The 24th of June, Cyber News

Ukraine

Microsoft Has Released Data on the Number and Type of Cyberattacks, Their Direction, as Well as Links to Missile Strikes on Infrastructure

According to the report Defending Ukraine: Early Lessons from Cyberwarfare, the activities of russian cybercriminals are overseen by three government organizations: the Federal Security Service, the Central Intelligence Agency, and the russian Foreign Intelligence Service. Microsoft has managed to establish official links with seven hacker groups. The Main Intelligence Directorate is in charge of Strontium, Iridium, DEV-0586. The latter was involved in cyberattacks on the websites of a number of state structures of Ukraine on January 13, 2022. Strontium (also known as Fancy Bear) tried to steal the personal data of journalists, bloggers and media people. The group was also exposed in attempts to attack US and EU resources. Associated with the SZR RF Nobelium is known for attacking the sites of human rights organizations. About those that cyberattacks often outdo aircraft with missile strikes, Microsoft has been talking for a long time.

The company has published additional data about the following events in the fresh light:

• On February 28, there was a threat of an attack on a Kyiv-based media company. On March 1, a series of cyber attacks on telecommunications companies took place, and a missile strike was launched on the Kyiv TV tower on the same day.
• On March 2, hackers attacked Energoatom’s website, and the next day the russians occupied Ukraine’s largest nuclear power plant in Zaporizhia.
• On March 11, a cyber attack on the resources of state structures of the Dnieper took place. On the same day, the city came under fire.
• On March 4, Strontium launched the website of the Vinnytsia City Council. On March 6, russian troops fired on Vinnytsia airport, and 10 days later the Vinnytsia TV tower was attacked.
• On April 19, the Iridium group attacked the website of a logistics center in Lviv, 29 conducted reconnaissance in the transport sector, and on May 3, the russians fired on a railway junction [1].

russia  

Cyberattacks by Groups Associated with China against russian Scientific and Technical Enterprises and Government Agencies

The government team for responding to computer emergencies in Ukraine CERT-UA found several malicious files with specific names: «Vnimaniyu.doc», «17.06.2022_Protokol_MRG_Podgruppa_IB.doc», «remarks table 20.06.2022_obraza» .

These RTF documents contain malicious code that exploits one or more known vulnerabilities in MS Office Word (probably the documents were created using the RoyalRoad builder). As a result, the victim’s computer will be affected by the malicious program Bisonal (in one case, the QuickMute bootloader is used). According to cyber threat researchers, the use of the RoyalRoad builder is one of the hallmarks of groups linked to China. Moreover, the malware Bisonal, as an example, is a tool of the TontoTeam group (UAC-0018). In view of the above, it is reasonable to assume that the groups associated with China have intensified their activities in relation to the russian Federation (enterprises of science and technology, aviation, as well as government agencies). We recommend that you take into account the described method of cyberattacks and emphasize once again the need for timely software updates [2].

World

North Korean Hackers Have Become One of the Most Threatening Forces in Cyberspace – and This Despite the Fact that the Country Has Virtually no Internet

North Korea is a totalitarian state based on the cult of personality of its leader Kim Jong Un, as well as through funds obtained through various fraudulent schemes. In addition to traditional smuggling, North Korea has one ace up its sleeve, which it uses quite effectively. These are hackers. For example, the account of Lazarus Group — one of the most famous North Korean groups of hackers – has long been calculated not in millions but in billions of dollars. The FBI recently blamed the biggest cryptocurrency theft in history — hackers managed to steal nearly $ 625 million from Ethereum by hacking the Ronin blockchain and the Axie Infinity video game running on it. Government hackers are unusual in the world. They are also in Ukraine — and in particular, thanks to their efforts, we managed to repel the russian attack not only on earth, but also in cyberspace. However, in the case of the DPRK, everything is different. The activities of North Korean hackers are one of the pillars of the economy of a totalitarian state, and therefore they must use other methods than their counterparts in other countries. As North Korea is subject to a large number of economic sanctions, the local government needs to invent various illegal means to make money. This is where cyberspace comes to the rescue, as well as people who know how to manipulate this cyberspace. However, it is not enough just to break a certain system to steal money. They need to be washed to be able to use later. That is why North Korean hackers often cooperate with various criminals and fraudsters who help them commit various scams [3].

Apple and Android Phones Hacked by Italian Spyware, Google Says

An Italian company’s hacking tools were used to spy on Apple Inc and Android smartphones in Italy and Kazakhstan, Alphabet Inc’s Google said in a report on Thursday. Milan-based RCS Lab, whose website claims European law enforcement agencies as clients, developed tools to spy on private messages and contacts of the targeted devices, the report said. European and American regulators have been weighing potential new rules over the sale and import of spyware. «These vendors are enabling the proliferation of dangerous hacking tools and arming governments that would not be able to develop these capabilities in-house,» Google said. The governments of Italy and Kazakhstan did not immediately respond to requests for comment. An Apple spokesperson said the company had revoked all known accounts and certificates associated with this hacking campaign [4].