Tag Archive for: attacked

Hacking Group Says It Attacked Microsoft for Sudan. Experts Say Russia’s Behind It

/in


(Bloomberg) — A hacking group responsible for a series of outages at Microsoft Corp. earlier this month had spent the previous months attacking targets in Israel, Sweden and other nations, part of an expanding campaign that some cybersecurity researchers have tied to Russia.“Anonymous Sudan” describes itself as a hacktivist group and says it’s waging cyber strikes out of Africa on behalf of oppressed Muslims worldwide. The group claimed its June 5 distributed denial of service, or DDoS, attacks against Microsoft were retaliation for US policy regarding Sudan’s military conflict. The US is currently trying to broker a peace deal between warring factions.Some cybersecurity experts have concluded that the group actually operates from Russia and hacks for an entirely different purpose: to advance Moscow’s objectives. “Anonymous Sudan is a Russian information operation that aims to use its Islamic credentials to be an advocate for closer cooperation between Russia and the Islamic world – always claiming that Russia is the Muslims’ friend,” said Mattias Wåhlén, a threat intelligence expert with Stockholm-based Truesec. “This makes them a useful proxy.”

Most Read from Bloomberg

Wåhlén led Truesec’s investigation of Anonymous Sudan and the firm’s February report identifying the group as a front for Russia, an assessment that was corroborated by other security experts who studied the group and its activities. In its few short months in existence, Anonymous Sudan has repeatedly used cyberattacks as a bludgeon to drive home a singular narrative: that the West is hostile to Islam, while Moscow is a friend to the Muslim world, he said.

A representative for Anonymous Sudan denied to Bloomberg News that the group was acting on Russia’s behalf but said their interests were aligned. Anonymous Sudan goes after “everything that is hostile to Islam and all countries that are hostile to Islam are hostile to Russia,” the representative wrote, as part of an online conversation.Last weekend, as an extraordinary mutiny in Russia by the mercenary leader of the Wagner Group challenged Russian President Vladimir Putin, Anonymous Sudan took to Telegram in…

Source…

Georgia city claimed to be attacked by BlackByte ransomware gang

/in



Responsibility for the cyberattack against the City of Augusta, Georgia, which resulted in the disruption of certain city computer systems since May 21, has been admitted by the BlackByte …

Source…

Amazon’s Ring claimed to be attacked by ALPHV ransomware

/in



Amazon’s security camera firm Ring has been purported to be compromised by the ALPHV ransomware operation, also known as BlackCat, which has threatened to expose the stolen data, reports Motherboard.

Source…

A year of wipers: How the Kremlin-backed Sandworm has attacked Ukraine during the war

/in


Last November, several Ukrainian organizations were targeted by a new type of ransomware called RansomBoggs. Its operators sent infected computers a ransom note written on behalf of James P. Sullivan — the main protagonist of the animated film Monsters, Inc. 

In the note Sullivan, whose job in the movie was to scare kids, asked for financial help in exchange for decrypting the organizations’ documents.

The hackers behind the attack are believed to be linked to Sandworm, a Russian nation-state threat actor working on behalf of the military intelligence agency GRU. But despite the attack wearing all the trappings of ransomware, Sandworm wasn’t out to make money — its primary goal was either to destroy Ukrainian networks or steal valuable data, according to researchers from the Slovak cybersecurity company ESET, which first spotted the RansomBoggs attack.

While Sandworm is not the Kremlin’s most important hacking group, it has perhaps become the most visible one, with an emphasis on disruptive cyberattacks. And its track record of successful attacks with a global impact – most notably the NotPetya malware and several attacks on Ukraine’s power supply – make it a grave concern to researchers.

In 2017, the group used NotPetya wiper malware disguised as ransomware to take down hundreds of networks across Ukrainian government agencies, banks, hospitals, and airports, causing an estimated $10 billion in global damage. By presenting destructive attacks as ransomware, Sandworm hackers may be trying to cover their tracks and make it more difficult for security researchers to attribute the attacks to a state-sponsored group.

In the case of the RansomBoggs attacks, the group was likely testing new techniques or training new workers on how to use their software, ESET senior malware researcher Anton Cherepanov told The Record.

Since the start of the war, Sandworm has been relentlessly targeting Ukraine with various malware strains. Some were highly sophisticated, while others contained bugs that made them easier to detect and prevent from spreading.

Researchers believe that Sandworm chose to experiment with malware in order to find strains that can bypass Ukraine’s improved…

Source…