The 13th of July, Cyber News

Ukraine 

The Activity of Hacker Groups in the Distribution of Malicious Software Has Increased

The operational center for responding to cyber incidents of the State Center for Cyber ​​Protection of the State Service of Special Communication has published a report on the results of the System of Vulnerability Detection and Response to Cyber ​​Incidents in the II quarter of 2022. In total, 19 billion events were processed, collected with the help of means of monitoring, analysis and transmission of telemetric information about cyber incidents and cyber attacks. The number of registered and processed cyber incidents increased to 64. The main goal of hackers is cyberespionage, disruption of the availability of state information services and even destruction of information systems with the help of wiper programs. In the II quarter of 2022, a significant increase in the activity of hacker groups regarding the distribution of malicious software was recorded; which includes both data-stealing and data-destructive programs. Compared to the first quarter of 2022, the number of information security (IS) events in the Malware category increased by 38%. At the same time, the number of critical IS events originating from russian IP addresses decreased by 8.5 times. This is primarily due to the fact that providers of electronic communication networks and services that provide access to the Internet have blocked the IP addresses used by the russian Federation. It was from these IP addresses that cyber attacks were carried out on Ukrainian information resources, and fake information related to the discrediting of state bodies during the russian-Ukrainian war was spread. However, the majority of cyber incidents are related to hacker groups funded by the government of the russian Federation.

Current hacker groups that attacked the information resources of Ukraine:

• UAC-0010 (Gamaredon, Armageddon, PrimitiveBear)
• UAC-0056 (Lorec53, SaintBear, GraphSteal, GrimPlant)
• UAC-0028 (APT28, Fancy Bear, Iron Twilight, Sednit)
• UAC-0098
• UAC-0082, UAC-0113

In the II quarter of 2022, the main targets of hackers from the russian Federation were the Ukrainian mass media, the Government and local authorities. ^[1]

Unknown Deleted the Facebook Account of the Editorial Board «Crime. No» and of the Publication’s YouTube Channel

Unknown gained access to the personal Facebook page of the editor-in-chief of Mykolaiv online publication «Prestupnosti.NET» Anatoly Chubachenko and deleted it. In addition, attackers took over and deleted the publication’s YouTube channel. The editors believe that this is all the work of russian special services or russian hackers. Anatoly Chubachenko told the representative of IMI in the Mykolaiv region about this. Thus, on the morning of July 10, Anatoliy Chubachenko discovered that the video of the interview, which was published the day before, was missing from the «Crime.No» website. He saw that the publication’s YouTube channel had been deleted by someone. At the same time, it turned out that he had lost access to his own Facebook page, which was later deleted. The editors do not understand how this could happen. Mail and Facebook accounts had two-factor authentication. In addition, the email to which the YouTube account was linked was not linked to his phone. The editors wrote an appeal to the support service on both YouTube and Facebook. The chief editor is asking for help in contacting Facebook and YouTube representatives directly, as he is afraid that they may lose their YouTube channel, which they have been developing for 10 years, and their Facebook page altogether. ^[2]

russia 

New Attacks by Anonymous-Associated Groups

NB65, after a long hiatus, took to Twitter to announce their new hack. Hackers hacked LLC «Lysvensky Mechanical Plant», taking over the DNS, disabling the PBX and defacing the site.

The site now has: «Greetings russia and a special fuck you to Vladimir putin. As you can see we have compromised a large collection of your machines. Actions like this will continue until your assault on Ukraine comes to a complete stop. Network Battalion 65 won’t stop until you stop. We act on behalf of Ukraine and the free citizens of the world. Cease all hostilities against Ukraine or continue to suffer the consequences against all internet connected technology. Slava Ukraini! You have made a grave mistake, putin. Get the fuck out of Ukraine.» ^[3]

World

Cyber Hackers Target Deakin University

Deakin University students have been sent scam texts after cyber hackers accessed the information of thousands of past and present students. A university staff member’s username and password was used by a hacker on Sunday, allowing them to access information held by a third-party provider. The hacker then used that information to send a scam text to almost 10,000 students, purporting to be from Deakin University. Anyone who clicked on the link in the text message was taken to a form asking for details including credit card information. The hacker also downloaded the contact details, including mobile numbers and email addresses, of 46,980 past and present Deakin students. Deakin was able to stop any further text messages and began an investigation into the cyber attack, a statement from the university said. The university has also reported the breach to the Office of the Victorian Information Commissioner. It comes after the Australian Communication and Media Authority on Tuesday introduced new rules protecting Australians from scam texts. Telecommunication companies are now required to identify, trace and block text scams, and publish information to help their customers manage and report scams. ^[4]

Hacker Group ALPHV Ransomware Claims To Have Obtained Bandai’s Data Namco Elden Ring

The hacker attack on Bandai Namco was reported by the ALPHV or BlackCat group. She will «merge» the internal files of the publisher shortly, but the exact timing is not specified. No Bandai Namco files are yet online, so it’s impossible to confirm the hacker group’s words right now. Bandai Namco has not yet commented on the ALPHV statement, but the media have already reached out to her with questions. If the hack is confirmed, Bandai Namco will not be the first gaming company whose internal files are leaked. Previously, CD Projekt RED, Capcom, and EA faced the same when they stole the source codes of Cyberpunk 2077 and the Frostbite engine and planned for some of the upcoming releases. Hackers claim to have successfully attacked publisher Elden Ring with a ransomware virus. ^[5]