Hacking & Cyberwarfare News and Discussions

User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Iran Says Cyberattack Closes Gas Stations Across Country
by Jon Gambrell
October 26, 2021

https://www.courthousenews.com/iran-say ... s-country/

Introduction:
DUBAI, United Arab Emirates (AP) — A cyberattack crippled gas stations across Iran on Tuesday, leaving angry motorists stranded in long lines.

No group immediately claimed responsibility for the attack, which rendered useless the government-issued electronic cards that many Iranians use to buy subsidized fuel at the pump.

It bore similarities to another attack months earlier that seemed to directly challenge Iran's Supreme Leader Ayatollah Ali Khamenei as the country's economy buckles under American sanctions. Those economic problems worsen as the U.S. and Iran have yet to jointly re-enter Tehran's tattered nuclear deal with world powers.

State television quoted an unnamed official in the country's National Security Council acknowledging the cyberattack, hours after it aired images of long lines of cars waiting to fill up in Tehran. Associated Press journalists also saw lines of cars at Tehran gas stations, with the pumps off and the station closed.

“I have been waiting a couple of hours for the gas stations to reopen so that I can fill up," said a motorcyclist who gave his name only as Farzin. "There is no fuel wherever I go.”
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Europol Detains Hackers Behind 2019 Norsk Hydro Ransomware Attack
by Carly Page
October 29, 2021

https://techcrunch.com/2021/10/29/europ ... rsk-hydro/

Introduction:
(TechCrunch) Europol and its law enforcement partners have disrupted a network of organized cybercriminals behind a string of ransomware attacks that has claimed more than 1,800 victims across 71 countries since 2019.

The EU’s police agency said on Friday that 12 individuals had been “targeted” in raids in Ukraine and Switzerland this week following a two-year investigation. The agency didn’t say whether these individuals had been arrested or charged, and has yet to respond to our request for more information.

The unnamed individuals were “known for specifically targeting large corporations, effectively bringing their business to a standstill,” Europol said. One of the ransomware strains the group used was LockerGoga, the same strain used in the attack against Norwegian aluminum processor Norsk Hydro in March 2019. The cyberattack forced the company’s plants across two continents to stop production for almost a week and cost Norsk Hydro more than $50 million.

In a separate press release, Norway’s National Criminal Investigation Service, commonly known as Kripos, confirmed that the targeted individuals were responsible for the Norsk Hydro attack.

Europol said the hackers also deployed the ransomware MegaCortex and Dharma, as well as malware like TrickBot and post-exploitation tools including Cobalt Strike and PowerShell Empire, to stay undetected and gain further access. “The criminals would then lay undetected in the compromised systems, sometimes for months, probing for more weaknesses in the IT networks before moving on to monetizing the infection by deploying a ransomware,” Europol said.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Robinhood Says Millions of Customer Names and Email Addresses Taken in Data Breach
by Zack Whittaker
November 9, 2021

https://techcrunch.com/2021/11/09/robin ... ta-breach/

Introduction:
(TechCrunch) Online stock trading platform Robinhood has confirmed it was hacked last week with more than five million customer email addresses and two million customer names taken, as well as a much smaller set of more specific customer data.

The company said in a blog post that a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers.

Robinhood said that 10 customers had “more extensive account details revealed.” Robinhood did not say what information specifically, though no Social Security numbers, bank account numbers or debit card numbers were exposed and caused no immediate financial loss to customers.

But it’s precisely that kind of information that malicious hackers can use to facilitate further attacks against victims, like targeted phishing emails, since names and dates of birth can often be used to verify a person’s identity.

The company said once it secured its systems the hacker then “demanded an extortion payment.” Robinhood instead notified law enforcement and security firm Mandiant to investigate the breach.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

What is Log4j? A Cybersecurity Expert Explains the Latest Internet Vulnerability, How Bad It is and What’s at Stake
by Santiago Torres-Arias

https://theconversation.com/what-is-log ... ake-173896

Introduction:
(The Conversation) Log4Shell, an internet vulnerability that affects millions of computers, involves an obscure but nearly ubiquitous piece of software, Log4j. The software is used to record all manner of activities that go on under the hood in a wide range of computer systems.

