Search This Blog

Showing posts with label European Union. Show all posts

FancyBear: Hackers Use PowerPoint Files to Deliver Malware

 

FancyBear: Hackers Use PowerPoint Files to Deliver Malware Cluster25 researchers have recently detected a threat group, APT28, also known as FancyBear, and attributed it to the Russian GRU (Main Intelligence Directorate of the Russian General Staff). The group has used a new code execution technique that uses mouse movement in Microsoft PowerPoint, to deliver Graphite malware.
 
According to the researchers, the threat campaign has been actively targeting organizations and individuals in the defense and government organizations of the European Union and East European countries. The cyber espionage campaign is believed to be still active.
 

Methodology of Threat Actor

 
The threat actor allegedly entices victims with a PowerPoint file claiming to be associated with the Organization for Economic Cooperation (OECD).
 
This file includes two slides, with instructions in English and French to access the translation feature in zoom. Additionally, it incorporates a hyperlink that plays a trigger for delivering a malicious PowerShell script that downloads a JPEG image carrying an encrypted DLL file.
 
The resulting payload, Graphite malware is in Portable Executable (PE) form, which allows the malware operator to load other malwares into the system memory.
 
“The code execution runs a PowerShell script that downloads and executes a dropper from OneDrive. The latter downloads a payload that extracts and injects in itself a new PE (Portable Executable) file, that the analysis showed to be a variant of a malware family known as Graphite, that uses the Microsoft Graph API and OneDrive for C&C communications.” States Cluster25, in its published analysis.
 
The aforementioned Graphite malware is a fileless malware that is deployed in-memory only and is used by malware operators to deliver post-exploitation frameworks like Empire. Graphite malware’s purpose is to allow the attacker to deploy other malwares into the system memory.
 
 
Based on the discovered metadata, according to Cluster25, the hackers have been preparing for the cyber campaign between January and February. However, the URLs used in the attacks were active in August and September.
 
With more hacker groups attempting to carry out such malicious cyber campaigns, the government and private sectors must deploy more powerful solutions to prevent future breaches and cyber attacks to safeguard their organizations.

Austria: Google Breached a EU Court Order

The Austrian advocacy group noyb.eu complained to France's data protection authorities on Wednesday that Google had violated a European Union court judgment by sending unsolicited advertising emails directly to the inbox of Gmail users. 

One of Europe's busiest data regulators, the French CNIL, has imposed some of the largest fines on companies like Google and Facebook. The activist organization gave CNIL screenshots of a user's inbox that displayed advertising messages at the top.

The French word 'annonce,' or 'ad,' and a green box were used to identify the messages. According to the group, that type of marketing was only permitted under EU rules with the users' consent.

When referring to Gmail's anti-spam filters, which place the majority of unsolicited emails in a separate folder, Romain Robert, program director at noyb.eu, said, "It's as if the mailman was paid to eliminate the ads from your inbox and put his own instead."

Requests for comment from Google did not immediately receive a response. A CNIL spokeswoman acknowledged that the organization had received the complaint and was in the process of registering it.

The CNIL was chosen by Vienna-based noyb.eu (None Of Your Business) over other national data privacy watchdogs because it has a reputation for being one of the EU's most outspoken regulators, according to Robert.

Even while any CNIL ruling would only be enforceable in France, it might force Google to examine its methods there. 

Max Schrems, an Austrian lawyer and privacy activist who won a prominent privacy case before Europe's top court in 2020, formed the advocacy group Noyb.eu.

This year, the CNIL fined Google a record-breaking 150 million euros ($149 million) for making it challenging for people to reject web trackers. Facebook (FB.O), owned by Meta Platforms, was also penalized 60 million euros for the same offense.

The firms are constantly under investigation for their practice of transmitting the private details of EU citizens to databases in the US. Numerous complaints have been made by NOYB to authorities throughout the bloc, claiming that the practice is forbidden.

A crucial tenet of the European Union's data privacy policy and a primary goal for the CNIL is the prior agreement of Internet users for the use of cookies, which are small bits of data that aid in the creation of targeted digital advertising campaigns. 

