Tag Archive for: German

German politicians hail capture of suspected Russian ‘mole’ – DW – 12/23/2022

/in


German politicians of various stripes lined up on Friday to warn against the dangers of Russia’s hybrid warfare strategy, after the arrest of an alleged Russian spy working inside Germany’s foreign intelligence agency, the BND.

The man, a German national named only as Carsten L., is thought to have passed classified information to Russia while working for the BND. For security reasons, the intelligence agency has refused to release any further details about the suspect, the extent of the leaks, or about any further contacts he may have had. His home and offices have been searched by prosecutors.

“This is a wake-up call to everyone that Russia makes no exception to spying on us, too. To destabilize our system, the Federal Republic. And all the stops are being pulled out,” said Marie-Agnes Strack-Zimmermann, head of the parliament’s defense committee and member of the neoliberal Free Democratic Party (FDP), the smallest member of the three-party coalition government.

“This makes it clear, regardless of whether you are a top or middle or whoever agent, that Russia is trying to obtain information using all methods,” she told public broadcaster BR. “This second battlefield, as I call it, has existed for decades. Namely, the espionage, the cyber war, to influence us or to get information.”

Marie-Agnes Strack-Zimmermann speaking into DW microphone
FDP defense spokesperson Marie-Agnes Strack-Zimmermann calls the latest expionage incident a “wake-up call’

Hybrid warfare

Nils Schmid, a foreign policy spokesman for Chancellor Olaf Scholz’s center-left Social Democratic Party (SPD), struck a similar note. “This indicates that the temptation to spy is also present in Germany and that we have to be very attentive to the influence of Russia in Germany,” he said to DLF public broadcaster on Friday. “So it’s not just about the military threat, it’s about hybrid warfare.”

Schmid agreed with BND President Bruno Kahl, who said the case underlined the unscrupulous nature of Russia’s methods. “Russia has seen itself in a conflict, indeed in a war with the West for years and thinks that all means are permissible,” he said. “Murder of opposition members on German soil and, indeed, espionage.”

Bruno Kahl
BND President Bruno Kahl is worried about Russian spying…

Source…

German semiconductor giant Semikron says hackers encrypted its network – TechCrunch

/in


Semikron, a German manufacturer that produces semiconductors for electric vehicles and industrial automation systems, has confirmed it has fallen victim to a cyberattack that has resulted in data encryption.

“Semikron is already in the process of dealing with the situation so that workflows and all related processes can continue without disruption for both employees and customers as soon as possible,” a Semikron spokesperson told TechCrunch.

Semikron declined to disclose the nature of the cyberattack, but all signs point to ransomware. The semiconductor maker said in a statement that hackers claim to have “exfiltrated data from our system,” adding that the incident has led to a “partial encryption of our IT systems and files.” This suggests the malicious actor behind the attack has used the double extortion ransomware tactic, whereby cybercriminals exfiltrate a victim’s sensitive data in addition to encrypting it.

The Nuremberg-based group company, which claims to power 35% of the wind turbines installed globally each year, declined to say who was behind the attack nor whether it received a ransom demand. However, Bleeping Computer reports that Semikron was the victim of the LV ransomware, with the hackers apparently stealing 2 terabytes of documents.

LV ransomware has been in operation since at least 2020 and uses a modified variant of REvil ransomware, according to cybersecurity company Secureworks. According to the group’s dark web blog, which doesn’t yet list Semikron as a victim, the gang targets companies that allegedly do not meet data protection obligations.

“They rejected to fix their mistakes, they rejected to protect this data in the case when they could and had to protect it,” its dark web blog states. “These companies preferred to sell their private information, their employees’ and customers’ personal data.”

It’s unclear what data was exfiltrated from Semikron’s systems, and the company declined to say how many customers and employees are potentially impacted. Semikron has over 3,000 employees in 24 offices and 8 production sites worldwide across Germany, Brazil, China, France, India, Italy, Slovakia, and the…

Source…

Champions League final delayed for security reasons | Sports | German football and major international sports news | DW

/in


The Champions League Final between Liverpool and Real Madrid in the Stade de France, Paris was delayed by 30 minutes for “security reasons” UEFA said Saturday.

Inside the stadium, UEFA posted a statement inside the stadium saying kickoff had been delayed due to the “late arrival” of fans but a host of reports from journalists and fans on the ground suggested otherwise as chaos reigned.

Television footage showed many empty seats in the Liverpool end as thousands of fans were still outside with 30 minutes to go before the original kickoff time. Social media coverage was full of reports from Liverpool fans saying they had been queueing for hours but still couldn’t gain entry. There were also multiple reports of tear gas being used.

Both teams returned to the pitch for a second warmup owing to the delays. When the game did kickoff, many fans were still outside and reports of further tear gas use continued.

DW’s Matt Pearson was on the ground in Paris and reported the following:

“It’s chaos. It was when I went in at 6 and is now. I’ve just been outside and there’s tear gas in the air, fans trying to get in and police charging gates. There are still hundreds, even thousands of fans outside. Anyone at this point should have had a ticket check.”

This comes just a week after chaotic scenes ahead of the Europa League Final in Sevilla.

Later, Liverpool released a statement saying they were requesting a formal investigation into “unacceptable issues.”

UEFA said that “turnstiles at the Liverpool end became blocked by thousands of fans who had purchased fake tickets which did not work”, before adding it was “sympathetic” to those affectd and that a review would be undertaken.

After the game, Parisian police released a statement saying “a large number of supporters without match tickets or holding false tickets disrupted access to the Stade de France at the external security perimeter. These fans exerted strong pressure to enter the stadium and delayed the access of ticketed spectactors. Taking advantage of this action, a number of people managed to get through the gates protecting the stadium.”

Source…

German automakers targeted in year-long malware campaign

/in


Car manufacturer

A years-long phishing campaign has targeted German companies in the automotive industry, attempting to infect their systems with password-stealing malware.

The targets include both car manufacturers and car dealerships in Germany, and the threat actors have registered multiple lookalike domains for use in their operation by cloning legitimate sites of various organizations in that sector.

These sites are used to send phishing emails written in German and host the malware payloads downloaded to targeted systems.

Various lookalike domains used in this campaign
Various lookalike domains used in this campaign (Check Point)

Researchers at Check Point discovered this campaign and published a technical report where they presented the details of their findings. According to the report, the campaign started around July 2021 and is still ongoing.

Targeting the German auto industry

The infection chain begins with an email sent to specific targets containing an ISO disk image file that bypasses many internet security controls.

For example, the phishing email below pretends to contain an automobile transfer receipt sent to what appears to be a targeted dealership.

Samples of malicious emails seen by Check Point
One of the malicious emails seen by Check Point

This archive, in turn, contains an .HTA file that contains JavaScript or VBScript code execution via HTML smuggling.

Generic infection chain
Generic infection chain (Check Point)

This is a common technique used by hackers of all skill tiers, from “script kiddies” that rely on automated kits to state-sponsored actors that deploy custom backdoors.

While the victim sees a decoy document that is opened by the HTA file, malicious code is executed in the background to fetch the malware payloads and launch them.

Decoy document
Decoy document (Check Point)

“We found several versions of these scripts, some triggering PowerShell code, some obfuscated, and others in plain text. All of them download and execute various MaaS (Malware as a Service) info-stealers.” – Check Point.

The MaaS info-stealers used in this campaign vary, including Raccoon Stealer, AZORult, and BitRAT. All three are available for purchase in cybercrime markets and darknet forums.

In later versions of the HTA file, PowerShell code runs to change registry values and enable content on the Microsoft Office…

Source…