Tag Archive for: GRU

Russian GRU unit Solntsepek responsible for Kyivstar hack, says Ukrainian intelligence

/in


Kyivstar, SBU cyber experts, government agencies and IT companies continue to restore network

Kyivstar, SBU cyber experts, government agencies and IT companies continue to restore network

The Solntsepek hacking group, which has claimed responsibility for hacking Kyivstar’s mobile network, is part of the Russian military intelligence agency the GRU, the Ukrainian Security Service (SBU) reported on Telegram on Dec. 13.

“We attacked Kyivstar because the company provides communications for the Ukrainian Armed Forces, as well as the government and law enforcement agencies of Ukraine,” Solntsepek claimed on one of its social media channels.

In its message, the group claimed it had destroyed 10,000 computers, more than 4 thousand servers, and all cloud storage and backup systems belonging to Ukraine’s largest mobile operator.

Kyivstar, SBU cyber experts, other government agencies, and IT companies are continuing to restore the network after the attack which left 24 million subscribers without mobile connection.

Read also: Overwhelming cyber-attack took out Ukraine’s largest mobile operator – Kyivstar Pres. explains how

Preliminary estimates suggest that landline internet may be restored today, the SBU said.

The SBU has opened a criminal investigation into the cyber-attack on Kyivstar.

Ukraine’s largest mobile operator Kyivstar experienced a major outage on the morning of Dec. 12, bringing the network down across the entire country. More than 12 hours later, company engineers are still unable to bring it back online.

Initially attributing the disruption to a technical glitch, Kyivstar later confirmed the outage was the result of a hacker attack.

Read also: Major banking platform Monobank experiences massive DDoS attacks following Kyivstar network outage

The Ministry of Digital Transformation subsequently stated that the malfunction had disrupted national roaming services but had not affected the national air raid alert system or the Kyiv metro.

“Kyivstar will definitely provide compensation to subscribers who were unable to use the operator’s services or had no connection,” the company stated. Kyivstar also apologized to subscribers for the temporary inconvenience and thanked them for their understanding.

Restoration efforts for Kyivstar subscribers are underway…

Source…

Russian GRU Hackers Exploit Critical Patched Vulnerabilities

/in


Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Governance & Risk Management

TA422 Is Targeting Organizations in Europe and North America, Proofpoint Says

Prajeet Nair (@prajeetspeaks) •
December 5, 2023    

Russian GRU Hackers Exploit Critical Patched Vulnerabilities
Russian military intelligence hackers are taking advantage of patched vulnerabilities. (Image: Shutterstock)

In the race between hackers and systems administrators that begins each time a company patches a zero day flaw, a Russian military intelligence hacking unit is often the winner, new research discloses.

See Also: Live Webinar | Cutting Through the Hype: What Software Companies Really Need from ASPM

Multiple studies suggest that organizations require weeks, if not months, to roll out patches while hackers can rush out an exploit of a newly-disclosed vulnerability in days or weeks.

One organization taking advantage of that disconnect is what Proofpoint dubs TA422 – also known as APT28, Fancy Bear and Forest Blizzard. The security firm in a Tuesday report said it has seen the threat actor “readily use patched vulnerabilities to target a variety of organizations in Europe and North America.” U.S. and British intelligence assess that Forest Blizzard is “almost certainly” part of the Russian General Staff Main Intelligence Directorate, better known as the GRU.

Among the n-days exploited by TA422 is CVE-2023-23397, a Microsoft Outlook elevation of privilege vulnerability that allows a remote, unauthenticated attacker to send a specially crafted email that leaks the targeted user’s hashed…

Source…

A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine

/in


Finally, the Russia-based ransomware gang Clop went on a hacking spree that hit US government agencies and international companies including Shell and British Airways. Clop hackers carried out their cybercriminal campaign by exploiting a vulnerability in the file-transfer service MOVEit. The flaw has since been patched, but the full extent of the stolen data and list of targets remains unclear.

