The 18th of April, Cyber News


The State Center for Cyber ​​Defense of the State Service of Special Communication has neutralized the attack on the websites of state bodies

The system of secure access to the Internet of the State Center for Cyber ​​Security (SCCS) of the State Service od special Communication has recorded and repulsed a number of large-scale DDOS-attacks aimed at disrupting the availability of web resources of state authorities of Ukraine. DCC specialists determined that the attacks were carried out from a large number of infected botnet hosts who tried to disguise themselves as legitimate traffic from browsers in order to circumvent the blocking rules. A feature of the attack was the implementation of a bot attack with a blocked DDoS attack with a simulation of user behavior. The attackers conducted a cyber operation in two stages. During the first, a small amount of botnet traffic had been generated to test resources for vulnerabilities for several days. The second step was to generate a large amount of traffic in a short period of time in order to block access to web resources. The peak power of the attacks has exceeded 435 Gbps. The attacks were mostly carried out with the help of VPN traffic, disguised as various countries, including Ukraine. However, such manipulations were detected by SCCS specialists and blocked due to measures taken to further adjust security policies. The availability of resources was not violated. Details — follow the link

The site of the city of Mariupol 0629 is the subject to constant cyber attacks

The attacks on the Mariupol website 0629.com.ua have not stopped for the last three weeks. It is being attacked from dozens of different countries, including russia. Attacks occur not only on the Mariupol site, but also on other sites of the CitySites network. The technical service was forced to temporarily block access to the site for visitors from some countries to stop the attacks. On April 14, access to 0629 was restored, but then a new attack. This time the sabotage concerned the site’s logo. It has been removed, along with some other images. The russians tried to install instead of the site logo – russian tricolor! There is currently very little information on who did it and in what way. The technical service is working on the restoration. Details — follow the link


IT ARMY of Ukraine has attacked another set of online resources of the aggressor

On April 15, IT ARMY of Ukraine attacked Plato, a system designed to collect tolls for trucks weighing more than 12 tons on the aggressor’s roads. Details — follow the link

On April 16, IT ARMY of Ukraine focused on online television services more.tv, okko.tv, ontvtime.ru, amediateka.ru, wink.ru, tvigle.ru. Details — follow the link

On April 17, a number of online food ordering services were attacked, including: vkusvill.ru, okeydostavka.ru, delivery-club.ru, samokat.ru, utkonos.ru. Details — follow the link

April 18 began with an attack on the veterinary inspection system. This is a service for issuing permits for meat and dairy products “Mercury”. Without this, the goods do not fall on the shelves of supermarkets. Details — follow the link

An information board has been broken at the entrance to Krasnoyarsk

On the information board at the entrance to the Russian Krasnoyarsk instead of the traditional “Welcome to Krasnoyarsk – the city of labor valor” appeared a phrase from the prison jargon “Evening in the house of the detainee.” Experts are finding out who could have broken the scoreboard. Details — follow the link


US accuses North Korean hacker group Lazarus of stealing $ 625 million from crypto game Axie Infinity

The US Treasury Department accuses the North Korean hacker group Lazarus of stealing $ 625 million worth of cryptocurrency from the Ronin network (a blockchain that supports the Axie Infinity crypto game) tied it with the group Lazarus. The discovered crypto wallet currently contains 148 thousand Ethereum coins worth a total of $ 445 million. Less than a day ago, 3302.6 Ethereum was transferred from this wallet to another address, which corresponds to almost $ 10 million. Etherscan hacking Ronin. It will be recalled that on March 29, hackers committed one of the largest thefts of cryptocurrency to date, stealing Ethereum worth $ 625 million. The Lazarus group, which is accused of the crime, is linked to North Korean intelligence and is responsible for seven attacks last year. The band became famous for hacking Sony Pictures in 2014, the release of the comedy “Interview”, which takes place in North Korea. She later used Trojan malware to steal millions from ATMs in Asia and Africa in 2018, and was linked to the WannaCry extortionist program. Details — follow the link

European wind turbine company Nordex has suffered from an attack by Conti extortionist programs

Conti has claimed responsibility for a recent cyber attack on wind turbine giant Nordex. The company’s cyber attack had to shut down the company’s IT systems and ban remote access to controlled turbines. Nordex is one of the largest developers and manufacturers of wind turbines, with more than 8,500 employees worldwide. On April 2, Nordex reported that it had suffered a cyber attack, which had been detected at an early stage. The company’s specialists turned off the IT systems to prevent the spread of the attack.
“The intrusion was detected at an early stage and response measures were taken immediately in accordance with crisis management protocols. As a precaution, the company has decided to disable IT systems in some departments, “- said in a statement Nordex to the press. Details — follow the link

DeFi Beanstalk has lost $ 182 million in assets due to a hacker attack

Beanstalk, a protocol of credit-oriented stable coin built on Ethereum, was hacked on Sunday morning. The protocol has lost about $ 182 million in various cryptocurrencies, according to PeckShield, a blockchain security company. According to the Beanstalk protocol, the attackers have stolen more than $ 80 million in cryptocurrencies, including 24,830 ETH. At present, this amount of ETH is equivalent to approximately $ 75.8 million. Other stolen funds came in the form of depleted liquidity tied to a token control protocol. In a tweet, PeckShield experts explained that hackers had been able to use a flash credit attack to buy a large number of BEAN tokens. According to experts, this hack will be the second largest this year after the attack on the Ronin network. Details — follow the link