The 22nd of June, Cyber News


Cyberattack of the APT28 Group Using the Malicious Program CredoMap

The government’s team for responding to computer emergencies in Ukraine CERT-UA found a malicious document «Nuclear Terrorism A Very Real Threat.rtf», the opening of which will lead to downloading an HTML file and executing of the JavaScript code (CVE-2022-30190), which will ensure download and launch the CredoMap malware. The meta-data indicate that the document was modified on June 9, 2022, so its distribution could have been carried out on June 10, 2022. According to the set of characteristic features, we consider it is possible to associate the detected activity with the activities of the APT28 group [1].

Google Representative to UN Security Council: russia’s Cyber Attack Purpose Is to Justify War Crimes

At the meeting of the UN Security Council, the founder and director of the Jigsaw Science Center (Google Ideas) Jared Cohen said that russia uses the Internet to attack Ukraine in several areas. First of all, these are DoS-attacks on Ukrainian institutions, individuals and organizations – server overload, which makes it impossible to access relevant web resources. The second direction is «organized persecution through toxicity and deception, directed against prominent personalities and entire classes of people», in particular the spread of lies about the President Volodymyr Zelensky. According to the expert, now numerous campaigns are aimed at causing dissatisfaction with Ukrainian refugees across Europe. «Social networks are spreading misinformation about criminal activities related to refugees, about the allegedly privileged position of refugees compared to the country’s citizens,» Cohen said, noting that the strategy is aimed at undermining public and political support for Ukraine. «The information war has penetrated the homes of ordinary people around the world, the activities of activists and political leaders,» said a Google spokesman, adding that this was the third direction of russia’s attacks. Moscow’s efforts are aimed at «positioning Ukrainians as liars» instead of turning public opinion in russia’s favor. Such attacks are carried out through a combination of real people, trolls and advanced chatbots, he added. However, many platforms are unable to respond to these attacks quickly and accurately. The fourth vector of attacks was the use of misinformation and lies to incite and justify extreme violence, Cohen said. «russia’s incessant propaganda among its citizens – allegedly Ukrainians were Nazis – serves to dehumanize them in the eyes of the russian military, which has led to many war crimes,» said a Google spokesman. According to him, the russian Internet is the «fifth and final direction of the attack», which replaces Ukrainian providers in the occupied cities [2].


New Leakage from Anonymous

Hackers Porteur and B00da linked to Anonymous have leaked 69,000 emails (41.1 GB) from the Krasnoyarsk Public Chamber, the largest city in the Krasnoyarsk Territory, russia. Krasnoyarsk is an important junction of the Trans-Siberian Railway, one of the largest producers of aluminum in the country [3].


Japanese Automotive Hose Maker Nichirin Hit by Ransomware Attack

Japanese automotive hose maker Nichirin Co. on Wednesday said that a U.S. subsidiary had been hit by a ransomware attack forcing it shut down its computerised production controls. The U.S. unit, which supplies hoses to Japanese carmakers, has switched to manual production and shipping in order to keep parts flowing to customers, it said in a media release. «We are investigating what impact this may have on our customers, and we will promptly disclose any necessary information,» the company said. Nichirin also posted a warning on its website about possible spoof emails that appeared to be from the company and asked recipients not to open any attached files [4].