The 26th of May, Cyber News


Three fake chatbots «Something is flying» were found on the Internet

According to the head of Lviv regional military administration Maksym Kozytskyi, with the help of these chatbots the attackers are trying to convince that the real chatbot does not work. Kozytskyi stressed that the real chatbot «Something flies» works without any problems. This chatbot was developed by Lviv OVA specialists and IT specialists at the request of the West Air Command. The bot gives an opportunity to all willing residents of Lviv region to report a threat in the sky (missile, drone or plane), and Ukrainian defenders — to repel this threat [1].

Russia has committed 280 crimes against journalists and the media in Ukraine during the three months of the war

In particular, 32 cybercrimes and 50 threats have been detected. Since the beginning of March, there has been a steady trend of intimidation of journalists through mailings, personal or editorial, threats of imprisonment in Siberia, torture, and interrogation. Poetic threats began to be sent to journalists in April. Although this continued in May, it was the first time that nuclear weapons threats had been reported. In particular, such a letter was received by the editorial board of the Center for Journalistic Investigations «Force of Truth». Both central and regional media outlets received threats. Ukrainian media sites are steadily suffering from constant cyber attacks by russians. During this period, IMI recorded 32 such cases. As a result of the attacks, media sites stop working for a while at all or partially. Hackers change materials, place the russian flag, their Z and V symbols, and so on [2].


rutube will expand its staff of cybersecurity specialists

This will be done after a powerful attack on the service on May 9. This statement was made by rutube CEO Alexander Moiseyev, emphasizing that now monitoring the stable operation of video hosting is an absolute priority for experts. On May 9, rutube suffered the «most powerful cyber attack» in the history of the service. The attack affected more than 75% of the databases and infrastructure of the main version and 90% of backups and clusters for database recovery [3].


Hackers have created a virus that forces victims to do charity

A strange encryptor virus has appeared on the Internet, demanding money not for the hackers who created it, but for charity. It was discovered by cybersecurity company Cloudsek. The new program is called Goodwill. According to Cloudsek, which monitors digital risks, it is probably backed by a group from North Korea. Once infected, GoodWill encrypts documents, photos, videos, databases, and other important files on your computer and makes them inaccessible without a decryption key. To get it, the victim must perform three actions, provide confirmation of this and post on social media. Hackers are forced to give clothes to the homeless, feed five children from low-income families in cafes and donate money to those who need urgent medical care, but can not afford it. Victims of the virus are asked, for example, to videotape the process of transferring clothes, and to confirm that the target really fed the children in Dominos Pizza Hut or KFC — apparently, should be brought specifically to these networks — provide photos of checks. To help those in need of medical care, you should go to the nearest hospital, and then send dictaphone recordings, photos and videos. Finally, you need to post on Instagram or Facebook that you have «become a good person by falling victim to the GoodWill extortion program». After performing all three actions, hackers check the media files sent to the victim and her posts on social networks. If all the information provided is true, the unknown criminals will share a complete set of decryption, which includes a basic decryption tool, a password file and a video tutorial on how to recover all important files. GoodWill was first discovered in March 2022. Since April 2022, the hacker group that created it has been of interest to Indian law enforcement agencies: according to their version, Goodwill is backed by hackers from the DPRK [4].

Police data from Xinjiang, China, have been leaked to the Internet

A new batch of data obtained by hackers from the archives of the Chinese police sheds light on human rights violations in Xinjiang. At the same time, UN High Commissioner for Human Rights Michel Bachelet is currently visiting the region. The data, called Xinjiang police files and published by a media consortium, including the BBC, dates back to 2018 and was handed over by hackers to Dr. Adrian Zenz, an American scientist and activist who shared them with the international media earlier this year. The archive contains thousands of photos of detained people and tells in detail how people who try to escape are shot. The ruling Communist Party is accused of detaining more than 1 million Uighurs and other Muslim minorities in the far western region as part of years of repression that the United States and other Western politicians have called «genocide». In addition to the mass arrests, researchers and campaigners have accused the Chinese government of campaigning for forced labor, forced sterilization and the destruction of Uighur cultural heritage in Xinjiang [5]. 

«Private» hackers have grown to the level of «state hackers»

Interpol Secretary General Jürgen Stoke told the World Economic Forum in Davos that cybercrime groups had become more sophisticated today. Hacking has become a global problem, and the detention of criminals is becoming more difficult due to the actions of law enforcement officers at the national level. «As the world becomes more connected, the challenge is how we interact to share information in real time so we can be ready for the next cyber attack. It’s only a matter of time,» he said. Singapore’s Minister of Communications and Information Josephine Theo, in turn, said that hacking is a threat to organizations around the world: «Cybercriminals in terms of their level of training are catching up with state cyber spies. This has become a matter of national security, as critical infrastructure may be at risk. The cybercrime world is profitable and self-financing, so it will prosper». Theo added that attention should also be paid to the use of supply chain and software vulnerabilities — trust between customers and SMEs is questionable [6].