The 10th of May, Cyber News

UKRAINE

Cyberpolice of Vinnytsia region exposed a criminal hacker group that carried out phishing attacks on foreign banks

Members of the group with the help of compromised accounts of search services placed advertisements to promote phishing sites of banks. The data of users who tried to log in to fake sites, the defendants used to misappropriate money. Among the deceived are clients of foreign banks. It was previously established that one of the members of the group, as part of a hacker group, bought HTTP cookies in Darknet (files that are stored in the browser and contain the necessary login data or accounts), which allowed unauthorized intrusion into the accounts of search engine users. In this way, he misappropriated at least 5 million hryvnias. From compromised accounts, attackers paid for advertising for phishing sites of foreign banks. As a result, these fraudulent web resources came out on top. The attackers automatically obtained the credentials of bank customers who tried to log in to fake resources. In the future, the group used this information to misappropriate money [1].

russia

russian video hosting rutube is not working for the second day due to a hacker attack

The hacktivists «put» the russian video hosting rutube, which positions itself as a replacement for Youtube and where many russian state TV channels moved after the start of the large-scale war. As a result of the hackers’ actions, the «site code was completely removed», and now the video service «cannot be restored» [2], [3].

The russian video hosting company rutube, which has not been working for the second day due to a hacker attack on May 9, addressed the head of the Ministry of Digitalization of Ukraine Fedorov in Ukrainian and promised to «pass on the exclusive rights» to restore rutube. «The broken rutube for the second day spoke Ukrainian. We will continue to work until the Kremlin starts speaking,» – the minister commented the post of rutube [4].

«The blood of thousands of Ukrainians is on your hands»: viewers of russian satellite channels have been «congratulated» on May 9

On the morning of May 9, anti-war statements appeared in the programs of russian satellite TV channels, and the russian video hosting company rutube also stated about the cyberattack. In particular, in the descriptions of TV channels and programs on Smart TV there was an inscription: «There is blood of thousands of Ukrainians and hundreds of their murdered children in your hands. TV and the authorities are lying. No war».  «The inscription was seen by users of MTS TV, NTV-Plus, rostelecom, as well as by the owners of Winx media players. According to one version, the built-in player of Smart TVs was broken,» — the statement said. The publication adds with reference to users that a similar inscription appeared in the description of the programs of the service «Yandex.Teleprogram». Subsequently, the TV program of these channels was removed from the russian site altogether [5].

Successes of IT ARMY of Ukraine

On May 10, the IT Army of Ukraine attacks russian enterprises involved in providing the aggressor’s army with shoes [6].

WORLD

russian hackers tried to attack German government sites

russian hackers attempted several cyber attacks on German government structures but were unsuccessful. This was confirmed by German Interior Ministry spokesman Maximilian Kall at a briefing on Monday, Ukrinform’s own correspondent reports.

«I can confirm that attacks have been carried out against government officials in Germany. They were not successful. There were no data leaks. The attacks did not cause any damage,» — the spokesman assured. According to him, these were «technically relatively simple attacks», the so-called denial of service (temporary lack of access to websites), which were successfully repelled by standard cybersecurity mechanisms. The software was not damaged. Experts are investigating these cyberattacks. Kall also noted that after the start of a full-scale russian war against Ukraine, cyberattacks on German structures and critical infrastructure have intensified, but no serious ones have been reported [7].

Hackers have hacked and published information about 21 million users of three VPN services

An archive has appeared in one of the Telegram channels, where you can find information about 21 million users of free VPN services GeckoVPN, SuperVPN, and ChatVPN. They tried to sell the archive in Darknet in 2021. It is unknown at this time what he will do after leaving the post. The total volume of the archive is 10 GB. The database contains usernames, e-mail addresses, their countries, randomly generated password strings, payment details and the validity of premium statuses. Interestingly, 99.5% of the accounts in the archive are registered in Gmail. According to vpnMentor analysts, this means that the hackers who posted the dump shared only part of the data [8].