Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russian Firm. Show all posts
Unauthorized access
Data Breach Data Privacy Email Fraud North Korean Hackers Phishing Attacks Russian Firm Stolen Data Unauthorized access

North Korean Hackers Infiltrate Russian Missile Engineering Firm

 


A sanctioned Russian missile engineering business was successfully penetrated by North Korean hackers, it has been revealed in an astonishing development, prompting worries about the possible repercussions of this security breach. The event shows how North Korea's cyberwarfare capabilities are becoming more sophisticated and how willing it is to target prominent defense organizations outside of its borders.

The compromised business, a significant actor in the Russian defense sector, is focused on the creation of cutting-edge missile technologies. The intrusion, which was initially revealed by cybersecurity company SentinelOne, has alarmed the international security community and shed light on the changing landscape of cyber threats and geopolitical conflicts.

Researchers in cybersecurity have reported that the North Korean hacker squad thought to be responsible for the intrusion is renowned for its skill and ties to the Pyongyang regime. The gang uses a combination of spear-phishing emails and carefully designed malware to infect its targets. Once within the organization's network, the hackers were able to obtain confidential technical information and research about missile systems without authorization.

Concerns over possible cooperation between North Korean hackers and state-approved organizations have been raised in the wake of the incident. According to experts, the stolen missile technology may end up in North Korea's own military research and development efforts or possibly be sold to nations with hostile intents. The North Korean regime may be able to advance its missile capabilities with the help of the stolen data, seriously endangering regional stability.

"The breach of a sanctioned Russian missile engineering company by North Korean hackers underscores the serious nature of cyber threats in today's interconnected world. It serves as a wake-up call for governments and organizations to bolster their cybersecurity measures," warns cybersecurity analyst Jane Thompson.

The compromised Russian company has not disclosed the full extent of the breach, raising concerns about the potential scope of the stolen data. As investigations are ongoing, cybersecurity teams are working tirelessly to assess the damage, contain the breach, and strengthen the company's cyber defenses.

This incident emphasizes the essential necessity for governments and commercial businesses to work together on upgrading their cybersecurity strategy. It is crucial that nations give priority to the security of vital defense infrastructure and sensitive technical developments as cyber threats continue to grow in complexity and scope.
Read more »
Threat actors
Cyber Security DarkSide LockBit Ransomware REvil Russia Russian Firm Threat actors

Russian Organizations Targeted By Outdated Threat Actors

 

Currently, European and American organizations top the list in ransomware from Russian state sponsored hackers, however, organizations from these countries are not ready for managing file encryption and double extortion problems on their own. Threat actors troubling CIS and Russian based companies are generally LockBit, REvil, DarkSide and many more criminal groups that target high profile victims with critical infrastructure cyberattacks. According to Kaspersky's report on first half of 2021, the Commonwealth of Independent States (CIS) was also targeted by threat actors which attack Russian organizations monthly, meanwhile no such attacks are reported. 

These groups, under unnoticed subcategory of ransomware actors are generally less sophisticated, and mostly use leaked malware or outdated strains, and build their own hacking access instead of buying access to the victims. Some of these famous ransomware families that were used earlier this year against the Russian targets are as followed: XMRLocker, Thanos/Hakbit, Limbozar/VoidCrypt, Fonix/XINOF, CryptConsole, Cryakl/CryLock, Phobos/Eking, Crysis/Dharma, /BigBobRoss. The most effective older strains include Phobos and Dharma. 

Phobos first surfaced in 2017 and reached its final stage in 2020. The threat actors had unauthorised RDP access as the main entry point. It consists of a C++/C malware having similar contextual technicalities to Dharma strain, but has no relation. Dharma came out in the open in 2016 by the name of Crysis, even though outdated, it has one of the most effective encryption schemes. Like Phobos, Dharma has similar unauthorised RDP access following brute-force of credentials and manual planting of malware. 

As per Kaspersky, such attacks come and go, however, they can't be left unnoticed. Kaspersky says these strains are still under development, with threat actors constantly making their strains effective, therefore, they are not without firepower. "Russian companies can prevent many of these threats by simply blocking RDP access, using strong passwords for domain accounts that are changed regularly, and accessing corporate networks through VPN," reports Bleeping Computers.
Read more »
Vulnerabilities and Exploits
CODESYS Positive Technologies Russian Firm Vulnerabilities and Exploits

Serious Flaws Identified in CODESYS Industrial Automation Software

 

Cybersecurity researchers at Russian cybersecurity firm Positive Technologies discovered as many as ten critical flaws impacting CODESYS automation computer software that could be exploited to remote code execution on programmable logic controllers (PLCs). 

The Russian cybersecurity firm initially discovered the vulnerabilities in a programmable logic controller (PLC) available by WAGO, but further investigation revealed that the issues were actually introduced by CODESYS software that is used by more than a dozen automation technology firms including Beckhoff, Kontron, Moeller, Festo, Mitsubishi, HollySys and several Russian companies.

CODESYS offers a better environment for programming controller programs used in industrial control systems. The German software organization credited Vyacheslav Moskvin, Denis Goryushev, Anton Dorfman, Ivan Kurnakov, and Sergey Fedonin of Good Technologies and Yossi Reuven of SCADAfence for identifying the vulnerabilities.

“To exploit the vulnerabilities, an attacker does not need to have a username or password obtaining network obtain to the industrial controller is ample. The main result of the vulnerabilities is insufficient verification of enter information, which may well itself be triggered by failure to comply with the protected improvement tips,” scientists from Positive Technologies stated.

Six of the most critical flaws were discovered in the CODESYS V2.3 web server component used by CODESYS WebVisu to visualize a human-device interface (HMI) in a web browser. The flaws could perhaps be leveraged by an adversary to send specifically-designed web server requests to trigger a denial-of-support condition, publish or study arbitrary code to and from a manage runtime system’s memory. 

All the 6 flaws have been rated critical on the CVSS scale — 
• CVE-2021-30189 – Stack-dependent Buffer Overflow 

• CVE-2021-30190 – Improper Accessibility Handle 

• CVE-2021-30191 – Buffer Copy without Checking Sizing of Input 

• CVE-2021-30192 – Improperly Executed Security Examine 

• CVE-2021-30193 – Out-of-bounds Publish 

• CVE-2021-30194 – Out-of-bounds Examine 

“Their exploitation can guide to distant command execution on PLC, which could disrupt technological procedures and result in industrial incidents and financial losses. The most infamous illustration of exploiting very similar vulnerabilities is by applying Stuxnet,” explained Vladimir Nazarov, Head of ICS Security at Beneficial Technologies. 

CODESYS has published an advisory for its CODESYS V2 web server, Runtime Toolkit, and PLCWinNT products to address the vulnerabilities. The company has published separate advisories for the critical, high, and medium-severity issues while recommending users to install the updates. 

Last month, the Treasury Department of the U.S. government sanctioned Positive Technologies for allegedly supporting Kremlin intelligence agencies. However, the company said it will continue to responsibly disclose the flaws discovered by its employees in the products of major U.S. firms.
Read more »
Subscribe to: Posts (Atom)