Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine

Strontium — a group linked to Russian military intelligence — was using the domains to target Ukrainian institutions, Microsoft said.

The post Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine appeared first on CyberScoop.

Continue reading Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine

Sandworm-linked botnet has another piece of hardware in its sights

The CyclopsBlink botnet is now targeting internet routers from hardware maker ASUS, Trend Micro researchers said.

The post Sandworm-linked botnet has another piece of hardware in its sights appeared first on CyberScoop.

Continue reading Sandworm-linked botnet has another piece of hardware in its sights

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

The post IOCs vs. IOAs — How to Effectively Leverage Indicators appeared first on Security Intelligence.

Continue reading IOCs vs. IOAs — How to Effectively Leverage Indicators

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

The post IOCs vs. IOAs — How to Effectively Leverage Indicators appeared first on Security Intelligence.

Continue reading IOCs vs. IOAs — How to Effectively Leverage Indicators

Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’

A long-running hacking group associated with Russian intelligence has developed a new set of tools to replace malware that was disrupted in 2018, according to an alert Wednesday from the U.S. and U.K. cybersecurity and law enforcement agencies. The advanced persistent threat group, known primarily as Sandworm, is now using a “large-scale modular malware framework” that the agencies call Cyclops Blink. Western governments have blamed Sandworm for major incidents such as the disruption of Ukraine’s electricity grid in 2015, the the NotPetya attacks in 2017 and breaches of the Winter Olympics in 2018. Cyclops Blink has largely replaced the VPNFilter malware in Sandworm’s activities since at least June 2019, said the joint alert from the U.K.’s National Cyber Security Centre (NCSC), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI in the U.S. The NCSC also issued a separate analysis paper on Cyclops Blink. […]

The post Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’ appeared first on CyberScoop.

Continue reading Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’

Red Cross attributes hack to nation-state actor

The International Committee of the Red Cross has concluded that a nation-state hacker was behind a cyberattack on its servers discovered last month. A forensic analysis of the attack revealed the use of tools designed specifically to go after ICRC servers, the organization said Wednesday. “This was a sophisticated attack — a criminal act — breaching sensitive humanitarian data,” ICRC Director-General Robert Mardini said. “We know that the attack was targeted because the attackers created code designed solely for execution on the concerned ICRC servers, a technique we believe was designed to shield the hackers’ activities from detection and subsequent forensic investigations.” Separate from Mardini’s statement, the organization released a summary of the technical findings by an unnamed “specialist cyber security company.” The forensic report does not attribute the attack to any specific advanced persistent threat (APT) group, and ICRC declined to speculate on the culprit. “[M]ost of the malicious […]

The post Red Cross attributes hack to nation-state actor appeared first on CyberScoop.

Continue reading Red Cross attributes hack to nation-state actor

Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say

A series of cyberattacks on Ukrainian institutions over the past few weeks — including website defacement, computer-wiping malware and phishing campaigns — have the hallmarks of hacking activity associated with the Russian government, but conclusive attribution remains elusive. Research published Thursday, however, shows how a known Russia-linked hacking group, Gamaredon, could be involved in active targeting of Ukrainian targets, including an attempt to compromise a Western government entity in Ukraine on Jan. 19. The findings, published by Palo Alto Networks’ Unit 42 threat intelligence unit, focus on the group as the Russian military amasses more than 100,000 troops along its border with Ukraine. The U.S. and other NATO governments say it’s preparation for a dramatic military escalation. Unit 42 makes clear that its research does not directly tie Gamaredon to the recent high-profile attacks. The team says it mapped out three “large clusters” of Gamaredon infrastructure that are used to support […]

The post Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say appeared first on CyberScoop.

Continue reading Russia-linked Gamaredon shows signs of possible recent activity in Ukraine, researchers say

Conversation with a top Ukrainian cyber official: What we know, what we don’t, what it means

Cybersecurity officials in Ukraine issued a warning Monday about yet another phishing attack using either compromised or spoofed government email addresses, the second such warning since Saturday. Monday’s alert warned of attackers targeting government institutions with malware-laced bait documents hosted on Discord that come to targets within emails from the National Health Service of Ukraine. The malware deploys a program called OutSteel that looks for certain file extensions and steals them, and also deploys a second malicious program called SaintBot. Monday’s bulletin comes two days after government officials there warned of compromised email accounts from the Ukrainian judiciary being used to target mostly Ukrainian government targets with malware hidden within phony court inquiries. Both operations come roughly two weeks after a cyberattack targeting Ukrainian government systems that wiped some computers and defaced the websites of dozens of agencies’ sites. All of the attacks are linked as part of “hybrid aggression, […]

The post Conversation with a top Ukrainian cyber official: What we know, what we don’t, what it means appeared first on CyberScoop.

Continue reading Conversation with a top Ukrainian cyber official: What we know, what we don’t, what it means

Suspected espionage campaign targets telecoms, IT service firms in Middle East

Hackers targeted a string of telecommunication operators and IT service organizations in the Middle East and Asia over the last six months, according to research published Tuesday. The suspected espionage activity targeted organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos, according to the research from Symantec’s Threat Hunter Team. The “targeting and tactics are consistent with Iranian-sponsored actors,” researchers noted, but stopped short of tying the activity to the Iranian government. Some of the evidence shows a link to Seedworm — otherwise known as MuddyWater — a prolific hacking group with suspected ties to Iran known for concerted espionage efforts dating back to at least 2015. The group previously threatened to kill security researchers who stumbled across one of its command-and-control servers. Its operators have also focused on academia and the tourism industry in multiple countries earlier this year, and governments and other […]

The post Suspected espionage campaign targets telecoms, IT service firms in Middle East appeared first on CyberScoop.

Continue reading Suspected espionage campaign targets telecoms, IT service firms in Middle East

Espionage group targeted hotels, governments, seized on Microsoft Exchange vulnerability

ESET said it discovered the group, which has been active since 2019.

The post Espionage group targeted hotels, governments, seized on Microsoft Exchange vulnerability appeared first on CyberScoop.

Continue reading Espionage group targeted hotels, governments, seized on Microsoft Exchange vulnerability