg attack, Ukraine’s hundreds-strong volunteer “hacker” corps is much more than a paramilitary cyberattack force in Europe’s first major war of the internet age. It is crucial to information combat and to crowdsourcing intelligence.
“We are really a swarm. A self-organizing swarm,” said Roman Zakharov, a 37-year-old IT executive at the center of Ukraine’s bootstrap digital army.
Inventions of the volunteer hackers range from software tools that let smartphone and computer owners anywhere participate in distributed denial-of-service attacks on official Russian websites to bots on the Telegram messaging platform that block disinformation, let people report Russian troop locations and offer instructions on assembling Molotov cocktails and basic first aid.
Zahkarov ran research at an automation startup before joining Ukraine’s digital self-defense corps. His group is StandForUkraine. Its ranks include software engineers, marketing managers, graphic designers and online ad buyers, he said.
The movement is global, drawing on IT professionals in the Ukrainian diaspora whose handiwork includes web defacements with antiwar messaging and graphic images of death and destruction in the hopes of mobilizing Russians against the invasion.
“Both our nations are scared of a single man — (Russian President Vladimir) Putin,” said Zakharov. “He’s just out of his mind.” Volunteers reach out person-to-person to Russians with phone calls, emails and text messages, he said, and send videos and pictures of dead soldiers from the invading force from virtual call centers.
Some build websites, such as a “site where Russian mothers can look through (photos of) captured Russian guys to find their sons,” Zakharov said by phone from Kyiv, the Ukrainian capital.
The cyber volunteers’ effectiveness is difficult to gauge. Russian government websites have been repeatedly knocked offline, if briefly, by the DDoS attacks, but generally weather them with countermeasures.
It’s impossible to say how much of the disruption — including more damaging hacks — is caused by freelancers working independently of but in solidarity with Ukrainian hackers.
A tool called “Liberator” lets anyone in the world with a digital device become part of a DDoS attack network, or botnet. The tool’s programmers code in new targets as priorities change.
Tomi Engdahl says:
Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks
https://thehackernews.com/2022/03/russia-releases-list-of-ips-domains.html
Tomi Engdahl says:
Cyberattack Knocks Thousands Offline in Europe
https://www.securityweek.com/cyberattack-knocks-thousands-offline-europe
Thousands of internet users across Europe have been thrown offline after what sources said Friday was a likely cyberattack at the beginning of Russia’s offensive in Ukraine.
According to Orange, “nearly 9,000 subscribers” of a satellite internet service provided by its subsidiary Nordnet in France are without internet following a “cyber event” on February 24 at Viasat, a US satellite operator of which it is a client.
Eutelsat, the parent company of the bigblu satellite internet service, also confirmed to AFP on Friday that around one-third of bigblu’s 40,000 subscribers in Europe, in Germany, France, Hungary, Greece, Italy and Poland, were affected by the outage on Viasat.
In the US, Viasat said on Wednesday that a “cyber event” had caused a “partial network outage” for customers “in Ukraine and elsewhere” in Europe who rely on its KA-SAT satellite.
Viasat gave no further details, saying only that “police and state partners” had been notified and were “assisting” with investigations.
General Michel Friedling, head of France’s Space Command said there had been a cyberattack.
Tomi Engdahl says:
Ukraine Cyber Official: We Only Attack Military Targets
https://www.securityweek.com/ukraine-cyber-official-we-only-attack-military-targets
A top Ukrainian cybersecurity official said Friday a volunteer army of hundreds of hackers enlisted to fight Russia in cyberspace is attacking only what it deems military targets, prioritizing government services including the financial sector, Kremlin-controlled media and railways.
Victor Zhora, deputy chair of the state special communications service, also said that there had been about 10 hostile hijackings of local government websites in Ukraine to spread false text propaganda saying his government had capitulated. He said most of Ukraine’s telecommunications and internet were fully operational.
Zhora told reporters in a teleconference that presumed Russian hackers continued to try to spread destructive malware in targeted email attacks on Ukrainian officials and — in what he considers a new tactic — trying to infect the devices of individual citizens.
Army of Cyber Hackers Rise Up to Back Ukraine
https://www.securityweek.com/army-cyber-hackers-rise-back-ukraine
An army of volunteer hackers is rising up in cyberspace to defend Ukraine, though internet specialists are calling on geeks and other “hacktivists” to stay out of a potentially very dangerous computer war.
According to Livia Tibirna, an analyst at cyber security firm Sekoia, nearly 260,000 people have joined the “IT Army” of volunteer hackers, which was set up at the initiative of Ukraine’s digital minister Mykhailo Fedorov.
The group, which can be accessed via the encrypted messaging service Telegram, has a list of potential targets in Russia, companies and institutions, for the hackers to target.
It’s difficult to judge the effect the cyber-army is having.
