12.07.2022

The 12th of July, Cyber News

Ukraine  

Attack of the UAC-0056 Group on State Organizations of Ukraine Using Cobalt Strike Beacon

The government computer emergency response team of Ukraine CERT-UA recorded the fact of mass distribution of e-mails with the subject «Joint official report on the humanitarian situation. Ukraine» and an attachment in the form of an XLS document «Humanitarian catastrophe of Ukraine since February 24, 2022. Xls». At the same time, e-mails are sent from compromised e-mail addresses of state bodies of Ukraine. The mentioned document contains a macro, the activation of which will lead to the launch of the file «baseupd.exe», the execution of which will lead to the defeat of the computer by the malicious program Cobalt Strike Beacon. CERT-UA is taking measures to establish the circumstances of the compromise of e-mail accounts, as well as to block the malware management server. Based on the tactics used, the activity is associated with the activity of the UAC-0056 group.[1]

russia 

New Hacks from Anonymous-Associated Groups

Anonymos reported the hacking of the website for the supply of food products for the needs of the Irkutsk branch of Gazprom https://gazprompitanie38.ru/. Server hacked, all data deleted, website now supports Ukraine. [2]

The 12th of July, Cyber News

YourAnonSpider reported a breach of a secure host system https://secure-host.net/. [3]

The 12th of July, Cyber News

The Russian Arctic and Antarctic Research Institute pwned by Abatu

Abatu tweeted saying «Russian Arctic and Antarctic Research Institute PWNED! Below you can find over 50k data documents totalling over 600mbs». Arctic and Antarctic Research Institute(AARI) is the oldest and largest Russian research institute in the field of studying comprehensive studies of the Arctic and Antarctica and is located in Saint Petersburg. They have got numerous departments starting from oceanography, glaciology, meteorology, hydrology or Arctic river mouths and water resources, geophysics, polar geography, and others. Throughout its history, the AARI has organized more than a thousand Arctic expeditions, which includes dozens of high-altitude aerial expeditions, which even transported manned drifting ice stations to the Central Arctic. In the coming next years AARI is expecting the North Pole polar drifting research platform, which can perform continuing studies in the Arctic Ocean. [4]

World

Hackers Have Hacked the iPhone and iPad of Hunter Biden, the Son of the US President

On 4chan, someone under the name «Kiwianon» published alleged iPhone and iPad backups of Hunter Biden, an American lawyer, public servant and businessman, the son of the 46th President of the United States, Joe Biden, and one of the main figures in the Ukrainian scandal of the Trump administration. [5]

Hackers Show How Easy It Is to Flood Israel

Hackers have discovered that the sewer system in the Israeli coastal town of Or Akiva is completely exposed on the web, without any basic protection. Israeli cyber researchers say that many industrial systems in Israel and abroad are exposed to similar hacks – which allow hackers to gain access, take over systems and cause physical damage. On Thursday, hackers published a photo showing the graphic interface of the sewage pump control system in Or Akiva. An examination revealed the interface was completely undefended and did not even require a password and the website did not use the Hypertext Transfer Protocol Secure. Nonetheless, the hackers may not have known exactly what the interface is used for, because the photo, posted on a Telegram channel, was captioned: «Wow, fuel pumps in Israel. Wonder what happens when the pumps are off-line?» The interface showed, in real time, Or Akiva’s sewage pumps, the level and flow of the sewage and pressure, as well as other live parameters. After being approached by Haaretz, the National Cyber Directorate contacted the Or Akiva municipality on Thursday morning, but the interface remained exposed for many hours thereafter. The municipality blocked access to the interface only on Thursday evening following a query from Haaretz. [6]

The 12th of July, Cyber News