Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs

A group known as Solntsepek claimed credit for attacks on the ISPs Triacom, Misto TV, Linktelecom and KIM.

The post Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs appeared first on CyberScoop.

Continue reading Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs

Microsoft: Russian hackers may be readying new wave of destructive attacks

The warning comes as part of an overview of cyberattacks carried out by Russian-linked actors over the past year.

The post Microsoft: Russian hackers may be readying new wave of destructive attacks appeared first on CyberScoop.

Continue reading Microsoft: Russian hackers may be readying new wave of destructive attacks

Attack on Viasat modems possibly came from wiper malware deployed through supply chain

Researchers from SentinelOne say there are reasons to disagree with Viasat’s most recent statement about the Feb. 24 attack.

The post Attack on Viasat modems possibly came from wiper malware deployed through supply chain appeared first on CyberScoop.

Continue reading Attack on Viasat modems possibly came from wiper malware deployed through supply chain

CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations

On March 1, 2022, ESET reported a third destructive data wiper variant used in attacks against Ukrainian organizations dubbed as CaddyWiper. CaddyWiper’s method of destruction is by overwriting file data with “NULL” values. This is the fourth sample of malware IBM Security X-Force has released public content for which has been reportedly targeted systems belonging […]

The post CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations appeared first on Security Intelligence.

Continue reading CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations

Top Ukrainian cyber official praises volunteer hacks on Russian targets, offers updates

Ukraine’s Victor Zhora said the so-called IT Army has done “useful” things, and he offered information about the “CaddyWiper” incident.

The post Top Ukrainian cyber official praises volunteer hacks on Russian targets, offers updates appeared first on CyberScoop.

Continue reading Top Ukrainian cyber official praises volunteer hacks on Russian targets, offers updates

Another round of ‘wiper’ malware appears in Ukrainian networks

Security researchers detected new destructive malware spreading in Ukraine on Wednesday, following evidence of distributed denial-of-service disruptions for government agencies — both of which overlapped with the beginnings of a Russian invasion. ESET said the data-wiping malware was “installed on hundreds of machines in the country,” and there were signs that the attackers had been preparing for almost two months. Silas Cutler, principle reverse engineer and resident hacker at Stairwell, said that the wiper damages a system’s master boot record, which tells a machine how to start up. That’s similar to malware known as WhisperGate that was used in an attack in January in Ukraine. Symantec, too, observed the wiper in action, and confirmed to CyberScoop that it has seen it in Latvia as well. Juan-Andres Guerrero-Saade, principal threat researcher at SentinelOne, said the wiper appeared to be more dangerous than the malware uncovered in January. None of the researchers […]

The post Another round of ‘wiper’ malware appears in Ukrainian networks appeared first on CyberScoop.

Continue reading Another round of ‘wiper’ malware appears in Ukrainian networks

Iranian state media blames hack for apparent fuel shortage, the latest incident to draw attention

Iranian officials say a cyberattack has forced the temporary closure of a government system that manages fuel subsidies, rendering it difficult for many citizens to refuel their cars. While specific details of the incident remain unclear, Iranian state broadcasters cited an unnamed government official who said malicious cyber activity was responsible for the outages. Oil Ministry officials conducted an “emergency meeting” to resolve the issue, while Associated Press journalists observed long lines of motorists dealing with gas shortages at fuel stations in Tehran. The “semiofficial” news agency ISNA reported that fuel pumps would state the message “cyberattack 64411” upon trying to purchase gas, the Associated Press reported. The same number, 64411, also appeared in a July cyber incident that affected Iranian rail systems, a matter that the security firm Check Point attributed to Indra, a hacking group that identifies itself as an Iranian government resistance group. The 64411 number reportedly […]

The post Iranian state media blames hack for apparent fuel shortage, the latest incident to draw attention appeared first on CyberScoop.

Continue reading Iranian state media blames hack for apparent fuel shortage, the latest incident to draw attention

Suspected Iranian hackers pose as ransomware operators to target Israeli organizations

Ever since a 2012 hack that disabled tens of thousands of computers at oil giant Saudi Aramco, suspected Iranian operatives have been known to regularly use data-wiping hacks against organizations throughout the Middle East. Now, one such possible group has been posing as ransomware operators in an effort to conceal the origin of a series of data-wiping hacks against Israeli organizations, according to private-sector investigators. The hackers are demanding extortion fees even when the code they deploy deletes data rather than unlocks it. The findings, published Tuesday by security firm SentinelOne, suggest a growing willingness by certain Iran-linked hacking groups to use tactics associated with financially motivated criminals in order to advance their interests. “Deploying ransomware is a disruptive act that provides deniability, allowing the attackers to conduct destructive activity without taking the full responsibility of those acts,” said Amitai Ben Shushan Ehrlich, a threat intelligence researcher at SentinelOne. SentinelOne […]

The post Suspected Iranian hackers pose as ransomware operators to target Israeli organizations appeared first on CyberScoop.

Continue reading Suspected Iranian hackers pose as ransomware operators to target Israeli organizations