Tag Archive for: russian

Cyber Security Today, Feb. 16, 2024 – US takes down Russian botnet of routers

/in


U.S. takes down Russian botnet of routers.

Welcome to Cyber Security Today. It’s Friday, February 16th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

American authorities have neutralized a botnet of hundreds of compromised small and home office routers that Russia’s military cyber unit used for attacks. This threat actor is called different names by cybersecurity researchers such as APT28, Fancy Bear and Forrest Blizzard. The compromised devices were Ubiquiti Edge routers whose owners didn’t change the default administrator passwords. The Justice Department said it got court permission to command the malware controlling the devices to delete stolen and malicious files on the routers. Remote management access was also disabled to give the router owners time to mitigate the compromise and reassert full control. However, if owners and administrators don’t change the default password on their Ubiquiti Edge routers they’ll be open to compromise even after a factory reset of the devices. That, of course, is true for any internet-connected device.

This was the second time in two months the U.S. has disrupted state-sponsored hackers launching cyber attacks from compromised American routers.

Also on Thursday the U.S. offered a US$10 million reward for information leading to the identification or location of leaders of the AlphV/BlackCat ransomware operation. Up to US$5 million is also available for information leading to the arrest or conviction of anyone participating in a ransomware attack using this variant. In December the U.S. and several countries said they are going after this gang. As part of that operation a decryptor for this strain of ransomware was released for victims to use. This week the AlphV gang listed Canada’s Trans-Northern Pipleline as one of its victims. The company said the attack happened last November.

ESET has issued patches for several of its server, business and consumer security products for Windows. These include ESET File Security for Microsoft Azure, ESET Security for SharePoint Server, Mail Security for IBM Domino and for Exchange Server and consumer products such…

Source…

U.S. Disrupts Hacking Operation Led by Russian Intelligence

/in


The F.B.I., working with other countries, disrupted a Russian hacking operation that infiltrated more than 1,000 home and small-business internet routers in the United States and around the world, the Justice Department announced on Thursday.

Russian intelligence, collaborating with cybercriminals, created a botnet, or a network of private computers infected with malicious software, to spy on military and security organizations and private corporations in countries like the United States.

Using a court order, the F.B.I. secretly copied and deleted stolen data and malware from hacked routers. Doing this stopped Russia’s ability to use the routers without affecting how they function, officials said.

The F.B.I. director, Christopher A. Wray, shared details of the operation at an annual security conference in Munich.

The disruption is part of a broader effort to stymie Russia’s cybercampaigns against the United States and its allies, including Ukraine. The details of the operation come a day after the Biden administration said it told Congress and its European allies that Russia is seeking to create a space-based nuclear weapon to target the U.S. network of satellites.

For weeks, the White House and proponents in Congress have been trying to persuade House Republicans to continue funding Ukraine’s military operations in its fight against Russia because doing so is critical to American national security.

Speaking in Munich, Mr. Wray said Russia continued to target critical infrastructure, such as underwater cables and industrial control systems, around the world.

“For instance, since its unprovoked invasion of Ukraine, we’ve seen Russia conducting reconnaissance on the U.S. energy sector,” Mr. Wray said. “And that’s a particularly worrisome trend because we know that once access is established, a hacker can switch from information gathering to attack quickly and without notice.”

Mr. Wray warned that China’s abilities in cyberwarfare have also continued to improve.

“The cyberthreat posed by the Chinese government is massive,” Mr. Wray said. “China’s hacking program is larger than that of every other major nation combined.”

Last month, the F.B.I. announced it

Source…

China’s Hikvision, Dahua Security Cameras Heighten Risks Of Russian Attacks On Ukraine

/in


KYIV – As Russia’s full-scale invasion of Ukraine nears the two-year mark, hundreds of thousands of Chinese-made Hikvision and Dahua video-surveillance cameras, used by government-run security systems, residences, and private companies throughout Ukraine, heighten the risks of attacks by the Russian military, Ukrainian digital-security experts and government officials fear.

When Russian missiles struck Kyiv in a January 2 attack that killed at least three people, two ordinary outdoor CCTV cameras – one for a condominium, the other for a parking lot — helped guide their way, the State Security Service of Ukraine (SBU) claims.

A heavily damaged building in Kyiv which was hit by a missile on January 2 that may have been guided by CCTV cameras.

A heavily damaged building in Kyiv which was hit by a missile on January 2 that may have been guided by CCTV cameras.

After hacking the cameras, Russian intelligence used them “to spy on the Defense Forces in the capital” and to record images of “critical infrastructure facilities,” according to the SBU.

One of those cameras was a 2016 Chinese-made Hikvision device, a law enforcement official who requested anonymity because of the sensitivity of the subject told Schemes, the investigative unit of RFE/RL’s Ukrainian Service.

“Such cameras are usually just connected to the Internet and are already relatively outdated — that is, with software that has not been updated for a long time and has many known vulnerabilities,” said Serhiy Denysenko, executive director of the Ukrainian information-security company CyberLab’s Digital Forensics Laboratory.

Information security specialist Serhiy Denysenko (left) with Schemes journalist Kyrylo Ovsyaniy.

Information security specialist Serhiy Denysenko (left) with Schemes journalist Kyrylo Ovsyaniy.

Manufacturers’ “basic” camera software means that “hackers — or, in this case, the Russian special services – who are scanning the Internet can find this camera and gain access to it,” Denysenko said.

To test the SBU’s claims, a Digital Forensics Laboratory specialist hacked into a 2015 Hikvision CCTV camera in about 15 minutes.

From 2014 to 2022, three Ukrainian companies imported over 875,000 CCTV cameras and other devices related to video surveillance made by Hikvision, and a single company imported nearly 1.1 million cameras and other devices related to video…

Source…

Ukrainian hackers take out hundreds of Russian space research servers and supercomputers

/in


The cyber warfare between Russia and Ukraine continues as hackers from the latter launch an attack and destroy the database and infrastructure of Russia’s Far Eastern Research Center of Space Hydrometeorology, “Planeta”.

According to Ukraine’s military intelligence agency, the attack resulted in two petabytes of data and 280 servers being destroyed. Additionally, a digital array valued at US$10 million was also lost in the attack, as well as disabling the research centre’s supercomputers beyond repair through the destruction of software.

“One such computing device together with software costs US$350,000. In the conditions of strict sanctions against Russia, to get such a software again it is impossible,” wrote Ukrainian Defence.

Data included satellite and meteorological data used by the Roscosmos space agency, Russian Defence, emergency situations ministries and other government departments.

Adding salt to the wound, airconditioning, emergency power, and humidification systems were also disabled.

“In total, dozens of strategic companies of the Russian Federation, which work on ‘defense’ and play a key role in supporting Russian occupation troops, will remain without critically important information and services for a long time,” the agency added.

“Glory to Ukraine!”

The attack is the latest in a series between Ukraine and Russia, with the latter recently disabling Ukraine’s largest telco, Kyivstar.

The attack, which occurred in December last year, resulted in service outages the telco originally said were the fault of a technical failure, before confirming a cyber attack.

The attack left Kyivstar’s over 25 million customer base, over half the country’s population, without mobile and home internet services.

A day after the incident, the attack was claimed by Russian hackers from the Solntsepek group, which said they wiped thousands of servers and 10,000 computers.

“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage and backup systems,” said the group on Telegram.

“We attacked Kyivstar because the…

Source…