Tag Archive for: FSB

Ukrainian security service identifies Russian FSB officers behind Primitive Bear. US sanctions four spyware firms, including NSO Group.

/in


By the CyberWire staff

Ukrainian security service identifies Russian FSB officers behind Primitive Bear.

Ukraine’s security service, the SSU, has identified five Russian FSB officers as operators behind the Gamaredon threat actor (also known as “Primitive Bear”). The group has specialized in targeting Ukrainian critical infrastructure and classified networks. The group is centered, geographically, in Russian-occupied Ukraine, and the FSB chatter the SSU intercepted includes a lot of whining about getting shafted out of awards and bonuses, recognition going to the undeserving, and everybody having to get tested for COVID at work.

US sanctions four spyware firms, including NSO Group.

The US Department of Commerce has sanctioned four companies for providing spyware to foreign governments. NSO Group and Candiru (both based in Israel) have been added to the Entity List, as have Positive Technologies (a Russian firm), and the Computer Security Initiative Consultancy PTE (headquartered in Singapore).

Of the two Israeli firms, Commerce said they “were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers. These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order.”

Positive Technologies and the Computer Security Initiative Consultancy were placed on the Entity List after, Commerce said, “a determination that they traffic in cyber tools used to gain unauthorized access to information systems, threatening the privacy and security of individuals and organizations worldwide.”

The sanctions, Commerce explains, represent a move in support of human rights. “This effort is aimed at improving citizens’ digital security, combating cyber threats, and mitigating unlawful surveillance and follows a recent interim final rule released by the Commerce Department…

Source…

Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group

/in


Ukraine’s premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon, linking the members to Russia’s Federal Security Service (FSB).

Calling the hacker group “an FSB special project, which specifically targeted Ukraine,” the Security Service of Ukraine (SSU) said the perpetrators “are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014.”

Automatic GitHub Backups

The names of the five individuals the SSU alleges are part of the covert operation are Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych, and Sushchenko Oleh Oleksandrovych.

Since its inception in 2013, the Russia-linked Gamaredon group (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) has been responsible for a number of malicious phishing campaigns, primarily aimed at Ukrainian institutions, with the goal of harvesting classified information from compromised Windows systems for geopolitical gains.

The threat actor is believed to have carried out no fewer than 5,000 cyberattacks against public authorities and critical infrastructure located in the country, and attempted to infect over 1,500 government computer systems, with most attacks directed at security, defense, and law enforcement agencies to obtain intelligence information.

“Contrary to other APT groups, the Gamaredon group seems to make no effort in trying to stay under the radar,” Slovak cybersecurity firm ESET noted in an analysis published in June 2020. “Even though their tools have the capacity to download and execute arbitrary binaries that could be far stealthier, it seems that this group’s main focus is to spread as far and fast as possible in their target’s network while trying to exfiltrate data.”

Besides its heavy reliance on social engineering tactics as an intrusion vector, Gamaredon is known to have invested in a range of tools for scything through organizations’ defenses that are coded in a variety of programming languages such as VBScript, VBA Script, C#, C++, as…

Source…