European Oil Port Hubs Hit by a Cyberattack

 

Hamburg, a major port part of northern Germany, was targeted by the cyberattack, as were at least six oil ports in Belgium and the Netherlands. Prosecutors in Belgium have opened an inquiry into the theft of oil supplies in the country's marine entryways, particlarly Antwerp which also happens to be Europe's second-largest port after Rotterdam.

Prosecutors in Germany are said to be looking into a cyberattack on oil facilities which are described as a probable ransomware attack, wherein hackers demand money in exchange for reopening captured networks. 

Last month, oil prices reached a seven-year high amid geopolitical tensions with Russia, and rising energy costs are fueling an increase in costs which has alarmed European authorities. 

"A cyberattack was launched against several terminals, causing significant disruption. The software has been taken over, which is unable to process barges. The operating system is basically down "Jelle Vreeman, a senior trader at Riverlake in Rotterdam, echoed this sentiment.

Europol, the EU's police agency, confirmed the information of the events in Germany had given assistance to authorities. "At this time, the investigation is underway and in a critical stage," said Claire Georges, a spokesman for Europol. 

Last week, the first signs of what looks to be a complex cyberattack were revealed in Germany; on January 29, Oiltranking Group and Mabanaft were found to be the victims of a cyber-attack. 

Belgian authorities were also looking into the incident, which impacted terminals in Ghent and Antwerp-Zeebrugge. In Amsterdam, Ghent, Antwerp, SEA-Tank, Oiltanking, and Evos are all reporting faults with the operating systems. 

Oiltanking Deutschland GmbH & Co. KG, a company that stores and delivers oil, motor fuels, and other petroleum products, announced its website was being hacked. According to the company, it was compelled to function at "restricted efficiency" and was conducting an investigation. The intrusion on Oiltanking was caused by ransomware, which encrypts data and renders computer systems is useless until a ransom is paid.

Following a ransomware attack on US oil distributor Colonial Pipeline in May of last year, supplies were tightened across the US, prompting various states to declare an emergency. However, cyber-security experts warn against assuming many events are part of a coordinated campaign to destabilize the European energy industry. 

"Some varieties of malware harvest emails and contact information and use it to actively spam dangerous attachments or links," said Brett Callow, Threat Researcher at cyber-security firm Emsisoft. While investigating the degree of the infiltration, the organizations report taking steps to rectify the situation and strengthen the network.

Lithuania leads a European Union Cyber Rapid Response Team (CRRT) at the European Union


Lithuania, the Netherlands, Poland, Romania, Croatia, and Estonia signed a Memorandum on the establishment of a European Union Cyber Rapid Response Team (CRRT). In the event of a cyber attack on any of the countries participating in the agreement, CRRT specialists should be ready to immediately repel the attack. Lithuania played a special role in creating this structure. Experts note that the EU has a really difficult situation with ensuring cybersecurity since not all States have the resources to repel hacker attacks. However, analysts doubt the effectiveness of CRRT.

Lithuanian Minister of Defense Raimundas Karoblis noted that this is a completely new international cyber potential, initiated and led by Lithuania and that each country faces cybersecurity problems.
According to the cybersecurity specialist, Andrei Masalovich, now the problem of protection against cyberthreats is facing not only the poor countries of the Baltic States but even the United States.

President of the Russian Association for Baltic Studies Nikolai Mezhevich believes that the attempts of the Lithuanian leadership to take a leading role in the organization of a pan-European cyber defense are largely dictated by the desire to improve the image of Lithuania.

In addition, according to Andrei Masalovich, the Lithuanian authorities also want to "show their importance" against the background of Estonia.

As for the possible source of the threat, all countries in the CRRT blamed Moscow for cyber attacks. For example, in 2018, the Netherlands accused Russian hackers of attacking the headquarters of the Organization for the Prohibition of Chemical Weapons. In the Baltic States, Russia is regularly suspected of cyberattacks.

