Tag Archive for: russian

Ukrainian security service identifies Russian FSB officers behind Primitive Bear. US sanctions four spyware firms, including NSO Group.

/in


By the CyberWire staff

Ukrainian security service identifies Russian FSB officers behind Primitive Bear.

Ukraine’s security service, the SSU, has identified five Russian FSB officers as operators behind the Gamaredon threat actor (also known as “Primitive Bear”). The group has specialized in targeting Ukrainian critical infrastructure and classified networks. The group is centered, geographically, in Russian-occupied Ukraine, and the FSB chatter the SSU intercepted includes a lot of whining about getting shafted out of awards and bonuses, recognition going to the undeserving, and everybody having to get tested for COVID at work.

US sanctions four spyware firms, including NSO Group.

The US Department of Commerce has sanctioned four companies for providing spyware to foreign governments. NSO Group and Candiru (both based in Israel) have been added to the Entity List, as have Positive Technologies (a Russian firm), and the Computer Security Initiative Consultancy PTE (headquartered in Singapore).

Of the two Israeli firms, Commerce said they “were added to the Entity List based on evidence that these entities developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers. These tools have also enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists outside of their sovereign borders to silence dissent. Such practices threaten the rules-based international order.”

Positive Technologies and the Computer Security Initiative Consultancy were placed on the Entity List after, Commerce said, “a determination that they traffic in cyber tools used to gain unauthorized access to information systems, threatening the privacy and security of individuals and organizations worldwide.”

The sanctions, Commerce explains, represent a move in support of human rights. “This effort is aimed at improving citizens’ digital security, combating cyber threats, and mitigating unlawful surveillance and follows a recent interim final rule released by the Commerce Department…

Source…

Ukraine Identifies Russian FSB Officers Hacking As Gamaredon Group

/in


Ukraine’s premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon, linking the members to Russia’s Federal Security Service (FSB).

Calling the hacker group “an FSB special project, which specifically targeted Ukraine,” the Security Service of Ukraine (SSU) said the perpetrators “are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014.”

Automatic GitHub Backups

The names of the five individuals the SSU alleges are part of the covert operation are Sklianko Oleksandr Mykolaiovych, Chernykh Mykola Serhiiovych, Starchenko Anton Oleksandrovych, Miroshnychenko Oleksandr Valeriiovych, and Sushchenko Oleh Oleksandrovych.

Since its inception in 2013, the Russia-linked Gamaredon group (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) has been responsible for a number of malicious phishing campaigns, primarily aimed at Ukrainian institutions, with the goal of harvesting classified information from compromised Windows systems for geopolitical gains.

The threat actor is believed to have carried out no fewer than 5,000 cyberattacks against public authorities and critical infrastructure located in the country, and attempted to infect over 1,500 government computer systems, with most attacks directed at security, defense, and law enforcement agencies to obtain intelligence information.

“Contrary to other APT groups, the Gamaredon group seems to make no effort in trying to stay under the radar,” Slovak cybersecurity firm ESET noted in an analysis published in June 2020. “Even though their tools have the capacity to download and execute arbitrary binaries that could be far stealthier, it seems that this group’s main focus is to spread as far and fast as possible in their target’s network while trying to exfiltrate data.”

Besides its heavy reliance on social engineering tactics as an intrusion vector, Gamaredon is known to have invested in a range of tools for scything through organizations’ defenses that are coded in a variety of programming languages such as VBScript, VBA Script, C#, C++, as…

Source…

Editorials: Keep ramping up efforts against Russian hackers | Editorials

/in


Russian cyber intrusions have only increased in the months since President Joe Biden imposed sanctions on Russia and issued a warning in person to Russian President Vladimir Putin, according to organizations that track cyber attacks and media reports. These relentless assaults illustrate our vulnerability in an increasingly connected world and provide fresh evidence of the importance of protecting our nation from such dangerous and unacceptable threats.

The cyber attacks have continued despite a successful international effort led by the FBI to force the closure of one of the major Russian ransom operations.

Mr. Biden tried to get Mr. Putin to rein in Russian hackers working privately to extort money from victims in the West and to steal commercial and government secrets. In January, Congress also passed a law requiring that the White House have a national cybersecurity director who reports directly to the president and is subject to Senate confirmation.

On Wednesday, the administration took perhaps its most significant step with a far-reaching order requiring that almost all federal agencies patch hundreds of cyber vulnerabilities considered major risks for damaging attacks on government computer systems.

Those welcome actions are needed because Russia hasn’t been dissuaded from acting against the United States and other countries. China, Iran and North Korea also remain serious cyber threats.

The Biden administration must continue its efforts to require better cybersecurity for the federal government and its contractors and to persuade nonfederal users of the internet to update their own cyber protections. The administration also needs to mount more counterattacks like the FBI’s recent takedown of REvil, the Russia-affiliated cyber gang whose former partners and associates were responsible for the May closure of the Colonial Pipeline, which created gas shortages in the Eastern United States.

And the administration should sharply intensify economic sanctions against Russia, including Russian access to foreign exchange markets, until there is a clear sign that Mr. Putin has brought his intelligence agencies and his country’s criminal gangs under…

Source…

Graff cyber attack: ‘Tycoons and celebrities on leak list as Russian gang demands ransom’ | World News

/in


Some of the world’s most powerful, wealthy and famous people are thought to have had their personal details stolen by a cybercriminal gang which hacked into the computer systems of exclusive UK jeweller Graff.

The data theft was carried out by Russian group Conti, believed to be based near St Petersburg, which has already leaked 69,000 confidential documents on the so-called dark web, according to reports.

The dark web is the part of the internet which is generally hidden from public view and can only be accessed through special software.

However, it is thought Graff believes the vast majority of people did not suffer any personal data loss – simply their name and address, which are typically available in the public domain from other sources – but not containing details that are considered sufficient to put them at risk of identity theft.

FILE PHOTO: Former U.S. President Donald Trump looks on during his first post-presidency campaign rally at the Lorain County Fairgrounds in Wellington, Ohio, U.S., June 26, 2021. REUTERS/Shannon Stapleton/File Photo
Image:
Some of the files reportedly related to former US president Donald Trump and football superstar David Beckham
David Beckham

Graff operates at the top end of the diamond jewellery market, with more than 60 retail stores worldwide.

Conti is said to be demanding tens of millions of pounds in ransom money to stop the release of further sensitive information.

Documents including client lists, invoices, receipts and credit notes have been taken, according to the Mail on Sunday.

It reports Conti has claimed the information already published, involving about 11,000 of Graff’s clients, represents just 1% of the files it has stolen.

Some of the files related to former US president Donald Trump, TV host Oprah Winfrey, football star David Beckham and retail tycoon Sir Philip Green, claims the paper.

It said around 600 British customers are among the victims named, including Formula One heiress Tamara Ecclestone and ex-England and Chelsea footballer Frank Lampard.

Other stars on the list reportedly include Hollywood actors Tom Hanks, Samuel L Jackson and Alec Baldwin, who has recently hit the headlines after the accidental fatal shooting of cinematographer Halyna Hutchins on the set of Western film Rust.

The British socialite Ghislaine Maxwell, who is awaiting trial on charges of recruiting…

Source…