What we know about Russian hackers — and how to stop them — after a year of cyberwar in Ukraine

Moscow’s cyber operatives will target any nation supporting Ukraine, but a global coalition can win on the digital battlefield.

The post What we know about Russian hackers — and how to stop them — after a year of cyberwar in Ukraine appeared first on CyberScoop.

Continue reading What we know about Russian hackers — and how to stop them — after a year of cyberwar in Ukraine

Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup

Cyber insurance have already started to find other ways to avoid covering losses related to cyberattacks linked to nation-state hackers.

The post Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup appeared first on CyberScoop.

Continue reading Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup

Former DNC security officer Bob Lord joins CISA

Lord cleaned up the Democratic Party’s cybersecurity practices in the aftermath of the 2016 hacks.

The post Former DNC security officer Bob Lord joins CISA appeared first on CyberScoop.

Continue reading Former DNC security officer Bob Lord joins CISA

US says it disrupted Russian botnet ‘before it could be weaponized’

The botnet was being assembled by Russia’s foreign intelligence agency, the GRU, Attorney General Merrick Garland said at a news conference.

The post US says it disrupted Russian botnet ‘before it could be weaponized’ appeared first on CyberScoop.

Continue reading US says it disrupted Russian botnet ‘before it could be weaponized’

Ukraine exposes expansive Russian hacking operation targeting its government, infrastructure

Ukraine’s top law enforcement agency published a detailed analysis Thursday outing what it says are Russian hackers and “traitors who sided with the enemy” behind a sweeping campaign that began in 2014. The hackers, according to the Security Service of Ukraine, are responsible for more than 5,000 cyberattacks on Ukrainian state entities and critical infrastructure that attempted to “infect” more than 1,500 government computer systems. The report says the Russian intelligence agency the Federal Security Service (FSB) is behind the “Armageddon” group, known more broadly outside Ukrainian borders as Gamaredon or Primitive Bear. It’s distinct from other Russian intelligence and military hacking groups behind attacks on targets around the world, including the infamous hacks of the Democratic National Committee and Hillary Clinton’s campaign ahead of the 2016 elections. Armageddon dates back to 2013 or 2014, the Ukrainian report says, making it “relatively young,” but nevertheless worthy of attention and “able […]

The post Ukraine exposes expansive Russian hacking operation targeting its government, infrastructure appeared first on CyberScoop.

Continue reading Ukraine exposes expansive Russian hacking operation targeting its government, infrastructure

Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group

Evil Corp., one of the most notorious and prolific Russian cybercrime groups in recent years with a leader who has been accused of working with Russian intelligence, was reportedly behind last weekend’s cyberattack on Sinclair Broadcast Group. The revelation, first reported by Bloomberg Wednesday, is noteworthy because the U.S. Treasury department sanctioned the group in December, 2o19, making any U.S. company’s transactions with it illegal. The group used a new strain of malware called Macaw in the Sinclair attack, said Allan Liska, a senior threat analyst at Recorded Future. The Justice Department also announced a sealed indictment against Evil Corp. leader Maksim Yakubets in 2019 the same day as the Treasury sanctions. The U.S. government accused Yakubets and another Russian national, Igor Turashev, of being behind malware strains known as Bugat and Dridex, which authorities say hackers employed to target hundreds of banks in more than 40 countries and net the […]

The post Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group appeared first on CyberScoop.

Continue reading Notorious Russian ransomware gang Evil Corp. reportedly hit Sinclair Broadcast Group

Operator of Deer.io, a hosting platform for cybercriminal services, is sentenced to 2.5 years

A Russian man was sentenced to 30 months in prison for running a website that sold stolen credit card data and other personal information to cybercriminals, according to a Department of Justice announcement. The Russian man, Kirill Victorovich Firsov, was first arrested last year, and pleaded guilty to hacking-related charges in January. Firsov was accused of having run the site, Deer.io, which hosted other cybercriminals’ shops, since 2013. Users could create accounts on Deer.io, using the platform as a foundation for their own sales. Deer.io raked in $17 million worth of sales and sold at least $1.2 million in U.S.-based stolen information, according to the Department of Justice. Many of transactions involved Americans’ names, current addresses, telephone numbers, and Social Security numbers. The Department of Justice acknowledged that U.S. law enforcement had some difficulty gaining a foothold into the site given that it was run out of Russia, but Suzanne […]

The post Operator of Deer.io, a hosting platform for cybercriminal services, is sentenced to 2.5 years appeared first on CyberScoop.

Continue reading Operator of Deer.io, a hosting platform for cybercriminal services, is sentenced to 2.5 years

‘Gamaredon’ hackers target Ukrainian officials amid rising Russian tensions

Russian hackers have a long history of going after organizations in Ukraine, but one group especially has tunnel vision for the former Soviet republic. And recently, it looks like those hackers returned with a new campaign targeting Ukrainian government officials, threat researchers say. Gamaredon — also known as Primitive Bear — is behind the malicious cyber activity, Anomali concluded with “high confidence” in research shared with CyberScoop in advance of its publication. The campaign first appeared in January and ran through at least mid-March, Anomali said. Publication of the research coincides with escalating tensions between the two nations, with a Russian troop buildup along the Ukrainian border. “This one is interesting because the alignment of real world events is just another indication of potential hybrid warfare that Russia is known to engage in,” said Gage Mele, lead cyber threat intelligence analyst at Anomali. It caps a busy period for Gamaredon, […]

The post ‘Gamaredon’ hackers target Ukrainian officials amid rising Russian tensions appeared first on CyberScoop.

Continue reading ‘Gamaredon’ hackers target Ukrainian officials amid rising Russian tensions

U.S. government accuses Russian companies of recruiting spies, hacking for Moscow

The Biden Administration took a sideswipe at the Russian government’s network of companies it allegedly relies on to conduct intelligence and military hacking Thursday — part of a broader effort to beat back Russian government hacking and information operations targeting Americans, the U.S. private sector and the federal government. In one of the most striking actions the Biden administration took Thursday, the U.S. Treasury Department sanctioned Positive Technologies, a cybersecurity firm headquartered in Moscow. According to the Treasury Department, Positive Technologies may appear to be a regular IT firm, but it actually supports Russian government clients, including the Federal Security Service. The firm also “hosts large-scale conventions that are used as recruiting events for the FSB and GRU,” the Treasury Department said, referring to the Federal Security Service (FSB) and Russia’s Main Intelligence Directorate (GRU). U.S. intelligence documents show that the company has gone even further at times and has […]

The post U.S. government accuses Russian companies of recruiting spies, hacking for Moscow appeared first on CyberScoop.

Continue reading U.S. government accuses Russian companies of recruiting spies, hacking for Moscow