Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label National Cyber Security. Show all posts
Pakistan Hacker
Cyber Attacks Cyber Crew Cyber Hacking Cyberhackers CyberThreat Dark Web Digitl war Hacktivist group India National Cyber Security Pahalgam Attack Pakistan Hacker

Cybersecurity Agencies on High Alert as Attacks Spike After Pahalgam Incident



A rising tension between India and Pakistan has resulted in an intensified digital war, whose hacktivist groups have launched coordinated cyber offensives targeting government systems and critical infrastructure as a result of increasing tensions between the two countries. The attacks, which are fueled by geopolitical conflict, have expanded beyond the immediate region. 

A report suggests that hacktivist collectives from Asia, the Middle East, and North Africa (MENA) have united to disrupt the Indian cyber ecosystem, according to the report. There was a tragic incident on April 22, when armed terrorists shot a group of tourists in Pahalgam, the serene hill town in Kashmir administered by the Indian government, which was the trigger for this wave of activity. 

According to researchers from NSFOCUS, there had been an immediate and significant surge in cyber activity, which shook the nation. In the aftermath of the attack, cyber activity on both sides of the border intensified. It appears that the initial wave of cyberattacks has stabilised, however, cybersecurity threats persist. India witnessed an increase of 500% in targeted cyber intrusions, and Pakistan faced a rise of 700%. It was reported recently that several Pakistani hacker groups have attempted to breach Indian websites as part of an ongoing digital aggression campaign. 

The Indian cybersecurity agencies have responded robustly to these attempts, which have successfully detected and neutralised most of these threats, despite their efforts to undermine this. According to the reports, hacker collectives such as 'Cyber Group HOAX1337' and 'National Cyber Crew' have targeted websites belonging to the Army Public Schools in Jammu in the past. 

In their attempt to deface the websites, the attackers mocked the victims of the Pahalgam terror attack, which was widely condemned as both distasteful and inflammatory. As a result of the rise in cyber hostilities, we have seen the importance of digital warfare in modern geopolitical conflicts grow. This highlights the need for enhanced cyber vigilance and cross-border security collaboration that must be enhanced. 

The cyber threat landscape has intensified further since India launched Operation Sindoor in retaliation for a military operation targeting suspected terror camps across the border. It has been estimated that the launch of Operation Sindoor on May 7 has resulted in a sharp increase in malicious cyber activity as a result of these attacks, as reported by cybersecurity researchers at Radware and Cyble. 

As a result of the coordinated attacks conducted by hacktivist groups from across the eastern hemisphere, a substantial surge in cyber attacks was recorded on that day alone, with dozens of hacktivist groups actively participating. The Indian government, already dealing with the aftermath of the Pahalgam terror attack, which took place on April 22, has become the primary target of these attacks. Several threats have been launched against Indian institutions by groups aligned with pro-Pakistan and Bangladeshi interests, as well as with groups aligned with pro-Bangladeshi interests.

Technisanct, a cybersecurity firm based in Kochi, released a report recently in which they noted that there has been a steady increase in offensive operations against government infrastructure, educational platforms, and public services. In various online forums and dark web communities, this wave of cyber aggression has been informally referred to as #OpIndia. 

In many ways, the campaign resembles past hacktivist movements which targeted nations like Israel and the United States, usually motivated by ideological motives, but not necessarily sophisticated enough to threaten the nation's security. The current attacks, experts caution, however, demonstrate a coordinated approach to threats, where threat actors are using both denial-of-service DosS) and defacement attacks to spread propaganda and disrupt networks. 

A sustained cyber battle has been waged between India and Pakistan, marked by both nationalist fervour and geopolitical tension as part of the India-Pakistan conflict, which has clearly evolved into a digital dimension of the conflict. Indian cybersecurity agencies must remain vigilant as they attempt to counter these persistent threats through proactive monitoring and rapid incident response, along with strengthened defensive protocols. 

It was decided by Prime Minister Narendra Modi to convene a cabinet committee on security (CCS) on April 30, 2025, to assess the evolving security situation in Jammu and Kashmir amid rising tensions in the region. During the high-level meeting, which took place at the Prime Minister's official residence on Lok Kalyan Marg, members of the national security apparatus, including Rajnath Singh, Amit Shah, and S. Jaishankar, were present, as well as key national security officials. 

In the discussion, Jaishankar discussed the recent wave of violence in the Kashmir Valley, concerns about cross-border security, and the threat of cyberattacks from hostile actors, as well as the threat of cyberterrorism. The Pakistani government has issued a provocative statement warning of a possible Indian military attack within a 24 to 36-hour window, which is similar to the one issued by Pakistan in a provocative statement. 

According to what Islamabad called credible intelligence, New Delhi is preparing to launch retaliatory strikes. The allegations of Pakistan's involvement in the Pahalgam terror attack of April 22 are supposedly based on unsubstantiated accusations. There has been public criticism of India's fabrication of an offensive narrative by Pakistan's Federal Minister for Information, Attaullah Tarar, cautioning that any such move would result in serious consequences if followed. 

It has been revealed that diplomatic and military signals have increased the level of tension in the existing volatile situation, with both sides locked in a tense standoff that spans both physical and virtual borders. There has been news that threat actors have attempted to deface the official website of Armoured Vehicle Nigam Ltd, which is another indication of the intensification of cyberhostility. It is a public sector company operated by the Ministry of Defence. 

