Anti-Russian denial-of-service app actually infects pro-Ukrainian activists

An app which purported to launch distributed denial-of-service (DDoS) attacks against the internet infrastructure of Russia, was in reality secretly installing malware on to the devices of pro-Ukrainian activists.

Read more in my article on the Hot … Continue reading Anti-Russian denial-of-service app actually infects pro-Ukrainian activists

Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say

Multiple ongoing hacking efforts are either connected to or using the Russian military assault to target a wide range of entities.

The post Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say appeared first on CyberScoop.

Continue reading Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. Continue reading APT trends report Q1 2021

Kaspersky discovers overlap between SolarWinds hack, Turla

Security researchers on Monday linked the SolarWinds breach to a different set of suspected Russian hacking tools, finding commonalities between that attack and the methods of the Turla group. Moscow-based Kaspersky said the source code for Sunburst, one of the nicknames for the malware that attackers used in the SolarWinds hack, overlapped with the Kazuar backdoor that Turla has deployed in the past. The Turla group is known for stalking embassies and ministries of foreign affairs in Europe and elsewhere for sensitive data. Sources have told reporters that the Russian hacking group APT29, or Cozy Bear, is responsible for the SolarWinds attack. Cozy Bear is most often linked to the SVR, the Russian foreign intelligence service. Turla, by contrast, is usually affiliated with another Russian intelligence service, the FSB. U.S. government investigators have only said the attack is “likely Russian in origin.” Cyber threat intelligence firms have been cautious about […]

The post Kaspersky discovers overlap between SolarWinds hack, Turla appeared first on CyberScoop.

Continue reading Kaspersky discovers overlap between SolarWinds hack, Turla

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years. Continue reading Sunburst backdoor – code overlaps with Kazuar

Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks

In a recent cyberattack against an E.U. country’s Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents. Continue reading Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks

How the Pentagon is trolling Russian, Chinese hackers with cartoons

There’s little that Russian hackers hate more than being seen as soft. So when U.S. military hackers saw a way to publicly portray them as bumbling and unthreatening in recent weeks, they seized the moment. It all began when Cyber Command, the U.S. Department of Defense’s offensive cyber arm, started working with a graphics company to illustrate foreign government hackers. The military realized it could punch up the reports it releases on foreign hacking operations by adding illustrations, and try to embarrass or infuriate the foreign hacking shops along the way, one U.S. official told CyberScoop. In one case, when Cyber Command started making plans to expose some state-sponsored espionage operations tied to Russia’s Federal Security Service (FSB), the country’s KGB successor, they turned to the graphics company to develop images that would goad the Russians, the official said. “Russia hates to be seen as cuddly or cozy so we want to tick them off,” said the official, who was not authorized […]

The post How the Pentagon is trolling Russian, Chinese hackers with cartoons appeared first on CyberScoop.

Continue reading How the Pentagon is trolling Russian, Chinese hackers with cartoons

Russian Espionage Group Updates Custom Malware Suite

Turla has outfitted a trio of backdoors with new C2 tricks and increased interop, as seen in an attack on a European government. Continue reading Russian Espionage Group Updates Custom Malware Suite

Why, and how, Turla spies keep returning to European government networks

Turla, a group of suspected Russian hackers known for pinpoint espionage operations, have used updated tools to breach the computer network of an unnamed European government organization, according to new research. The research from consulting giant Accenture shows how, despite a large body of public data on Turla techniques, and a warning from Estonian authorities linking the hackers with Russia’s FSB intelligence agency, the group remains adept at infiltrating European government networks. The hacking tools are tailored to the victim organization, which Accenture did not name, and have been used over the last few months to burrow into the internal network and then ping an external server controlled by the attackers. The stealth is typical of Turla, which is known for stalking embassies and foreign affairs ministries in Europe and elsewhere for sensitive data. Turla’s tools are associated with a damaging breach of U.S. military networks in the mid-to-late 1990s, and an attack on […]

The post Why, and how, Turla spies keep returning to European government networks appeared first on CyberScoop.

Continue reading Why, and how, Turla spies keep returning to European government networks