Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russian Government. Show all posts
Ukraine-Russia War
attackers Cyber Attacks Cyber Warfare Data Data Safety data security Russian Government Russian Hackers Safety Security Ukraine Government Ukraine-Russia War

This Threat Actor Targeted NATO Summit Attendees

 

A Russia-linked threat actor known as RomCom has been targeting entities supporting Ukraine, including guests at the 2023 NATO Summit. The summit is taking place in Vilnius, Lithuania, and will discuss the war in Ukraine and new memberships in NATO, including Sweden and Ukraine itself.

RomCom has created malicious documents that are likely to be distributed to supporters of Ukraine. The threat actor appears to have dry-tested the delivery of these documents on June 22, a few days before the command-and-control (C&C) domain used in the campaign went live, BlackBerry explained.

The malicious documents are likely distributed via spear-phishing. They contain an embedded RTF file and OLE objects that initialize an infection chain that garners system information and delivers the RomCom remote access trojan (RAT).

At one stage in the infection chain, a flaw in Microsoft's Support Diagnostic Tool (MSDT) – CVE-2022-30190, also known as Follina – is exploited for remote code execution (RCE).

BlackBerry has identified the C&C domains and victim IPs used in this campaign. All of these were accessed from a single server that has been observed connecting to known RomCom infrastructure.

"Based on the nature of the upcoming NATO Summit and the related lure documents sent out by the threat actor, the intended victims are representatives of Ukraine, foreign organizations, and individuals supporting Ukraine,” BlackBerry says.

BlackBerry has alerted relevant government agencies of this campaign. RomCom is also known as Void Rabisu and Tropical Scorpius, and is associated with the Cuba ransomware. The group was previously believed to be financially motivated, but recent campaigns have shown a shift in tactics and motivation, suggesting that they are now working for the Russian government.

Since at least October 2022, the RomCom backdoor has been used in attacks targeting Ukraine. These attacks have targeted users of Ukraine's Delta situational awareness program and organizations in Ukraine's energy and water utility sectors.

Outside Ukraine, RomCom attacks have targeted a provincial local government helping Ukrainian refugees, a parliament member of a European country, attendees of the Munich Security Conference and the Masters of Digital conference, and a European defense company.
Read more »
Technology
Encrypted Email new startup Russian Government Skiff Technology

Russia Blocked Encrypted Email Startup Skiff

Recently, the government of Russia blocked another encrypted email provider Skiff. The government blocked Skiff after exactly three years when it had blocked similar email encrypted services including Proton Mail and Tutanota, according to a Russian digital rights organization and the email provider.
 
Skiff is an email and cloud service provider which was launched last year. These actions of the Russian government show that this regime is decidedly knocking down encrypted communication services that allow common people of the country to have conversations that are harder to spy on. 

It is about last Wednesday when Roskomsvoboda reported that an unidentified Russian state organization has ordered to block off the skiff. Roskomsvoboda describes itself as “the first Russian public organization active in the field of protecting digital rights and expanding digital opportunities”. 

After the action against skiff, it is assumed that the reason for this was the sending of anonymous letters through this service, which were containing fake mining reports. The same reasons were given when the Protonmail, Tutanota, and Mailbox were blocked by the government. 

Skiff is a decentralized and open-source email, which also provides a decentralized cloud storage and teamwork environment in which users can organize and create various types of cards or tables, write notes, lead projects, and much more. 

The Russian Embassy in Washington, D.C. was asked to make a comment on the matter, however, it did not respond to a request for comment. 

The technical director and co-founder of the Russian government’s censorship authority, commonly known as Roskomnadzor, Stanislav Shakirov reported that the block is in full effect and that “the blocking is done by the ISP on their equipment by the URL mask (*.skiff.com) and IP addresses.” 

After the news, Skiff founder Milich said “I started Skiff with a more private vision for the internet, where our personal information is not shared, bought, and sold. Jason and I have both had personal or professional connections to Russia — mine through Stanford, and Jason’s family escaped the Soviet Bloc in the late 1970s via a covert radio network…,” Milich said. “…With the fast adoption of our products and now suppression of them, we’re even more confident and determined in our mission to build products for private communication and freedom.”
Read more »
Subscribe to: Posts (Atom)