15.04.2022

The 15th of April, Cyber News

IN UKRAINE

Since the beginning of the full-scale Russian invasion, Ukraine has suffered 362 cyberattacks

According to the Government Emergency Response Team CERT-UA, which operates under the auspices of the State Service od Special Communication, Ukraine suffered 362 cyberattacks during the 1.5 months of the war. This is three times more than during the same period last year: 122 cyberattacks were recorded then. More than half of all attacks were carried out to gather information or spread malicious code. Among the main targets of hostile hackers are the government and local authorities of Ukraine, the security and defense sector, and commercial organizations. Details — follow the link

Mass hacker attack on Cherkasy Internet provider

On April 13, a mass DDoS attack was launched on the network of Cherkasy Internet provider McLaut. The head of the provider’s company Vitaly Laut said that the attack had been most likely the work of russia: the planned event had been fulfilled or by hackers or by intelligence services. «We managed to cope with the attack in 2-3 hours. This time it was very powerful —100 Gbps. Our networks were overloaded by 50-80%». According to him, this is not the first DDoS attack on the Internet provider since the beginning of a full-scale war. «This is the second or the third attack, but the previous ones were easier. And now the enemy was prepared, and we were not ready. However, we have concluded that everything will be fine». — Vitaliy Laut also said that other Ukrainian Internet providers had suffered DDoS attacks. Details — follow the link

IN RUSSIA

Anonymous have hacked Gazprom’s website

The hacker group Anonymous have hacked Gazprom Linde Engineering, which serves Gazprom and other russian energy companies (Gazprom Invest, Gazprom Nafta, Linde, Novatek, Tatneft, China National Chemical Engineering, China National Chemical Engineering, Sojitz and rusChemAlliance). The data have been published on the website Distributed Denial of Secrets (DDoSecrets). «Anonymous has just merged 768,000 new emails (728 GB) through DDoSecrets from Gazprom Linde Engineering, which specializes in the design of gas refineries, petrochemicals and refineries,» — the hackers said. Details — follow the link

Anonymous have dumped 495,000 emails from russian firm Technotec

Also the day before, Anonymous reported a spill of 495,000 emails (440 GB) from russia’s Technotec, which provides oil and gas services to companies such as rosneft and Gazprom Neft. Hackers posted on the site
Distributed Denial of Secrets (DDoSecrets) 495,000 company emails. The total amount of information is 440 GB. According to FOCUS journalists, the database contains working correspondence, documents, reports on services provided, agreements on transportation of goods, etc. In addition, there is correspondence between employees of Novachim, a subsidiary of Technotech and rostech. Details — follow the link

Data from courier services for sending looted by russian soldiers from Ukraine has been revealed
The IT army of Ukraine gained access to the data of the courier service, through which the soldiers of the russian army sent the loot to Ukrainian peaceful families. A map has been created with complete information about the russian army of marauders – where they live and where they sent the loot. The map be updated: https://www.google.com/maps/d/viewer?mid=1DdVE421OqBr2e8O71UFlk5PC6FFrVDJn&ll=58.16381487427821%2C81.62282800000003&z=3
Details — follow the link

Establishment of a commission for the security of critical IT infrastructure in russia

Vladimir Putin signed a decree establishing a Security Council commission on the country’s sovereignty in the field of critical information infrastructure development (CII). The Commission will be responsible for state policy in the field of import substitution of CII. It will also take measures to ensure the security of critical IT infrastructure, assess their technological independence, and more. It will include ministers, as well as heads of Roscosmos, Rosatom, Rostech, etc. The commission will be headed by Dmitry Medvedev. Details — follow the link

IN THE WORLD

U.S. ties North Korean hacker group Lazarus to huge cryptocurrency theft

The United States has linked North Korean hackers to the theft of hundreds of millions of dollars’ worth of cryptocurrency tied to the popular online game Axie Infinity, the U.S. Treasury Department said on Thursday. Ronin, a blockchain network that lets users transfer crypto in and out of the game, said digital cash worth almost $615 million was stolen on March 23. No one has explicitly assigned blame for the hack, but on Thursday the U.S. Treasury identified a digital currency address used by the hackers as being under the control of a North Korean hacking group often dubbed «Lazarus». «The United States is aware that the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs as it tries to evade robust U.S. and U.N. sanctions», a Treasury Department spokesperson said, using the initials of North Korea’s official name. Details – follow the link

BlackCat has reported the theft of 1.2 TB of data from Florida International University

BlackCat has attacked at least three schools in the United States. The cyber-raiding group BlackCat (ALPHV) has once again reminded itself of the attack on the Florida International University (FLU). According to hackers, they managed to steal 1.2 TB of personal documents of students, teachers and staff, including contracts, social security numbers, e-mail addresses, etc. Savannah State University, Detroit Mercy University, Central College, Phillips Public College, University of Arkansas, National University College. According to Allan Liska, a specialist at Recorded Future, in March 2022 his team recorded 37 open reports of ransomware attacks on educational institutions. Details — follow the link

ESET in cooperation with Microsoft neutralized the famous botnet Zloader

ESET, in collaboration with Microsoft’s Digital Crimes Unit and other researchers, has neutralized the famous Zloader botnet. ESET specialists provided technical analysis, statistical information, as well as domain names and IP addresses of command servers.The threat spread to various families of malware, including extortionist programs. In addition, Zloader could steal data from browsers, record keystrokes and take screenshots, as well as remotely manage infected systems. Recently, the threat has spread through malicious browser ads and pop-ups on fake sites. The coordinated disposal operation targeted three specific botnets, each using a different version of Zloader malware. ESET researchers helped identify 65 malicious domains that were used during an effective disposal operation. Details — follow the link