Moscow, in turn, calls for the creation of "confidence-building measures in cyberspace" at the global level. This was stated last year by the special representative of the President of the Russian Federation for information security, Ambassador of the Ministry of Foreign Affairs on Special Assignments Andrei Krutskikh.

World’s largest dark web marketplace shut down by authorities








In a joint operation between European and U.S. authorities servers of the major dark web marketplaces Wall Street Market and Valhalla has been seized in Germany and Finland, and its operators have been arrested from Germany, the U.S. and Brazil.

Both platforms were highly popular for peddling unlawful goods with over 1 150 000 and 5 400 vendors.  The Wall Street market was the second largest dark web marketplace that could be accessed via the Tor network.

The German authorities have arrested three suspects and have “seized over €550 000 in cash, alongside cryptocurrencies Bitcoin and Monero in 6-digit amounts, several vehicles and other evidence, such as computers and data storage.” 

“These two investigations show the importance of law enforcement cooperation at an international level and demonstrate that illegal activity on the dark web is not as anonymous as criminals may think,” said Europol’s Executive Director, Catherine De Bolle.

“Europol has established a dedicated Dark Web Team to work together with EU partners and law enforcement across the globe to reduce the size of this underground illegal economy.”


On dark web vendors could sell almost anything, from drugs to malware. You can also find out forged documents and cryptocurrencies. 

Facebook cannot guarantee interference-free EU elections: Zuckerberg

Facebook Inc is much better than it was in 2016 at tackling election interference but cannot guarantee the site will not be used to undermine European Parliament elections in May, Chief Executive Officer Mark Zuckerberg said on Tuesday.

Chastened since suspected Russian operatives used Facebook and other social media to influence an election that surprisingly brought Donald Trump to power in the United States, Facebook has said it has ploughed resources and staff into safeguarding the May 26 EU vote.

Zuckerberg said there had been a lot of important elections since 2016 that have been relatively clean and demonstrated the defenses it has built up to protect their integrity.

“We’ve certainly made a lot of progress ... But no, I don’t think anyone can guarantee in a world where you have nation states that are trying to interfere in elections, there’s no single thing we can do and say okay we’ve now solved the issue,” Zuckerberg told Irish national broadcaster RTE in an interview.

“This is an ongoing arms race where we’re constantly building up our defenses and these sophisticated governments are also evolving their tactics.”

U.S. intelligence agencies concluded that Russia ran a disinformation and hacking operation to undermine the American democratic process and help Republican Trump’s 2016 campaign. Moscow denies interfering in the election.

Under pressure from EU regulators to do more to guard against foreign meddling in the bloc’s upcoming legislative election, Facebook toughened its rules on political advertising in Europe last week.

It also announced plans to ramp up efforts to fight misinformation ahead of the vote and will partner with German news agency DPA to boost its fact checking. 

Google fined by EU for blocking its rivals advertisements



Google has been imposed fine of  $1.68 billion (1.49 billion euro/£1.28billion) by European Union regulators for blocking the advertisement of rival search engine companies.

This is the third time in the last two years when the company has been fined multi-billion dollar by the EU antitrust.

The EU's commissioner, Margrethe Vestager, notified the company about their decision at a news conference in Brussels on Wednesday.

'Today's decision is about how Google abused its dominance to stop websites using brokers other than the AdSense platform,' Vestager said.

According to the probe, the Google and its parent company, Alphabet,  violated the EU antitrust rules by limiting the contract clauses with other websites which uses AdSense, the clauses prevented websites from placing ads of Google rival companies.

The company 'prevented its rivals from having a chance to innovate and to compete in the market on their merits,' Vestager said.

'Advertisers and website owners, they had less choice and likely faced higher prices that would be passed on to consumers.'

Just after the announcement of fine, the company said that they have made several changes and will make a number of other changes to address EU antitrust regulators' concerns.

'We've always agreed that healthy, thriving markets are in everyone's interest,' Kent Walker, senior vice-president of global affairs, said in a statement.

'We've already made a wide range of changes to our products to address the Commission's concerns.

'Over the next few months, we'll be making further updates to give more visibility to rivals in Europe,' he continued.