Tag: russian | Page 5

Ukrainian hackers take out hundreds of Russian space research servers and supercomputers

January 25, 2024/in Internet Security

The cyber warfare between Russia and Ukraine continues as hackers from the latter launch an attack and destroy the database and infrastructure of Russia’s Far Eastern Research Center of Space Hydrometeorology, “Planeta”.

According to Ukraine’s military intelligence agency, the attack resulted in two petabytes of data and 280 servers being destroyed. Additionally, a digital array valued at US$10 million was also lost in the attack, as well as disabling the research centre’s supercomputers beyond repair through the destruction of software.

“One such computing device together with software costs US$350,000. In the conditions of strict sanctions against Russia, to get such a software again it is impossible,” wrote Ukrainian Defence.

Data included satellite and meteorological data used by the Roscosmos space agency, Russian Defence, emergency situations ministries and other government departments.

Adding salt to the wound, airconditioning, emergency power, and humidification systems were also disabled.

“In total, dozens of strategic companies of the Russian Federation, which work on ‘defense’ and play a key role in supporting Russian occupation troops, will remain without critically important information and services for a long time,” the agency added.

“Glory to Ukraine!”

The attack is the latest in a series between Ukraine and Russia, with the latter recently disabling Ukraine’s largest telco, Kyivstar.

The attack, which occurred in December last year, resulted in service outages the telco originally said were the fault of a technical failure, before confirming a cyber attack.

The attack left Kyivstar’s over 25 million customer base, over half the country’s population, without mobile and home internet services.

A day after the incident, the attack was claimed by Russian hackers from the Solntsepek group, which said they wiped thousands of servers and 10,000 computers.

“We, the Solntsepek hackers, take full responsibility for the cyber attack on Kyivstar. We destroyed 10 thousand computers, more than 4 thousand servers, all cloud storage and backup systems,” said the group on Telegram.

“We attacked Kyivstar because the…

Source…

Hewlett Packard Enterprise reveals hack by Russian state actor

January 25, 2024/in Computer Security

Tech firm Hewlett Packard Enterprise says its cloud-based email systems were breached by the same Russian hacking group that compromised some Microsoft email accounts earlier this month.

Hewlett Packard Enterprise, also known as HPE, revealed the breach in a securities filing last week. The incident took place on December 12, 2023, and affected “a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the company said.

“The Company, with assistance from external cybersecurity experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity,” HPE said in the filing.

HPE said it suspects a group sometimes referred to as “Midnight Blizzard” was responsible for last month’s attack.

The hacking group, which US officials and private experts say has links to Russia’s foreign intelligence service, has gained a reputation as one of the stealthiest and most advanced cyber espionage groups in the world. Private analysts have referred to the group as “Midnight Blizzard” or as part of a group known as “APT29,” among other names.

The hackers used bugged software made by US tech firm SolarWinds to break into multiple US government agencies in 2020 to read emails between senior agency officials, US officials have alleged. (The Kremlin denied responsibility.) The spying campaign lasted well over a year and forced a major shakeup in how the US government defends its networks from hackers.

In the years since, the Russian hacking group has continued to use software providers to try to infiltrate US and European government agencies as part of a long-running quest for intelligence to serve the Kremlin, experts who track the hackers have told CNN.

The alleged Russian computer operatives have been particularly adept at breaking into cloud computing networks, as they did with the recent breach of HPE. The FBI has observed the hackers targeting cloud computing environments as far back as 2018, in what the bureau said was a likely tactic meant to cover their tracks.

HPE said in its filing that an investigation found that the December hacking…

Source…

Russian Group Delivering Malware Via Using PDFS: Google

January 23, 2024/in Computer Security

SAN FRANCISCO, CA (IANS) – Google researchers have observed that the notorious Russian threat group — COLDRIVER, focused on credential phishing activities, has now gone beyond it by delivering “malware via campaigns using PDFs as lure documents”.

Also known as ‘UNC4057’, ‘Star Blizzard’ and ‘Callisto’ has focused on credential phishing against Ukraine, NATO countries, academic institutions, and NGOs.

To gain the trust of targets, the group often utilizes impersonation accounts, pretending to be an expert in a particular field or somehow affiliated with the target.

According to new research by Google’s Threat Analysis Group (TAG), Coldriver has increased its activity in recent months and is now using new tactics that can cause more disruption to its victims.

“As far back as November 2022, TAG has observed Coldriver sending targets benign PDF documents from impersonation accounts,” Google said in a blogpost on January 18.

The threat group presents these documents as a new op-ed or other type of article that the impersonation account is looking to publish, asking for feedback from the target. When the user opens the benign PDF, the text appears encrypted, the researchers explained.

If the target responds that they cannot read the encrypted document, the Coldriver impersonation account responds with a link, usually hosted on a cloud storage site, to a “decryption” utility for the target to use.

“This decryption utility, while also displaying a decoy document, is in fact a backdoor, tracked as SPICA, giving Coldriver access to the victim’s machine,” the researchers said.

In 2015 and 2016, TAG observed Coldriver using the Scout implant that was leaked during the Hacking Team incident of July 2015.

SPICA represents the first custom malware that the TAG researchers attribute to being developed and used by Coldriver

The researchers have observed SPICA being used as early as September 2023, but believe that Coldriver’s use of the backdoor goes back to at least November 2022.

Source…