It was reported that the attackers defaced the website by showing images associated with Pakistan, including the national flag and images of the 'Al Khalid' battle tank, an act that was seen as both provocative and symbolic by officials. This development has spurred the Indian cybersecurity agencies and expert teams to increase their real-time monitoring of the digital landscape, as a result of which they are concentrating their efforts on identifying threats that have been linked to Pakistani state-sponsored or affiliated groups. 

The authorities have confirmed that this increased surveillance is part of a greater effort to avert further attacks as well as neutralise any new threats that may arise. To counter the increasing wave of cyberattacks, a series of robust countermeasures is being put in place to strengthen the nation's digital security posture in response. For example, fortifying critical infrastructure, strengthening incident response protocols, and increasing online platform resilience across key industries are all examples of strengthening the nation's digital security posture. 

There was no doubt that the authorities were concerned that these proactive actions were aimed at ensuring India's defence and civilian systems were protected as well as that India's digital frontline was prepared to repel and withstand future cyberattacks as well. It has become increasingly apparent that cyberwarfare has become a central theatre of geopolitical rivalry in the modern world as the contours of contemporary conflict continue to evolve. 

Digital infrastructure, in the same way that physical borders play a crucial role in national security, has recently been heightened by several recent developments, and this serves as a reminder to all of us. Because of this, India needs to enhance its investments in advanced cybersecurity capabilities, establish strong public-private partnerships, and establish a comprehensive national cyber defence strategy that is both responsive and flexible. 

To isolate and neutralise transnational cyber threat actors, it is not only necessary to implement technical fortification but also to conduct strategic diplomacy, share intelligence, and engage in international cooperation. It will be crucial to cultivate a culture of resilience, both at the institutional and individual levels, by cultivating cyber awareness. 

With the increasingly contested digital frontier, India must remain proactive, unified, and forward-thinking at all times if it is to ensure that it is secured, sovereign, and fully “digitally self-reliant” as the threat of hybrid threats rises.
Read more »
Russian Hackers
Cyber Crime Cyber Crime Report Hackers Arrested National Cyber Security Russian Hackers

Russian hacker arrested in US who may have information about Russian interference in American elections

According to Bloomberg sources in the Russian and American security and intelligence agencies, Klyushin is a Kremlin insider and even a year and a half ago received a state award from Putin, the Order of Honor.

They added that Klyushin has access to documents that relate to the Russian campaign to hack the servers of the Democratic Party during the US elections in 2016. According to them, these documents confirm that the hacking was carried out by a group of hackers from the GRU, which is known under the names Fancy Bear and APT28. In addition, some sources expressed the opinion that Klyushin has access to secret records of other high-ranking GRU operations abroad. All this can make Klyushin a useful source of information for the US authorities, especially if he asks the court for leniency.

Another argument that Klyushin has this valuable information for the U.S. is that his subordinate at M13 was former ex-GRU operative Ivan Yermakov. In 2018, he was one of the defendants accused of hacking into the computer systems of the Democratic Party.

Recall that on December 19, Switzerland extradited Klyushin to the United States. He is suspected of illegal trading in securities worth tens of millions of dollars. Klyushin is the head of the M13 company, which has developed the Katyusha media monitoring system for the Ministry of Defense and the Presidential Administration.

In 2017, The Insider managed to prove that the Fancy Bear group consists of employees of the military unit 26165 GRU. A year later, this data was confirmed by the US Department of Justice, officially bringing charges against a group of hackers. The most famous operation APT28 was the hacking of the servers of the Democratic Party in 2016, designed to help Donald Trump defeat Hillary Clinton in the presidential election.

Read more »
United States Cyber Security
China Cyber Security Cyber Security National Cyber Security Russian Cyber Security United States Cyber Security

The US did not invite Russia and China to an online conference on combating cybercrime

The US National Security Council organized virtual meetings this week to discuss countering ransomware operators. In total, 30 countries were invited to the conference, including Ukraine, Mexico, Israel, Germany, and the UK, however, Russia and China were not invited to the discussion.

The cyber threat posed by ransomware is increasingly worrying people at the highest level. The ransoms have already reached over $400 million in 2020 and $81 million in the first quarter of 2021.

US President Joe Biden announced in early October that representatives from more than 30 countries will work together to fight back against cybercriminals distributing ransomware. This initiative was the result of very dangerous and large-scale attacks by ransomware operators that recently hit Colonial Pipeline and Kaseya.

It is interesting to note that recently Russian Deputy Foreign Minister Sergei Ryabkov made it clear that Moscow is interested in discussing the problem of ransomware viruses with Washington, but does not want contacts to be limited only to this topic. “American colleagues are still trying to focus all their work on what interests them,” he complained at the time.

Despite the previously announced cooperation in the field of cybersecurity between Moscow and Washington, no one expected Russian official representatives at the meetings. The organizers of the meetings did not invite China and Russia.

Perhaps the reason lies in a misunderstanding that arose at a certain stage. The United States has repeatedly asked Russia to take measures against ransomware operators located in the country. White House Press Secretary Jen Psaki even promised that Washington itself would deal with these cyber groups if the Kremlin could not.

