U.S. multinational food and beverage company Kraft Heinz has launched an investigation into the Snatch ransomware gang’s recently emerged claims of an August attack even though there has been no …
Over nearly a decade, the hacker group within Russia’s GRU military intelligence agency known as Sandworm has launched some of the most disruptive cyberattacks in history against Ukraine’s power grids, financial system, media, and government agencies. Signs now point to that same usual suspect being responsible for sabotaging a major mobile provider for the country, cutting off communications for millions and even temporarily sabotaging the air raid warning system in the capital of Kyiv.
On Tuesday, a cyberattack hit Kyivstar, one of Ukraine’s largest mobile and internet providers. The details of how that attack was carried out remain far from clear. But it “resulted in essential services of the company’s technology network being blocked,” according to a statement posted by Ukraine’s Computer Emergency Response Team, or CERT-UA.
Kyivstar’s CEO, Oleksandr Komarov, told Ukrainian national television on Tuesday, according to Reuters, that the hacking incident “significantly damaged [Kyivstar’s] infrastructure [and] limited access.”
“We could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access,” he continued. “War is also happening in cyberspace. Unfortunately, we have been hit as a result of this war.”
The Ukrainian government hasn’t yet publicly attributed the cyberattack to any known hacker group—nor have any cybersecurity companies or researchers. But on Tuesday, a Ukrainian official within its SSSCIP computer security agency, which oversees CERT-UA, pointed out in a message to reporters that a group known as Solntsepek had claimed credit for the attack in a Telegram post, and noted that the group has been linked to the notorious Sandworm unit of Russia’s GRU.
“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 computers, more than 4 thousand servers, all cloud storage and backup systems,” reads the message in Russian, addressed to Ukrainian president Volodymyr Zelenskyy and posted to the group’s Telegram account. The message also includes screenshots that appear to show access to Kyivstar’s network, though this could not be verified. “We attacked Kyivstar…
Sellafield Ltd, the Nuclear Decomissioning Authority (NDA)-backed organisation responsible for winding up the controversial Sellafield facility in Cumbria – the scene of the UK’s worst ever nuclear accident in 1957 – has denied allegations that its IT networks have been comprehensively compromised by both Chinese and Russian threat actors, deploying so-called sleeper malware that lay undetected on its systems for years to conduct espionage.
Earlier this week, the Guardian newspaper published the results of a lengthy investigation in which it accused the organisation’s senior management of having “consistently covered up” the scale of the intrusions, which it is claimed date back to 2015.
The report alleged that the extent of the supposed breach only came to light when workers at other sites found they were able to access Sellafield’s systems remotely and escalated to the Office for Nuclear Regulation (ONR). It said an insider had described Sellafield’s server network as “fundamentally insecure”, and highlighted other concerns including outside contractors using USB memory sticks at the site and an incident in which user credentials were inadvertently filmed and broadcast by a BBC camera crew.
A spokesperson for Sellafield Ltd said: “We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian. Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.
“We take cyber security extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection…Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these,” they added.
However, this is not the first time that evidence of cyber intrusions affecting Sellafield have come to light. In 2021, for example, the Information Commissioner’s Office (ICO) ruled against the organisation over data breach offences, although these related to an employment tribunal and not critical information on the facility, while Private Eye has…
The Securities and Exchange Commission-bsp-bb-link> alleged on Monday that SolarWinds Corp.-bsp-bb-link> defrauded investors by downplaying security risks ahead of a hack of its software that rippled through computer systems across the US government and corporate America.
The SEC also accused the top information security official at SolarWinds, Tim Brown, of breaking securities rules in a lawsuit filed in federal court in Manhattan. The action is the first time the regulator has sued a computer security executive for a cybersecurity-related issue.
The SolarWinds hack was among the worst cyber breaches in history, affecting hundreds of public companies and numerous government agencies. …