Cyber Digest, the 16th of March
IN RUSSIA
Stopping the work of the sites of arbitration courts in russia
The websites of the arbitration courts of the Primorsky, Krasnoyarsk and Khabarovsk Krai, Novosibirsk and Kursk regions, Moscow and five regions of Ural Federal District have stopped working. A message with insults addressed to the russian President Vladimir Putin and russians in connection with the war in Ukraine appeared on their pages. From Ukraine, access to the sites of russian courts is closed, but a search on Google shows that the description, for example, of the Moscow Arbitration Court has changed. See the source
Hackers have hacked the website of the Ministry of Emergencies of russia
Hyperlinks appeared on the main page of the Russian Ministry of Emergencies with the words: “Don’t trust the Russian media – they are lying”, “Complete information about the war in Ukraine” and “russia’s default is imminent”. And the icing on the cake: “The Ministry of Emergencies informs: more than 13,000 soldiers died in Ukraine during the war.” See the source
Calls to the russians to lay down their arms
The russian occupiers began to get calls on the radio to lay down their arms. See the source
Until the 24th of February, russian media widely were covering cyberattacks on Ukraine, avoiding mentioning that the attacks had been carried out by russian hackers. After the invasion, on the 24th of February russian propaganda shifted its focus from cyberattacks in Ukraine to covering cyber attacks on the information infrastructure of Russia. At the same time, according to CERT-UA, the number of attacks on the critical infrastructure of Ukraine has not decreased. See the source
IN UKRAINE
ZN.ua has been hacked
This has been reported in its telegram channel. “The DSS attack has been carried out on the website of our publication, and we, unfortunately, cannot continue informing you about the most important of the main resource. However, we will continue presenting the most important news here”, – the message informs on the 16th of March at 11:00. At 1:15 p.m., the website of the publication is already up and running. See the source
A moving line of two Ukrainian TV channels has been broken
russian hackers have broken the moving line of Ukraine 24 TV channel and Segodnya website and are broadcasting a fake message from the President Volodymyr Zelensky about the alleged “surrender”. Volodymyr Zelenskyy responded by recording a video message in which he said that he had offered to lay down arms only to the russian military. See the source
Ukraine has suffered more than 3,000 ddos attacks since the 15th of February
The critical information infrastructure of Ukraine has suffered more than 3,000 DDoS attacks since the 15th of February.
Hackers primarily are attacking financial, government and telecommunications infrastructure. This was reported by the State Service for Special Communications and Information Protection of Ukraine. The most popular types of attacks are phishing, malware distribution, and DDoS attacks. Thus, on the 15th of March, a new malicious software was discovered in Ukraine – the CaddyWiper virus. See the source
що імітують повідомлення від UKR.NET та містять QR-код в якому закодовано URL-адресу, створену за допомогою одного з URL-shortener сервісів. У разі відвідування останньої буде здійснено перенаправлення на веб-сайт, що намагається імітувати сторінку зміни паролю UKR.NET. Введені користувачем дані за допомогою HTTP POST-запиту буде надіслано на веб-ресурс, розгорнутий зловмисниками на платформі Pipedream. З низьким рівнем впевненості, ураховуючи застосовану тактику, асоціюємо виявлену активність з діяльністю групи UAC-0028 (APT28). Див. джерело
Distribution of simulated emails from UKR.NET
The team of the government for responding to computer emergencies in Ukraine CERT-UA found out the distribution of e-mails that imitate messages from UKR.NET and contain a QR code encoding a URL created using one of the URL-shortener services. If you visit the latter, you will be redirected to a website that tries to imitate the UKR.NET password reset page. The data entered by the user via HTTP POST-request will be sent to a web resource deployed by attackers on the Pipedream platform. With a low level of confidence, taken into account the used tactics, we associate the identified activity with the activities of the group UAC-0028 (APT28). See the source
У СВІТІ
Anonymous продовжують зламувати російські сайти
Спеціалістами Anonymous зламано сайт Служби спеціального зв’язку та інформації Kremlin.ru – офіційного інтернет-представництва президента росії. Див. джерело
Також вчора Anonymous зламали камери відеозв’язку Див. джерело
IN THE WORLD
Anonymous continues hacking russian sites
Specialists of Anonymous have hacked the website of the Special Communication and Information Service Kremlin.ru – the official Internet office of the president of russia. See the source
Also yesterday, Anonymous hacked video cameras. See the source