Jen Easterly, director of the U.S. Cybersecurity & Infrastructure Security Agency, called Log4Shell the most serious vulnerability she’s seen in her career. There have already been hundreds of thousands, perhaps millions, of attempts to exploit the vulnerability.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

How to Avoid Falling into China's 'Data Trap"
Dr. Samantha Hoffman
December 26, 2021

https://techcrunch.com/2021/12/26/how-t ... data-trap/

Introduction:
(TechCrunch) Recent prominent data breach incidents, such as hacks of the Office of Personnel Management, airline passenger lists and hotel guest data have made clear how vulnerable both public and private systems remain to espionage and cybercrime. What is less obvious is the way that a foreign adversary or competitor might target data that is less clearly relevant from a national security or espionage perspective. Today, data about public sentiment, such as the kinds of data used by advertisers to analyze consumer preferences, has become as strategically valuable as data about traditional military targets. As the definition of what is strategically valuable becomes increasingly blurred, the ability to identify and protect strategic data will be an increasingly complex and vital national security task.

This is particularly true with regards to nation-state actors like China, which seeks access to strategic data and seeks to use it to develop a toolkit against its adversaries. Last month, MI6 chief Richard Moore described the threat of China’s “data trap”: “If you allow another country to gain access to really critical data about your society,” Moore argued, “over time that will erode your sovereignty, you no longer have control over that data.” And most governments are only just beginning to grasp this threat.

In testimony to Congress last month, I argued that in order to defend democracy now, we need to better understand how particular datasets are collected and used by foreign adversaries, especially China. And if we’re to properly defend strategic data (and define and prioritize just which datasets should be protected) in the future, we need to get creative about imagining how adversaries might use them.

The Chinese state’s use of technology to enhance its authoritarian control is a topic that has received considerable attention in recent years. The targeting of the Uyghur people in Xinjiang, aided by invasive and highly coercive use of surveillance technology, has been a focal point of this discussion. So, understandably, when most people think about the risks of China’s “tech authoritarianism” going global, they think about how similarly invasive surveillance can go global. But the real problem is far more significant and far less detectable because of the nature of the digital and data-driven technologies concerned.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Finalsite Ransomware Attack Forces 5,000 School Websites Offline
by Carly Page
January 7, 2022

https://techcrunch.com/2022/01/07/final ... s-offline/

Introduction:
(TechCrunch) Finalsite, an internet software house that provides school districts with website design, hosting and content management solutions, has been hit by a ransomware attack.

Earlier this week, school districts whose websites are hosted by Finalsite discovered that they were no longer accessible or displayed errors. While at the time Finalsite blamed the issues on “performance difficulties” across different services, the Glastonbury, Connecticut-based company has since confirmed the outage was caused by ransomware.

“On Tuesday, January 4, our team identified the presence of ransomware on certain systems in our environment,” the company said in a statement. “We immediately took steps to secure our systems and to contain the activity. We quickly launched an investigation into the event with the assistance of third-party forensic specialists, and began proactively taking certain systems offline.”

Finalsite spokesperson Morgan Delack told TechCrunch that 5,000 of its total 8,000 global customers — including school districts in Kansas City, Illinois and Missouri — are affected by the incident. In addition to website outages, one Reddit user claimed the incident also prevented some schools from sending email notifications about school closures due to COVID-19 outbreaks.

In its latest status update, Finalsite says the “vast majority of front-facing websites are online,” though notes that “some sites may still lack proper styling, admin log-in functionality, calendar events, or constituent directories.” One Finalsite customer, the Holy Ghost Preparatory School in Pennsylvania, said on Friday that while its website is back online, registration forms and the email system remain unavailable.
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

A Ransomware Attack Took a New Mexico Jail Offline, Leaving Inmates in Lockdown
by Corin Faife
January 11, 2022

https://www.theverge.com/2022/1/11/2287 ... llo-county

Introduction:
(The Verge) A ransomware attack last week has left an Albuquerque area jail without access to its camera feeds and rendered automatic door mechanisms unusable. Inmates have been confined to their cells as a result, while technicians struggled to bring systems back online.

As first reported by the Albuquerque Journal, visitor access to the Metropolitan Detention Center was completely suspended as the jail was put into lockdown. All internet services at the jail were also knocked offline, leaving staff unable to look up inmate records.

Based on the lack of camera coverage, all inmates within the facility were placed on lockdown from the morning of January 5th. Further, according to an emergency notice filed by the county, the incident tracking database containing all reports of fighting, use of force, and allegations of sexual assault was not available and is believed to be corrupted by the attack.