Read more »
Vulnerabilities and Exploits
National Cyber Security Russia Russian Cyber Security Vulnerabilities and Exploits

Half of the Russian websites of small and medium-sized enterprises have vulnerabilities

According to Tinkoff, almost half (46%) of online resources for SMEs in Russia have cybersecurity issues.

The most critical of the most common errors is the weak protection of cloud storage, threatening data leakage (identified in more than a quarter of organizations).

These disappointing statistics are based on the analysis of more than 40 thousand sites and databases of small companies / individual entrepreneurs. The most vulnerable areas in terms of information security were areas such as consulting, retail, and IT (44% of the problems found).

Most often (in 33% of cases) SMEs make domain verification errors. Such mistakes provoke the capture of a resource through data substitution.

The second place in the rating is taken by the threat of confidential information leakage arising from open access to the database or from the use of a weak password (27%). The ability to obtain a key by a simple brute-force attack allows an attacker to obtain personal data of customers and company employees, trade secrets, source codes of programs, etc.

The third most frequent cybersecurity error, according to Tinkoff, is SSL Unknown subject (15%). Such a problem during SSL-certificate verification threatens with interception and disclosure of data (MITM attack).

The researchers also found that the resources of SMEs are poorly protected from attacks by cryptographers (9%).

The top five problems also included another common error — an expired SSL certificate (7%). When the browser shows that the certificate is invalid, the site may fall out of access; as a result, the company loses potential customers.

“Unfortunately, cybersecurity is poorly developed in Russia and business does not realize how important it is to protect data. Firstly, the services of good and competent specialists are very expensive; secondly, after the crisis, companies direct working capital primarily for the purchase of goods and current needs,” comments Pavel Segal, First Vice President of “OPORA Russia”.

Read more »
Russia
Cyber Security Japan Japan Cyber Security National Cyber Security Russia

Japan mentioned Russia in its new cybersecurity strategy

The Japanese government on Tuesday officially approved a new three-year cybersecurity strategy, where Russia, China and North Korea are mentioned for the first time as potential sources of hacker attacks. The document is published on the website of the Cyber Strategic Headquarters of Japan.

Japanese Foreign Minister Toshimitsu Motegi said at a press conference in Tokyo that the sphere related to security guarantees is expanding. The importance of such areas such as cyberspace and space security is growing.

According to him, the security situation around Japan is becoming increasingly severe. It is believed that China, Russia and North Korea are strengthening their potential in cyberspace, and the instability of the world order is also increasing.

He added that Japan, based on the adopted strategy, will increase its capabilities to counter attacks by foreign hackers.

The document claims that China conducts cyber attacks in order to obtain military and other advanced technologies, and Russia allegedly to achieve beneficial military and political goals in other countries. According to the approved strategy, to strengthen the cyber potential, Japan intends to work closely with the participants of the Quadrilateral Security Dialogue, which also includes Australia, India and the United States.

It should be noted that in Japan, more than 4 thousand attempts of illegal penetration into various computer networks and systems are recorded annually. In particular, large electrical engineering corporations NEC and Mitsubishi Electric have become victims of intruders in recent years.

Western countries have repeatedly made allegations that Russia is involved in various cyber attacks, including against US government agencies and companies. The Russian side has consistently denied these accusations. In particular, the press secretary of the President of the Russian Federation Dmitry Peskov said earlier that Moscow is not involved in such hacker attacks.

Read more »
National Cyber Security
Cyber Attacks National Cyber Security

Hackers hacked the accounts of employees of government agencies in Russia and more than ten other neighboring countries

The British company Cyjax discovered a large-scale attack against employees of state agencies in Russia and neighboring countries. Attackers create websites that simulate e-mail access for officials, and this data can be used to further attack agencies or sell access in the shadow market. Experts give different versions of the direction of the attacks, from political provocations to banal data phishing.

Among the attacked organizations are the Russian Academy of Sciences (RAS), the mail service Mail.ru as well as state structures of more than a dozen countries, including Armenia, Azerbaijan, China, Kyrgyzstan, Georgia, Belarus, Ukraine, Turkey, Turkmenistan and Uzbekistan.

According to Cyjax, 15 sites are currently active that simulate e-mail login page for employees of the ministries of Foreign Affairs, finance or energy of various countries.

Mail.ru said that they monitor the appearance of phishing sites and fraudulent emails and “respond in a timely manner to such incidents.” They added that they have an anti-spam system that adapts to new spam scenarios, including phishing.

Cyjax believes that the purpose of the attack is to collect usernames and passwords to access the mailboxes of government officials. Moreover, a certain pro-state group may be behind this, since there is no financial benefit from the attack and the Russian Federation and neighboring countries have become targets of attacks.

“The motive of the campaign may be a provocation against Russia on the theme that Russia itself is hacking its neighbors,” says Yuri Drugach, co— founder of the StopPhish project. The provocation is indicated by the fact that some of the domains were registered in July and the servers are hosted in Russia.

Yuri Drugach suggested that several groups of scammers are behind the attacks. For example, the Russian Academy of Sciences has six fake sites where attackers engage in phishing and install malicious add-ons in the browser.

