The 29th of July, Cyber News

Ukraine   

Ukrainian-American Cooperation in the Field of Cyber Security is Reaching a New Level

The State Service of Special Communications and Information Protection has signed a Memorandum of Cooperation on cooperation in the field of cyber security with the Cyber ​​Security and Infrastructure Security Agency of the United States Department of Homeland Security (CISA). Establishing deeper cooperation with American partners is another important step for the integration of Ukrainian cyber defenders into the global professional cyber environment. The USA, together with Ukraine, are the countries against which the largest number of cyber attacks are carried out. Therefore, the exchange of experience and joint efforts in countering cyber-aggression will enable both states to protect their own information resources much more effectively. «This memorandum symbolizes a long-term partnership and agreement in the protection of our common values ​​through enhanced exchange of information in real time between departments and critical sectors and dedicated cooperation for the development of a sustainable partnership,» stressed Oleksandr Potiy, deputy head of the State Intelligence Service after the signing.

CISA Director Jen Easterly, in her turn, emphasized that the signed document will deepen CISA’s cooperation in the field of cyber security with Ukrainian partners. «I applaud Ukraine’s heroic efforts to defend its nation against unprecedented russian cyber aggression, and I am incredibly moved by the resilience and bravery of the Ukrainian people during this unprovoked war. Cyber ​​threats cross borders and oceans, so we look forward to developing our relationship with the CSIRO to share information and jointly build a global cyber resilience framework».

The key directions of cooperation of cyber security authorities will be:

• studying the methodology and practice of security of the critical infrastructure of the United States of America;
• cooperation on cyber threat indicators, protection measures and information related to cyber security risks and incidents;
• exchange of information and best practices regarding cyber incidents to improve relevant incident management, response and recovery systems after cyber incidents by establishing two-way information exchange channels between Participants to identify and respond to cyber threats;
• understanding how both Participants cooperate in the field of cyber security with the private sector;
• exchange of best practices and participation in cyber security through courses, trainings, joint exercises;
• implementation of joint cyber security projects. ¹

russia 

New Attack by the IT ARMY of Ukraine

The IT army announced new attacks on russian banks. ²

Anonymous Prepares to Reveal russia’s Interests in Europe

Anonymous is preparing to unveil russia’s interests in Europe to all in #OpRussia framework. This was announced by the Anons of the squad303 group, explaining that they are working on this issue with a new project. The hactivists are known for creating the 1920.in webpage, through which over 110 million messages were sent to russian citizens’ mobile phones to explain to them what is really happening in Ukraine, bypassing the flamboyant Moscow censorship and propaganda about the war against the European country. The squad303 is made up of an international team of programmers, based in Poland. Its name derives from a unit of the British Royal Air Force (RAF), made up exclusively of Poles, which fought in World War II. The name of the 1920.in page also has a precise meaning: it commemorates the Polish victory against the russian invasion of 1919-1920, achieved even though the enemy was superior in numbers and in terms of armaments. ³

DdoSecrets. Russian leaks

In March DDoSecrets published 817GB of hacked data from Roskomnadzor, the russian government agency responsible for censorship in the country. From the 360,000 stolen files, journalists learned that Roskomnadzor had created a system, starting in 2020, for monitoring media content that, in their words, «destabilizes russian society».  The system reviewed and reported publications critical of russian president vladimir putin and state officials, as well as those supporting LGBTQ+ rights, cannabis legalization and the opposition movement. These reports paved the way for the Kremlin to shut down or censor independent media outlets as russia invaded Ukraine this February, according to an investigation by russian independent news website Meduza.  The Roskomnadzor leak is one of 58 russian data dumps published on the DDoSecrets website. Over 12 million russian documents have been leaked to the organization since the start of the war in Ukraine, with more information under embargo, Best told The Record. After the invasion of Ukraine, most of the data DDoSecrets received was coming from russia. Still, the group says that doesn’t mean the company has taken a side. «It really has to do with the data we receive,» DDoSecrets member Lorax Horne told the Verge.

DDoSecrets has received leaks from Ukraine as well, Best told The Record, «but they’ve all been identified as likely tied to state-sponsored entities or as active parts of psyops, such as Free Civilian». Because of their ties to an invading nation, and the lack of a clear and immediate public interest, the organization has decided not to publish them. Among the most active hacktivist groups leaking russian data is Anonymous, which declared «cyber war» on President Vladimir Putin in retaliation for the invasion of Ukraine. Other groups, including the Ukrainian Cyber Alliance and CyberHunta, have been sending russian leaks to DDoSecrets for years, Best said.

