Tag Archive for: america

How far will Putin go – and how far will America go to stop him?

/in


Sometimes, in weighing what Russian officials are saying now, or what they may be saying next week, it helps to take a look at what they were saying just a few days ago:

  • Russian Foreign Minister Sergey Lavrov, on January 28: “We want no wars”; and then, on February 25: “Nobody is going to attack the Ukrainian people … There are no strikes on civilian infrastructure”;
  • Deputy Foreign Minister Sergei Ryabkov, on January 10: “We have no plans, no intentions to attack Ukraine”;
  • Russia’s Ambassador to the United Nations Vasily Nebenzya, on February 28: “A lot of fake news and a lot of fake factories that produce those news”; and 
  • Russian President Vladimir Putin, on February 15: ”Do we want it, war, or not? Of course, not.”

They lied.

attack-on-residential-block-in-ukraine.jpg
A residential building destroyed by Russian forces in Borodyanka, Ukraine. 

CBS News


No one can possibly know for sure what’s next. But “Sunday Morning” senior contributor Ted Koppel turned to four people whose life experience and accumulated expertise gives their opinions special weight.

Nina Khrushcheva, great-granddaughter of Nikita Khrushchev, came to study in America when Russia was known as the Soviet Union. She’s now a professor of international affairs at the New School in New York, but still has close ties to the country where she was born.

nina-khrushcheva-1280.jpg
Nina Khrushcheva.

CBS News


“People are being fired for speaking against the war,” she told Koppel. “My niece just got arrested in the center of Moscow. She was just walking. And because she’s young, the police assumed that she must be protesting against the war. She would just get arrested.”

Khrushcheva noted that Putin’s poll numbers have gone up, from 60% to 71%.

“Now, can we trust those polls?” asked Koppel. “Or does the Kremlin …”

“Oh yes. No, it’s not the Kremlin. It’s the Levada poll.”

“But I suspect when the bodies come back, it’ll be in the dark of night, and there won’t be anybody there to photograph it?”

“Absolutely,” Khrushcheva replied. “And they already, I mean, there…

Source…

Increasing Number of Threat Groups Targeting OT Systems in North America

/in


An increasing number of threat groups have been targeting organizations with industrial control system (ICS) or other operational technology (OT) environments, according to a new report from industrial cybersecurity company Dragos.

Dragos last year identified three new groups that appear to be interested in ICS/OT, which brings the total number of such groups tracked by the company to 18. The new groups discovered in 2021 are tracked as KOSTOVITE, ERYTHRITE and PETROVITE, and the first two actually managed to gain direct access into ICS/OT networks.

KOSTOVITE, PETROVITE, ERYTHRITEPETROVITE, which has targeted mining and energy operations in Kazakhstan, has shown an interest in collecting data on ICS/OT systems and networks, but, based on what Dragos has seen, it has yet to actually gain access to these types of systems. The company is aware of PETROVITE attacks conducted since the third quarter of 2019.

There appear to be some overlaps between PETROVITE activity and KAMACITE and Fancy Bear, which have been linked to Russia. KAMACITE has targeted energy companies in the United States.

As for the group tracked as KOSTOVITE, it has been observed targeting the renewable energy sector in North America and Australia. The hackers have used highly customized web shells and zero-day exploits, as well as living-off-the-land techniques in their attacks. Unlike PETROVITE, KOSTOVITE has managed to access their target’s OT networks and devices.

KOSTOVITE was first seen in action in 2021 and Dragos reported seeing significant technical overlaps with a group known as UNC2630, which may be a Chinese state-sponsored threat actor.

The third new group, ERYTHRITE, has been seen targeting many organizations in the United States and Canada, including a Fortune 500 company, a large electrical utility, food and beverage companies, IT firms, oil and gas companies, and vehicle manufacturers. The group has been active since at least May 2020, and it has also managed to breach OT environments.

Links have been found between ERYTHRITE and Solarmarker, a group that has been spotted delivering information-stealer malware to a wide range of organizations.

“​​ERYTHRITE’s wholesale exfiltration of credentials poses a particular risk…

Source…

China Seen Backing ‘Digital Authoritarianism’ in Latin America 

/in


Chinese technology and expertise is making it possible for Venezuela and Cuba to exercise suffocating control over digital communications in the two countries, according to insider accounts and several international investigations.

