Tag Archive for: crackdown
How Russia’s Invasion Triggered a US Crackdown on Its Hackers
Since Russia launched its full-blown invasion of Ukraine in late February, a wave of predictable cyberattacks has accompanied that offensive, striking everything from Ukrainian government agencies to satellite networks, with mixed results. Less expected, however, was the cyber counteroffensive from the US government—not in the form of retaliatory hacking, but in a broad collection of aggressive legal and policy moves designed to call out the Kremlin’s most brazen cyberattack groups, box them in, and even directly disrupt their hacking capabilities.
Over the past two months, President Joe Biden’s executive branch has taken more actions to deter and even temporarily disarm Russia’s most dangerous hackers than perhaps any previous administration in such a short space of time. US countermeasures have ranged from publicly pinning the blame for distributed denial of service attacks targeting Ukrainian banks on Russia’s GRU military intelligence agency to unsealing two indictments against the members of notorious Russian state hacker groups to undertaking a rare FBI operation to remove malware from network devices that GRU hackers had used to control a global botnet of hacked machines. Earlier this week, NSA and Cyber Command director general Paul Nakasone also told Congress that Cyber Command had sent “hunt forward” teams of US cybersecurity personnel to Eastern Europe to seek out and eliminate network vulnerabilities that hackers could exploit in both Ukraine and the networks of other allies.
Together, it adds up to “a concerted, coordinated campaign to use all of the levers of national power against an adversary,” says J. Michael Daniel, who served as the cybersecurity coordinator in the Obama White House, advising the president on policy responses to all manner of state-sponsored hacking threats. “They’re trying to both disrupt what the adversary is doing currently, and to also potentially deter them from taking further, more expansive actions in cyberspace as a result of the war in Ukraine.”
Daniel says compared to the Obama administration he served in, it’s clear the Biden White House has decided to take a far faster and harder-hitting approach to countering the Kremlin’s…
7 suspected hackers arrested in global ransomware crackdown
Deputy Attorney General Lisa Monaco speaks to The Associated Press during an interview at the Department of Justice in Washington, Tuesday, Nov. 2, 2021. Monaco told the AP that the public should expect to see more arrests and law enforcement action as the Justice Department deals with the threat of ransomware. (AP Photo/Manuel Balce Ceneta)
WASHINGTON (AP) — Seven suspected hackers linked to ransomware attacks that have targeted thousands of victims have been arrested since last February as part of a global cybercrime crackdown, European law enforcement authorities announced Monday.
The FBI and the Justice Department were expected to announce criminal charges tied to ransomware later Monday as well as the seizure of $6 million, according to a U.S. official, who was not authorized to discuss the matter by name ahead of a news conference and spoke on the condition of anonymity.
None of the arrested hackers was identified by name, but Europol said two suspected hackers believed to be linked to the ransomware gang known as REvil were arrested last week for involvement in attacks that yielded about $580,000 in ransom payments. Authorities in Kuwait arrested another accused hacker last week, and South Korean authorities have arrested three since last February. A seventh was arrested last month in Europe.
The arrests were part of a law enforcement investigation called GoldDust that involved the United States and 16 other countries. REvil, also known as Sodinokibi, has been linked in recent months to ransomware targeting the world’s largest meat processor, JBS SA, as well as a Fourth of July weekend attack that snarled businesses around the world.
Deputy Attorney General Lisa Monaco appeared to foreshadow Monday’s announcement in an interview with The Associated Press last week, saying that “in the days and weeks to come, you’re going to see more arrests” as well as seizures of ransomware proceeds.
The Justice Department has tried multiple ways to address a ransomware wave that it regards as a national security…
Is White House Crackdown on Ransomware Having Any Effect?
The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration’s efforts to disrupt ransomware attackers.
In this report, you’ll hear (click on player beneath image to listen):
- ISMG’s Scott Ferguson detail White House efforts to combat ransomware via geopolitical and law enforcement means, as well as by boosting the cyber resiliency of the U.S. private sector and government agencies;
- ISMG’s Jeremy Kirk cover/detail/analyze an emergency patch from Apple, which fixes a zero-click integer overflow vulnerability in iMessage that was being exploited by Pegasus spyware;
- Detective Chief Superintendent Andy Gould, who heads Britain’s National Police Chiefs’ Council’s cybercrime program, detail essentials for planning and executing a cybersecurity incident response plan.
The ISMG Security Report appears on this and other ISMG websites on Fridays. Don’t miss the Sept. 3 and Sept. 10 editions, which respectively discuss the latest data breach trends and ransomware attackers’ ideal targets.
Theme music for the ISMG Security Report is by Ithaca Audio under a Creative Commons license.