Tag Archive for: ministry

Russian government websites face ‘unprecedented’ wave of hacking attacks, ministry says

/in


“We are recording unprecedented attacks on the websites of government authorities,” the statement said. “If their capacity at peak times reached 500 GB earlier, it is now up to 1 TB. That is, two to three times more powerful than the most serious incidents of this type previously recorded.”

Wednesday evening, the Russian Emergency Situations Ministry website was defaced by hackers, who altered its content. Notably, the hack replaced the department hotline with a number for Russian soldiers to call if they want to defect from the army — under the title “Come back from Ukraine alive.”

Top news items on the ministry’s front page were changed to “Don’t believe Russian media — they lie” and “Default in Russia is near,” along with a link offering “full information about the war in Ukraine.”

Also Wednesday, insults aimed at President Vladimir Putin and Russians over the situation in Ukraine were added to dozens of Russian judicial websites.

Under recent Russian laws against spreading “fake news about the military,” the use of the words “war” or “invasion” to describe what the Kremlin calls a “special military operation in Ukraine” is punishable with hefty fines and years in prison.

A few days after Russia began its attack on Ukraine, the state-run news agency Tass was hacked and defaced with an ad urging people to “take to the streets against the war.”

Russia’s main public services portal, Gosuslugi, had sustained more than 50 crippling denial-of-service attacks, the Russian Communications Ministry said on Feb. 26.

In early March, multiple other websites were hacked, including the Ministry of Culture, the Federal Penitentiary Service and the Internet regulator Roskomnadzor.

Source…

Hacker Breaches Russian Ministry Computer through Unsecured VNC Ports

/in


Spielerkid89, a hacker who wanted to stay anonymous, managed to breach the computer of a regional Russian Ministry of Health by exploiting sloppy cybersecurity practices.

Although the hacker didn’t intend to harm the system, the breach serves as a perfect example of how poor cybersecurity can compromise vulnerable organizations and devices.

The attacker reportedly decided to probe Russian IP addresses with poor or no authentication and used the Shodan search engine to carry out research, leading to an unsecured open virtual network computing (VNC) port.

After the discovery, the attacker managed to breach the computer of the Ministry of Health in the Omsk region of Russia with no need for authentication such as a username or password.

“I was able to access people’s names, other IP addresses pointing to other computers on the network, and financial documents, too,” the hacker said, according to Cybernews. “It was so easy to gain access to these systems. They shouldn’t be there unauthenticated. That’s a serious security breach of assets right there. I didn’t need anything to get it, really.”

VNC is a type of remote-control software that lets users control computers over a network connection from a distance. Users generally rely on VNC to access their work computer from home or allow support agents to help them with technical issues.

Although VNC offers plenty of security settings, sometimes system administrators overlook them and leave open ports with disabled authentication. This invites a broad range of potentially disastrous attacks, such as theft of sensitive files, setting up backdoors, deploying malicious payloads, installing remote access Trojans, spying on other devices on the network, or wiping the targeted devices clean.

In this case, the hacker didn’t mean to harm the organization and allegedly only took a few screenshots of the compromised system as proof. Users should practice good cyber hygiene, especially while using remote-desktop connection services such as VNC.

  • Use multi-factor authentication (MFA) for VNC servers
  • Review connection logs on a regular basis
  • Enable screen blanking on Windows computers
  • Only allow trusted people to connect to your VNC server
  • Set a complex,…

Source…

Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA

/in


ShadowPad Malware

Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country’s civilian and military intelligence agencies.

“ShadowPad is decrypted in memory using a custom decryption algorithm,” researchers from Secureworks said in a report shared with The Hacker News. “ShadowPad extracts information about the host, executes commands, interacts with the file system and registry, and deploys new modules to extend functionality.”

ShadowPad is a modular malware platform sharing noticeable overlaps to the PlugX malware and which has been put to use in high-profile attacks against NetSarang, CCleaner, and ASUS, causing the operators to shift tactics and update their defensive measures.

Automatic GitHub Backups

While initial campaigns that delivered ShadowPad were attributed to a threat cluster tracked as Bronze Atlas aka Barium – Chinese nationals working for a networking security company named Chengdu 404 – it has since been used by multiple Chinese threat groups post 2019.

In a detailed overview of the malware in August 2021, cybersecurity company SentinelOne dubbed ShadowPad a “masterpiece of privately sold malware in Chinese espionage.” A subsequent analysis by PwC in December 2021 disclosed a bespoke packing mechanism – named ScatterBee – that’s used to obfuscate malicious 32-bit and 64-bit payloads for ShadowPad binaries.

The malware payloads are traditionally deployed to a host either encrypted within a DLL loader or embedded inside a separate file along with a DLL loader, which then decrypts and executes the embedded ShadowPad payload in memory using a custom decryption algorithm tailored to the malware version.

ShadowPad Malware

These DLL loaders execute the malware after being sideloaded by a legitimate executable vulnerable to DLL search order hijacking, a technique that allows the execution of malware by hijacking the method used to look for required DLLs to load into a program.

Select infection chains observed by Secureworks also involve a third file that contains the encrypted ShadowPad payload, which work by executing the legitimate binary (e.g.,…

Source…

Interior ministry suggests seven anti-hacking tricks

/in


Content image - Phnom Penh Post

The interior ministry’s information technology department suggests seven ways to protect computers from hackers. Interior ministry

The Ministry of Interior’s Department of Information Technology has presented seven tips to protect the security of computers and computer systems across the Kingdom to prevent hackers from trespassing and committing cybercrimes.

The department said that while computers play an important role in facilitating many general tasks in the modern world, they also have the potential to cause harm, as any computer that is connected to the internet is capable of being hacked.

They said there were many computers around the world that had been hacked and used to commit various crimes, like extortion, fraud, or the ordering

of illegal goods. To prevent theft

through technology, the ministry has shared seven key tips – using a firewall, updating system and software, avoiding “free” security scans, downloading files with precautions, installing reputable security software, backing up important data; and using a pop-up blocker.

According to the department, a firewall is a protective barrier between a computer and the internet. Everything that goes in and out of a computer must pass through the Firewall. If any viruses attempt to enter the computer, the firewall will immediately block them from access.

The software and internal systems of each company’s computer are constantly being updated for security reasons, so it is important to update the operating system and software regularly, every time an update is issued.

The department also advised people against using anti-virus software that is available for free download from any website as it may contain links to viruses.

People should avoid downloading programmes from any website that they are not familiar with and refrain from downloading files, videos or songs that anonymous people have sent to them as they could contain viruses.

As a precaution, they are advised to use anti-virus and anti-spyware software to remove any viruses that may be on their computer and to prevent new ones from attaching themselves to the system. If the computer already has this software installed, viruses will not be able to…

Source…