Tag Archive for: military
Hacker Group Linked to Russian Military Claims Credit for Cyberattack on Kyivstar
Over nearly a decade, the hacker group within Russia’s GRU military intelligence agency known as Sandworm has launched some of the most disruptive cyberattacks in history against Ukraine’s power grids, financial system, media, and government agencies. Signs now point to that same usual suspect being responsible for sabotaging a major mobile provider for the country, cutting off communications for millions and even temporarily sabotaging the air raid warning system in the capital of Kyiv.
On Tuesday, a cyberattack hit Kyivstar, one of Ukraine’s largest mobile and internet providers. The details of how that attack was carried out remain far from clear. But it “resulted in essential services of the company’s technology network being blocked,” according to a statement posted by Ukraine’s Computer Emergency Response Team, or CERT-UA.
Kyivstar’s CEO, Oleksandr Komarov, told Ukrainian national television on Tuesday, according to Reuters, that the hacking incident “significantly damaged [Kyivstar’s] infrastructure [and] limited access.”
“We could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access,” he continued. “War is also happening in cyberspace. Unfortunately, we have been hit as a result of this war.”
The Ukrainian government hasn’t yet publicly attributed the cyberattack to any known hacker group—nor have any cybersecurity companies or researchers. But on Tuesday, a Ukrainian official within its SSSCIP computer security agency, which oversees CERT-UA, pointed out in a message to reporters that a group known as Solntsepek had claimed credit for the attack in a Telegram post, and noted that the group has been linked to the notorious Sandworm unit of Russia’s GRU.
“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 computers, more than 4 thousand servers, all cloud storage and backup systems,” reads the message in Russian, addressed to Ukrainian president Volodymyr Zelenskyy and posted to the group’s Telegram account. The message also includes screenshots that appear to show access to Kyivstar’s network, though this could not be verified. “We attacked Kyivstar…
LockBit ransomware gang steals data related to security of UK military bases, due to unpatched Windows 7 PC • Graham Cluley
An attack by the notorious LockBit ransomware gang stole 10 GB of data from a company that provides high-security fencing for military bases.
Zaun says that on 5-6 August a “sophisticated cyber attack” saw hackers exploit an obsolete Windows 7 PC to gain access to the company’s servers, and exfiltrate data which has since been published on the dark web.
According to the firm, classified documents are not believed to have been included in the haul:
“LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised. We are in contact with relevant agencies and will keep these updated as more information becomes available. This is an ongoing investigation and as such subject to further updates.”
In what appears to be an attempt to reduce concern about the security breach, Zaun says that its perimeter fencing is hardly top secret:
“Zaun is a manufacturer of fencing systems and not a Government approved security contractor. As a manufacturer of perimeter fencing, any member of the public can walk up to our fencing that has been installed at these sites and look at it.”
Well, maybe that’s the case. But I would still be alarmed if there was sensitive information contained in the emails and other documents that were stolen. For instance, the contact details of personnel at military sites, or the specifics of a most sensitive area’s physical security.
I get the feeling that Zaun may know what it is doing when it comes to physical security, but may be lagging a little behind when it comes to digital security. Mainstream support for Windows 7 ended back in 2015.
Even if your organisation had managed to get itself on the list for extended Windows 7 security updates, the very last time you were able to receive them was until January 2023.
Zaun says it has contacted the National Cyber Security Centre (NCSC) and Information Commissioner’s Office (ICO) about the data breach.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.