Read more »
United States
Cyber Security National Cyber Security Russia United States

Presidential Press Secretary Said Moscow Not Involved in The Cyber Attacks on the Republican National Committee of US

On Wednesday, the press secretary of the President of the Russian Federation Dmitry Peskov told reporters that the cyber attack on the cloud networks of the US Republican National Committee had nothing to do with Moscow.

"We don't know what exactly was there, but it has nothing to do with Moscow," a Kremlin spokesman told reporters.

He stressed that the Russian side "does not have any detailed information on this matter." At the same time, Peskov noted that recently there have been a lot of publications, which appear literally every day, concerning various cyberattacks and their alleged connection to Russia.

On Tuesday, Bloomberg reported that the cloud networks of the National Committee of the Republican Party of the United States, maintained by Microsoft, were subjected to a cyber attack. As noted by journalists, it was hackers from a cybercriminal group known as APT 29 or Cozy Bear.

On July 6, it became known that expert contacts between Moscow and Washington on cybersecurity were continuing after a meeting between Vladimir Putin and Joe Biden. According to White House spokeswoman Jen Psaki, the U.S. side expects a new meeting of experts next week.

During the summit in Geneva on June 16, Putin and Biden agreed to start consultations on cybersecurity. The Russian leader drew attention to the fact that, even according to American sources, the majority of cyberattacks in the world are committed from the United States, as well as from Canada and the United Kingdom.

Putin stressed that Moscow and Washington can agree on rules of conduct in the areas of strategic stability, cybersecurity and regional conflicts. Biden, on the other hand, said that he gave his Russian colleague a list of 16 types of infrastructure facilities, attacks on which should be stopped immediately in the most effective way.


Read more »
United States
Cyber Security National Cyber Security Russia United States

Russian Foreign Ministry accused the United States of trying to win back the summit agreements on cybersecurity

According to the Russian Foreign Ministry, the words of White House spokesman Jen Psaki that the United States does not intend to warn Moscow about retaliatory cyber attacks are perplexing.

On Monday Psaki said that at the summit in Geneva, the US president Joe Biden mentioned hacking attacks on American facilities, which are blamed on Russia.

As Russian Foreign Ministry spokeswoman Maria Zakharova noted, Psaki's statement is surprising in the context of the Geneva talks, after which the sides announced their intention to begin consultations on cybersecurity.

"It seems that the United States is still trying to retain the right to launch cyber attacks based on fake Russian accusations of cyber attacks," Zakharova stressed at the briefing.

According to her, if Washington commits a cyber attack without warning, it will be an unannounced attack first.

"We really want Washington to take these words seriously," the Foreign Ministry representative added.

Zakharova recalled that before the meeting in Geneva, the United States had made it clear that the topic of international information security had become strategic for them.

"In this context, we hope that the understanding of the need for a direct, professional and responsible conversation with Russia will prevail. We expect Washington to take appropriate steps," the diplomat concluded.

Russia-US summit was held in Geneva on June 16. Summing up the negotiations, Vladimir Putin said that the sides will start consultations on cybersecurity. The president recalled that Moscow had previously provided all the information on the U.S. requests for cyberattacks, but had received nothing in response from the U.S. intelligence agencies. Putin noted that most of the cyber attacks in the world come from the U.S. and that anti-Russian insinuation must be stopped.

Read more »
Russian Cyber Security
Cyber Security National Cyber Security Russia Russian Cyber Security

The white hat hacker has estimated the probability of a hacker attack on the websites of Internet giants

There is no need to worry about the security of Russian systems after a global failure in the work of world sites, since the servers of all state institutions are located on the territory of Russia

Information security expert Denis Batrankov explained that the problem of modern systems is that many companies do not have the opportunity to create their own office to host their servers there. As a result, they order servers from other hosting providers where they host their product. All responsibility in this case falls on the hosting provider, but the risk of failures increases significantly.

Vakulin illustrated his opinion with an example of Amazon Web Services hosting.

"Many sites are hosted by Amazon Web Services, including small and medium — sized businesses. Since there was a large and large-scale failure, then all the sites that were generally hosted on this platform go down after it", the hacker said.

The expert believes that, despite the recent attacks on the American pipeline company Colonial Pipeline and World’s Biggest Meat Supplier JBS, Russia should not worry too much about industrial safety.

"As for government agencies, their servers are located in Russia. The data is stored in our country. From a security point of view, everything has been done to prevent third parties from accessing this data", the expert said.

The programmer also drew attention to the fact that the State Duma was going to oblige foreign IT companies with an audience of more than 500 thousand people a day to open branches in Russia.

"This law can still be finalized to the point that all data will be stored on Russian servers," Vakulin said.

In conclusion, the programmer shared his vision of the future in the IT field. He believes that neural networks will control the servers.

"I carefully monitor how our technologies and knowledge of artificial intelligence and neural networks are improving," Vakulin said. " Most likely, neural networks will simply monitor everything in the future: they will be engaged in tracking the site. In 20 years, programmers and cryptographers will simply observe the work of artificial intelligence, somehow refine it, and it will already do the work for them."

Earlier, Internet users reported a global failure in the work of the sites of a number of media outlets, companies and social networks around the world. Problems were observed, for example, at CNN, Twitter, Guardian, Amazon, Reddit, New York Times. The problems occurred due to a failure in the work of the American cloud service provider Fastly. Within an hour, the problems were fixed.