Tomi Engdahl says:
CISA Says Recent Cisco Router Vulnerabilities Exploited in Attacks
https://www.securityweek.com/cisa-says-recent-cisco-router-vulnerabilities-exploited-attacks
CISA Warns of 60 Exploited Vulnerabilities Affecting Cisco, Microsoft Products
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday announced adding 95 security flaws to its list of known exploited vulnerabilities, including more than 60 affecting Cisco and Microsoft products.
Only five of the vulnerabilities added this week to CISA’s catalog have a 2022 CVE identifier, namely flaws patched last month in Cisco’s Small Business RV160, RV260, RV340, and RV345 series routers.
The Cisco vulnerabilities are all rated “critical severity” and they can be exploited for arbitrary code/command execution and privilege escalation. Some of the flaws can be exploited remotely and without authentication.
When it disclosed the vulnerabilities, Cisco warned that it had been aware of the availability of proof-of-concept (PoC) exploits, but did not mention any attacks. The company’s advisory still does not mention active exploitation and there do not appear to be any public reports of malicious attacks.
Tomi Engdahl says:
Anonymous iski Venäjän televisioon
Hakkerikollektiivi näytti venäläisille muun muassa kuvaa ohjusiskusta Kiovaan
https://www.is.fi/digitoday/art-2000008664017.html
Hakkerikollektiivi Anonymous sanoo tehneensä sunnuntai-iltana venäläisiä televisiokanavia ja katselupalveluita vastaan kyberiskun, jossa on näytetty Venäjän aiheuttamaa hävitystä Ukrainan sodassa.
Anonymous kertoo hakkeroineensa ensin Wink- ja Ivi-katselupalvelut, jotka ovat Netflixin kaltaisia katselupalveluita. Tämän jälkeen yhteisö sanoo hakkeroineensa televisiokanavat Russia 24:n, Channel Onen ja Moscow 24:n. Jälkimmäisessä hakkerit sanovat pystyneensä vaikuttamaan myös live-televisiolähetykseen eikä vain nettitelevisioon.
Anonymous toimitti väitteidensä tieksi kuvamateriaalia, mutta väitteiden aitoutta on vaikea täysin vahvistaa. Esimerkiksi YouTubesta löytyy kuitenkin videomateriaalia, joka tukee Anonymousin väitteitä.
Videossa näytetään muun muassa venäläisohjuksen iskeytyminen Kiovaan viime viikolla. Hakkerit sanovat olevansa tavallisia sotaa vastustavia venäläisiä, jotka kutsuvat maanmiehiään nousemaan Putinin itsevaltaista hallintoa vastaan.
Myöhemmin Anonymous sanoi hakkeroineensa myös televisiokanava RT:n ranskalaisen version.
Ukrainaa tukevien hakkerien fokus on siirtynyt viime päivinä tiedon viemiseen Venäjälle, sillä Venäjä on aloittanut laajan sotasensuurin. Venäjä on muun muassa estänyt länsimaisten medioiden, kuten BBC:n ja Deutsche Wellen näkymisen maassa, ja estänyt Facebookin ja Twitterin toimintaa. Maassa voi nyt saada 15 vuoden tuomion ”armeijaa koskevien valeuutisten levittämisestä”.
Ukraina koordinoi vapaaehtoisten hakkeri-iskuja Venäjää vastaan ”Ukrainan IT-armeija” -Telegram-kanavallaan. Anonymous toimii kuitenkin pitkälti itsenäisesti.
Tomi Engdahl says:
Kansalaisaloite jalkaväkimiinakiellosta irtautumisesta keräsi 50 000 kannattajaa
https://www.is.fi/politiikka/art-2000008663806.html
Aloitetta perustellaan sillä, että Suomen ja sen lähialueiden turvallisuustilanne on heikentynyt merkittävästi.
Kommentti: Puolustusvoimat ei kaipaa jalkaväkimiinoja – vaan rahaa
https://www.is.fi/politiikka/art-2000008664107.html
Puolustusvoimain komentaja, kenraali Timo Kivinen julisti maanpuolustuskurssien avajaisissa kolme asiaa, mitä Suomen maanpuolustus nyt kaipaa. Jalkaväkimiinat eivät komentajan mukaan kuulu niihin, kirjoittaa politiikan toimittaja Timo Haapala.
Muilta osin puolustusvoiman komentaja hahmotti kolme kysymystä, jotka ovat nyt muita tärkeämpiä:
1. Kansallisen puolustuskyvyn vahvistaminen eli materiaalia, henkilökuntaa, kertausharjoituksia – suomeksi sanottuna rahaa. Määrärahoja puolustusvoimat on jo saamassa, lisätaloarvioesitys on tulossa.
2. Yhteistyö Suomen sisällä. Hallinnonalojen yhteistyö on turvallisuusajattelumme perusta, sanoi Kivinen.
3. Puolustusyhteistyön tiivistäminen, siis kansainvälisen. Kivinen nosti erikseen esille Ruotsin, Yhdysvallat ja Norjan.