Tag Archive for: proRussia

DDoS attacks rise as pro-Russia groups attack Finland, Israel

/in


Image: Golden Sikorka/Adobe Stock

The pro-Russia hacker group NoName057(16) reportedly claimed it was behind Denial of Service (DoS) attacks against the Finnish parliament’s website on Tuesday, the day the country joined NATO. The country’s Technical Research Centre of Finland was also hacked, according to Finnish news site, YLE. NoName057(16) is the same group that took responsibility for a distributed denial of service attack, taking down the website for the country’s parliament last August, and who also attacked Ukraine, the U.S., Poland and other European countries.

In January, multiple outlets reported that GitHub had disabled NoName057(16)’s account after the group was linked to attempts to hack the Czech presidential election candidates’ websites.

Jump to:

Israel hit by Killnet proxy

This week, Russia-aligned hacktivists also attacked one of the biggest names in security, Check Point, along with universities and medical centers in Israel, the Jerusalem Post reported.

The group called itself “Anonymous Sudan,” but Nadir Izrael, CTO and co-founder of Israel-based asset visibility and security firm Armis, said the attacker is likely aligned with pro-Russia hacktivist group Killnet.

“For the most part the way security companies track these groups is based on the kinds of messages they post and similarities in text and tools,” he said. “The messages that come from these groups are mostly in Russian and English. It’s a bit like how the FBI does profiling: they look for similar MOs and tools, and backtrack to sources. In the case of DDoS attacks you are looking at lots of different devices worldwide from different regions of the world that are all at once trying to access a certain web site.”

He said it is likely that the next attack will occur on April 7, 2023, as part of the annual OpIsrael, when hackers and hacktivists attack Israeli organizations, companies and personalities.

“Even if the disruption itself doesn’t seem prominent, a cyberattack on a government or an organization can create an underlying fear of chaos amongst citizens,” he said, adding that 33% of global organizations are not taking the threat of…

Source…

Pro-Russia hack campaigns are running rampant in Ukraine

/in


Pro-Russia hack campaigns are running rampant in Ukraine

Getty Images

Pro-Russian threat actors are continuing their unrelenting pursuit of Ukrainian targets, with an array of campaigns that include fake Android apps, hack attacks exploiting critical vulnerabilities, and email phishing attacks that attempt to harvest login credentials, researchers from Google said.

One of the more recent campaigns came from Turla, a Russian-speaking advanced persistent threat actor that’s been active since at least 1997 and is among the most technically sophisticated in the world. According to Google, the group targeted pro-Ukrainian volunteers with Android apps that posed as launchpads for performing denial-of-service attacks against Russian websites.

Google

“All you need to do to launch the process is install the app, open it and press start,” the fake website promoting the app claimed. “The app immediately begins sending requests to the Russian websites to overwhelm their resources and cause the denial of service.”

In fact, a researcher with Google’s threat analysis group said, the app sends a single GET request to a target website. Behind the scenes, a different Google researcher told Vice that the app was designed to map out the user’s Internet infrastructure and “work out where the people that are potentially doing these sorts of attacks are.”

The apps, hosted on a domain spoofing the Ukrainian Azov Regiment, mimicked another Android app Google first saw in March that also claimed to perform DoS attacks against Russian sites. Unlike the Turla apps, stopwar.apk, as the latter app was named, sent a continuous stream of requests until the user stopped them.

Google

“Based on our analysis, we believe that the StopWar app was developed by pro-Ukrainian developers and was the inspiration for what Turla actors based their fake CyberAzov DoS app off of,” Google researcher Billy Leonard wrote.

Other hacking groups sponsored by the Kremlin have also targeted Ukrainian groups. Campaigns included the exploitation of Follina, the name given to a critical vulnerability in all supported versions of Windows that was actively targeted in the wild

Source…

Pro-Russia hackers claim disruption of US Congress website

/in


Pro-Russia hackers claimed responsibility for a cyberattack that briefly interrupted access to a website for U.S. Congress on Thursday night.Related video above: Make sure your home security system is ‘secure’ from hackersAccess to Congress.gov was intermittently disrupted from around 9 p.m. ET Thursday until the website was restored to normal operation “just after” 11 p.m. ET, April Slayton, director of communications for the Library of Congress, which runs the website, told CNN.”The Library of Congress used existing measures to address the attack quickly, resulting in minimal down time,” Slayton said in an email. “The Library’s network was not compromised and no data was lost as a result of the attack.”A Russian-speaking hacking group known as Killnet claimed responsibility for the hack on their Telegram channel. The post included a screenshot of an error message on Congress.gov overlaid with an image of President Joe Biden with a puzzled look on his face.The hackers used a popular tactic known as a distributed denial of service attack (DDoS), according to Slayton, which floods computer servers with phony web traffic in an attempt to knock websites offline. Congress.gov displays information on bills, hearings and other deliberations of Congress.While DDoS attacks can have material consequences, such as when customers can’t access banking websites, they are sometimes more about making a statement and getting noticed.In the prelude to Russia’s full-scale invasion of Ukraine in February, the White House blamed Russian military intelligence for a series of DDoS attacks on Ukrainian government websites.The war in Ukraine has triggered a wave of pro-Russia and pro-Ukrainian hackers who have made political statements and targeted infrastructure in the two countries.Killnet last week claimed responsibility for DDoS attacks on websites of government agencies and private firms in Lithuania. The hackers said it was retaliation for Lithuania blocking the shipment of some goods to the Russian enclave of Kaliningrad.U.S. officials have been on high alert for months for retaliatory Russian cyberattacks after the Biden administration imposed stiff sanctions on Russia for its invasion of…

Source…

Malware campaign inflated views of pro-Russia videos

/in

A botnet designed for Web advertising fraud was also used to nudge up the number of views of some pro-Russian videos on the website DailyMotion, according to security vendor Trustwave.

An investigation into what appeared to be strictly ad fraud turned out to have a surprising political angle, wrote Rami Kogan of Trustwave’s SpiderLabs, in a blog post on Thursday.

“We can’t know for sure who’s behind the fraudulent promotion of video clips, but it appears to be politically motivated,” he wrote.

To read this article in full or to leave a comment, please click here

Network World Security