Tag Archive for: Activities

EU officially blames Russia for ‘Ghostwriter’ hacking activities

/in


EU officially blames Russia for 'Ghostwriter' hacking activities

Image: Christian Lue

The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public.

“These malicious cyber activities are targeting numerous members of Parliaments, government officials, politicians, and members of the press and civil society in the EU by accessing computer systems and personal accounts and stealing data,” European Council officials said in a press release today.

“Such activities are unacceptable as they seek to threaten our integrity and security, democratic values and principles and the core functioning of our democracies.”

The EU officials added that these hacking activities are in stark contrast to normal state behavior endorsed by all UN member states.

The attacks are also seen as clear attempts to undermine EU’s democratic institutions and processes, including but not limited to enabling disinformation and information manipulation.

Linked to Russia’s GRU military intelligence service

The Ghostwriter “malicious cyber activities” were also connected by Germany to the GRU military intelligence service earlier this month, with German Foreign Ministry spokeswoman Andrea Sasse saying that the German parliament was targeted at least three times this year.

Sasse’s statement came after German security authorities detected multiple attempts to steal personal login details of German lawmakers before the September 26 federal election, likely as part of a preparation effort for disinformation campaigns

“The German government has reliable information on the basis of which Ghostwriter activities can be attributed to cyber actors of the Russian state and, specifically, Russia’s GRU military intelligence service,” Sasse said.

In March, Germany also said that the Ghostwriter Russian military intelligence hacking group is the main suspect behind a spearphishing attack that targeted multiple Parliament members.

They are believed to have breached the email accounts of seven members of the German federal parliament (Bundestag) and 31 members of German regional parliaments.

“The European Union and its Member States strongly denounce these malicious cyber activities, which…

Source…

CSM Velocity Center Joins Town Of Indian Head’s 101st Anniversary Festivities Sept. 25, Showcases ‘Art Of Innovation’ With Activities And Fun | thebaynet.com | TheBayNet.com

/in




INDIAN HEAD, Md. – The College of Southern Maryland (CSM) is joining in the day-long festivities to celebrate the 101st anniversary of the Town of Indian Head Sept. 25 by hosting the “Art of Innovation” at the CSM Velocity Center. The public is invited to visit the Velocity Center throughout the day to enjoy an art exhibit, musical improvisation, games of giant Jenga, face painting and see presentations highlighting innovative technologies including robotics, 3-D printing and prototypes. Visitors will also have the chance to learn about the accomplishments of the Talons, CSM’s nationally ranked robotics team, and meet members of CSM’s Society of Women Engineers and National Society of Black Engineers.


“We couldn’t be more excited to spend the day in Indian Head to commemorate the town’s historic milestone and host a day of fun and community fellowship,” said CSM Associate Vice President of Continuing Education and Workforce Development Ellen Flowers-Fields. “We are very proud of the Velocity Center and the role that our community college plays in support of the Navy and in the economic revival of the Town of Indian Head. We are eager to show it off and meet our neighbors and visitors face-to-face.”


The CSM Velocity Center – where education and innovation meet – opened its doors one year ago during a Sept. 17, 2020 socially distant ribbon-cutting ceremony before about 1,300 Facebook Live onlookers.  At the time, the Naval Surface Warfare Center Indian Head Division was marking its 130th anniversary and the Town of Indian Head was marking its 100th anniversary, but the Navy and the town were unable to celebrate their milestones in grand fashion due to pandemic restrictions.


The Town of Indian Head’s Sept. 25 activities to celebrate its 1920 incorporation and commemorate its centennial anniversary – plus one year – include a parade, amusement rides, live entertainment and a firework show in around the Village Green Park & Pavilion and the Indian Head Senior Center. The town’s events start at 9 a.m. and end after dark.


The Velocity Center’s ‘Art of Innovation’ activities will be held 9 a.m. – 3 p.m. In addition to…

Source…

FACT SHEET: Imposing Costs for Harmful Foreign Activities by the Russian Government

/in


The Biden administration has been clear that the United States desires a relationship with Russia that is stable and predictable. We do not think that we need to continue on a negative trajectory. However, we have also been clear—publicly and privately—that we will defend our national interests and impose costs for Russian Government actions that seek to harm us.

Today the Biden administration is taking actions to impose costs on Russia for actions by its government and intelligence services against U.S. sovereignty and interests.

Executive Order Targeting the Harmful Foreign Activities of the Russian Government
Today, President Biden signed a new sanctions executive order that provides strengthened authorities to demonstrate the Administration’s resolve in responding to and deterring the full scope of Russia’s harmful foreign activities. This E.O. sends a signal that the United States will impose costs in a strategic and economically impactful manner on Russia if it continues or escalates its destabilizing international actions. This includes, in particular, efforts to undermine the conduct of free and fair democratic elections and democratic institutions in the United States and its allies and partners; engage in and facilitate malicious cyber activities against the United States and its allies and partners; foster and use transnational corruption to influence foreign governments; pursue extraterritorial activities targeting dissidents or journalists; undermine security in countries and regions important to United States national security; and violate well-established principles of international law, including respect for the territorial integrity of states.  

The U.S. Department of the Treasury (Treasury) carried out the following actions pursuant to the new E.O.:

  • Treasury issued a directive that prohibits U.S. financial institutions from participation in the primary market for ruble or non-ruble denominated bonds issued after June 14, 2021 by the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, or the Ministry of Finance of the Russian Federation; and lending ruble or non-ruble denominated funds to the Central…

Source…

New Grelos skimmer variant reveals overlap in Magecart group activities, malware infrastructure

/in


A new variant of a skimmer has revealed the increasingly muddy waters associated with tracking groups involved in Magecart-style attacks. 

On Wednesday, researchers from RiskIQ described how a new Grelos skimmer has shown there is “increased overlaps” in Magecart infrastructure and groups, with this malware — alongside other forms of skimmer — now being hosted on domain infrastructure used by multiple groups, or connected via WHOIS records, known phishing campaigns, and the deployment of other malware, creating crossovers that can be difficult to separate. 

See also: Magecart group uses homoglyph attacks to fool you into visiting malicious websites

Magecart is an umbrella term used to describe information stealing campaigns and threat actors that specialize in the theft of payment card data from e-commerce websites. 

Several years ago, well-known brands including British Airways and Ticketmaster became the first major victims of this form of attack, and since then, countless websites have fallen prey to the same technique. 

The new variant of the Grelos skimmer, malware that has been around since at least 2015 and associated with Magecart groups 1 and 2, is similar to a separate strain described by researcher @AffableKraut in July. This variant is a WebSocket-based skimmer that uses base64 obfuscation to hide its activities. 

“We believe this skimmer is not directly related to Group 1-2’s activity from 2015-16, but instead a rehash of some of their code,” RiskIQ says. “This version of the skimmer features a loader stage and a skimmer stage, both of which are base64 encoded five times over.”

CNET: Trump fires top cybersecurity official for debunking election fraud claims

Following a Magecart attack on Boom! Mobile, RiskIQ examined links established by Malwarebytes and this attack, in which the Fullz House group loaded malicious JavaScript on the mobile network provider to scrape customer data.

The domains used in this cyberattack led the team to a cookie and associated skimmer websites, including facebookapimanager[.]com and googleapimanager[.]com.

However, instead of finding the Fullz House…

Source…