Tag Archive for: Ukraine

In Other News: LastPass Vault Hacking, Russia Targets Ukraine Energy Facility, NXP Breach 

/in


SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:  

SentinelOne ends Wiz collaboration following acquisition rumors

SentinelOne has ended its collaboration with cloud security firm Wiz following reports of a potential merger valued at $5-6 billion. SentinelOne shut down the rumors that it’s being acquired by Wiz a few days later, when it announced its decision to unilaterally terminate its six-month-old partnership with Wiz “as a result of their continued lack of execution against their commitments”.

Hackers may be breaking into LastPass vaults compromised in data breach 

Advertisement. Scroll to continue reading.

Some experts believe that threat actors may be breaking into the LastPass vaults compromised in a data breach last year, security blogger Brian Krebs reported. An investigation showed that many security-conscious individuals who had a total of $35 million worth of cryptocurrency stolen from them had used LastPass to store their private key.

Semiconductor company NXP discloses data breach

Dutch semiconductor designer and manufacturer NPX has disclosed a data breach affecting the email addresses of users who had registered an account on npx.com, but had not used it for at least 18 months. No other information was exposed, NPX said. 

Data breach at golf equipment maker Callaway impacts one million people

Callaway, a company that makes clubs, balls and other golf equipment, has disclosed a data breach affecting more than one million people. The firm said it discovered unauthorized access to information such as name, email address, phone number, order history, password, and security question answer. 

New report details how China is weaponizing…

Source…

Russian Propaganda on Ukraine Appears in Minecraft and Other Video Games

/in


Russian propaganda is spreading into the world’s video games.

In Minecraft, the immersive game owned by Microsoft, Russian players re-enacted the battle for Soledar, a city in Ukraine that Russian forces captured in January, posting a video of the game on their country’s most popular social media network, VKontakte.

A channel on the Russian version of World of Tanks, a multiplayer warfare game, commemorated the 78th anniversary of the defeat of Nazi Germany in May with a recreation of the Soviet Union’s parade of tanks in Moscow in 1945. On Roblox, the popular gaming platform, a user created an array of Interior Ministry forces in June to celebrate the national holiday, Russia Day.

These games and adjacent discussion sites like Discord and Steam are becoming online platforms for Russian agitprop, circulating to new, mostly younger audiences a torrent of propaganda that the Kremlin has used to try to justify the war in Ukraine.

In this virtual world, players have adopted the letter Z, a symbol of the Russian troops who invaded last year; embraced legally specious Russian territorial claims in Crimea and other places; and echoed President Vladimir V. Putin’s efforts to denigrate Ukrainians as Nazis and blame the West for the conflict.

“Glory to Russia,” declared a video tutorial on how to construct a flagpole with a Russian flag on Minecraft. It showed a Russian flag over a cityscape labeled Luhansk, one of the Ukrainian provinces that Russia has illegally annexed.

“The gaming world is really a platform that can impact public opinion, to reach an audience, especially young populations,” said Tanya Bekker, a researcher at ActiveFence, a cybersecurity company that identified several examples of Russian propaganda on Minecraft for The New York Times.

Microsoft’s president, Brad Smith, disclosed in April that the company’s security teams had identified recent Russian efforts “basically to penetrate some of these gaming communities,” citing examples in Minecraft and in Discord discussion groups. He said Microsoft had advised governments, which he did not name, about them, but he played down their significance.

“In truth, it’s not the No. 1 thing we should worry…

Source…

Russia Seeds New Surveillance Tech to Squash Ukraine War Dissent

/in


As the war in Ukraine unfolded last year, Russia’s best digital spies turned to new tools to fight an enemy on another front: those inside its own borders who opposed the war.

To aid an internal crackdown, Russian authorities had amassed an arsenal of technologies to track the online lives of citizens. After it invaded Ukraine, its demand grew for more surveillance tools. That helped stoke a cottage industry of tech contractors, which built products that have become a powerful — and novel — means of digital surveillance.

The technologies have given the police and Russia’s Federal Security Service, better known as the F.S.B., access to a buffet of snooping capabilities focused on the day-to-day use of phones and websites. The tools offer ways to track certain kinds of activity on encrypted apps like WhatsApp and Signal, monitor the locations of phones, identify anonymous social media users and break into people’s accounts, according to documents from Russian surveillance providers obtained by The New York Times, as well as security experts, digital activists and a person involved with the country’s digital surveillance operations.

President Vladimir V. Putin is leaning more on technology to wield political power as Russia faces military setbacks in Ukraine, bruising economic sanctions and leadership challenges after an uprising led by Yevgeny V. Prigozhin, the commander of the Wagner paramilitary group. In doing so, Russia — which once lagged authoritarian regimes like China and Iran in using modern technology to exert control — is quickly catching up.

“It’s made people very paranoid, because if you communicate with anyone in Russia, you can’t be sure whether it’s secure or not. They are monitoring traffic very actively,” said Alena Popova, a Russian opposition political figure and digital rights activist. “It used to be only for activists. Now they have expanded it to anyone who disagrees with the war.”

The effort has fed the coffers of a constellation of relatively unknown Russian technology firms. Many are owned by Citadel Group, a business once partially controlled by Alisher Usmanov, who was a target of European Union sanctions as one of Mr. Putin’s…

Source…

A Newly Named Group of GRU Hackers is Wreaking Havoc in Ukraine

/in


Finally, the Russia-based ransomware gang Clop went on a hacking spree that hit US government agencies and international companies including Shell and British Airways. Clop hackers carried out their cybercriminal campaign by exploiting a vulnerability in the file-transfer service MOVEit. The flaw has since been patched, but the full extent of the stolen data and list of targets remains unclear.

But that’s not all. Each week, we round up the biggest security and privacy stories we weren’t able to cover in depth ourselves. Click on the headlines to read the full stories, and stay safe out there.

As Russia has carried out its unprecedented cyberwar in Ukraine over nearly a decade, its GRU military intelligence hackers have taken center stage. The notorious GRU hacker groups Sandworm and APT28 have triggered blackouts, launched countless destructive cyberattacks, released the NotPetya malware, and even attempted to spoof results in Ukraine’s 2014 presidential election. Now, according to Microsoft, there’s a new addition to that hyper-aggressive agency’s cyberwar-focused bench.

Microsoft this week named a new group of GRU hackers that it’s calling Cadet Blizzard, and has been tracking since just before Russia’s full-scale invasion of Ukraine in February 2022. Redmond’s cybersecurity analysts now blame Cadet Blizzard for the destructive malware known as WhisperGate, which hit an array of government agencies, nonprofits, IT organizations, and emergency services in Ukraine in January 2022, just a month before Russia’s invasion began. Microsoft also attributes to Cadet Blizzard a series of web defacements and a hack-and-leak operation known as Free Civilian that dumped the data of several Ukrainian hacking victim organizations online while loosely impersonating hacktivists, another of the GRU’s trademarks.

Microsoft assesses that Cadet Blizzard appears to have the help of at least one private sector Russian firm in its hacking campaign but that it’s neither as prolific nor as sophisticated as previously known GRU groups plaguing Ukraine. But as Russia has switched up the tempo of its cyberwar, focusing on quantity rather than quality of attacks, Cadet Blizzard may play a key…

Source…