The 14th of April, Cyber News


Spendings of russia on cyber attacks on Ukrainian resources have reaches millions of dollars

This was stated by Deputy Prime Minister — Minister of Digital Transformation of Ukraine Mykhailo Fedorov to the program “Batsman”. “I think it’s tens of millions of dollars a day. Because we had DDoS attacks, estimated at $ 500,000, $ 1.5 million, they (russians) have mobilized incredible resources, ” — he said. Fedorov added that russia spent more than $ 1 million on a cyber attack on February 23, when hackers were attacking the state resources. Details — follow the link

Cyberattack on the website of the State Labor Office in Kirovohrad region

russian hackers have damaged the website of Kirovohrad Region Department of Labor and posted an agitation for “friendship” with russia and a so-called “special operation.” Currently, the website of the government agency is temporarily closed. However, according to Kirovohrad Region Department of Labor, experts are currently working to restore its full operation and protect against cyberattacks. Details — follow the link

Cyberattack on Ukrainian government organizations using exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882) (CERT-UA # 4461)

The Governmental Computer Emergency Response Team of Ukraine CERT-UA received an e-mail from the subject of coordination with the subject “Volodymyr Zelenskyy presented the Golden Star Orders to serve the Armed Forces of Ukraine and members of the families of the fallen Heroes of Ukraine “and multiple graphics. The detected activity, depending on the topic, content, appendices to the letter, as well as recipients, is targeted and will be tracked by UAC-0097. Details — follow the link

Cyberattack on state organizations of Ukraine using the malicious program IcedID (CERT-UA # 4464)

The Governmental Team for Response to Computer Emergencies of Ukraine CERT-UA revealed the fact of mass distribution among Ukrainian citizens of XLS-documents called “Mobilization Register.xls.” The downloaded EXE file will decrypt and run the malware GzipLoader on your computer, which in turn will download, decrypt and run the malware IcedID. This malware (also known as BankBot) belongs to the class of “banking Trojans” programs “, and, among other things, provides theft of authentication data. With a moderate level of confidence, the activity is associated with the activities of the group UAC-0041. Details — follow the link

Distribution of fake video with the BBC News logo about missile strikes in Kramatorsk

The occupiers are spreading a fake video with the BBC News logo on the Internet, which says that Ukraine is responsible for the rocket attack on the Kramatorsk railway station on April 8 – the video was published by a Russian news agency. The BBC has already issued a statement in this regard: it is stated that measures are being taken to remove this fake video. They also urged not to distribute it, but to check all the news on the official website of the BBC News. Details — follow the link
The 14th of April, Cyber News



russian hackers have stolen 70% of funding from the FSB

The Minister of Digital Transformation of Ukraine Mykhailo Fedorov spoke on the program “Batsman” about corruption within hacker groups operating under the auspices of the Kremlin. According to him, these groups are funded by the FSB, but 70% of the funds have been stolen. Fedorov said that hackers who had attacked Ukrainian government websites reported to the FSB that Ukrainian portals had been allegedly in their hands. However, in fact, these are only unsubstantiated statements, Fedorov said, and because of this, “redistribution” may begin within these groups. “In fact, it turned out the opposite. And when our cyber community puts the site of the Kremlin and the FSB, and they attacked the site of some UTC (United Territory Community). I think the internal clashes have started, ” — the minister said. Details are available at the link



The Ukrainian flag flutters over NATO’s cybercenter

NATO’s Joint Center for Advanced Technology in Cyber ​​Defense (CCDCOE) has hoisted the Ukrainian flag. “Building cooperation in cybersecurity is vital, especially given the growing risk of potential threats in cyberspace. We are with Ukraine! CCDCOE welcomes the prospect of Ukraine’s accession to the CCDCOE family, “said CCDCOE Director Colonel Jaak Tarien. Participation of Ukraine in CCDCOE will significantly contribute to a more effective exchange of experience in the field of cybersecurity between the cybercenter, member countries and NATO. Details — follow the link

U.S. warns newly discovered malware could sabotage energy plants

Private security experts said they suspect liquefied natural gas facilities were the malware’s most likely target
U.S. officials announced Wednesday the discovery of an alarmingly sophisticated and effective system for attacking industrial facilities that includes the ability to cause explosions in the energy industry. Private security experts who worked in parallel with government agencies to analyze the system said it was likely to be Russian, that its top target was probably liquefied natural gas production facilities, and that it would take months or years to develop strong defenses against it. That combination makes the discovery of the system, dubbed Pipedream by industrial control security experts Dragos, the realization of the worst fears of longtime cybersecurity experts. The program manipulates equipment found in virtually all complex industrial plants rather than capitalizing on unknown flaws that can be easily fixed, so almost any plant could fall victim, investigators said. “This is going to take years to recover from,” said Sergio Caltagirone, vice president of threat intelligence at Dragos and a former global technical lead at the National Security Agency. Details — follow the link