Read more »
Vulnerabilities and Exploits
Information Security risk National Cyber Security Russia Russian Cyber Security Vulnerabilities Vulnerabilities and Exploits

Every tenth significant IT system in Russia is infected with malware

 According to Rostelecom-Solar research, every 10th critical information infrastructure (CII) in the Russian Federation is compromised by malware. Even hackers with low qualifications are able to attack most of these IT networks: a significant part of the detected vulnerabilities have existed for more than 10 years, but organizations have not prevented them.

Vladimir Drukov, director of the Cyber Attack Monitoring and Response Center at Rostelecom-Solar, associates the presence of vulnerabilities in CII with the fact that the process of regular software updates has not yet been established in more than 90% of companies.

Kaspersky Lab experts agreed with the findings of the study. According to Anton Shipulin, Lead Business Development Manager at Kaspersky Industrial CyberSecurity, cybersecurity is still at a low level in most CII facilities.

"In terms of data protection, a large number of CII objects are currently in a "depressing situation", and there are no serious hacker attacks on them "by happy accident", but it is only a matter of time," added Fedor Dbar, Commercial Director of Security Code.

In addition, the number of hosts with the vulnerable SMB protocol has almost doubled. It is a network protocol for sharing files, printers, and other network resources that is used in almost every organization. Such vulnerabilities are particularly dangerous, as they allow hackers to remotely run arbitrary code without passing authentication, infecting all computers connected to the local network with malware.

The main problem in internal networks is incorrect password management. Weak and dictionary passwords that allow an attacker to break into an organization's internal network are extremely common. Password selection is used by both amateur hackers and professional attackers.

Moreover, the pandemic has also significantly weakened IT perimeters. Over the past year, the number of automated process control systems (APCS) available from the Internet has grown by more than 60%. This increases the risks of industrial espionage and cyber-terrorism.


Read more »
United States
Cyber Attacks National Cyber Security Russia United States

The White House believes that the attackers on the Colonial Pipeline are located in Russia

 The Russian authorities should take action against the hacker group DarkSide, which, according to Washington, is located in Russia and is involved in the cyberattack on the U.S. pipeline company Colonial Pipeline. This opinion was expressed on Tuesday by the press secretary of the White House Jennifer Psaki at a regular briefing for journalists.

She was asked whether Russia has any responsibility in connection with the fact that DarkSide is on Russian territory. "U.S. President Joe Biden said his intelligence community has not yet completed a comprehensive analysis of the incident. Moreover, according to the FBI, the attack is attributed to the hacker group DarkSide, located in Russia, so this country must act responsibly," noted Psaki.

"But, again, we will wait until our intelligence community to conduct a comprehensive analysis before we can report anything else on this," she concluded.

On Monday, Biden suggested that the criminal elements who carried out the hacking attack on the Colonial Pipeline may be in Russia. Brandon Wales, the Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA), said on Tuesday that FBI experts are confident that criminal elements, not authorities of any state, were responsible for the cyber attack.

Press Secretary of the Russian President Dmitry Peskov stressed that Russia had nothing to do with the cyber attack. He stressed that "the United States refuses to cooperate in countering cybercrime."

The Russian Embassy in Washington rejected "baseless fabrications by individual journalists" about Moscow's possible involvement in this attack.

Earlier, E Hacking News reported that the hackers who caused Colonial Pipeline to shut down the biggest US petrol pipeline last Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, as per the sources.

According to the two reports, the intruders, who are members of the DarkSide cybercrime group, took nearly 100 gigabytes of data from the Alpharetta, Georgia-based company's network in just two hours on Thursday.

Read more »
Russian Cyber Security
Chinese Hackers Cyber Attacks National Cyber Security Russia Russian Cyber Security

Chinese hackers attacked a Russian developer of military submarines

Chinese hackers reportedly attacked the Rubin Central Design Bureau for Marine Engineering (СKB Rubin), which designs submarines for the Russian Navy, by sending images of a submarine with malicious code to its CEO. Experts believe the hackers are acting in the interests of the Chinese government.

According to cybersecurity company Cybereason, in April, Chinese hackers attacked the Russian CKB Rubin. The attack began with a fake letter that the hackers sent to the general director of CKB Rubin allegedly on behalf of the JCS “Concern “Sea Underwater Weapon – Gidropribor”, the State Research Centre of the Russian Federation.

The letter contained a malicious attachment in a file with images of an autonomous unmanned underwater vehicle. "It is very likely that hackers attacked Gidropribor or some other institution before that," the author of the Telegram channel Secator believes.

The RoyalRoad malware attachment used in the CKB Rubin attack is one of the tools that guarantees delivery of malicious code to the end system, which is most often used by groups of Asian origin, said Igor Zalewski, head of the Solar JSOC CERT Cyber Incident Investigation Department at Rostelecom-Solar.

Cybereason pointed out that the attack on CKB Rubin has similarities to the work of Tonto and TA428 groups. Both have been previously seen in attacks on Russian organizations associated with science and defense.

It is worth noting that the CKB Rubin traces its history back to 1901. More than 85% of the submarines which were part of the Soviet and Russian Navy at various times were built according to its designs.

