Collaborate Disseminate
The material includes information on non-related people and phone records, and Russian businessmen possibly associated with the Trump administration, according to a court document.
The post Federal prosecutors going after alleged Russian hacker mistakenly turn over unrelated case documents, lawyer says appeared first on CyberScoop.
Strontium — a group linked to Russian military intelligence — was using the domains to target Ukrainian institutions, Microsoft said.
The post Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine appeared first on CyberScoop.
Continue reading Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine
The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups. Continue reading Actions Target Russian Govt. Botnet, Hydra Dark Market
The botnet was being assembled by Russia’s foreign intelligence agency, the GRU, Attorney General Merrick Garland said at a news conference.
The post US says it disrupted Russian botnet ‘before it could be weaponized’ appeared first on CyberScoop.
Continue reading US says it disrupted Russian botnet ‘before it could be weaponized’
The Biden administration on Thursday sanctioned Russian oligarchs and organizations for their role in spreading disinformation and supporting Russian President Vladimir Putin’s war in Ukraine, among them a news agency the Treasury Department says has ties to a Russian cyber-espionage and offensive unit. The sanctions targeted nine employees of InfoRos, a nominal news agency primarily run by the GRU, which controls the Russian military intelligence service and operates its own special forces units. According to the Treasury Department, the GRU’s 72nd Main Intelligence Information Center, a unit within Russia’s Information Operations Troops, functions as Russia’s “military force for conducting cyber espionage, influence, and offensive cyber operations” and is InfoRos’ operator. In a news release, the Treasury Department said InfoRos is a network of more than 1,000 websites which “spread false conspiracy narratives and disinformation promoted by GRU officials.” For example, in early December, 2021, Treasury officials said one Ukraine-based InfoRos […]
The post Treasury Department sanctions alleged Russian cyber-espionage, disinformation sources appeared first on CyberScoop.
A long-running hacking group associated with Russian intelligence has developed a new set of tools to replace malware that was disrupted in 2018, according to an alert Wednesday from the U.S. and U.K. cybersecurity and law enforcement agencies. The advanced persistent threat group, known primarily as Sandworm, is now using a “large-scale modular malware framework” that the agencies call Cyclops Blink. Western governments have blamed Sandworm for major incidents such as the disruption of Ukraine’s electricity grid in 2015, the the NotPetya attacks in 2017 and breaches of the Winter Olympics in 2018. Cyclops Blink has largely replaced the VPNFilter malware in Sandworm’s activities since at least June 2019, said the joint alert from the U.K.’s National Cyber Security Centre (NCSC), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI in the U.S. The NCSC also issued a separate analysis paper on Cyclops Blink. […]
The post Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’ appeared first on CyberScoop.
Continue reading Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’
Russia was behind recent disruptions of Ukrainian government and banking websites, a top White House official said Friday. “We have assessed that Russia was responsible for the distributed denial-of-service [DDoS] attacks that occurred earlier this week,” said Anne Neuberger, deputy national security adviser for cyber and emerging technology. Neuberger said the U.S. has “technical information” that shows digital infrastructure belonging Russia’s main intelligence directorate, the GRU, “transmitting high volumes of communication to Ukraine-based IP addresses and domains.” The British government also attributed the attacks to the GRU on Friday. DDoS incidents involve flooding websites with bogus traffic until they’re unavailable to most users. Ukrainian officials earlier this week did not attribute the incidents to a specific actor, but suggested Russia was the only country that would conduct such an operation. Around the same time as Tuesday’s DDoS attacks, Ukrainians also received spam text messages falsely claiming that ATMs didn’t work. […]
The post White House attributes Ukraine DDoS incidents to Russia’s GRU appeared first on CyberScoop.
Continue reading White House attributes Ukraine DDoS incidents to Russia’s GRU
For two years, Russian military hackers have been bombarding hundreds of targets worldwide with passwords to gain access to their networks, making use of a popular open-source tool for managing application workloads, U.S. and U.K. agencies warned in an advisory Thursday. The Russian agency deploys a Kubernetes cluster — a set of worker machines — to conduct their brute force “password spray” attacks that guess commonly-used passwords to get into target networks, according to the advisory from the National Security Agency, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI and the U.K.’s National Cyber Security Centre. It’s the alleged handiwork of Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center, military unit 26165. The hackers, often described as Fancy Bear or APT28, have beeen blamed for a number of high profile intrustions, most prominently for interference in the 2016 U.S. presidential election. The […]
The post US, UK accuse Russian military hackers of battering-ram password attacks against hundreds of targets appeared first on CyberScoop.
The Biden administration is taking the Russian cyber operations ecosystem to task with sanctions pointed at both established Russian companies as well as Russian-controlled entities created by the FSB, GRU and SVR for operational purposes. Coupled wit… Continue reading U.S. Takes Aim at Russia’s Cyber Ops Ecosystem
The Biden Administration took a sideswipe at the Russian government’s network of companies it allegedly relies on to conduct intelligence and military hacking Thursday — part of a broader effort to beat back Russian government hacking and information operations targeting Americans, the U.S. private sector and the federal government. In one of the most striking actions the Biden administration took Thursday, the U.S. Treasury Department sanctioned Positive Technologies, a cybersecurity firm headquartered in Moscow. According to the Treasury Department, Positive Technologies may appear to be a regular IT firm, but it actually supports Russian government clients, including the Federal Security Service. The firm also “hosts large-scale conventions that are used as recruiting events for the FSB and GRU,” the Treasury Department said, referring to the Federal Security Service (FSB) and Russia’s Main Intelligence Directorate (GRU). U.S. intelligence documents show that the company has gone even further at times and has […]
The post U.S. government accuses Russian companies of recruiting spies, hacking for Moscow appeared first on CyberScoop.
Continue reading U.S. government accuses Russian companies of recruiting spies, hacking for Moscow