Collaborate Disseminate
Russian losses near Kyiv and a looming onslaught in eastern Ukraine may be a factor in the attack, a Ukrainian official said.
The post Russian hackers thwarted in attempt to take out electrical grid, Ukrainians say appeared first on CyberScoop.
Continue reading Russian hackers thwarted in attempt to take out electrical grid, Ukrainians say
The Department of Justice and FBI announced they used remote access technology to shut down a Sandworm botnet.
The post DOJ’s Sandworm operation raises questions about how far feds can go to disarm botnets appeared first on CyberScoop.
The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups. Continue reading Actions Target Russian Govt. Botnet, Hydra Dark Market
The CyclopsBlink botnet is now targeting internet routers from hardware maker ASUS, Trend Micro researchers said.
The post Sandworm-linked botnet has another piece of hardware in its sights appeared first on CyberScoop.
Continue reading Sandworm-linked botnet has another piece of hardware in its sights
A long-running hacking group associated with Russian intelligence has developed a new set of tools to replace malware that was disrupted in 2018, according to an alert Wednesday from the U.S. and U.K. cybersecurity and law enforcement agencies. The advanced persistent threat group, known primarily as Sandworm, is now using a “large-scale modular malware framework” that the agencies call Cyclops Blink. Western governments have blamed Sandworm for major incidents such as the disruption of Ukraine’s electricity grid in 2015, the the NotPetya attacks in 2017 and breaches of the Winter Olympics in 2018. Cyclops Blink has largely replaced the VPNFilter malware in Sandworm’s activities since at least June 2019, said the joint alert from the U.K.’s National Cyber Security Centre (NCSC), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI in the U.S. The NCSC also issued a separate analysis paper on Cyclops Blink. […]
The post Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’ appeared first on CyberScoop.
Continue reading Russia-linked Sandworm reportedly has retooled with ‘Cyclops Blink’
Researchers have found 21 unique vulnerabilities in Exim, a popular mail transfer agent, some of which would allow hackers to run full remote unauthenticated code execution against targets, the Qualys Research Team announced Tuesday. If used properly, attackers could execute commands to install programs, manipulate data, create new accounts or change settings on the mail servers, according to the research. CVE-2020-28017, one of the vulnerabilities, dates as far back as 2004, according to the findings. Qualys and Exim recommend users apply the patches immediately. The Exim Mail Transfer Agent (MTA) vulnerabilities, which Qualys is referring to collectively as 21Nails, affect all versions before Exim-4.94.1. Ten of the flaws can be executed to gain root privileges, while 11 of them can be used to exploit victim systems locally. Hackers could link several of the vulnerabilities together in an attack to run full remote unauthenticated code execution against vulnerable mail servers, Qualys […]
The post Qualys researchers uncover 21 bugs in Exim mail servers appeared first on CyberScoop.
Continue reading Qualys researchers uncover 21 bugs in Exim mail servers
A notorious group of hackers known as Sandworm breached multiple French IT firms and web hosting companies as part of an apparent espionage operation dating back to 2017, France’s national cybersecurity agency said on Monday. France’s Agence nationale de la sécurité des systèmes d’information (ANSSI) issued a report detailing how attackers exploited an IT resource monitoring tool called Centreon, built by a company of the same name, to infiltrate other organizations. While ANSSI did not specifically blame Russia, its report detailed how Sandworm, a hacking group affiliated with the Russian military agency GRU, spent three years from 2017 through 2020 hidden in some networks. The report also did not specify how attackers may have used that access, though security experts told Wired magazine that the group’s mere involvement in such an effort is enough to cause concern. Investigators previously blamed Sandworm for the 2017 NotPetya attack on Ukraine, a 2015 […]
The post France blames Sandworm, a notorious Russian group, for breach that leveraged IT provider appeared first on CyberScoop.
The U.S.Department of Justice officially revealed in October what it said were a number of instances of Russian government-sponsored hacking when it formally indicated six members and officers in Russia’s military agency Russian Main Intelligence Dire… Continue reading 3 Takeaways from Sandworm Hacker Group’s Indictment
The DoJ has charged six Russians, allegedly working for the GRU, with a huge range of computer crimes.
The post GRU Agents Indicted for Hacking Multiple Targets appeared first on Security Boulevard.
Continue reading GRU Agents Indicted for Hacking Multiple Targets
DOJ charges six Russian nationals for their alleged part in the NotPetya, Ukraine power grid and Olympics cyberattacks. Continue reading DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks