30.08.2022

The 30th of August, Cyber News

russia

The Central Bank of the russian federation, the political party of the patriots of russia and the Independence Day of Ukraine in the Crimea. The IT Army Disabled More Than 450 Online Resources in Two Weeks

The ITians and the activists of the cyber front continue to disable the enemy’s online resources, undermine important spheres of life in the russian federation, and weaken the economy of the invader. From August 15 to 28, the IT army blocked:

  • Central Bank of the russian federation. A cyber attack disabled the enemy’s main financial institution. The bank had to disable its services and the exchange of electronic documents. This paralyzed the Central Bank’s work with financial institutions and registers and destabilized the work of russian banks.
  • The political party of propagandists and lies «just russia – patriots – for the truth». All resources of the brainwashing party were unavailable. The longer the site is down, the less lies will be spread online.
  • Popular online money transfer services. The IT army suspended the work of russian domestic analogues of banking services, through which russians could still issue international virtual cards and transfer money. We are restoring justice and making sure that world sanctions are in effect in russia, and there is no way to circumvent them in the russian federation.
  • Job search service. The russian job search site SuperJob began operating in the occupied regions of Ukraine. This helped the invaders to quickly open vacancies and employ «their» people in the occupied territories in order to fully establish their power there. A powerful attack by the IT army thwarted their plans and killed the enemy’s service. russian slaves have no place in free Ukraine.
  • DNS retail company. It allowed the russians to illegally import Ukrainian goods into the russian federation. The IT army was able to disrupt the criminals and stop the main site of the company that was selling contraband and illegal profits to the enemy.
  • Flagship propaganda media. The ITians took turns disabling large propagandist russian media – TASS, RIA Novosti, MK and their individual projects. In total, these resources lost more than a million potential consumers of propaganda during the downtime.
  • Sites of the occupiers in the Crimea. On August 24, the IT Army posted congratulations on the Independence Day of Ukraine on the main pages of russian sites currently operating in the Crimea. They reminded the enemy that Crimea is Ukraine! 1

Anonymous collective, Squad303 to Reveal List of russians and russian Companies Operating in Poland

The anonymous collective, Squad 303, recently updated that they would soon come in with data that will feature list of russians and russian companies operating in Poland. They stated through a tweet that they would cover and present more European countries.

Earlier this month, the group presented a list of russians operating in the UK. The anonymous group forwarded this data to 10 selected editors. They even announced back then that they would be revealing databases for more European countries later in August. The recent update thus comes in as a recall to their word.

Such data reveals by the hacking group can be considered as another step of digital attack against russia. kremlin earlier listed the hacking group as one of the top 4 hacking group majorly active in defending Ukraine. Squad303 expressed back then that russia is scared of Anonymous and thus uses them in their propaganda.

Squad303 has been one of the majorly active group, executing different cyber activities inclined towards the ongoing cyberwars amidst the russia-Ukraine war. They are a Polish hacktivist group formed after the commence of the russia-Ukraine war. The group initially created a platform that allowed people to send messages from their phones to randomly selected russians. They did this so that people could inform russians about the ongoing crisis during russia’s invasion of Ukraine. 2

World

Liberty Counsel Hacked in Major Data Breach

The vehemently anti-LGBTQ evangelical Christian nonprofit Orlando-based legal group Liberty Counsel, which has been listed as a hate group for its lies, propaganda, and attacks on LGBTQ people by the Southern Poverty Law Center, was targeted in a digital hacking intrusion that exposed a 25 gigabyte internal database that contains nearly seven years’ worth of records.

The data breach according to a lengthy investigative news piece by Intercept journalists Micah Lee and Michael Sherrard, was executed by a hacker, who identifies with the Anonymous movement, who released the data on the hacktivist site Enlace Hacktivista. 3

Hackers Put Secret Military Documents Up for Sale, NATO Conducts an Assessment

NATO is conducting an assessment of the harmful effects of the leak of secret military documents, which are being traded online by a group of hackers. Hackers are selling a package of documents after stealing data related to major European weapons manufacturer MBDA Missile Systems.

