Hackers hit Moscow internet provider in response to Kyivstar cyber attack, ET Telecom
By James Pearson and Tom Balmforth
LONDON: Hackers linked to Ukraine’s main spy agency have breached computer systems at a Moscow-based internet provider in retaliation for a Russian cyber attack against Ukrainian telecom giant Kyivstar, a source with direct knowledge of the operation told Reuters on Tuesday.
The hacking group, dubbed “Blackjack”, has previously been linked to the Security Service of Ukraine (SBU). The hackers deleted 20 terrabytes of data at M9 Telecom, a small Russian internet and TV provider, leaving some Moscow residents without internet, the source said.
The digital intrusion was a warm-up for a larger cyber attack which would be “serious revenge for Kyivstar”, the source said, citing the hackers. The source did not say when the hack took place.
M9 Telecom did not respond to an emailed request for comment. The company’s website was still online on Tuesday, despite claims by the hacking group that it had been destroyed.
Reuters was unable to independently verify the extent to which the hack was successful. Reached by phone, M9 Telecom’s CEO Andrey Pavolvsky declined to comment.
Kyivstar, Ukraine’s largest mobile network operator, was knocked offline by Russian spies last month in what appeared to be the largest cyber attack since Moscow launched its war on the country in February 2022.
Russian hackers were inside Kyivstar’s systems for months before the attack, Ukraine’s cyber spy chief, Illia Vitiuk, told Reuters last week. The hack caused “disastrous” destruction at the company, he said.
Separately, Ukraine’s military intelligence agency, the GUR, said late on Monday that it had received a large cache of classified Russian military data from the Special Technology Centre (STC), a sanctioned Russian company which produces the Orlan drone and a range of intelligence equipment for Moscow.
Ukraine Claims Revenge Hack Against Moscow Internet Provider
Sources reportedly tipped off Ukraine media to a cyberattack launched this week by the Blackjack cyber group, linked to the Security Service of Ukraine (SBU), that they claim was able to “destroy” the servers of Moscow Internet service provider M9 Telecom.
The ISP’s website was operational on Jan. 9.
Unnamed sources told state-run Ukrainian media outlet Ukrinform that the cyber operation was in retaliation for the Russia-backed breach of Kyivstar mobile phone operator Dec. 12, which caused communications blackouts across Ukraine. The source reportedly added the M9 Telecom cyberattack was just a “warm up” for more “serious revenge for Kyivstar.”
The Blackjack cyber group likewise claimed credit for the late December breach of Moscow’s Rosvodokanal water utility, which the group claimed it was able to pull off with the help of the SBU.
Earlier this month, the SBU’s cyber chief, Illia Vitiuk, warned that Russia’s compromise of Kyivstar, a modern, private company should signal to Western countries that nothing is beyond the reach of sophisticated Russian cyber threats.
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
January 01, 2024
The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden.
Coop is one of the largest retail and grocery providers in Sweden, with approximately 800 stores across the country. The stores are co-owned by 3.5 million members in 29 consumer associations. All surplus that is created in the business goes back to the members or is reinvested in the business, which creates a circular cycle.
The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories.
The Cactus ransomware group added Coop to the list of victims on its Tor leak site.
Threat actors have published ID cards as proof of hack.
In July 2021, the Swedish supermarket chain Coop was the first company to disclose the impact of the supply chain ransomware attack that hit Kaseya.
The supermarket chain Coop shut down approximately 500 stores as a result of the supply chain ransomware attack that hit the provider Kaseya.
Coop doesn’t use Kesaya software, anyway, it was impacted by the incident because one of their software providers does.
According to BleepingComputer, the impacted provider was the Swedish MSP Visma who manages the payment systems for the supermarket chain.
Visma confirmed they were affected by the Kaseya cyber attack that allowed the REvil ransomware to encrypt their customers’ systems.
The Cactus ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.
Kroll researchers reported that the ransomware strain outstands for the use of encryption to protect the ransomware binary.
Cactus ransomware uses the SoftPerfect Network Scanner (netscan) to look for other targets on the network along with PowerShell commands to enumerate endpoints. The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool.
The Cactus ransomware relies on multiple legitimate…
Managed Security Services Provider (MSSP) Market News: 15 November 2023
Each business day, MSSP Alert delivers a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.
- The Content: Written for MSSPs and MSPs; threat hunters; security operations center as a service (SOCaaS); managed detection and response (MDR) and eXtended detection and response (XDR) providers; and those who partner with such companies.
- Frequency and Format: Every business morning. Typically, one or two sentences for each item below.
- Reaching Our Inbox: Send news, tips and rumors to Managing Editor Jim Masters: [email protected].
Today’s MSSP, MSP, MDR, XDR and Cybersecurity Market News
1. Security Partnership: Cloud Range, a cyber range-as-a-service solution provider, is partnering with Washington Technology Solutions (WaTech) to engage in incident response training to enhance the state of Washington’s cyber readiness and prepare practitioners to detect and remediate threats. WaTech operates the state’s core technology services, providing strategic and comprehensive information security to protect state networks from increasing cyber threats while serving state agencies, county, city and tribal governments, and public-benefit nonprofits.
2. Zero Trust Security Certification: The Cloud Security Alliance (CSA), an organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, is offering the Certificate of Competence in Zero Trust (CCZT). CSA created the CCZT to help security professionals build knowledge to drive the definition, implementation and management of zero trust.
3. Leadership Move: Adlumin, a managed detection and response (MDR) provider, has hired Jessvin Thomas as its first chief product officer. With more than two decades of cybersecurity experience at organizations, including Barracuda Networks, Optiv and Blackstone Group, Thomas will lead Adlumin’s product and services teams to continue developing innovative offerings that solve critical security needs.
4. New Security Center Debuts: Living Security, a specialist in human risk management, has launched the Human Risk Operations Center (HROC), fueled by Living Security’s Unify Platform….