Daily Drop(17)

1-15-22

Saturday, January 15, 2022

Russia preparing 'false-flag' operation as pretext to Ukraine invasion, U.S. intelligence indicates

FROM THE MEDIA: The official also said the U.S. has evidence that Russia has prepositioned operatives "trained in urban warfare and in using explosives to carry out acts of sabotage against Russia's own proxy forces," writes CNN. A false-flag attack is one designed to look as though it were carried out someone other than the person (or, in this case, country) responsible. Notably, Ukrainian government servers were also hit by a "massive" overnight cyberattack on Friday, which, among other things, replaced the homepage for the Foreign Ministry website with a temporary message warning Ukrainians to "be afraid and expect the worst," writes CBS News. Though a claim of responsibility for the attack has yet to be made, Ukraine's ambassador in Washington, D.C. had just hours before told CBS News her country "believed a cyberattack would precede any major military action by [Russian President] Vladimir Putin's forces," CBS News reports. Ukraine has also blamed parties with links to the Russian government for previous cyber assaults.

READ THE STORY:  The Week

A QUICK LOOK: 

Ukraine was hit by a massive cyberattack telling people to 'be afraid and expect the worst' as tensions with Russia rise

FROM THE MEDIA: The Ukrainian government said Friday that it had been hit by a massive cyberattack. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down," tweeted Oleg Nikolenko, a foreign ministry spokesman. "Our specialists have already started restoring the work of IT systems, and the cyber police has opened an investigation." Earlier on Friday a message appeared across multiple Ukrainian government websites that said the personal data of all 43 million Ukrainians had been compromised. "Ukrainians! All your personal data was uploaded to the public network. All data on the computer is destroyed, it is impossible to restore it," the message, which was posted in Ukrainian, Russian, and Polish, said. "All information about you has become public, be afraid and expect the worst. This is for your past, present and future." However, Ukraine's security service said shortly after the attack that no personal data had been leaked, Agence France-Presse reported.

READ THE STORY:  Business insider

A QUICK LOOK:

Following cyber attack, NATO to boost cyber defense cooperation with Ukraine

FROM THE MEDIA: NATO Secretary General Jens Stoltenberg has condemned the cyber attacks on the Ukrainian government. That’s according to a statement released by the Alliance’s press service, Ukrinform reports. “NATO has worked closely with Ukraine for years to help boost its cyber defenses,” the statement reads. NATO cyber experts in Brussels have been exchanging information with their Ukrainian counterparts on the current malicious cyber activities.” NATO experts in country are also supporting the Ukrainian authorities on the ground, Stoltenberg was quoted as saying. In the coming days, NATO and Ukraine “will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO’s malware information sharing platform.”

READ THE STORY:  Ukrinform

A QUICK LOOK:  

Russia takes down REvil hacking group at U.S. request - FSB

FROM THE MEDIA: MOSCOW, Jan 14 (Reuters) - Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group's members, the FSB domestic intelligence service said on Friday. The arrests were a rare apparent demonstration of U.S.-Russian collaboration at a time of high tensions between the two over Ukraine. The announcement came as Ukraine was responding to a massive cyber attack that shut down government websites, though there was no indication the incidents were related. read more The United States welcomed the arrests, according to a senior admininstration official, adding "we understand that one of the individuals who was arrested today was responsible for attack against Colonial Pipeline last spring."

READ THE STORY:  Reuters

A QUICK LOOK: 

Hackers are breaking into Amazon cloud accounts to mine cryptocurrency, leaving the owners stuck with huge bills for computing power

FROM THE MEDIA: Chris Chin, a Seattle entrepreneur who creates mobile apps for local publishers, woke up on New Year's Day to an alarming alert from his Amazon Web Services account. It said he owed more than $53,000 for a month's worth of hosting, a far cry from his typical $100 to $150 bill. "I was just shocked and started freaking out," Chin said in an interview with Insider. The size of the bill, which Insider has confirmed, led Chin to suspect that he had been hacked by cryptocurrency miners, who can run up huge charges for the raw computing power needed to produce even small amounts of digital currencies like Bitcoin. Cryptocurrency mining attacks aren't new in the world of cloud computing. But the soaring value of many of the most popular cryptocurrencies since the start of the pandemic has supercharged the incentives for hackers who are able to commandeer the cloud-computing accounts of unsuspecting developers. Google reported late last year that 86% of account breaches on its Google Cloud platform were used to perform cryptocurrency mining. 