But that’s not all. Each week, we round up the biggest security and privacy stories we weren’t able to cover in depth ourselves. Click on the headlines to read the full stories, and stay safe out there.

As Russia has carried out its unprecedented cyberwar in Ukraine over nearly a decade, its GRU military intelligence hackers have taken center stage. The notorious GRU hacker groups Sandworm and APT28 have triggered blackouts, launched countless destructive cyberattacks, released the NotPetya malware, and even attempted to spoof results in Ukraine’s 2014 presidential election. Now, according to Microsoft, there’s a new addition to that hyper-aggressive agency’s cyberwar-focused bench.

Microsoft this week named a new group of GRU hackers that it’s calling Cadet Blizzard, and has been tracking since just before Russia’s full-scale invasion of Ukraine in February 2022. Redmond’s cybersecurity analysts now blame Cadet Blizzard for the destructive malware known as WhisperGate, which hit an array of government agencies, nonprofits, IT organizations, and emergency services in Ukraine in January 2022, just a month before Russia’s invasion began. Microsoft also attributes to Cadet Blizzard a series of web defacements and a hack-and-leak operation known as Free Civilian that dumped the data of several Ukrainian hacking victim organizations online while loosely impersonating hacktivists, another of the GRU’s trademarks.

Microsoft assesses that Cadet Blizzard appears to have the help of at least one private sector Russian firm in its hacking campaign but that it’s neither as prolific nor as sophisticated as previously known GRU groups plaguing Ukraine. But as Russia has switched up the tempo of its cyberwar, focusing on quantity rather than quality of attacks, Cadet Blizzard may play a key…

Source…

SSU dismantles an infowar botnet. HIMARS, atrocities, provocation, and disinformation. A Russian disinformation mouthpiece raises the prospect that there are highly placed traitors in the GRU. Rewards for Justice works toward securing elections from Russian meddling. The case that Russia’s war is genocidal. The case that pan-Slavism has found wayward, but sincere, expression in Mr. Putin’s war.

/in


At a glance.

  • SSU dismantles an infowar botnet.
  • HIMARS, atrocities, provocation, and disinformation.
  • A Russian disinformation mouthpiece raises the prospect that there are highly placed traitors in the GRU.
  • Rewards for Justice works toward securing elections from Russian meddling.
  • The case that Russia’s war is genocidal.
  • The case that pan-Slavism has found wayward, but sincere, expression in Mr. Putin’s war.

Ukraine claims to have taken down a massive Russian bot farm.

The Security Service of Ukraine (SSU) says it dismantled a large Russian botnet operation that was being used to spread Russian propaganda and disinformation. The bots, about a million strong, were herded from locations within Ukraine itself, in the cities of Kyiv, Kharkiv, and Vinnytsia, BleepingComputer reports. Their output took the form of social media posts from inauthentic accounts associated with fictitious personae. The SSU describes the operation as follows: “Their latest ‘activities’ include the distribution of content on the alleged conflict between the leadership of the President’s Office and the Commander-in-Chief of the Armed Forces of Ukraine as well as a campaign to discredit the first lady. To spin destabilizing content, perpetrators administered over 1 million of their own bots and numerous groups in social networks with an audience of almost 400,000 users. In the course of a multi-stage special operation, the SSU exposed the leader of this criminal group. He is a russian citizen who has lived in Kyiv and positioned himself as a ‘political expert.’”

On the other side of the information war, BleepingComputer also reported earlier this week that Ukrainian hacktivists, “Torrents of Truth,” were bundling instructions on how to bypass Russian censorship into movie torrents whose intended audience would be Russian viewers.

HIMARS, atrocities, provocation, and disinformation.

The killing of Ukrainian prisoners of war in Olenivka is by now clearly a Russian atrocity–the prisoners were apparently murdered by their captors. (And we note in passing that the International Committee of the Red Cross still has not been given the access to the prison international law requires.) The prisoners did not die in a…

Source…