The 8th of April, Cyber News


Cyber ​​attack of the UAC-0010 group (Armageddon) on the state organizations of UkraineThe Governmental Team for Response to Computer Emergencies of Ukraine CERT-UA received an e-mail from the coordinating subject with the subject “№1275 from 07.04.2022″, containing the HTML file of the same name, the opening of which will lead to the creation of an archive on the computer ” 1275_07.04.2022.rar “. The latter contains an LNK file “On the facts of persecution and murder of prosecutors by the russian military in the temporarily occupied territories.lnk”, the opening of which will lead to the downloading and launching of the payload. The activity is associated with the activities of the group UAC-0010 (Armageddon). In order to ensure the resilience of their infrastructure, team members, among other things, use Dynamic DNS service NO-IP. We pay attention to the expediency of monitoring connections with domain names used by the mentioned service. The list of free domain names is below; an extensive list is available at hxxps: //www.noip [.] com / support / faq / free-dynamic-dns-domains /. See the source

Meta told CNN about a number of shadowy cyber-tactics that it said were being used by russian and belarusian cyber groups to attack Ukrainian soldiers and civilians online.

The parent company Facebook Meta reported on Thursday about a number of dark cyber tactics that it says are being used by groups linked to russia and belarus to attack Ukrainian soldiers and civilians. Tactics used by groups include publishing journalists and independent news agencies on the Internet to spur Russian discussions, trying to hack dozens of Ukrainian military accounts on Facebook, and conducting coordinated campaigns to try to remove russian critics’ posts from social media. See the source, source1


The russians have been offered offered to make money on legal hacking

Due to the flight of thousands of IT specialists from russia and the withdrawal of large foreign companies, including in the field of cybersecurity, the country has a shortage of personnel and the threat of weakening the “digital defense”. The Ministry of Finance offered to deal with this by supporting white hackers who had previously been somewhere on the periphery as freelancers. To do this, we will have to create domestic platforms for finding vulnerabilities and paying rewards to enthusiasts. See the source, source1, source2

IT ARMY of Ukraine has attacked russian national digital labeling system

IT ARMY of Ukraine in its Telegram-channel announced a successful DDos-attack on the national system of digital labeling of russian goods. This system is used to apply a special QR-code to the product during its manufacturing and checking of this code during the saling of goods in stores. “The attack is going great, the regional media are already writing about it !!!” – it is said in the message. See the source, source1


Microsoft says it has thwarted attempts by russian military intelligence hackers to break into Ukrainian, European and American sites

It is noted that a group of hackers Strontium (also known as Fancy Bear and APT28), which has been tracked by Microsoft for many years, attacked targets in Ukraine this week. They used 7 Internet domains to spy on government agencies and think tanks in the EU and the US, as well as on Ukrainian institutions, including the media. With the court’s permission, Microsoft took control of these Internet domains, reducing their use by Strontium hackers and allowing them to notify potential victims in advance. Microsoft believes that Strontium sought to establish long-term access to systems, provide tactical intrusion support and release confidential information. The corporation informed the Government of Ukraine about the detected activity and the measures taken. See the source, source1, source2

