The 6th of July, Cyber News

Ukraine 

russian Hackers Made Data about Ukrainian Spies Publicly Available

The russian hacking group RaHDIt made publicly available data on thousands of employees of the Main Directorate of Intelligence of the Military Department of Ukraine. The hackers clarified that they managed to create the database using flaws in the protection of the networks of the Central Administration of the State Government on Rybalsky Island in Kyiv and analysis of typical patterns of user behavior. The list includes employees of Ukrainian embassies in russia, Turkey, India, Iran, Austria, Italy, South Africa and Vietnam. In addition, the list includes curators of military intelligence in Bulgaria, Hungary, Poland, and Slovakia, as well as employees of special units involved in the conduct of intelligence and force intelligence. ^[1]

russia  

The Ministry of Digital Affairs of russia plans to Separate Cyber Security into a Separate Branch

The Ministry of Digital Affairs is discussing with IT companies the separation of cyber security into a separate branch, since information security, being a part of the IT industry, enables specialized enterprises to take advantage of the benefits provided for the industry. The Ministry sees advantages in separating information security into a separate industry. The details of the initiative are currently being discussed with representatives of the IT industry. «The feasibility of the initiative is currently being discussed with the industry,» the Ministry of Digital Affairs reported. At the same time, they noted that information security, as a part of the IT industry, enables specialized companies to use the benefits provided for the industry. ^[2]

Orenburg Hackers Transferred Ambulance Data to Ritual Agencies

A malicious program was connected to the emergency call database that sent data to funeral service agents. Emergency workers in Orenburg who leaked information to ritual agencies can receive 8 years of imprisonment. This was reported in the regional FSB. According to the agency, it is about two residents of the regional center. One of them is an employee of DBUZ «OOKSSMP», who worked as an information protection specialist. According to the investigation, the man installed a malicious program that was connected to the emergency call database. The data obtained in this way were forwarded to the Telegram chat, in which the agents of funeral services were present. A criminal case has been initiated for unlawful influence on critical information infrastructure, which provides for a penalty of imprisonment for a term of up to 8 years. ^[3] 

World

Google Warns of a New Hacker Attack on Chrome: the Level of Risk is High

Google has released an updated version of Chrome and urges users not to wait for an automatic update, but to install it yourself as soon as possible. The reason is a zero-day vulnerability that is used for real cyber attacks. CVE-2022-2294 is a critical security vulnerability reported by a member of the Avast Threat Intelligence team. It affects the WebRTC (Web Real-Time Communications) component, which is a buffer overflow problem. However, Google is not disclosing other details at this time. Such vulnerabilities can be used to crash the program, bypass installed security software, etc. This is the fourth zero-day vulnerability to be fixed in the Chrome browser since the beginning of 2022. The previous ones had the following identifiers: CVE-2022-1364, CVE-2022-1096, and CVE-2022-0609. ^[4]

NFT Marketplace OpenSea Has Announced a Maassive Data Breach

OpenSea, a popular NFT marketplace, is warning users about phishing incidents due to a large-scale data leak. The leak is believed to affect all users of the platform. OpenSea blames the data leak on an employee of Customer.io, a contract company hired to process email. He used official access and transferred email addresses to an «unauthorized third party». According to Dune Analytics, more than 1.8 million users have made at least one purchase through the Ethereum network on OpenSea. The leak is believed to affect all users of the platform. OpenSea says that attackers can try to contact users using an email address that visually resembles the official «opensea.io» domain (eg «opensea.org» or another variant). The NFT marketplace said that they are investigating the incident and have already notified law enforcement agencies about it. Crypto startups become a target for cyber attacks because they are actively developing. For example, in March, a data breach at HubSpot, a customer relationship management software firm, led to data breaches at BlockFi, Circle and others. ^[5]

belarusian Cyber Partisans Made Public the Personal Data of the Wagnerites

We are talking about 33 mercenaries of Wagner’s private company, who appear in the high-profile case of the disruption of the SBU special operation in 2020. The names, surnames, dates of birth and photos of 33 militants of the russian private company Wagner were published by the belarusian Telegram channel «KyberZlyvy». All mercenaries are citizens of the russian Federation between the ages of 27 and 47. As the channel reports, belarusian hackers obtained information about the Wagnerians thanks to the hacking of the automatic identification systems «Pasajiropotik» and «Passport» of the Republic of belarus. In addition to personal data, the hackers learned where and when the Wagnerites crossed the belarusian border. Information about the mercenaries was also included in the «Black Card of the Occupiers» – an interactive project of the «Cyberpartizans» association, which publishes the data of traitors to belarus. Telegram channels «CyberPartyzans» and «CyberZlyvy» are recognized in belarus as «extremist formations». Punishment under the article on extremism provides up to 7 years of imprisonment. ^[6]