The 12th of August, Cyber News

russia

Hackers Have Hacked a russian Service with TV Channels

Ukrainian hackers have hacked the russian service for watching Pager TV channels. Oleksandr Fedienko, People’s Deputy of Ukraine from “Servant of the People” and deputy chairman of the Verkhovna Rada Committee on Digital Transformation, announced this on his Telegram channel.

Pager TV is a platform that allows you to watch russian TV channels in applications for Apple TV and iOS (Apple’s operating system for iPhone and other devices). It is used by tens of thousands of russian users, whom cyber activists decided to remind about the war in Ukraine, caused by the invasion of the russian armed forces.

The video shows that hackers changed the playlists of the service on the smartphone, and instead of broadcasting the channels selected by the user, videos are shown that the war will soon come to russia. “War is getting closer” and “War will come to your house,” say the inscriptions in the video. The authors showed explosions and fires that had already occurred on Ukrainian territory, as well as footage of captured soldiers of the russian armed forces, dead people and destruction caused by hostilities.¹

World

Belgian Researcher Has Hacked Starlink

Lennert Wouters, a security researcher at KU Leuven in Belgium, has created a tool that allows you to run code on a Starlink terminal. The consumables for the home-made device cost him only $25.

To gain access to the satellite dish’s software, Wouters took it apart and plugged in an invented hacking tool. The latter is a printed circuit board (modchip), the parts for which cost only $25. Once attached to the Starlink dish, the homemade PCB can launch a crash attack, temporarily shutting down the system to help bypass Starlink’s defenses. This mechanism allowed Wouters access to previously blocked parts of the Starlink system.

The engineer presented his invention at the Black Hat security conference in Las Vegas. Starlink immediately responded by issuing a security statement.

“To begin with, we would like to congratulate Lennert Wouters on his successful research,” they write. Things like this help us make our security system better.”

Starlink called this method of hacking impressive, but at the same time reassured its customers, informing them that they should not be afraid due to a number of circumstances: the need for physical access to the dish, the impossibility of interfering with the software of satellites or obtaining personal data of other users, etc.²

Hacker offers to sell data of 48.5 mln users of Shanghai’s COVID app

A hacker has claimed to have obtained the personal information of 48.5 million users of a COVID health code mobile app run by the city of Shanghai, the second claim of a breach of the Chinese financial hub’s data in just over a month.

The hacker with the username as “XJP” posted an offer to sell the data for $4,000 on the hacker forum Breach Forums on Wednesday.

The hacker provided a sample of the data including the phone numbers, names and Chinese identification numbers and health code status of 47 people.

Eleven of the 47 reached by Reuters confirmed that they were listed in the sample, though two said their identification numbers were wrong.

“This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption,” XJP said in the post, which originally asked for $4,850 before lowering the price later in the day.

Suishenma is the Chinese name for Shanghai’s health code system, which the city of 25 million people, like many across China, established in early 2020 to combat the spread of COVID-19. All residents and visitors have to use it.³

After Recognizing russia as a Sponsor of Terrorism, Hackers Attacked the Website of the Latvian Parliament

On August 11, the Latvian Parliament recognized russia as a state that sponsors terrorism. Shortly after that, a hacker attack was carried out on the agency’s website.

As of 13:50 on August 11, it is impossible to go to the website of the Parliament. Details about the attack on the state resource are currently not reported.⁴

Cybersecurity firm Cisco admits to being hacked

Cisco has confirmed that it was hacked earlier this year, in a breach that reportedly saw it stripped of 2.75GB of data.

The admission marks the latest stage in what appears to be a general escalation in the wider cyberwar, with cybersecurity companies increasingly targeted themselves by threat actors.

According to the company’s own testimonial, threat actors published a list of data they stole from Cisco on the dark web on August 10, prompting it to respond with an admission that it had been breached back in May.

Though Cisco sought to play down the attack, claiming that nothing of real value was taken, the revelation confirms that it has joined Twilio and Cloudflare, who were both breached by the very cybercriminals they seek to defend against.

“We took immediate action to contain and eradicate the bad actors,” said Cisco. “We have taken steps to remediate the impact of the incident and further harden our IT environment. No ransomware has been observed or deployed and Cisco has successfully blocked attempts to access Cisco’s network since discovering the incident.”

The cybersecurity firm claims that none of its products, services, sensitive customer or employee data, intellectual property, or supply chain operations have been affected by the attack.⁵

Public healthcare service in UK hit by ransomware

A software provider to Britain’s vast state-run healthcare sector has confirmed that a recently disclosed breach of its systems was a ransomware attack.

Advanced said it suffered the cyberattack on August 4 and issued a statement a week later confirming the motives behind it.

“Advanced experienced a disruption to our systems that we have since determined to be the result of a cybersecurity incident caused by ransomware,” it said. “We immediately took action to mitigate any further risk and isolated all of our health and care environments, where the incident was detected.”

The money-motivated cyberattack could potentially impact millions of patients that use the taxpayer-funded National Health Service (NHS) in the UK, a major client of Advanced, as well as other healthcare bodies that also use its products and services.

Software programs taken offline because of the cyberattack are Adastra, Caresys, Odyssey, Carenotes, Crosscare, Staffplan, and eFinancials. These are used to facilitate healthcare service provision, for instance by managing homes for the elderly, patient scheduling, and record-keeping.

Advanced has reached out to cybersecurity firm Mandiant and tech giant Microsoft to investigate the breach and bring the affected systems back online with “enhanced protections.”

It added: “We remain in contact with the NHS, [UK state cybersecurity body] NCSC, and other governmental entities, and are providing them with regular status updates.” ⁶