Collaborate Disseminate
A group known as Solntsepek claimed credit for attacks on the ISPs Triacom, Misto TV, Linktelecom and KIM.
The post Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs appeared first on CyberScoop.
Russian hackers have added new capabilities to the malware used to disable satellite modems at the outset of the invasion of Ukraine.
The post Researchers spot updated version of malware that hit Viasat appeared first on CyberScoop.
Continue reading Researchers spot updated version of malware that hit Viasat
The warning comes as part of an overview of cyberattacks carried out by Russian-linked actors over the past year.
The post Microsoft: Russian hackers may be readying new wave of destructive attacks appeared first on CyberScoop.
Continue reading Microsoft: Russian hackers may be readying new wave of destructive attacks
Researchers from SentinelOne say there are reasons to disagree with Viasat’s most recent statement about the Feb. 24 attack.
The post Attack on Viasat modems possibly came from wiper malware deployed through supply chain appeared first on CyberScoop.
On March 1, 2022, ESET reported a third destructive data wiper variant used in attacks against Ukrainian organizations dubbed as CaddyWiper. CaddyWiper’s method of destruction is by overwriting file data with “NULL” values. This is the fourth sample of malware IBM Security X-Force has released public content for which has been reportedly targeted systems belonging […]
The post CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations appeared first on Security Intelligence.
Continue reading CaddyWiper: Third Wiper Malware Targeting Ukrainian Organizations
Ukraine’s Victor Zhora said the so-called IT Army has done “useful” things, and he offered information about the “CaddyWiper” incident.
The post Top Ukrainian cyber official praises volunteer hacks on Russian targets, offers updates appeared first on CyberScoop.
Security researchers detected new destructive malware spreading in Ukraine on Wednesday, following evidence of distributed denial-of-service disruptions for government agencies — both of which overlapped with the beginnings of a Russian invasion. ESET said the data-wiping malware was “installed on hundreds of machines in the country,” and there were signs that the attackers had been preparing for almost two months. Silas Cutler, principle reverse engineer and resident hacker at Stairwell, said that the wiper damages a system’s master boot record, which tells a machine how to start up. That’s similar to malware known as WhisperGate that was used in an attack in January in Ukraine. Symantec, too, observed the wiper in action, and confirmed to CyberScoop that it has seen it in Latvia as well. Juan-Andres Guerrero-Saade, principal threat researcher at SentinelOne, said the wiper appeared to be more dangerous than the malware uncovered in January. None of the researchers […]
The post Another round of ‘wiper’ malware appears in Ukrainian networks appeared first on CyberScoop.
Continue reading Another round of ‘wiper’ malware appears in Ukrainian networks
Iranian officials say a cyberattack has forced the temporary closure of a government system that manages fuel subsidies, rendering it difficult for many citizens to refuel their cars. While specific details of the incident remain unclear, Iranian state broadcasters cited an unnamed government official who said malicious cyber activity was responsible for the outages. Oil Ministry officials conducted an “emergency meeting” to resolve the issue, while Associated Press journalists observed long lines of motorists dealing with gas shortages at fuel stations in Tehran. The “semiofficial” news agency ISNA reported that fuel pumps would state the message “cyberattack 64411” upon trying to purchase gas, the Associated Press reported. The same number, 64411, also appeared in a July cyber incident that affected Iranian rail systems, a matter that the security firm Check Point attributed to Indra, a hacking group that identifies itself as an Iranian government resistance group. The 64411 number reportedly […]
The post Iranian state media blames hack for apparent fuel shortage, the latest incident to draw attention appeared first on CyberScoop.
Ever since a 2012 hack that disabled tens of thousands of computers at oil giant Saudi Aramco, suspected Iranian operatives have been known to regularly use data-wiping hacks against organizations throughout the Middle East. Now, one such possible group has been posing as ransomware operators in an effort to conceal the origin of a series of data-wiping hacks against Israeli organizations, according to private-sector investigators. The hackers are demanding extortion fees even when the code they deploy deletes data rather than unlocks it. The findings, published Tuesday by security firm SentinelOne, suggest a growing willingness by certain Iran-linked hacking groups to use tactics associated with financially motivated criminals in order to advance their interests. “Deploying ransomware is a disruptive act that provides deniability, allowing the attackers to conduct destructive activity without taking the full responsibility of those acts,” said Amitai Ben Shushan Ehrlich, a threat intelligence researcher at SentinelOne. SentinelOne […]
The post Suspected Iranian hackers pose as ransomware operators to target Israeli organizations appeared first on CyberScoop.
Since 2009, vulnerabilities have lurked in Dell drivers that potentially affect hundreds of millions of machines, SentinelOne researchers said on Tuesday. Hackers could use the vulnerabilities to instigate a range of attacks, from ransomware to wipers that can erase hard drives, said J.A. Guerrero-Saade, principle threat researcher at the security firm. “They can basically do whatever they want,” Guerrero-Saade told CyberScoop. Dell released mitigation steps on Tuesday in advance of SentinelOne publishing its research. Those flaws sitting undiscovered for 12 years is not unheard of, despite a whole industry of security researchers dedicated to weeding out bugs that could abet cyberattacks. A 2017 study found that a quarter of zero-day vulnerabilities remain hidden for more than nine and a half years. In the case of the Dell flaws, Guerrero-Saade said their dormant nature reflects a “target-rich environment,” especially as it pertains to drivers that allow computers to communicate with hardware. […]
The post After more than a decade, SentinelOne researchers weed out Dell vulnerabilities appeared first on CyberScoop.
Continue reading After more than a decade, SentinelOne researchers weed out Dell vulnerabilities