According to Igor Zalevsky, the main Rubin's customer is the Ministry of Defense, CKB Rubin deals with critically important and unique information related to the military-industrial complex of the Russian Federation which explains the interest of cyber-criminals.

Experts believe that such attacks will gain momentum because specialized cyber centers are being created due to aggravation of information confrontation between states.

Information security expert Denis Batrankov noted that designers are attacked for the sake of industrial espionage mainly by special services of other states. "The problem is that we all use software, which has many hacking methods that are not yet known. Intelligence agencies are buying new vulnerabilities from the black market for millions of dollars,” added he.


Read more »
Sweden Cyber Security
Cyber Attacks National Cyber Security Russia Russian Hackers Sweden Cyber Security

Sweden accused Russia of a hacking attack on the Confederation of Sports

The Swedish Prosecutor's Office and the Swedish State Security Service accused Russia's Main Intelligence Directorate of a hacking attack on the Swedish Sports Confederation

The hacker group Fancy Bear, which has been linked to the Russian GRU, was behind the attack. However, the attacks were not a one-time event. Investigators found successful attacks in 2017 and 2018, allowing the hackers to access the personal data of Swedish athletes. Among them were medical records. This data was subsequently released to the public.

In addition, Fancy Bear used this data to discredit Swedish athletes. One of these was the football player Olivia Schug. In 2018, hackers hacked into the computers of the Swedish Sports Confederation's anti-doping division, gaining access and publishing the athletes' doping test records. And they accused Schug of doping. All because of asthma medication containing banned drugs. So Shug was wrongly suspended.

The names of other athletes who were similarly affected by Fancy Bear, Swedish law enforcers decided not to name them.

"We have had the help of security services from other countries to secure this evidence, which clearly indicates that it is Russian military intelligence that is behind these data breaches," said Daniel Stenling, head of the security police's counterintelligence unit.

According to prosecutor Mats Ljungqvist, these are serious crimes because the state is behind the crimes, they are large-scale and involve access to sensitive medical information that is subject to secrecy.

But there will be no punishment for the hackers. The prosecutor's office has decided to drop the case. After all, all the suspects in the hacking attacks are foreign nationals, who apparently work for the GRU. Therefore, there will be no opportunity to conduct an investigation abroad, nor will there be any extradition of the suspects.

This is not the first time Fancy Bear has been accused of hacking sports organizations.

- In 2016, the World Anti-Doping Agency accused Russian hackers of stealing medical information about U.S. Olympic athletes and publishing it online;

- This year there was an attack on the Court of Arbitration for Sport in Lausanne;

- In 2018, Fancy Bear published stolen International Olympic Committee documents;

- In 2018, they published information about Swedish athletes and their medical.

Read more »
United States
Cyber Crime National Cyber Security Russia United States

The United States imposes sanctions against 25 Russian companies for cyber attacks and Crimea

 On 15 April, the US Treasury Department put 25 Russian companies, six of which are IT companies, on its sanctions list as a response to allegedly organized cyber attacks by Russia, the situation in Crimea, and interference in the election.

The U.S. Treasury Department also listed 16 organizations and 16 individuals from the Russian Federation that U.S. authorities believe were behind the hacking of SolarWinds software and an attack on the networks of several U.S. departments, as well as interfering in the 2020 U.S. presidential election.

Recall that in February 2020, U.S. intelligence officials said that Russia had begun interfering in the 2020 presidential election. Specifically, they claimed that Russia was interfering in both the Democratic Party primaries and the overall course of the election, "hoping to sow chaos and discord." In addition, Russian secret services allegedly tried to force U.S. citizens to spread disinformation and bypass social media mechanisms aimed at combating fake news. However, no evidence of interference was presented.

On March 16, 2021, a report of the Office of the Director of National Intelligence of the United States was made public. According to the authors of the report, the Russian authorities, with the approval of Russian President Vladimir Putin, organized a campaign aimed at "denigrating" Democratic Party candidate Joseph Biden and supporting his Republican rival Donald Trump, as well as "undermining confidence in the election in general and aggravating sociopolitical controversy in the United States."

At the highest level, Moscow has repeatedly rejected claims that Russia tried to interfere in U.S. election processes.

In March 2021, Russian presidential spokesman Dmitry Peskov suggested that the publication of the U.S. National Intelligence Report was "a reason to put on the agenda the issue of new sanctions against our country."

"Russia also did not interfere in previous elections and did not interfere in the elections mentioned in this report in 2020. Russia has nothing to do with any campaign against any of the candidates. In this regard, we consider this report incorrect, as it is absolutely groundless and unsubstantiated," said Peskov.

On March 17, 2021, Russian Foreign Ministry spokeswoman Maria Zakharova, speaking on the Russia-24 television channel, described the report of the U.S. intelligence agencies on Russian "interference" in the election as "an excuse for their existence."

Read more »
United States
Cyber Security National Cyber Security Russia United States

U.S. authorities found no evidence of Russian hackers' influence on the presidential election

U.S. authorities found no evidence that hackers affiliated with foreign governments were able to block voters from voting, alter votes, interfere with the counting or timely transmission of election results, alter technical aspects of the voting process, or otherwise compromise the integrity of voter registration or ballot information submitted during the 2020 federal election.

