The 6th of May, Cyber News
UKRAINE
Zaporozhye site 061.ua has received new threats from russia
On May 3, the editorial office of of Zaporizhia 061.ua received another poetic letter with threats from the Russian Federation. This was reported by IMI representatives in Zaporizhia region. Threats came from mail.ru from the recipient «Irina Chukarova». The letter threatens criminal liability: «The russian army is a liberator, they are conducting an operation to save lives. And you, propagandists-distributors, cannot avoid criminal responsibility!». Earlier, the editorial staff of the 061.ua website had already received similar threats – March 25, March 26 and March 28, April 3, 4, April 7–11 , April 17, April 25 [1].
russia
Successes of IT ARMY of Ukraine
IT ARMY of Ukraine continues DDOS of the EGAIS system. Due to the attacks, russian manufacturers still had to shut down some plants. russia has already stopped brewing beer [2], [3].
New «leakage» from NB65
On May 5, a group of NB65 hackers released 482.5 GB of data from CorpMSP, a federal agency that supports small and medium-sized businesses. The controlling shareholder of CorpMSP is the russian Federation. According to NB65, CorpMSP is also allegedly used as a front company for digital spies and maintains contracts with the Department of Defense [4].
WORLD
Experts Uncover New Espionage Attacks by Chinese «Mustang Panda» Hackers
The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. «Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social engineering to trick victims into infecting themselves,» Cisco Talos said in a new report detailing the group’s evolving modus operandi. The group is known to have targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access. Phishing messages attributed to the campaign contain malicious lures masquerading as official European Union reports on the ongoing conflict in Ukraine or Ukrainian government reports, both of which download malware onto compromised machines. Also observed are phishing messages tailored to target various entities in the U.S. and several Asian countries like Myanmar, Hong Kong, Japan, and Taiwan [5].