READ THE STORY:  Business Insider

A QUICK LOOK:

‘Golden era’ for cyber attacks as criminals take advantage of pandemic

FROM THE MEDIA: The day the Irish Health Service Executive computers were crippled by Russian hackers may never be forgotten by the medics, IT specialists, government officials and others who quickly grasped the potential impact of such a crisis during a pandemic and played their part in ensuring it did not cost lives. But for Sergey Golovanov, in the Moscow headquarters of Russia’s main cybersecurity firm, May 14th was just another day, and the HSE was just another hapless victim of a straightforward attack using the online weapon of the moment: ransomware. “There was nothing special or magic about it,” says Golovanov, chief security expert for Kaspersky Lab, one of the specialist firms that Interpol and other international law enforcement agencies approach for assistance with such incidents. “The number of victims of this type of ransomware is in the thousands. The tactics and processes that the bad guys use are working. So for us, it was just a regular case.”

READ THE STORY:  Irish Times

A QUICK LOOK:

Goodwill discloses data breach on its ShopGoodwill platform

FROM THE MEDIA: American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform. ShopGoodwill's Vice President Ryan Smith said in data breach notification letters sent to impacted individuals that some of their personal contact information was exposed due to a site vulnerability. Smith added that no payment information was exposed in the incident because ShopGoodwill does not store such data on its servers. "We were recently alerted to an issue on our website which resulted in the exposure of some of your personal contact information to an unauthorized third party. This contact information includes your first and last name, email address, phone number, and mailing address," Smith explained. "No payment card information was exposed; ShopGoodwill does not store payment card information. While the third party accessed buyer contact information, they did not access your ShopGoodwill account." The nonprofit has fixed the ShopGoodwill vulnerability that led to exposure to personal contact information.

READ THE STORY:  Bleeping Computer

A QUICK LOOK:

Former DHS official charged with stealing govt employees' PII

FROM THE MEDIA: Two other defendants, former DHS-OIG IT Specialist Murali Yamazula Venkata and Enterprise Applications Branch Chief in DHS-OIG's IT division Sonal Patel, allegedly stole copies of database files containing the PII of roughly 246,167 DHS employees and around 6,723 USPS employees. The PII was copied from DHS-OIG's EDS system, DHS-OIG's EDS source code, including an eSubpoena module, DHS-OIG's database, and USPS-OIG's STARS database and PARIS system. The conspirators also purportedly misappropriated a key management services code and multiple activation keys associated with various Microsoft software products. The stolen PII and Microsoft keys and code were then delivered to Edwards after leaving his employment with the DHS-OIG. Edwards was also given copies of DHS-OIG and USPS-OIG documents and information that would help him develop a private, commercially-owned version of a case management system to be offered for sale to government agencies.

READ THE STORY:  Bleeping Computer

A QUICK LOOK:

U.S. Deports Second Russian Hacker After Long Prison Term Ends

FROM THE MEDIA: The United States has sent another Russian hacker back home after serving years in U.S. prison. Aleksandr Panin, the primary developer of a prolific malware known as SpyEye, was deported to Russia on January 5, U.S. Immigration and Customs Enforcement (ICE) said in a statement to RFE/RL. Panin was released on November 8 after serving more than eight years in a Mississippi prison and turned over to ICE custody for deportation, the agency said. Panin, who is from Tver, was arrested in July 2013 at Hartsfield-Jackson International Airport in Atlanta, Georgia.
He pleaded guilty a year later to a charge of conspiracy to commit wire and bank fraud. He was sentenced in April 2016 to 9 1/2 years in prison, including the time he spent in pretrial detention. Panin sold his malware -- a successor to the notorious Zeus software that ravaged banks more than a decade ago -- to criminals on online forums for up to $8,500, according to court documents. U.S. prosecutors say SpyEye affected more than 10,000 bank accounts at 253 financial institutions. Panin's deportation comes four months after the United States deported Aleksei Burkov, a hacker who was the subject of a years-long extradition battle, to Russia after he served more than five years of a nine-year term.

