Tag Archive for: Thwarted

US cyberwarriors thwarted 2020 Iran election hacking attempt


Iranian hackers broke into to a system used by a U.S. municipal government to publish election results in 2020 but were discovered by cyber soldiers operating abroad and kicked out before an attack could be launched, according to U.S. military and cybersecurity officials.

The system involved in the previously undisclosed breach was not for casting or counting ballots, but rather was used to report unofficial election results on a public website. The breach was revealed during a presentation this week at the RSA Conference in San Francisco, which is focused on cybersecurity. Officials did not identify the local government that was targeted.

“This was not a system used in the conduct of the election, but we are of course also concerned with systems that could weigh on the perception of a potential compromise,” said Eric Goldstein, who leads the cybersecurity division at the U.S. Cybersecurity and Infrastructure Security Agency.

If not expelled from the site, the hackers could have altered or otherwise disrupted the public-facing results page — though without affecting ballot-counting.

“Our concern is always that some type of website defacement, some type of (denial of service) attack, something that took the website down or defaced the website say on the night of the election, could make it look like the vote had been tampered with when that’s absolutely not true,” Major Gen. William J. Hartman, commander of U.S. Cyber Command’s Cyber National Mission Force, told conference attendees Monday.

Hartman said his team identified the intrusion as part of what he termed a “hunt-forward” mission, which gathers intelligence on and surveils adversaries and criminals. The team quickly alerted officials at the U.S. cybersecurity agency, who then worked with the municipality to respond to the intrusion.

Hartman said his team then acted “to ensure the malicious cyber actor no longer had access to the network and was unable to come back into the network in direct support of the elections.”

No details were released on how or from what country the Iranian intrusion was detected.

Source…

Ukraine Says It Thwarted a Sophisticated Russian Cyberattack on Its Power Grid


The attackers may have broken into the electrical company’s systems as early as February, Ukrainian officials said, but they emphasized that some details of the attack, including how the intruders made their way into the company’s systems, were not yet known.

Officials declined to name the company that suffered the breach and the region its substations are in, citing fears of continuing cyberattacks.

“It is self-evident that the aggressor’s team, the malefactors, had enough time to get prepared very thoroughly and they planned the execution on a sophisticated, high-quality level,” said Victor Zhora, the deputy head of Ukraine’s cybersecurity agency, the State Service of Special Communications and Information Protection. “It looks that we have been very lucky that we were able to respond in a timely manner to this cyberattack.”

Ukrainian companies in finance, media and energy have been subject to regular cyberattacks since the war began, according to Mr. Zhora. His agency said that since Russia’s invasion began, it had recorded three times as many attacks as it had tracked in the previous year.

The use of wiper malware has become a persistent problem in Ukraine since the war began, with attacks hitting Ukrainian critical infrastructure, including government agencies responsible for food safety, finance and law enforcement, cybersecurity researchers said.

Hackers have also broken into communications systems, including satellite communication services and telecom companies. Investigations into those breaches are continuing, although cybersecurity…

Source…

Ukraine says potent Russian hack against power grid thwarted – FOX23 News


BOSTON — (AP) — Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers. The helpers include keyboard warriors from U.S. Cybercommand, which declined comment.

The Computer Emergency Response Team of Ukraine thanked Microsoft…

Source…

Ukraine says potent Russian hack against power grid thwarted – WSOC TV


BOSTON — (AP) — Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers. The helpers include keyboard warriors from U.S. Cybercommand, which declined comment.

The Computer Emergency Response Team of Ukraine thanked Microsoft…

Source…