Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Russian Military. Show all posts
Telegram
Android Spyware Malicious Campaign malware Russian Military Telegram

Android Spyware Concealed in Mapping App Targets Russian Military

 

Doctor Web researchers discovered a new spyware, tracked as Android. Spy.1292.origin, targets Russian military people. The malicious code was concealed in a trojanized Alpine Quest app and distributed via Russian Android catalogues. The malware acquires contacts, geolocation, and file data, and it can also download additional modules to exfiltrate stored data when directed. 

“Alpine Quest is topographic software that allows different maps to be used both in online and offline mode. It is popular among athletes, travelers, and hunters but also widely used by Russian military personnel in the Special Military Operation zone—and this is what the malware campaign organizers decided to exploit.” reads the report published by researchers at Doctor Web. Threat actors embedded Android.Spy.1292.origin into one of the older Alpine Quest app versions and distributed the trojanized variant under the guise of a freely available version of Alpine Quest Pro, a program with advanced functionality.” 

To propagate the trojanized Alpine Quest software, threat actors developed a fraudulent Telegram channel. They shared an app download link from a Russian app store, and then they used the same route to push a malicious update. To evade detection, Android.Spy.1292.origin is embedded within a real copy of the Alpine Quest app, causing it to seem and behave just like the original. 

When the app is activated, the trojan discreetly collects and sends information to a command-and-control server, including the user's phone number, accounts, contact list, current date, geolocation, stored file details, and app version. Simultaneously, it transmits some of this information, such as updated geolocation, with the attackers' Telegram bot whenever the device's position changes. 

Once the trojan has gathered file information, attackers can command it to download and execute other modules to steal specific data. The attackers behind the malicious app appear to be interested in confidential information transmitted via Telegram and WhatsApp, as well as the locLog file generated by Alpine Quest. This allows Android.Spy.1292.origin to track user whereabouts and extract sensitive data. Its modular design enables it to broaden its capabilities and engage in a wider range of malicious actions. 

“As a result, Android.Spy.1292.origin not only allows user locations to be monitored but also confidential files to be hijacked. In addition, its functionality can be expanded via the download of new modules, which allows it to then execute a wider spectrum of malicious tasks.” the researchers added. 

The researchers recommend installing Android apps only from trustworthy sources, such as official app stores, and avoiding Telegram groups and dodgy websites, particularly those providing free versions of commercial apps. Users should also verify app distributors, as cybercriminals frequently copy legitimate developers using identical names and logos.
Read more »
Ukrainian Hackers
Cyber Attacks Cyber Warriors CyberCrime Cybersecurity Cyberthreats Data Center Internet Services Russian Military Telecom Ukrainian Hackers

Under Siege: Ukrainian Cyber Warriors Erase Vital Russian Military Data Center

 


On April 8 of this year, sources in the Ukrainian Security Service of Ukraine (SBU) told the Kyiv Independent that Ukrainian hackers, possibly linked to the SBU, destroyed a data centre used by Russian military, energy, and telecommunications companies. In a recent attack, Ukrainian hackers connected to the SSU cyber department destroyed a data centre belonging to a Russian industrial giant. 

They included Gazprom, Lukoil, Telecom and some of the leading military companies in the country. Sources have stated that more than 10,000 entities involved in the Russian military industry have stored their data in OwenCloud.ru cloud services, which the hackers targeted. 

A number of these companies, including Ural Works of Civil Aviation, Rubin, Ural Plant Spectechniks, Gazprom, Transgaz, Lukoil, Rosneft, Nornickel, Rostelecom, or MegaFon, reportedly make up this group: the oil and gas industry, the metallurgical and aerospace industry, as well as major telecommunication giants. 

A source stated that over 300 TB of data were taken out of circulation on 400 virtual and 42 physical servers. This operation involved the Ukrainian hacking group BLACKJACK and the cyber division of the Ukrainian Security Service. In addition to internal documents and backups, these servers had software used to manage production processes remotely, according to a source. 

The OwenCloud.ru website, at the moment of publication, displays what is alleged to be a message left by a group called Blackjack, stating that the centre's "information technology infrastructure has been destroyed." The Ukrinform news service reports nearly 4,500 cyberattacks on Ukraine are carried out by Russian hackers every year. Kyivstar was attacked by a powerful hacker on December 12, 2023, which caused the company to experience a technical breakdown.

