Tag Archive for: russian

APT focus: ‘Noisy’ Russian hacking crews are among the world’s most sophisticated

/in


Unpacking the Matryoshka dolls behind Kremlin-backed cybercrime campaigns

APT focus: 'Noisy' Russian hacking crews are among the world's most sophisticated threat groups

State-sponsored Russian cyber espionage groups are among the most sophisticated of the nation-state threat actors, with an added flair for deception that makes them the canniest of adversaries.

Experts quizzed by The Daily Swig said that Russian cyber-threat actors are among the best in the world, on a par with the top groups operating out of China, and with similar capabilities to western intelligence agencies – especially those with close links to the Federal Security Service (FSB) or military.

What are the techniques and tactics of Russian threat actors?

Russian state-sponsored actors typically have more sophisticated tactics, techniques, and procedures (TTPs) alongside custom malware development capabilities and tighter operational security when compared to other groups.

Xueyin Peh, senior cyber threat intelligence analyst at Digital Shadows, told The Daily Swig: “Russia-linked APT groups are arguably some of the most technically advanced state-sponsored threat groups.

“They have used techniques that enable them to remain undetected for long periods of time, such as in the supply chain attack leveraging SolarWinds’ Orion Platform (which likely began as early as Spring 2020 but was only made known publicly in December 2020).

“This large-scale intrusion and the multiple techniques used to obfuscate their activity are testament to the technical prowess of these groups. In comparison, very few other state-associated APT groups – probably only those linked to the People’s Republic of China – have conducted supply chain attacks of similar scale,” Peh added.

The recent SolarWinds campaign that drew so much attention to the threat of Russian cyber espionage was actually atypical for Russian actors in its use of a technology supply chain access vector, according to some threat intel experts.

SOLARWINDS ATTACK Hackers could have launched supply chain attack months earlier than previously thought

Paul Prudhomme, head of threat intelligence advisory at IntSights, explained: “Russian cyber espionage groups have not historically used such attack vectors on any…

Source…

Election security experts: Pa. GOP trying to play ‘Russian roulette’ with voters’ personal info

/in




  • Katie Meyer/WHYY

As Pennsylvania Republicans have taken steps toward an unprecedented review of the 2020 presidential election and 2021 primary, election and data security experts say their methods — and the clear partisan motivation behind them — are concerning.

A little-used Senate committee controlled by Republicans voted this week to issue a subpoena ordering Pennsylvania’s Department of State to deliver a long list of voter data and other records.

It includes a mix of publicly available and private information: specifically, all registered Pennsylvania voters’ names, dates of birth, and addresses, as well as the last four digits of their social security numbers, driver’s license numbers, and dates of their last voting activity.

They also want all communication records between the Pennsylvania DOS and county officials between May 2020 and 2021, all the directions, policies, and guidance the state had in place related to elections and voting between August 2020 and June 2021, and all election worker training materials used between August 2020 and May 2021.

Most of that information is already available to the public. State communication records are…

Source…

‘Nasty stuff’: Research into Russian push-button cellphones uncovers legion of privacy and security issues

/in


Itel, DEXP, Irbis, and F+ mobile devices put under the microscope

Researchers discover numerous security and privacy issues after analysing Russian cellphones

Many push-button phones on sale in Russia contain backdoors or trojans, a security researcher claims.

According to Russian researcher ‘ValdikSS’, some cellphones are automatically sending SMS messages or transmitting online the fact that the device has been purchased and used, among other issues.

Get the message

As outlined in a technical blog post (Russian language), some models were found to contain a built-in trojan that sends paid SMS messages to short numbers, transmitting text that is downloaded from the server. Others were said to have a backdoor that forwards incoming SMS messages to an unknown server.

ValdikSS says he discovered the issue while considering swapping the USB modems he used to receive SMS messages for phones, as these were cheaper and are capable of taking up to four SIM cards each.

“The research begun due to unexpected behavior of the phone – it sent SMS by itself,” he tells The Daily Swig.

Russian push-button phonesOf the five Russian push-button phones tested, only one was said to be ‘clean’

He then tested a number of push-button models, including the Inoi 101, DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3.

And, he found, some of the phones were not only transmitting IMEI and IMSI numbers for the purposes of tracking sales, but also contained a trojan that sends SMS messages to paid short numbers, after downloading the text and number from a server via the internet.

Finally, a backdoor was found that intercepts incoming SMS messages and forwards them to the server, potentially allowing an attacker to use the phone’s number to register for services that require confirmation via SMS.

Read more of the latest mobile security news

“I was very confused when [a] DEXP SD2160 phone tried to send premium SMS to the number and with the body loaded from its server on the internet,” he says.

“The device, initially manufactured in 2019, was being sold by one of the largest electronic stores in June 2021, with lots of negative reviews in the same store’s website, and they didn’t recall it from sales.

“I’ve watched it to do all the nasty stuff in real time on my GSM…

Source…

New ransomware attacks by Russian hackers highlight cybersecurity challenges

/in


NBC News reported On Friday, “According to cybersecurity firm Huntress Labs, successful ransomware attacks on a single company have spread to at least 200 organizations, making them one of the largest criminal ransomware ever.” NS Washington post Later, he said the attack affected more than 1,000 companies.

according to Forbes, A group of Russian-speaking hackers Claim Responsible for a major ransomware attack and demanded $ 70 million in Bitcoin to recover corporate data.

Faced with these Increase in cyber attacksBusiness leaders continue to face major challenges that make it difficult for businesses to respond to cyber-related crises.

Cyber ​​vulnerabilities and trends

on Wednesday, cobalt Their release Annual report We investigated corporate cyber vulnerabilities and identified trends and risks affecting the cyber security community.Data was collected from the company’s own platform to connect to Ethical hacker According to organizations that need security testing and need to help find and fix security vulnerabilities. Caroline Wong, Cobalt Chief Strategy Officer.

“Unfortunately, the hottest cyberattacks that have occurred in the last few years—Equifax, Solar wind, Colonial pipeline, JBS — It’s not fundamentally different from the types of attacks observed over the last few decades, ”says Wong.

She states: “The first ransomware attack occurred in 1999. The cybersecurity industry knows how to discover, fix, and prevent the occurrence of this type of problem. NS National Vulnerability DatabaseWas created in 2000 and contains over 150,000…

Source…