The 26th of July, Cyber News

Ukraine   

Ukrainian Experience in Countering russian Cyber Aggression is in Demand All Over the World

Recently, the most important international event in the field of information security took place – the forum FIRST (The Forum of Incident Response and Security Teams). Insights from the forum were shared by Yevgeny Brixin, Deputy Head of the Government Computer Emergency Response Team of CERT-UA in a column for SPEKA.

The main thing:

Over the past eight years, cyberspace has become a battlefield for russian hackers from special services, who have used all their most advanced weapons on Ukrainian information systems. We came out of this battle with unique experience, knowledge, important for our partners, and which should help the whole world to build a reliable defense against russia’s unjustified aggression in cyberspace.

The aggressor is completely excluded from global processes in the cyber sphere. Consequently, his ability to defend and, more importantly, to attack, will decrease. In russia and belarus, there is no access either to information about the most modern tools and methods used by hacker groups for attacks, or to developments in how democratic countries resist such attacks.

russian cyber aggression is escalating, and the escalation of the situation has gone far beyond Ukrainian cyber borders. Therefore, partnership with democratic countries and common values ​​in building cyber defense systems are extremely important. The world unites to protect against the threat from the russian federation, because it is impossible to defend yourself in cyberspace. ^[1] 

Yuriy Shchygol Talked about the Important Aspects of the Work of the State Service of Special Communication

The main thing from the interview of the head of the State Service of Special Communication, Yury Shchygol, with the Ukrainian Service of Polish Radio:

Ukraine is successfully repelling hacking attacks by russians and confronting the enemy on the information and cyber front. Not a single incident has been recorded in government communication networks in the past few years. The volunteer hub of the State Service of Special Communication  Forces, created by its veterans, has significantly helped servicemen since the beginning of the full-scale war. The army of drones, the creation of which is in progress, will allow us to save the lives of our heroes. Anyone can join on the website https://u24.gov.ua/uk/dronation. ^[2]

Mass Distribution of Stealers (Formbook, Snake Keylogger) and the Use of RelicRace/RelicSource Malware as a Means of Delivery

From 19.07.2022, the government computer emergency response team of Ukraine CERT-UA recorded the facts of mass sending of e-mails with the subject “Final payment” and an attachment of the same name in the form of a TGZ archive. The archive contains an EXE file classified as the RelicRace .NET downloader, designed to download (mostly from OneDrive), decode and run the RelicSource malicious .NET program in memory. RelicSource is functionally an installer that provides decryption of data stored in resources (possible options: XOR/DES/DES3/AES/ARC2) and launch (including by injection) of the received payload. Several ways to ensure persistence are provided, anti-analysis techniques (VM detection) are implemented, as well as sending notifications to Telegram and others. Stealer programs are used as payload, namely: Formbook and Snake Keylogger (exfiltration using the Telegram API). The activity is systematic, massive, and geographically dispersed and is tracked under UAC-0041. ^[3]

russia 

The Network Offers to Buy a Database of Customers of the Moscow Central Universal Department Store

According to the Telegram channel in4security, the client database of the Moscow Central Universal Department Store has appeared on sale. Information about the sale is actively distributed in Telegram chats by two users. One of them is named Serhii – he used the nickname meliksetyan_29 before publishing the offer, but he did not change his phone number before selling the base. The second is @purotexnuk, who used to sell branded items on Avito. Users ask to transfer money for the base to Ashota, whose last name, as it turned out, coincides with the previous nickname of the seller Serhiy. As reported by in4security, the database contains data of approximately 50,000 customers (name, phone, purchased brand, sometimes email) and is offered for purchase for 200,000 rubles. According to one of the sellers, the data was obtained from the support service of the Central Universal Department Store, which has direct access to them. ^[4]

World 

Anonymous Сlaims to Рack a Child Pornography Website

On Saturday, Anonymous on Twitter claimed to have hacked a Child Pornography website. In the tweet, they have also shared the database of the website.

According to GeeksforGeeks, Nowadays, people depend upon the internet for different purposes like information, communication, shopping, etc. similarly children are also connected with the internet for educational purposes or for entertainment. As the internet offers many good things, at the same time it is a big source of crime. There are so many online crimes happening every day, like phishing, cyberbullying, hacking, etc. among all of these crimes child pornography is the most traumatic and heinous crime.

«Child Pornography is a branch of pornography that exploits children who are under the age of 18 years using photos, videos, audio, computer-generated content, etc.  Or the Protection of Children from Sexual Offences (POCSO) Act, 2012, defines child pornography as «any visual depiction of sexually explicit conduct involving a child which includes photographs, videos, digital or computer-generated image indistinguishable from an actual child and an image created, adapted or modified but appears to depict a child», a source as per GeeksforGeeks. ^[5]