Tag: Thwarted | Page 2

Ukraine Says Potent Russian Hack Against Power Grid Thwarted – NBC 5 Dallas-Fort Worth

April 12, 2022/in Computer Security

Russian military hackers attempted to knock out power to millions of Ukrainians last week in a long-planned attack but were foiled, Ukrainian government officials said Tuesday.

At one targeted high-voltage power station, the hackers succeeded in penetrating and disrupting part of the industrial control system, but people defending the station were able to prevent electrical outages, the Ukrainians said.

“The threat was serious, but it was prevented in a timely manner,” a top Ukrainian cybersecurity official, Victor Zhora, told reporters through an interpreter. “It looks that we were very lucky.”

The hackers from Russia’s GRU military intelligence agency used an upgraded version of malware first seen in its successful 2016 attack that caused blackouts in Kyiv, officials said, that was customized to target multiple substations. They simultaneously seeded malware designed to wipe out computer operating systems, hindering recovery.

Authorities did not specify how many substations were targeted or their location, citing security concerns, but a deputy energy minister, Farid Safarov, said “2 million people would have been without electricity supply if it was successful.”

Ukraine’s eastern city of Kharkiv came under heavy shelling on Monday, causing multiple casualties and severe damage.

Zhora, the deputy chair of the State Service of Special Communications, said the malware was programmed to knock out power on Friday evening just as people returned home from work and switched on news reports.

He said that power grid networks were penetrated before the end of February, when Russia invaded, and that the attackers later uploaded the malware, dubbed Industroyer2. The malware succeeded in disrupting one component of the impacted power station’s management systems, also known as SCADA systems.

Zhora would not offer further details or explain how the attack was defeated or which partners may have assisted directly in defeating it. He did acknowledge the depth of international assistance Ukraine has received in identifying intrusions and the challenges of trying to rid government, power grid and telecommunications networks of attackers….

Source…

Exchange Server exploitation spreads. US CYBERCOM says SolarWinds exploitation thwarted. FIN8 is back. TA800’s new access tool.

March 11, 2021/in Internet Security

Microsoft Exchange Server vulnerabilities have been exploited against Norway’s parliament. BleepingComputer reports that the Storting yesterday disclosed that it had lost some data, but that investigation was incomplete, and the full extent of the damage was still unknown. The Storting thinks this attack is unconnected to the incursion by Fancy Bear, Russia’s GRU, that was discovered in December.

Many threat actors, both intelligence services and criminal gangs, have rushed to exploit these Exchange Server vulnerabilities. The FBI and CISA yesterday issued a joint advisory on the Microsoft Exchange Server compromise. It includes a summary of the methods the threat actors are using against their targets as well as a set of actions victims can take to mitigate the damage. The advisory remains coy about attribution (“nation-state actors and cyber criminals are likely among those exploiting these vulnerabilities”).

Reuters’ Chris Bing tweets that CISA expects to release, “soon,” more evidence attributing the SolarWinds compromise to Russia. In the meantime US Cyber Command has offered some reassurance about the dot mil domain. The Record reports that Cyber Command’s Executive Director told the Intelligence and National Security Alliance that “To date, there’s no evidence of a compromise in DoD networks because of the SolarWinds attack. That doesn’t mean we weren’t exposed… The layers of defense we had in place prevented the adversary from advancing from the toehold they had.”

Bitdefender warns that the FIN8 criminal group has resumed operation.

Proofpoint reports that the TA800 gang is using a new initial access tool, Nimzaloader.

Source…

A Tesla Employee Thwarted an Alleged Ransomware Plot – WIRED

August 28, 2020/in Computer Security

A Tesla Employee Thwarted an Alleged Ransomware Plot WIRED
Russian tourist offered employee $ 1 million to cripple Tesla with malware Ars Technica
Elon Musk confirms Tesla was target of foiled ransomware attack TechCrunch
US Arrests Tourist Over Malware Conspiracy Infosecurity Magazine
Tesla and FBI prevented $ 1 million ransomware hack at Gigafactory Nevada Electrek.co
View Full Coverage on read more

“malware news” – read more

Israeli cyber chief: Major attack on water systems thwarted – Federal News Network

June 10, 2020/in Internet Security

Israeli cyber chief: Major attack on water systems thwarted Federal News Network
“cyber warfare news” – read more

Tag Archive for: Thwarted