Cybercriminals operating on russian and English forums are selling 80GB of stolen data for 15 bitcoins (approximately £273,000) and claim to have sold the package to at least one unknown buyer so far. In advertising the stolen data, the hackers claim to have «secret information about employees of companies that participated in the development of closed military projects», as well as «design documents, drawings, presentations, video and photo materials, contractual agreements and correspondence with other companies». Free 50 MB sample data includes documents marked «NATO CONFIDENTIAL», «NATO RESTRICTED» and «Unclassified Controlled Information». In addition to the sample, the attackers emailed additional documents, including two marked «NATO SECRET». The sample files also include a presentation detailing the inner workings of the Land Ceptor CAMM (Common Anti-Aircraft Modular Missile). One of them was recently sent to Poland for use as part of the Sky Saber system. This air defense system was provided to Britain after the russian invasion of Ukraine. MBDA Missile Systems has acknowledged that its data is included in the package for sale, but it says none of the classified files belong to the firm.

The pan-European company, headquartered in France, said its information was stolen from a compromised external hard drive, adding that it was cooperating with authorities in Italy, where the data breach occurred. It is understood that the investigation centers around one of MBDA’s suppliers. 4

Moldova, Montenegro, and Slovenia suffer massive cyberattacks. Is russia to blame?

As three countries suffer extensive cyberattacks over a short period of time, suspicions arise: does russia have anything to do with it? Although Moldova, Montenegro, and Slovenia were all targeted by threat actors, not all of these cases seem to be directly tied to the kremlin.

Attack on Montenegro

The attack on Montenegro, which began on Thursday night, targeted the government’s IT infrastructure and local services.

«Since late last night, Montenegro has been exposed to a new series of organized cyber attacks on the Government’s IT infrastructure. The primary target is the structure of state authorities», the Minister of Public Administration, Marash Dukaj, said in a tweet. He added that although the attack was «unprecedented», the data of citizens, as well as the security of their accounts, weren’t compromised. The US embassy in Montenegro added that the «persistent and ongoing» attack «may include disruptions to the public utility, transportation (including border crossings and airport), and telecommunication sectors» and urged to limit movement to the necessities. France has since stepped up to help Montenegro by sending a mission from the French Agency for Information Systems Security (ANSSI) to help investigate the cyberattack and restore cybersecurity.

The Agency for National Security, ANB, blamed russia for the cyberattack, arguing that Montenegro found itself in “a hybrid war.” Prime Minister Dritan Abazovic, however, suggested that there is currently no clear information about the organizers. «Security sector authorities couldn’t confirm that there is an individual, a group, a state behind this, nor could we deny it», Abazovic said. Relations between Montenegro and russia took a hit after the country joined NATO in 2017.

Attack on Moldova

Last Thursday, The Information Technology and Cyber ​​Security Service (STISC) informed that a series of cyberattacks on Moldova’s state systems have been taking place over the last 72 hours.

Cybercriminals targeted 80 information systems, platforms, and public portals, although with limited success. ‘The purpose of these cyberattack attempts was to cause the unavailability of the state’s information resources by sending a large number of connection requests or a large volume of data, with the objective of overloading the processing resources of the information systems,” the STISC’s press release said. Based on preliminary findings, the attacks came from outside of Moldova and from IP addresses located in different countries.

Earlier before that, a pro-russian hacker group Killnet announced a hacking campaign against Moldova. Killnet was previously involved in attacking Italy, Lithuania, and Norway. Moldova’s President Maia Sandu has recently given a speech on Moldova’s 31st anniversary, where she condemned russia’s invasion of Ukraine and encouraged the country’s EU membership.

Attack on Slovenia

Two weeks ago, Slovenia’s Administration for Protection and Rescue of the Republic of Slovenia (URSZR) was hit by a cyberattack. The National Cyber ​​Security Response Center has prepared a report covering the attack. A subsequent review of the systems and network data revealed over 950 vulnerabilities, including the use of weak passwords and no implementation of 2FA (two-factor authentication). The emergency services, such as 112 and notification centers, were not impacted. The Incident Reporting System, however, was down for several days.

Mr. Darko But, IRSZR’s director, admitted that their servers are indeed old, yet claimed that they aren’t outdated. It currently seems that the attacker most likely accessed URSZR’s network through the computer of one of the remote employees. According to URSZR’s statement, all impacted systems will be replaced. The attack currently doesn’t seem to be politically motivated. «At the Ministry of Defense, we immediately began to search for system solutions to eliminate the shortcomings and reduce the vulnerability of the information system of the URSZR», the ministry announced. 5