Communication and internet services stopped working. It is estimated that around 16,000 Russian companies are affected by the strike, such as Lukoil, Rosneft, The Ural Works of Civil Aviation (which is part of the Roselectronika holding), Ural Special Equipment Plant, Gazprom, Transgaz, Norilsk Nickel, Rostelecom, Telecom, and Megafon. As a result, the source asserted that OwenCloud.ru is hosting over 10,000 legal entities, including the military-industrial sector, oil and gas industry, metallurgical and aerospace companies, and telecommunication giants. 

It was reported that the hack affected various organizations, such as companies in the oil and gas and telecommunications sectors and the country's military. In the Kyiv Independent report, there was a list of victims that included Ural Works of Civil Aviation, Rubin, Ural Plant Spectechniks, Gazprom, Transgaz, Lukoil, Rosneft, Nornickel, Rostelecom, and MegaFon, among others. 

The source of NV's report revealed on March 18 that Ukrainian hackers were able to access correspondence between Russian CEC member Nikolai Levichev and Boris Nadezhdin, a candidate in the so-called presidential election. As a result of being denied registration as a presidential candidate, Nadezhdin actively contacted representatives of the Russian Central Election Commission and resolved personal and political issues, including addressing the refusal of the Russian Central Election Commission. 

According to the hacker group, this suggests that a "fake presidential candidate" is at play. Ukrainian hackers are known for regularly stealing information about Russian websites, payment systems, and state-owned companies. Thousands of Russian organizations were accessed by Ukrainian hackers in January, and 200 gigabytes of data was obtained. 

A Russian state-owned company that builds military facilities across the entire Russian territory has also been crashed by the BLACKJACK hacker group. They have also stolen documentation for 500 military facilities maintained by the Russian Ministry of Defense. On the servers of the Russian Ministry of Defense, a DDoS attack was launched by hackers from the Defense Intelligence Department.
Read more »
Ukrainian Soldiers
Cyber Intelligence Cyber Security CyberWar Russian Military Ukrainian Soldiers

Russian Military Hackers Take Aim at Ukrainian Soldiers’ Battle Plans

 

On Thursday, the United States and its allies issued a warning, revealing that Russian military hackers have been actively pursuing Ukrainian soldiers' mobile devices. Their objective is to pilfer critical battlefield data, which could potentially bolster the Kremlin's efforts in the ongoing conflict in Ukraine. 

The recent advisory released by the United States and its intelligence-sharing partners, known as the "Five Eyes" alliance (comprising Australia, Canada, New Zealand, and the United Kingdom), aligns with a report issued by Ukraine's SBU security service. This report highlights the Russian hackers' concerted efforts to infiltrate the Android tablets utilized by the Ukrainian military for both strategic planning and executing combat missions. 

According to Ukraine's SBU, the malicious code employed by the Russian hackers was specifically crafted to pilfer data transmitted from soldiers' mobile devices to the Starlink satellite system, a creation of billionaire entrepreneur Elon Musk's company. It is worth noting that the press has previously reported on the pivotal role of Starlink satellites in facilitating Ukraine's battlefield communications. 

This news underscores the significance of the battle for control over sensitive military information in the realm of cyberspace, which has emerged as a prominent front in Russia's comprehensive war against Ukraine. The extent of the hacking campaign's success remains uncertain. Ukraine's SBU security service has reported successfully thwarting certain hacking attempts. 

Still, they have also acknowledged that Russian forces managed to acquire tablets on the battlefield and subsequently infected them with malicious software. This hacking campaign coincides with an ongoing Ukrainian counteroffensive, marked by a protracted and challenging struggle to repel Russian forces. 

Privately, U.S. officials have voiced apprehension over Ukraine's inability to achieve significant breakthroughs despite months of relentless combat. US officials and independent experts have reported that Russian intelligence services have been launching a barrage of cyberattacks against Ukrainian infrastructure since the commencement of Moscow's extensive invasion of Ukraine in February 2022. 

These cyberattacks have encompassed a range of tactics, including destructive hacks designed to compromise Ukrainian energy and transportation systems, among other targets. Although certain cyber incidents have compelled Ukrainian government entities and businesses to engage in recovery efforts, Kyiv's digital defenses have exhibited notable resilience throughout this period.
Read more »
Subscribe to: Posts (Atom)