The 27th of April, Cyber News

UKRAINE

Cyberattack on the website of Lviv Regional Military Administration

The official website of Lviv Regional Military Administration has been hackred. Now the technical service is working to restore its work. Details – follow the link 

UAC-0056 cyberattack using GraphSteel and GrimPlant malware and COVID-19 (CERT-UA # 4545)

The Governmental Computer Emergency Response Team of Ukraine CERT-UA received an email from the coordinating entity with an attachment in the form of an XLS-document «Aid request COVID-19-04_5_22.xls», which contains a macro. If the macro is activated, the latter will decode the payload located in the hidden sheet of the document, as well as create a disk and run the Go bootloader. In the future, malware GraphSteel (compilation date: 2022-04-21) and GrimPlant will be downloaded and executed on the computer. Emails were sent from a compromised account of an employee of a state body of Ukraine. The activity is associated with the activities of the UAC-0056 group. Details – follow the link 

Hacking attacks in Ukraine do not stop

Since the beginning of the full-scale russian invasion of Ukraine, 430 cyberattacks have been recorded. Government sites, the Action ecosystem, the energy sector and the financial sector are the biggest targets of hackers. In an interview with RBC-Ukraine, Deputy Prime Minister and Minister of Digital Transformation Mykhailo Fedorov spoke about cyber attacks during the war. According to the State Service of Special Communications and Information Protection of Ukraine, 430 cyberattacks have already been recorded during the two months of the full-scale war. For comparison – last year there were 207. The Minister of Digital Transformation stressed that the hackers were targeted by government sites, the ecosystem of products «Action», the energy sector and the financial sector. Details – follow the link 

russia

IT ARMY of Ukraine

IT Army of Ukraine is attacking tender grounds of russia. Details – follow the link

Because of the sanctions, russian hackers are looking for new ways to launder money

russian hackers must look for new ways to launder money. According to Flashpoint, as an alternative, they began to use Chinese payment systems, including banking and Union Pay. However, Union Pay is already considering blocking users from the russian Federation, so this loophole may close soon. Blocking money transfers through Western Union and MoneyGram has made life much more difficult for fraudsters and extortionists who have used these services to anonymously receive payments from their victims. Because of the SWIFT blockade in russia and sanctions against russian banks, cybercriminals have started laundering money through banks in Armenia, Vietnam and China, where sanctions have not been imposed. Cryptocurrency exchanges that request personal data from their users, even working in russia, are not suitable for hackers who need anonymity, so the only thing available to them are underground cryptocurrency mixers and withdrawal services. According to Flashpoint, due to the current situation, some cybercriminals decided to wait with the withdrawal of funds and began to invest in gold and keep cryptocurrency in offline wallets. Details – follow the link 

WORLD

Pakistani bank faces data theft

Overseas thieves have completely managed to rob a leading Pakistani bank through internet banking.The thieves managed to perform it as they used compromised data of a number of debit cards to conduct fraudulent financial transactions in foreign currencies, media reports said. The event made the financial institution suspend the services of international financial transactions through debit cards of almost all the customers, The Express Tribune. «The fraudulent transactions were conducted in dollar denominations (instead of Pakistani rupees)».  «We are under no cyber-attack. No data breach or hacking has happened,» a United Bank Limited (UBL) high official confirmed to The Express Tribune. «But, yes, we have received complaints from some of our customers for fraudulent transactions through their debit cards,» he said, adding most of the fraudulent transactions happen after customers unintentionally share their secrets including passwords and PIN codes with unknowns. Details – follow the link

Hacker has hacked Bored Ape Yacht Club Instagram account and steals NFT for millions of dollars

The official Bored Ape Yacht Club (BAYC) Instagram account has been hacked and a phishing link has been posted to transfer tokens from users’ wallets. The hacking was done through «airdrop» advertising – free distribution of tokens to users who connect MetaMask wallets. When control of the account was restored, BAYC issued a fraud warning, but some users managed to follow the link. According to NFT Rarible, the hacker had 134 NFTs, including four stolen Bored Apes tokens and other items from Yuga Labs’ BAYC creators. The value of each individual Bored Ape token can reach six figures, based on the latest sales. The cheapest token, # 7203, was sold four months ago for 47.9 ETH ($ 138,000). The most valuable token was Bored Ape # 6623, which was sold three months ago for 123 ETH ($ 354.5 thousand). Details – follow the link

Russia-linked hackers claim to have breached Coca-Cola Company

A ransomware gang that sided with Moscow claims it stole 161 GB of data from the multinational company. The group behind Stormous ransomware announced it has hacked servers belonging to the Coca-Cola company. A note on the gangs’ leak site says the they stole 161 GB of data. The stolen file list, obtained by CisoAdvisor, shows file names suggesting that threat actors stole financial data, passwords, commercial accounts, email addresses, and other data. The gang is a relative newcomer to the ransomware game, gaining some attention at the beginning of 2022 after Stormous announced they stole 200 GB of data from Epic Games. Details – follow the link