The 5th of August, Cyber News

Ukraine  

Odesa Mayor’s Office Closed Access to the Deputy Portal and the Petition Site Because of Hacker Attacks that Coincided with Rocket Attacks

The mayor’s office explained why the deputy portal and the petition site were closed. They say that the city’s website is being attacked not only by missiles, but also by cyber attacks. According to them, electronic resources are subject to DDoS attacks, so some sites were disabled before the end of the war.

This was announced by the Department of Information and Digital Solutions of the Odesa City Council in response to a request from Oleksiy Asaulenko, a deputy of the Odesa City Council.

In Odesa, citizens were left practically without contact with deputies, and all information about the decisions of the city council and even the contacts of most departments and enterprises of the city were closed. It is not even possible to find out the addresses for requests, as well as to receive and see sample documents on the websites of the administrations. Such closedness is associated with DDoS-attacks, which can interest the enemy. ¹

russia 

Will Reveal the Connections of European Companies with russia

«We will reveal all the people from russia and the companies associated with them. In the coming weeks, we will make available more such databases – including from Poland», Polish hackers from the Squad303 group promised.

Squad303 is a group of Polish hackers affiliated with Anonymous that has been fighting russian propaganda and disinformation since the beginning of the war in Ukraine. The name – as they say on their website – refers to Squadron 303, an elite unit of Polish aviators who helped win the Battle of Britain during World War II as part of the Royal Air Force of Great Britain.

One of Squad’s actions was the creation of an online tool that allows you to send a text message to random russians about russia’s actual involvement in the war in Ukraine. It is available at 1920.in. The name of the program is related to the Battle of Warsaw in 1920, called the «Miracle on the Vistula», when the Polish army under the command of Józef Piłsudski stopped the march of the Red Army. This destroyed Soviet plans to attack Western Europe.

Squad303 says it has at least several dozen names of companies and russians associated with them. However, simply opening the base will not be enough. Therefore, they count on the help of the mass media in analyzing and presenting the roles of individual companies and people.

The Squad303 group reported on Twitter that the russian authorities included it in the list of the four most active hacker groups protecting Ukraine.²

World 

A Spanish Research Center Has Suffered a Cyber Attack Linked to russia

Spain’s Ministry of Science has reported that the country’s leading scientific research body has become the target of a cyber attack. According to the assumptions of the national authorities, the attack originates from russia. Spain’s National Research Council was targeted by a ransomware attack on July 16-17.

A preliminary analysis by Spain’s cyber security authorities said no sensitive information had been compromised. The ministry said in a statement that the cyber attack was similar to others carried out against NASA in the US and the Max Planck Institute in Germany. ³

Hackers from North Korea Have Learned to Secretly Read Emails and Attachments from Gmail

Cyber ​​security company Volexity has discovered a new malware that hackers from North Korea used to covertly read emails. Emails and attachments from Gmail and AOL accounts were at risk.

Dubbed SHARPEXT, the program uses «smart» means to install extensions for Chrome and Edge browsers. The email service cannot detect the extension, and since the browser is already authenticated, even multi-factor security cannot prevent data theft.

Volexity reports that the malware has been in operation for over a year. It was developed by SharpTongue, a group funded by the North Korean government. The program targeted organizations in the US, Europe and South Korea that work on nuclear weapons and other issues important to North Korea’s security.

According to the president of Volexity, the extension is installed «through phishing and social engineering, where the victim is tricked into opening a malicious document. In the past, we have seen phishing attacks launched from North Korea, the main goal of which was to get the victim to install a browser extension».

Currently, the malware only works on Windows, but experts warn that hackers could expand it to infect browsers running on Linux and iOS. Researchers warn that the threat posed by this tool is evolving and unlikely to disappear anytime soon. ⁴