Tag Archive for: GRU

Cyberattacks hit Albania. Threat actors prospect journalists. GRU trolls researchers. CISA opens a liaison office in London.

/in


Dateline Moscow, Kyiv: Notes on the hybrid war.

Ukraine at D+144: Firing for whatever effect. (The CyberWire) Heavy Russian artillery fire continues along the line of contact, The strikes are regarded as a preparation for a renewed offensive in the Donbas, as spoiling attacks against a feared Ukrainian counter-offensive in the southern region, as direct terrorism of the civilian population, as a crude expression of a deterrent to HIMARS attacks against high-value targets, and, finally, as a form of attack Russia’s army is actually able to carry out. In the cyber phase of the hybrid war, the GRU seems to be trolling researchers who look into its activities.

Russia-Ukraine war: List of key events, day 144 (Al Jazeera) As the Russia-Ukraine war enters its 144th day, we take a look at the main developments.

Russia-Ukraine war at a glance: what we know on day 144 of the invasion (the Guardian) Evacuations from Sviatohirsk Lavra in Donetsk; Russian forces reportedly preparing new offensive; all bodies identified after Vinnytsia missile attack

Russia-Ukraine war update: what we know on day 143 of the invasion (the Guardian) At least three killed and 15 hurt in Dnipro missile strike; UK says Kremlin responsible for British captive’s death; Ukraine reports May peak in military losses

Russia prepares for next Ukraine offensive in face of new Western weapons (Reuters) As Western deliveries of long-range arms begin to help Ukraine on the battlefield, Russian rockets and missiles have pounded cities in strikes that Kyiv says have killed dozens in recent days.

Ukraine braces for further Russian missile strikes as civilian death toll rises (the Guardian) At least 37 deaths across country since Thursday as residential areas appear to be targeted

Russian War Report: Russian missiles strike Vinnytsia (Atlantic Council) Russian forces launched a missile attack on the Ukrainian town on Vinnytsia, Russia’s public death toll grows, and Iran’s coverage of the war.

Russia escalating attacks on civilians, says top Ukrainian official (the Guardian) Head of national security council says ‘more and more civilian targets’ being hit, after deadly Vinnytsia attack

‘They have come to destroy us’: Ukrainians on…

Source…

The FBI Disrupted Russian Gru Botnet Malware Through a Court Order Before It Could Be Weaponized

/in


The Federal Bureau of Investigation (FBI) said it shut down a Russian GRU botnet malware through a court-authorized operation before it could be weaponized.

The botnet targeted Firebox firewall hardware used by many small and midsized businesses from WatchGuard Technologies.

The DOJ said the operation involved copying and removing “malware from vulnerable internet-connected firewall devices that Sandworm used for command and control (C2) of the underlying botnet.”

U.S. Attorney General Merrick Garland also disclosed that US authorities worked with WatchGuard to analyze the malware, remove it before it could be used, and create detection and remediation techniques.

Russian GRU botnet malware linked to Sandworm APT

FBI said the botnet used Cyclops Blink malware associated with Sandworm (also Voodoo Bear) team. The group is associated with the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

“This GRU team, Sandworm, had implanted a specific type of malware known as Cyclops Blink on thousands of WatchGuard Technologies’ Firebox devices—these are security appliances, mainly firewalls, that are typically deployed in home office environments and in small to mid-size businesses,” FBI Director Christopher Wray, said in a press statement.

Sandworm hacking group is responsible for large-scale cyber attacks including the worldwide NotPetya campaign, Ukraine’s power grid shutdown in 2015, the French presidential campaign hack, the 2018 Winter Olympics Destroyer, and attacks on the Organization for the Prohibition of Chemical Weapons (OPCW).

The Cyclops Blink malware emerged in 2019 as a replacement for the VPNFilter malware that the Justice Department brought down through another court-authorized action in 2018.

On Feb 3, 2022, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued an advisory on Cyclops Blink malware targeting WatchGuard and Asus networking devices.

Similarly, researchers from Trend Micro warned in March 2022 that the Cyclops Blink malware targeted devices in non-critical infrastructure organizations to…

Source…

Reactions to the US sanctions against Russia. Sweden and the GRU. Export controls on personal data. Power grid security.

/in


At a glance.

  • Reaction to the US sanctions against Russia.
  • Sweden thinks the GRU did it, but that there’s no point in prosecuting individuals.
  • Export controls on US personal data?
  • Emerging US policy for enhancing power grid security.

The carrot as the stick: more reactions on the US response to Russian hacking.

The Biden Administration’s much-anticipated response to Holiday Bear’s tear was coupled with an invitation to improve bilateral relations, as SecurityWeek observes. President Biden gave President Putin a heads up about the measures and pitched a summer summit, according to NBC, claiming this “is the time to de-escalate” and expressing the desire to dodge a “downward spiral.” Secretary of State Blinken clarified that Washington seeks “opportunities for cooperation, with the goal of building a more stable and predictable relationship.” Breaking Defense recounts Stanford researcher Herbert Lin’s doubts that the sanctions will steer Moscow towards better behavior, as the Kremlin promises an “inescapable” riposte.  

Atlantic Council notes that the response “leave[s] room for escalation,” for example against Kremlin “cronies,” though the measures have already had significant economic impact. (Foreign Policy mentions that some anticipated stronger action, finding the fiscal policy “timid,” since the more important secondary market for Russian debt was left alone.) Council contributors characterized the move as “big politics,” in contrast to available incremental alternatives, explaining that the approach takes on “Putinism” writ large. They worried, however, that the message delivered was not one of resetting relations, and the simultaneous Black Sea and Nord Stream 2 backtracking, which the Moscow Times and Politico detail, send mixed signals about the US’ resolve.  

In the Administration’s view (via NBC), the reaction was “resolute but proportionate” and preserved the opportunity for mutually beneficial partnership. On Moscow’s view, per Foreign Policy, President Biden is “trying to destroy relations between the two countries.” Others—without holding out hope for a productive reply from Russia— see in the approach a direct…

Source…