This is reported in a joint report by the US Department of Justice (including the FBI) ​​and the Department of Homeland Security (including the Cyber ​​and Infrastructure Security Agency).

According to the report, "as part of Russia's and Iran's extensive campaigns against critical infrastructure, the security of several networks to manage some election functions was indeed compromised. But it had no meaningful impact on the integrity of voter data, the ability to vote, the counting of votes, or the timely transmission of election results. Iran's claims to undermine public confidence in the U.S. election infrastructure were false or exaggerated".

However, experts have identified several incidents in which malicious actors linked to the governments of Russia, China and Iran significantly affected the security of networks linked to U.S. political organizations, candidates and campaigns during the 2020 federal election. In most cases, it is unclear whether the attackers sought access to the networks for foreign political interests or for operations related to election interference.

In a number of cases, the attackers collected at least some information that they might have published in order to exert influence. However, no evidence of publishing, modifying or destroying this information was found.

"We found no evidence (either through intelligence gathering on the foreign attackers themselves, through monitoring the physical security and cybersecurity of voting systems across the country, or through post-election audits or any other means) that a foreign government or other parties compromised the election infrastructure to manipulate the election results," the report authors summarized.

Read more »
Russian Cyber Security
Cyber Security National Cyber Security Russia Russian Cyber Security

Russian military-industrial complex announced a ban on the use of WhatsApp and Zoom for work

Business communication between defense industry employees in WhatsApp, Skype and Zoom has become stricter suppressed by the management

A source in the military-industrial complex (MIC) said that all corporate and working chats of employees of the Rostec State Corporation and its subsidiary holdings and companies are to be transferred from WhatsApp to another messenger in the near future.

According to him, this decision was made due to the fact that the management of the messenger WhatsApp announced changes in the privacy policy and the transfer of additional personal data of users to Facebook. "At the same time, employees of the state corporation and its enterprises will still be allowed to have WhatsApp on their personal phones for personal communication," added the source.

A second source in the military-industrial complex said that the ban on the use of foreign applications for work purposes by employees of the MIC has always existed, but not all employees paid due attention to it. "Both now and before, it was simply impossible to install WhatsApp or Skype on a work computer. But to speed up communication processes and their own convenience, many employees unauthorizedly used Zoom, Skype and so on," explained he.

Rostec confirmed that there are restrictions on the use of foreign applications such as Zoom, Skype, WhatsApp, etc., specifying that these applications are prohibited to be installed on corporate laptops and computers.

Instead, it is proposed to use domestic solutions, including Rostec's own developments. "In particular, throughout the pandemic, online meetings were held on the IVA platform," said Rostec.

The personal equipment of employees are not affected by these restrictions, the press service of the state corporation clarified, assuring that they have nothing to do with the new policy of WhatsApp: "The risks did not arise now, they have always existed, and we were obliged to mitigate them."

Rostec is a major industrial company that operates in the defense sector and develops high-tech civilian areas - in aviation, engine construction, electronics, medicine, pharmaceuticals and other areas. "This dictates very serious requirements to information security", summed up the press service of the state corporation.

Read more »
United States
Cyber Security National Cyber Security Russia Russian Cyber Security United States

Kremlin concerned about the report of possible US cyber attacks

The New York Times previously reported that the United States plans to carry out cyber attacks on the internal systems of the Russian authorities within the next three weeks

Russian presidential spokesman Dmitry Peskov said that Moscow is concerned about the report of possible cyber attacks by the United States. He also called the accusations of the US State Department of Russia spreading misinformation about foreign vaccines absurd.

Mr. Peskov commented on The New York Times report on the impending cyberattacks on the internal systems of the Russian authorities in response to the attack on SolarWinds. A Kremlin spokesman called it "alarming information" that appeared in a "fairly reputable American publication."

Dmitry Peskov said that "this is nothing but international cybercrime." "Of course, the fact that the publication admits the possibility that the American state may be involved in this cybercrime is a reason for our extreme concern," Mr. Peskov told reporters during a press call.

He also commented on the statement of the official representative of the US State Department, Ned Price, that four Russian online platforms run by the Russian intelligence services spread misinformation about vaccines approved in the United States. "We do not understand the reasons for such statements. We will continue to patiently explain that such reports are completely absurd," said Dmitry Peskov. "We have always been against politicizing any issues related to the vaccine in any way," added the Kremlin spokesman.

Mr. Peskov also said that the Russian vaccine "Sputnik V" is constantly criticized without any serious grounds. “The Russian vaccine is criticized on a daily basis with an attempt to pretend to be objective or without any attempts to pretend to be objective - just sweeping criticism. We've always been against it. The Russian Federation has not participated and is not going to participate in such an information campaign against any other vaccines," stated Dmitry Peskov.

Recall that on Sunday, The New York Times, citing sources in the US administration, reported that the US plans to carry out a series of cyberattacks on the internal systems of the Russian authorities over the next three weeks in response to an attributed hacker attack through SolarWinds software.

Read more »
Russian Cyber Security
Cyber Attacks IBM National Cyber Security Russia Russian Cyber Security

IBM: Cyber attacks on Linux systems of Russian government agencies will increase

The problem will also affect Russian government agencies, which are switching to domestic Linux operating systems as part of import substitution. Businesses that have started actively using the cloud against the background of the pandemic face increased costs: attackers can hack their cloud environments and use them for mining cryptocurrencies and DDoS attacks.

