The 9th of September, Cyber News


russian Hackers Attacked Ukrainian Organizations Posing as the Cyber Police, Starlink and Microsoft

The UAC-0098 group, which is linked to the russian hacking group Conti, has carried out a series of cyberattacks on Ukrainian and European organizations using phishing emails impersonating the Cyber ​​Police of Ukraine, representatives of Starlink, Microsoft and an Indian hotel chain. This was reported by The Verge with reference to a report by the Threat Analysis Group, a division of Google that monitors state-sponsored cyber activities.

From April to August, TAG tracked «an increase in the number of financially motivated attackers who targeted Ukraine and whose activity appears to be closely linked to the russian government», TAG wrote. TAG believes that some of the members of UAC-0098 are former members of the russian cybercriminal group Conti, who have changed the direction of their work to fight Ukraine.

During recent campaigns, the group sent phishing emails to a number of Ukrainian hotel industry organizations allegedly from the Cyber ​​Police of Ukraine, as well as humanitarian NGOs in Italy from a hacked account of an Indian hotel chain.

In other phishing campaigns, attackers also pretended to be Starlink representatives. These e-mails contained links to installers of malware disguised as software needed to connect to the Internet through the Starlink system.

Overall, Google researchers point to a «blurring of lines between financially motivated and government-sponsored groups in Eastern Europe», an indication that attackers often adapt their targets to geopolitical interests in the region. 1

Racists Want to Block Distance Education – They Are Carrying Out Hacker Attacks on Educational Sites in Melitopol

In Melitopol, the occupiers turned 5 schools into military bases and barracks.

Racists are trying to block Ukrainian distance learning. Melitopol Mayor Ivan Fedorov announced this during the news marathon. For this purpose, the occupiers carry out hacker attacks on educational sites in Melitopol. 2


The IT Army of Ukraine Continues the Banking Theme

On September 8, a bank from the top 10 «people’s» rating – «Moscow Credit Bank» was under attack. It is on the list of systemically important credit institutions, and after the start of the full-scale invasion, sanctions were imposed against it almost immediately. The goal is to create problems in the processing of payments, delay the fulfillment of financial obligations under contracts, and sow doubts among those who receive payments through this bank.

On September 9, one more bank from the «people’s» top 10 – Sovkombank – was targeted. 3, 4

The 9th of September, Cyber News


The Cyber Attack that Leaked NATO’s Secret Documents Was Carried Out on Portugal

The General Staff of the Armed Forces of Portugal became the target of a cyber attack that led to the entry into the network of a large array of secret documents of the North Atlantic Alliance. This is reported by the Portuguese newspaper Diario de Noticias with reference to sources.

According to the publication, the local government learned about the vulnerability of the Portuguese General Staff only after receiving a message from the US through the embassy in Lisbon.

The Portuguese authorities consider the situation «extremely serious». The Office of National Security, as well as special services and counterintelligence, are involved in solving it.

Portugal is expected to explain how the leak happened at a high-level NATO meeting next week. It was previously established that the transfer of classified information took place in violation of security protocols.

«This cyber-attack was protracted and imperceptible: it was carried out through bots programmed to detect such documents, which were then removed in several stages», said one of the sources working in security structures.

Sources in the Portuguese government, however, assure that the incident has not affected relations between Portugal and its allies in the Alliance. 5

Hackers Have Hacked the Instagram Account of The Sandbox Metaverse

According to security experts PeckShieldAlert, cryptocurrency hackers have hacked the Instagram account of the metaverse The Sandbox – representatives of the platform urged users not to interact with the page.

As it became known, in the description of the hacked profile of The Sandbox, fraudsters placed a phishing link, following which users risk losing their own funds.

Account hacking was also confirmed by representatives of The Sandbox, reporting that they are working on restoring access. However, until there is an official announcement from The Sandbox about the return of the profile, users were urged not to interact with the Instagram page of the metaverse. 6