Tag Archive for: Ukrainian

Russian GRU unit Solntsepek responsible for Kyivstar hack, says Ukrainian intelligence

/in


Kyivstar, SBU cyber experts, government agencies and IT companies continue to restore network

Kyivstar, SBU cyber experts, government agencies and IT companies continue to restore network

The Solntsepek hacking group, which has claimed responsibility for hacking Kyivstar’s mobile network, is part of the Russian military intelligence agency the GRU, the Ukrainian Security Service (SBU) reported on Telegram on Dec. 13.

“We attacked Kyivstar because the company provides communications for the Ukrainian Armed Forces, as well as the government and law enforcement agencies of Ukraine,” Solntsepek claimed on one of its social media channels.

In its message, the group claimed it had destroyed 10,000 computers, more than 4 thousand servers, and all cloud storage and backup systems belonging to Ukraine’s largest mobile operator.

Kyivstar, SBU cyber experts, other government agencies, and IT companies are continuing to restore the network after the attack which left 24 million subscribers without mobile connection.

Read also: Overwhelming cyber-attack took out Ukraine’s largest mobile operator – Kyivstar Pres. explains how

Preliminary estimates suggest that landline internet may be restored today, the SBU said.

The SBU has opened a criminal investigation into the cyber-attack on Kyivstar.

Ukraine’s largest mobile operator Kyivstar experienced a major outage on the morning of Dec. 12, bringing the network down across the entire country. More than 12 hours later, company engineers are still unable to bring it back online.

Initially attributing the disruption to a technical glitch, Kyivstar later confirmed the outage was the result of a hacker attack.

Read also: Major banking platform Monobank experiences massive DDoS attacks following Kyivstar network outage

The Ministry of Digital Transformation subsequently stated that the malfunction had disrupted national roaming services but had not affected the national air raid alert system or the Kyiv metro.

“Kyivstar will definitely provide compensation to subscribers who were unable to use the operator’s services or had no connection,” the company stated. Kyivstar also apologized to subscribers for the temporary inconvenience and thanked them for their understanding.

Restoration efforts for Kyivstar subscribers are underway…

Source…

Hackers impersonated Ukrainian agencies in emails to Polish officials

/in


The hacker group UAC-0050 sent emails claiming to be from Ukrainian government agencies to Polish state authorities, the State Special Communications Service reported on Dec. 8.

Government employees in Poland and Ukraine received emails with subject lines related to “debts” and “legal claims,” according to an investigation carried out by the Computer Emergency Response Team of Ukraine (CERT-UA). The emails also contained attachments in the form of password-protected RAR files.

When opened, these files could infect users’ computers with RemcosRAT or MeduzaStealer malware.

The emails came from legitimate government accounts that had been compromised, according to CERT-UA. Many of them came from the gov.ua domain.

CERT-UA is reportedly taking measures to localize and counteract the cyber threat.

The UAC-0050 hacker group has previously sent emails impersonating the Security Service of Ukraine (SBU), the Pechersk Court, and Ukrtelecom.

The State Special Communications Service came under new leadership on Dec. 1. Yurii Myronenko was named the new agency head after its previous chief Yurii Shchyhol was dismissed amid charges of embezzlement.

Ukraine war latest: Scammers reportedly cheat volunteers out of millions on drone purchases

Key developments on Dec. 8: * Investigation reveals scheme to steal money from volunteers on drone purchases * Germany hands over shells, drones, other equipment in latest delivery to Ukraine * Ambassador: Russia holds 500 Ukrainian medical workers captive * Russian strike on Dnipropetrovsk Obl…

The Kyiv IndependentAlexander Khrebet

We’ve been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.

Source…

Trigona ransomware claimed to be dismantled by Ukrainian hacktivists

/in


BleepingComputer reports that the Trigona ransomware gang had its operations taken down after its servers were compromised and wiped in an attack claimed by the Ukrainian Cyber Alliance hacktivist group.

Exploitation of a critical Confluence Data Center and Server vulnerability, tracked as CVE-2023-22515, enabled UCA hacktivists to infiltrate Trigona’s ransomware infrastructure last week without being detected by the ransomware group. Despite moving to protect its publicly exposed infrastructure following the exposure of its internal support documents by a UCA hacker by the name of “herm1t,” Trigona had hundreds of gigabytes of data from its admin and victim panels, internal systems, blog, and data leak site, as well as its source code, cryptocurrency hot wallets, developer environment, and database records stolen and later deleted by the hacktivists.

Prior to being dismantled, Trigona ransomware compromised Microsoft SQL servers and targeted 15 or more companies across various sectors, including manufacturing and finance.

Source…

Ukrainian Hacktivists Claim Trigona Ransomware Takedown

/in


Fraud Management & Cybercrime
,
Ransomware

Data From Trigona’s Servers Exfiltrated and Wiped Out, Reads a Note on Leak Site

Mihir Bagwe (MihirBagwe) •
October 18, 2023    

Ukrainian Hacktivists Claim Trigona Ransomware Takedown
A screenshot of the Trigona ransomware leak site taken on Oct. 18, 2023

Pro-Ukrainian hackers claimed responsibility for wiping the servers of the Trigona ransomware gang, a recently formed group that may have links to the Russian cybercriminal underground.

See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations


The Ukrainian Cyber Alliance, a hacktivist collective, on Wednesday tweeted a screenshot of the gang’s apparently defaced dark web leak site now displaying a message that “Trigona is gone. The servers of the Trigona ransomware gang has been exfiltrated and wiped out. Welcome to the world you created for others. Hacked by Ukrainian Cyber Alliance.” Trigona dark web sites appeared to be offline as of Wednesday afternoon.


The same message appeared on the hacktivist group’s Telegram channel. The group claims to be a community of cyber activists from various cities in Ukraine. Inform Napalm said the Ukrainian Cyber Alliance formed in 2016 through a merger of separate hacktivist groups.


A hacktivist that goes by the moniker @vx_herm1t on X, formerly known as Twitter, who asserts he is a member of this Ukrainian Cyber Alliance posted in a tweet thread what he said was the Trigona administrator panel access URL and the key for logging in. A self-proclaimed spokesperson for the Ukrainian Cyber Alliance on Facebook going by the name “Sean Brian Townsend” posted a similar message while making light of Russian ransomware hackers’ abilities. “Ransomware is the scavenger of the computer world. They are weak. ‘Terrible Russian hackers,’…

Source…