According to the IBM report on the main information security risks in 2021, the number of attacks on cloud environments and open-source Linux operating systems will increase this year. Users of Russian operating systems on Linux can also suffer, said Oleg Bakshinsky, a leading information security adviser for IBM in Russia.

The attackers began using the extensible computing power of Linux-based cloud environments, said Mr. Bakshinsky.

The customer can enable the service in their cloud settings, and at times of peak loads, their resources will be expanded for an additional fee. Attackers take advantage of this by gaining unauthorized access to the victim's cloud environment, increasing the company's costs for paying for cloud services.

The authorities have already acknowledged the problem. So, to check the security of operating systems based on Linux, the Federal Service for Technical and Export Control of Russia will create a research center for 300 million rubles ($4 million).

Cybersecurity experts also confirmed the growing interest of hackers in Linux systems. Check Point records about 20 attacks on Linux-based cloud environments in Russia, which is 3.45% of the total number of such attacks worldwide.

The main targets of the attackers, according to Nikita Durov, technical director of Check Point in Russia, are the financial industry and the government.

Alexander Tyurnikov, head of software development at Cross Technologies, is convinced that attacks on cloud environments "will not be so large-scale as to lead to the collapse of state and commercial systems."

Read more »
Russian Hackers
AIVD Chinese Hackers Cyber Security National Cyber Security Netherlands Netherlands Cyber Security Russian Hackers

AIVD says they face cyber attacks from Russia and China every day

According to the head of the country's General Intelligence and Security Service, these hackers break into the computers of companies and educational institutions

The head of the General Intelligence and Security Service of the Netherlands (AIVD), Erik Akerboom, said that the country's special services allegedly "every day" catch hackers from China and Russia, who, according to him, break into the computers of companies and educational institutions. At the same time, the head of the AIVD did not provide any evidence.

"Every day we catch hackers from both China and Russia hacking into the computers of companies and educational institutions," the head of AIVD said in an interview with Vu Magazine.

According to Akerboom, the target of these hackers is vital infrastructure, such as drinking water, banks, telecommunications, and energy networks." However, he did not give an example of any specific cyberattack.

In 2018, the Ministry of Defense of the Netherlands said that the country's special services prevented a hacker attack on the Organization for the Prohibition of Chemical Weapons (OPCW), which four Russian citizens allegedly tried to carry out. According to the head of department Ankh Beyleveld, the suspects with diplomatic passports were expelled from the Netherlands on April 13. The Russian Foreign Ministry called such accusations "another staged propaganda" action and said that the unleashed "anti-Russian espionage campaign" causes serious harm to bilateral relations.

Besides, in December 2020, the Netherlands was accused of the espionage of two Russian diplomats, calling them employees of the Foreign Intelligence Service undercover. The Russians were declared persona non grata. In response, Moscow sent two employees of the Dutch Embassy from Russia. The accusations of activities incompatible with the diplomatic status of the Russians were called "unfounded and defamatory".

Recall that recently Washington accused Moscow of large-scale cyber attacks, which were allegedly carried out in order to get intelligence data. The representative of the Russian Ministry of Foreign Affairs, Maria Zakharova, said in response that such statements by the United States about hacker attacks allegedly by Russia have already become routine.

Read more »
Russia
Cyber Security National Cyber Security Russia

The press secretary of the Russian president denied Russia's connection with the hackers who attacked France

As the press secretary of the President of the Russian Federation noted, the report of the French special services "contains accusations of committing certain cybercrimes by a certain group of hackers"

The press secretary of the President of Russia Dmitry Peskov considers absurd the wording from the report of the French special services about the involvement of the Russian Federation in cyber attacks on enterprises of this country.

"If I understand correctly, they did not accuse Russia, but a certain group of some hackers who, as they say, maybe related to Russia. This wording is a little absurd, and here it is impossible to say that Russia was accused of something," Mr. Peskov told reporters on Tuesday.

He once again stressed that the report "contains accusations of committing certain cybercrimes by a certain group of hackers."

Peskov noted that Moscow "did not, does not, and cannot have any involvement in any manifestations of cybercrime." "In this context, I would like to remind you that it is Russia that constantly speaks about the need for international cooperation in countering cyber security," concluded he.

On Monday, the French National Agency for the Security of Information Systems (ANSSI) of France published a report according to which French businesses have been subjected to cyberattacks since 2017. At the same time, the report does not specify what damage was caused to enterprises and what exactly the hackers did.

The agency concluded in this report that "this campaign is very similar to previous campaigns based on the principles of hacker group Sandworm". A number of Western countries associate the Sandworm group with Russia.

It is worth noting that cybersecurity experts have reported on the activity of the Sandworm group since 2008 when they were accused of DDoS attacks on facilities in Georgia. In October 2020, the US Department of Justice charged six Russian citizens with working for the Sandworm group, participating in attacks on companies and hospitals in the United States, Ukraine's power systems in 2016, the French presidential election in 2017, and the Pyeongchang Winter Olympics in 2018.

Accusations against "Russian hackers" periodically appear in the West. Russia has repeatedly denied such accusations.

Read more »
Subscribe to: Posts (Atom)