China has joined the cyber war between russia and Ukraine

Rumors about the participation of hackers from China in the hacking of Ukrainian resources have been circulating for a long time. Yes, some independent researchers see a clear Chinese footprint in russian cyber war against Ukraine. The American research group SentinelOne has identified the involvement of the Chinese Scarab attacker in one of the attacks on the basis of Ukrainian law enforcement agencies, which was reported by the Ukrainian government team CERT-UA. This is a letter that contains an archive, the opening of which launches the malicious program HeaderTip. According to SentinelOne experts, Scarab is associated with the Chinese government and has long been involved in gathering intelligence for russian officials. The HeaderTip used against Ukraine is a backdoor that can be used to transmit other malicious programs designed to steal and destroy information. SentinelOne suggests that the cyberattack is used to gather classified information and provide further access to long-term espionage systems. In mid-March, researchers from the US security division Google and a group of anonymous analysts called Intrusion Truth posted on Twitter reports of repeated Chinese cyberattacks. Intrusion Truth notes that hackers linked to Chinese government organizations, including the People’s Liberation Army, may target the Ukrainian government. Google provided its findings to Ukraine. The Times reported, citing an intelligence report, that China had carried out a “large-scale cyber attack on Ukraine’s military and nuclear facilities in preparation for russian invasion.” According to the publication, more than 600 websites owned by the Ministry of Defense of Ukraine and other agencies “have undergone thousands of attempted hacking.” Not only Ukraine has suffered at the hands of Chinese hackers. Western countries are now seeing an increase in cyberattacks from China. According to the Israeli security company Check PointSoftware Technologies, the frequency of cyberattacks from Chinese IP addresses around the world in the week from 14 to 20 March jumped by 72% compared to the seven-day period before the russian invasion of Ukraine. Such cyberattacks against NATO countries showed a particularly sharp increase of 116%. But because it is relatively easy to create a fake IP address, cybersecurity analysts have not yet made unequivocal conclusions about whether the attacks are an attempt to denigrate the Chinese government. See the source

Israeli officials are being persecuted by hackers

A group of hackers AridViper (also known as APT-C-23, DesertFalcon and Two-tailed Scorpion) has created a sophisticated cyber espionage campaign aimed at high-ranking Israelis (Operation Bearded Barbie). Campaign operators use sophisticated social engineering techniques that ultimately aim to provide previously undocumented backdoors for Windows and Android devices. The purpose of the attack was to extract confidential information from the victim’s devices for the purpose of espionage. In the past, AridViper has carried out phishing attacks on Palestinian law enforcement, military and educational institutions, activists involved in the Israeli-Palestinian conflict, and the Israeli Security Agency (ISA). See the source, source1, source2

Panasonic Canadian unit has been attacked

According to Panasonic Holdings, a subsidiary that sells home appliances in Canada, was cyberattacked in February by a ransomware computer virus. The company immediately took such measures, disconnecting the affected IT infrastructure from the Internet connection. However, on April 5, it was confirmed that the information leaked from the company was posted in the darknet. Information security experts from Mitsui Bussan Secure Direction said that Panasonic’s subsidiary had been attacked by the hacker group Conti. Also, according to Mitsui BussanSecure Direction, hackers have 6,100 files, 2.87 GB. The stolen files contain information about staff, budget and accounting data. Regarding the buyout claim, the company states that “the direct claim has not been confirmed”. See the source, source1, source2

The girl hacker 0xEMPRESS has named the next game that will appear in the public domain

The girl-hacker 0xEMPRESS, who previously hacked the game RE Village, announced the work on a new target – Deathloop studio Arkane. This shooter is protected by the latest version of Denuvo. Currently, the enthusiast is recruiting people who agree to test the build on their PC. “Anyone who wants to test the crack for Deathloop can go to qTox. Testing will begin at about day 1 Greenwich Mean Time. Since this is a new version of Denuvo, the more people test, the better. You need an update of the game from December 8, hacking created for him. The updated collection of the game will not work,” – the girl wrote on the forum. During her career, 0xEMPRESS has already cracked several major games, including ResidentEvil Village, Star Wars: Battlefront 2 and Yakuza: Like a Dragon. See the source

Blockchain Juno has stopped working after a cyber attack

Juno’s main developer, who spoke to CoinDesk on condition of anonymity, said the network crash had been caused by a malicious smart contract disguised as a “Hello, world” program. The suspected attacker sent a string of more than 400 transactions to the smart contract within three days and in the process of obvious trial and error, eventually achieved the goal: got to a specific combination of transactions, which led to a network failure. According to the developer, the attacker took advantage of a blockchain vulnerability, which Juno planned to eliminate with an update scheduled for several hours after the attack. The developer says that the vulnerability was made public because it affected all blockchains that use the smart contracts platform CosmWasm. See the source, source1, source2