Tag: Russialinked

Microsoft unmasks Russia-linked ‘GooseEgg’ malware

April 22, 2024/in Computer Security

Researchers at Microsoft say they have uncovered a malicious tool used by Russian state-sponsored hackers to steal credentials in compromised networks.

The malware, named GooseEgg, exploits a vulnerability labeled CVE-2022-38028 in the Windows Print Spooler service, which manages printing processes. The researchers say GooseEgg appears to be exclusive to a group it tracks as Forest Blizzard, which is associated with Russia’s military intelligence agency, the GRU.

According to the report, Forest Blizzard — as also known as Fancy Bear and APT28 — has been deploying the malware since at least June 2020 against state, nongovernmental, education and transportation organizations in Ukraine, Western Europe and North America.

“The use of GooseEgg in Forest Blizzard operations is a unique discovery that had not been previously reported by security providers,” researchers said.

Microsoft has observed that after obtaining access to a target device, Forest Blizzard uses GooseEgg to elevate privileges within the network. GooseEgg itself is a simple launcher application, but it allows attackers to undertake other actions such as remote code execution, installing a backdoor and laterally moving through compromised networks.

The company patched the Print Spooler security flaw in 2022. “Customers who have not implemented these fixes yet are urged to do so as soon as possible for their organization’s security,” Microsoft said.

In addition to CVE-2022-38028, Forest Blizzard exploits other bugs, such as CVE-2023-23397, which affects all versions of Microsoft Outlook software on Windows devices.

Earlier in December, Microsoft warned that Forest Blizzard has been attempting to use the Microsoft Outlook bug to gain unauthorized access to email accounts within Microsoft Exchange servers since as early as April 2022.

The GRU hackers typically target strategic intelligence assets such as government, energy, transportation and nongovernmental organizations in the U.S., Europe, and the Middle East.

Microsoft has also observed Forest Blizzard targeting media organizations, information technology companies, sports organizations and educational institutions.

Get more…

Source…

U.K Nuke Submarine Base Security Leak; Russia-linked Hackers Put Top Secret Info On Dark Web

September 4, 2023/in Internet Security

Published on Sep 03, 2023 10:50 PM IST

The United Kingdom has been hit by hackers linked to Russia, and secret information has reportedly been put on the internet’s dark web. According to Mirror, notorious hacking group LockBit is behind the leak, and in the past had even tried to unsuccessfully extract millions from Royal Mail.

Source…

Ministry of Defence hit by Russia-linked hackers as security secrets are leaked in data posted online

September 3, 2023/in Internet Security

THE Ministry of Defence has been hit by hackers with links to Russia, as security secrets have been leaked and the data posted online.

Hackers have released thousands of pages of information with could be used by criminals to access the HMNB Clyde nuclear submarine base, the Porton Down chemical weapons lab and a GCHQ listening post.

The Royal Navy’s Trident-class nuclear submarine VanguardCredit: s

Information concerning high-security prisons and a military site key to our cyber defences was also stolen in the raid by group LockBit.

Hackers are said to have targeted the databases of Zaun, a firm which makes the fences for maximum security sites.

The information was published on the internet’s dark web, which can be accessed with specialist software.

It’s thought the information was stolen last month during an attack on the firm based in the West Midlands, according to a report by the Mirror.

I'm a cyber crime expert, how to avoid latest scams like sneaky WhatsApp trick

I’m a cyber expert and there’s 2 websites you must never search for

LockBit is regarded as the world’s most dangerous hacking gang with its keys suspects listed on the FBI’s Most Wanted list.

It’s thought they are responsible for 1,400 attacks on global targets.

The group is also allegedly behind a £66million blackmail attempt on the Royal Mail – with the postal service refusing to cave in to their demands.

A number of Russian nationals have been accused of cyber attacks and held in both the United States and Canada.

LockBit is said to have financial connections to Russian gangsters.

One document which was leaked relates to specific equipment bought to protect Porton Down in Wiltshire.

Zaun describes its work there as “very secretive”.

Another leaked document posted on the dark web is a sales order detailing goods purchased for HMNB Clyde – also known as Faslane – which is home to Trident nuclear subs.

Other documents include a sales order report for equipment at GCHQ’s communications complex in Bude, Cornwall, as well as security equipment at RAF Waddington in Lincolnshire, where the Reaper attack drones squadron is based, and Cawdor Barracks, the base of the 14th Signal Regiment, which deals in electronic warfare.

Detailed drawings for perimeter fencing at Cawdor, in Pembrokeshire, were attached to company emails.

Paperwork…

Source…

How the HWL Ebsworth cyber hack by Russia-linked ALPHV unfolded

May 3, 2023/in Internet Security

Some of those firms had been aware of a possible hack since 5.30pm on Friday, when they were alerted by their IT departments.

This was barely an hour after HWLE became aware – Mailler told Hearsay it was 4.30pm – there a “a potential breach” of its IT network by Russia-linked group ALPHV (aka Black Cat).

Hearsay understands that tech boffins at a number of firms who keep an eye on accounts that patrol the dark web saw a post on the Twitter handle #FalconFeedsio: “ALPHV #ransomware group added HWL Ebsworth, a law firm based in Australia, to their victim list.”

Cyber threat: The tweet sent out on Friday afternoon. Twitter

It’s a common tactic among cybercriminals to go after a business late in the day, at night or over the weekend, when staffing is probably at its lowest.

ALPHV claimed to have access to four terabytes of HWLE data, including employee records and client information such as loan records and agreements.

More information was posted on the internet over the weekend as HWLE worked to understand the depth of the problem. There was alarm at screenshots that indicated the hackers had gained access to correspondence from other big commercial firms, such as Ashurst.

All-staff email

Mailler said partners were kept in the loop over the weekend, and that an all-staff email about the breach was sent out at 8.48pm on Sunday. (Hearsay received its first tip in an email just after 6.30pm.)

On Wednesday afternoon, HWLE issued a second statement for the week that said it was continuing to “investigate and gather accurate information in response to the claim that an unauthorised third party has extracted data from our firm”.

“The privacy and security of our client and employee data remains of the utmost importance to us, and we are in contact with clients to advise them of the situation and the steps we are taking to deal with the event.

“We acknowledge and understand the concern that this will raise for our clients and our people.”

Mailler declined to comment on whether it had received a ransom note.

Ashurst said in a short statement on Thursday that it had “been in contact with HWL Ebsworth”.

“Like many firms, we are also making independent enquiries regarding any…

Source…

Tag Archive for: Russialinked

The United Kingdom has been hit by hackers linked to Russia, and secret information has reportedly been put on the internet’s dark web. According to Mirror, notorious hacking group LockBit is behind the leak, and in the past had even tried to unsuccessfully extract millions from Royal Mail.

All-staff email