Venezuela and Cuba do more to block internet access than any other governments in Latin America, according to the U.S.-based advocacy group Freedom House, which has documented what it describes as “digital authoritarianism” in the region since 2018.

“Whoever believes that privacy exists in Venezuela through email communications, Twitter, WhatsApp, Facebook and Instagram is wrong. All these tools” are totally subject to government intervention, said Anthony Daquin, former adviser on computer security matters to the Ministry of Justice of Venezuela.

Daquin participated between 2002 and 2008 in delegations sent by former President Hugo Chávez to China to learn how Beijing uses software to identify Chinese citizens, and to implement a similar system in Venezuela.

FILE - A man looks at his smartphone as he stands near a display for Chinese technology company ZTE at the PT Expo in Beijing on Oct. 31, 2019.

FILE – A man looks at his smartphone as he stands near a display for Chinese technology company ZTE at the PT Expo in Beijing on Oct. 31, 2019.

Key to those efforts was the introduction in 2016 of the “carnet de la patria” or homeland card, developed by the Chinese company ZTE. While theoretically voluntary, possession of the cards is required to access a vast range of goods and services, ranging from doctor’s appointments to government pensions.

The cards were presented as a way to make public services and supply chains more efficient, but critics denounced them as a form of “citizen control.”

Daquin said China’s role in recent years has been to provide technology and technical assistance to help the Venezuelan government process large amounts of data and monitor people whom the government considers enemies of the state.

“They have television camera systems, fingerprints, facial recognition, word algorithm systems for the internet and conversations,” he said.

Daquin said one of the few means that Venezuelans have to communicate electronically free from government monitoring is the encrypted messaging platform Signal, which the government has found it very costly to…

Source…

Picus Threat Library Is Updated for Trojans Targeting Banks in Latin America

/in


Picus Threat Library Is Updated for Trojans Targeting Banks in Latin America

Picus Labs has updated the Picus Threat Library with new attack methods for Krachulka, Lokorrito, Zumanek Trojans that are targeting banks in Brazil, Mexico, and Spain. In this blog, techniques used by these malware families will be explored.

Banking trojans have a significant role in the cybercrime scene in Latin America. According to Eset, 11 different malware families that target banks in Spanish and Portuguese-speaking countries share TTPs, indicating that threat actors are cooperating on some level. For example, the same or similar custom encryption schemes are used by these malware families. In this blog, we will be focusing on 3 malware families called Krachulka, Lokorrito, and Zumanek.

Let’s start with Krachulka. As a spyware, it gathers classified information from infected systems without the consent of the user and sends gathered information to remote threat actors.

Lokkorito and Zumanek act like a classic Remote Access Trojan (RAT). They go one step further than Krachulka and not only collect information from infected systems but also perform malicious operations such as infecting the target with other malware and performing denial-of-service (DoS) attacks.

Test your security controls now: Prevent Log4Shell Exploits with Picus

Techniques used by Krachulka, Lokkorito and Zumanek

Krachulka, Lokkorito, and Zumanek malware families utilize 26 techniques and sub-techniques under 10 tactics in the MITRE ATT&CK framework. This section lists malicious behaviors of these malware families by categorizing them using the MITRE ATT&CK v10.0 framework.

1. Initial Access

  • T1566.01 Phishing: Spearphishing Attachment
  • T1566.02 Phishing: Spearphishing Link

2. Execution

  • T1059 Command and Scripting Interpreter
  • T1059.003 Command and Scripting Interpreter: Windows Command Shell  
  • T1059.005 Command and Scripting Interpreter: Visual Basic 
  • T1059.007 Command and Scripting Interpreter: JavaScript/JScript

3. Persistence

  • T1547.001 Boot or Logon Autostart execution: Registry Run Keys/Startup Folder
  • T1574.002 Hijack Execution Flow: DLL Side-Loading

4.Defense Evasion

  • T1140 Deobfuscate/Decode Files or Information
  • T1220 XSL Script Processing
  • T1497.001 Virtualization/Sandbox Evasion: System…

Source…