Cyberattack on Ukrainian Government Organizations Using Cobalt Strike Beacon Malware and Exploits for Vulnerabilities CVE-2021-40444 and CVE-2022-30190
The government team for responding to computer emergencies in Ukraine CERT-UA found the file «changes in SALARIES with accruals.docx», which was distributed among state organizations of Ukraine by e-mail. It was found that the document contains a link to an external object (HTML file containing JavaScript code), the execution of which, after exploiting vulnerabilities CVE-2021-40444 and CVE-2022-30190, will run the PowerShell command, download the EXE file «ms-msdt.exe» and damage your computer with Cobalt Strike Beacon malware. CERT-UA initiated measures to block the domain name and the corresponding server. The agency did not report the consequences of the attack [1].
Palantir Is Ready to Become a Partner of Ukraine in the Sector of Defense, Security and Digital Technologies
On June 2, Mykhailo Fedorov and Volodymyr Zelensky met with Palantir CEO Alex Karp. Palantir is a world leader in data analysis software development. The company’s products are used by the US Department of Defense, large investment banks and hedge funds. «I want to thank Palantir CEO Alex Karp, who responded to the invitation of the Ministry of Finance and was the first CEO of large Western corporations to personally come to Ukraine. The company is ready to open an office in Ukraine and start joint development with Ukrainian specialists. Further cooperation with Palantir will help strengthen our army and defeat the enemy as soon as possible, because technology plays a major role in today’s war.» — Fedorov wrote in the Telegram [2].
Mikhail Fedorov Spoke at the GLOBSEC International Security Forum
«Today I took part in GLOBSEC, the International Security Forum in Bratislava. I told how during three months of full-scale war Ukraine wins in cyberspace. Even before the start of the full-scale invasion, russia was constantly attacking Ukraine on the cyber front. We repulsed cyber attacks in russia and strengthened the cyber resilience of the state. But with the start of the war, we began not only to defend ourselves, but also to create Ukrainian cyber troops that are fighting the enemy and launching a powerful offensive. Since then, our IT army has managed to attack more than 1,800 russian online resources. Among the most successful cases – the hacking of rutube on May 9, the shutdown of the russian national system of marking goods and services «1C». We continue our mission on the cyber front until russian troops leave every region, village and town in our country. Special thanks for inviting of Slovak Deputy Prime Minister Veronica Remisova to the forum.» – Fedorov wrote in the Telegram [3].
News from IT ARMY of Ukraine
Earlier, the IT ARMY of Ukraine effectively attacked russia’s information systems – Honest Sign, Plato, EGAIS were paralyzed for a long time, which improved the «negative growth» of russia’s economy [4].
On June 3, the IT Army attacks the Unified Information System of Housing Construction, the Unified Information Resource on Land and Real Estate, the Unified State Information System for Accounting for Waste from the Use of Goods, and Rosprirodnadzor [5].
Moodle is Broken in russia
On Twitter, Nybbas announced the hacking of the site moodle.rane-brf.ru [6].
The Cameras of russian Dental Surgery in Novosibirsk Are Completely Broken
This was reported on Twitter by Nybbas [7].
Hacking of the site of Lipetsk Technical University
LulzSecMafia hacked another russian resource — the site of Lipetsk Technical University [8].
Sberbank Website Deface
Anonymous, who previously had hacked the resources of Sberbank of russia, have now announced the deface of their site [9].
Hackers Attacked a Successful Dutch Defense Company
The hacker group Lazarus, which US intelligence links to North Korea, has successfully attacked a Dutch defense company. This was reported by the security company ESET after the investigation. It was part of a global attack on defense companies. In addition to the Netherlands, companies in Brazil, Turkey, France and Switzerland have also been affected. The action started last year. It is not reported which Dutch company is in question. It is also unclear how deep the hackers penetrated the systems and whether valuable information was stolen. It is clear, however, how they acted. According to Dave Maasland, CEO of ESET Netherlands, so-called spear-phishing was used. According to ESET, the attacks are part of a global campaign targeting Europe’s aerospace and defense sectors. The malware used was different each time, but it was always created through LinkedIn, Maasland said [10].
US Confirms Military Hackers Have Conducted Cyber Operations in Support of Ukraine
Cyber Command, the US military’s hacking unit, has conducted offensive cyber operations in support of Ukraine as it defends itself against russia’s invasion, the head of the command has confirmed. «We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations,» General Paul Nakasone said in an interview with Sky News. A spokesperson for the command did not dispute the accuracy of the article but declined to elaborate on what the command’s operations in Ukraine have entailed. It’s a rare public acknowledgment from US military officials of hacking operations that are often shrouded in mystery. Nakasone’s comments, and the White House’s response to them, suggest that cyberspace is a domain in which the Biden administration feels comfortable countering russia without fear of escalation. President Joe Biden has pledged not to engage directly with russia militarily during the Ukraine war so long as the US and its allies aren’t attacked [11].
Senator business center, 32/2, Dukes of Ostrozhsky, Kyiv
+38 (050) 428 44 68 (Ukraine), +1 (786) 755 8398 (USA)© 2023 GLOBAL CYBER COOPERATIVE CENTER (GC3). All rights reserved