READ THE STORY:  Radio Free Europe

A QUICK LOOK:

The AfriCrypt Crypto Scam in Light of Kenya’s Cybercrimes Act

FROM THE MEDIA: Two brothers, also famously referred to as the Cajee brothers, were accused of vanishing with $3.6 billion of investments from their currency exchange service in Johannesburg known as AfriCrypt. The heist is reported to have begun in April 2021 when there was a surge in price of Bitcoin, which consequently led to the brothers’ disappearance. Ameer Cajee, the elder brother and Chief Operating Officer, informed the users of the exchange service that the company was facing a hack. He then requested the clients and lawyers not to report the situation to the authorities as this would slow the recovery of the lost funds. However, some skeptical investors decided to take further action by hiring a Cape Town firm that forwarded the matter to the Hawks, a specialized unit of the national police force. The questionable request of imploring the investors to not report to the authorities made the brothers’ actions suspicious, and further investigation revealed that the employees of the company had lost access to the exchange platforms a week before the alleged hack.

READ THE STORY:  BitKe

A QUICK LOOK:

Items of interest

Cyber Warfare & Inadvertent Escalation(Paper)

FROM THE MEDIA: Cyber weapons may be relatively new, but non-nuclear threats to nuclear weapons and their command, control, communication, and intelligence (C3I) systems are not. In fact, before the United States dropped the bomb on Hiroshima in August 1945–before it even conducted the world’s first nuclear test in July of that year–it had started to worry about non-nuclear threats to its nascent nuclear force, in particular, Japanese air defenses.1 As the Cold War developed, fears multiplied to encompass threats to almost every component of the United States’ nuclear forces and C3I systems. While these threats emanated primarily from Moscow’s nuclear forces, they were exacerbated by its improving non-nuclear capabilities, particularly in the final decade of the Cold War. A two-decade hiatus in worry following the Soviet Union’s collapse is now over; today, non-nuclear threats to U.S. nuclear C3I assets–in particular, the growing capability of Chinese and Russian antisatellite weapons–are a major concern.

READ THE STORY:  MIT

Gen. H.R. McMaster on the USA's Economic Competition with China(Video)

FROM THE MEDIA:  The SSU Cyber Security Department identified hackers of the notorious ARMAGEDON group, which carried out over 5,000 cyber attacks against public authorities and critical infrastructure of Ukraine. They are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014. The SSU has managed to identify the perpetrators’ names, intercept their communication and obtain irrefutable evidence of their involvement in the attacks. All of that, despite the fact that they used the FSB’s own malicious software and tools to remain anonymous and hidden online.

Russian hackers say burned in deal with FSB(2017)(Video)

FROM THE MEDIA: A member of the Shaltai Boltai (Humpty Dumpty) group said in an interview broadcast Thursday that the hackers accepted the offer from the Federal Security Service, or FSB, the top KGB successor agency: to show their spoils before publishing in exchange for protection. But somehow things went wrong for the group, and its leader and two other men have ended up behind bars. One of Shaltai Boltai's founders, Alexander Glazastikov, speaking to the Associated Press in Tallinn, Estonia, where he's seeking political asylum, said his group had no connection to the hacking of Democratic Party emails during the 2016 US election campaign. Former President Barack Obama's administration had accused Russia of launching the hacking campaign to help Republican Donald Trump win, accusations that the Kremlin has denied. The group is currently planning to seek a political asylum in Estonia.

About this Product

These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com