It is hard to judge how impactful these leaks are given that russian citizens don’t have access to them, and one of the few russian-language media outlets that writes about leaked data, Meduza, has been declared a «foreign agent» and banned from the country for «spreading fakes». Ukraine, however, is actively using this data as proof of russian totalitarianism and corruption. Some of these leaks, like the personal data of 120,000 russian soldiers allegedly fighting in Ukraine, can be used to prosecute war crimes, Ukrainian top security official Yuriy Shchyhol told The Record. ⁴

Hacktivist Group Anonymous Is Using Six Top Techniques to «Embarrass» russia

Ongoing efforts by the underground hacktivists known as Anonymous are «embarrassing» russia and its cybersecurity technology.  That’s according to Jeremiah Fowler, co-founder of the cybersecurity company Security Discovery, who has been monitoring the hacker collective since it declared a “cyber war” on Russia for invading Ukraine. «Anonymous has made russia’s governmental and civilian cyber defenses appear weak,” he told CNBC. «The group has demystified Russia’s cyber capabilities and successfully embarrassed russian companies, government agencies, energy companies and others». «The country may have been the Iron Curtain,» he said, «but with the scale of these attacks by a hacker army online, it appears more to be a ‘paper curtain».

Fowler summarized many of the Anonymous’ claims against russia in a report published Friday. CNBC grouped this claims into six categories, which Fowler helped rank in order of effectiveness:

1. Hacking into databases

• Posting leaked information about russian military members, the Central Bank of russia, the space agency Roscosmos, oil and gas companies (Gazregion, Gazprom, Technotec), the property management company Sawatzky, the broadcaster VGTRK, the IT company NPO VS, law firms and more
• Defacing and deleting hacked files

2. Targeting companies that continue to do business in russia

• Blocking websites of companies identified as continuing to do business in russia
• Dumping 10GB of emails, passwords and other databelonging to the Swiss food company Nestle. Nestle said these claims have «no foundation».

3. Blocking websites

• Blocking russian and belarusian websites
• Disrupting internet connectivity at the St. Petersburg International Economic Forum which delayed Vladimir Putin’s keynote speechby some 100 minutes

4. Training new recruits

• Training people how to launch DDoS attacks and mask their identities
• Providing cybersecurity assistance to Ukraine

5. Hijacking media and streaming services

• Showing censored images and messages on television broadcasts, such as russia-24, Channel One, Moscow 24, Wink and Ivi
• Heightened attacks on national holidays, including hacking into russian video platform RuTube and smart TV channel listings on russia’s «Victory Day» (May 9) and russia’s real estate federal agency Rosreestr on Ukraine’s «Constitution Day» (June 28)

6. Directly reaching out to russians

• Hacking into printers and altering grocery store receipts to print anti-war and pro-Ukrainian messages
• Sending millions of calls, emails and text messages to russian citizens
• Sending messages to users on the russian social networking site VK ⁵

World

U.S. Justice Department Probing Cyber Breach of Federal Court Records System

The U.S. Justice Department is investigating a cyber breach involving the federal court records management system, the department’s top national security attorney told lawmakers on Thursday. Matt Olsen, head of the Justice Department’s National Security Division, alluded to the threat of cyber attacks by foreign nations as he told the U.S. House of Representative Judiciary Committee that the incident was a «significant concern». Olsen made the remarks in response to questions from Representative Jerrold Nadler, the panel’s Democratic chairman, who said that «three hostile foreign actors» had attacked the courts’ document filing system. Nadler said the committee learned only in March of the «startling breadth and scope» of the breach. Olsen said the Justice Department was working closely with the federal judiciary around the country to address the issue. «While I can’t speak directly to the nature of the ongoing investigation of the type of threats that you’ve mentioned regarding the effort to compromise public judicial dockets, this is of course a significant concern for us given the nature of the information that’s often held by the courts,» Olsen said. Olsen did not comment on who was behind the attack, but he noted that his division was focused generally on the risk of cyber attacks by foreign nations like China, russia, Iran and North Korea. ⁶

EU Found Evidence Employee Phones Compromised with Spyware

The European Union found evidence that smartphones used by some of its staff were compromised by an Israeli company’s spy software, the bloc’s top justice official said in a letter seen by Reuters. In a July 25 letter sent to European lawmaker Sophie in ‘t Veld, EU Justice Commissioner Didier Reynders said iPhone maker Apple had told him in 2021 that his iPhone had possibly been hacked using Pegasus, a tool developed and sold to government clients by Israeli surveillance firm NSO Group. The warning from Apple triggered the inspection of Reynders’ personal and professional devices as well as other phones used by European Commission employees, the letter said. Though the investigation did not find conclusive proof that Reynders’ or EU staff phones were hacked, investigators discovered «indicators of compromise» – a term used by security researchers to describe that evidence exists showing a hack occurred. Reynders’ letter did not provide further detail and he said «it is impossible to attribute these indicators to a specific perpetrator with full certainty». It added that the investigation was still active. ⁷