“In the early morning of January 5, 2022, the automatic door mechanisms at MDC were unusable, meaning that staff had to use keys to manually open facility doors,” wrote Taylor Rahn, an attorney for the county, in a court notice related to the lockdown. “One of the most concerning impacts of the cyber attack is that MDC is unable to access facility cameras. As of the evening of January 5th, there was no access to cameras within the facility.”

The detention center was just one point of impact in a larger ransomware attack that struck Bernalillo County, the most populous county in New Mexico, on January 5th. County employees were left unable to access any local government databases, and all public offices were temporarily closed. A press release dated January 10th noted that county office headquarters were still only partially re-opened.
Don't mourn, organize.

-Joe Hill
User avatar
wjfox
Site Admin
Posts: 8733
Joined: Sat May 15, 2021 6:09 pm
Location: London, UK
Contact:

Re: Hacking & Cyberwarfare News and Discussions

Post by wjfox »

Ukraine hit by ‘massive’ cyber-attack on government websites

Fri 14 Jan 2022 08.45 GMT

Ukraine has been hit by a “massive” cyber-attack, with the websites of several government departments including the ministry of foreign affairs and the education ministry knocked out.

Officials said it was too early to draw any conclusions but they pointed to a “long record” of Russian cyber assaults against Ukraine, with the attack coming after security talks between Moscow and the US and its allies this week ended in stalemate.

Suspected Russian hackers left a message on the foreign ministry website, according to reports. It said: “Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.”

The message reproduced the Ukrainian flag and map crossed out. It mentioned the Ukrainian insurgent army, or UPA, which fought against the Soviet Union during the second world war. There was also a reference to “historical land”.

https://www.theguardian.com/world/2022/ ... an-hackers


Image
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

^^^^Ahhh, kleptocrats. You have got to love them...or not. See also vvvv.

North Korea Hacked Nearly $400 Million in Cryptocurrency in Last Year

https://techcrunch.com/2022/01/14/north ... last-year/

Introduction:
(TechCrunch) North Korean hackers launched at least seven attacks on cryptocurrency platforms last year to steal almost $400 million worth of digital assets, according to a report by blockchain analysis firm Chainalysis.

“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” the report said.

The attacks primarily targeted investment firms and centralized exchanges.

The report stated that the hackers siphoned the funds from the organizations’ internet-connected “hot wallets” into DPRK-controlled addresses by using complex tactics including phishing lures, code exploits, malware, and advanced social engineering.

“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report said
Don't mourn, organize.

-Joe Hill
User avatar
caltrek
Posts: 6509
Joined: Mon May 17, 2021 1:17 pm

Re: Hacking & Cyberwarfare News and Discussions

Post by caltrek »

Russia’s FSB Says it Has Taken Down REvil Hacker Group at US Request
by Corin Faife
January 14, 2022

https://www.theverge.com/2022/1/14/2288 ... st-fbi-doj

Introduction:
(The Verge) Russia’s domestic security service, the FSB, has arrested numerous members of the REvil hacking group at the request of the US government, the FSB said on Friday. The move, which marks an unusual degree of cooperation between Russian and US agencies, comes amid increasingly aggressive Russian military activity on the Ukrainian border and tense diplomacy as the United States attempts to prevent armed conflict.

Reporting by the Russian Interfax news agency claimed that the FSB seized 426 million rubles ($5.6 million) in a raid against 14 members of the group, along with more than $600,000 worth of cryptocurrency and 20 luxury cars. The FSB told Interfax that it was acting at the request of US authorities and had informed them of the results of the operation. The operation effectively dismantled REvil as an entity, the FSB said.

The Biden administration has long called on Russia to do more to crack down on ransomware gangs operating within the country, though with limited success until now. Analysts have tied Russian groups to extensive ransomware operations in Europe and the US, often without interference from local law enforcement. With no extradition treaty in place, the Russian government has been accused of sheltering cybercriminals provided they do not attack domestic targets.

US agencies have intensified their pursuit of REvil after the FBI linked it to the hack that shut down the Colonial Pipeline in May 2021. REvil was also behind a cyberattack against meat supplier JBS, also in May 2021, which shut down the company’s meat processing plants across the US.

One alleged member of REvil was arrested by Polish authorities in November 2021 after being indicted by the US. According to reporting in Reuters, a source close to the case said that the FSB would not hand over REvil group members with Russian citizenship to the United States after the latest arrests.
caltrek comment: Well, I suppose if this keeps up, will have to start posting these kinds of articles in the Police and Law Enforcement Thread as "cyberwarfare" will no longer be quite apt.
Don't mourn, organize.

-Joe Hill
Post Reply