Russian Hackers attacked European Embassies






According to a report in Check Point Research, Russian hackers attacked several European embassies by sending them malicious email attachments disguised as official documents.

The European embassies in Italy, Guyana, Nepal, Liberia, Bermuda, Lebanon and Kenya were targeted by the hackers . The malicious email attachment looked like document from United States State department and contained Microsoft Excel sheets that contained macros, once those macros were opened, the hackers took complete control of the infected system through TeamViewer, which is a popular remote access service.

According to the Press release “It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting,” it further added “since it was not after a specific region and the victims came from different places in the world”

According to the Checkpoint government officials from revenue were the intended target “They all appear to be handpicked government officials from several revenue authorities,” the press release says.

CheckPoint suggested that the attackers are from Russia but denied the possibility of state — sponsored attack. One of the hacker was traced back and it was found that it has a registration on carding forum as a username “Evapiks," the hacker has instructed how to carry out cyberattacks on forums . Because of the attackers involvement in the carding community, checkPoint suggested the attack  could have been “Money motivated”


Emotet trojan one of the biggest malware

Emotet is a banking Trojan that started out stealing information from individuals, like credit card details. It has been lurking around since 2014 and has evolved tremendously over the years, becoming major threat that infiltrates corporate networks and spreads other strains of malware.

The U.S. Department of Homeland Security published an alert on Emotet in July 2018, describing it as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans,” and warning that it’s very difficult to combat, capable of evading typical signature-based detection, and determined to spread itself. The alert explains that “Emotet infections have cost SLTT (state, local, tribal, and territorial) governments up to $1 million per incident to remediate.”

Emotet poses a grave risk for individuals and businesses of all sizes. Here's a look at what you can do to safeguard your business against this pernicious Trojan malware.

Emotet infections typically start with a simple phishing email that contains an attachment or a link to download a file. The recipient is persuaded to click the link or open the file and they unwittingly set in motion a macro that downloads a malicious payload. As soon as the device is infected, Emotet starts trying to spread to other devices on the network.

The addition of new capabilities into Emotet, inspired by other successful malware such as WannaCry, has made it a much more potent threat capable of moving laterally and infecting entire networks alarmingly quickly. It’s a modular Trojan that’s often employed as the vanguard of a bigger attack, piercing the outer defenses and then downloading other banking Trojans and spreading them around.

As persistent and pernicious as Emotet is, you can take effective action to guard against it.

First, ensure that you don’t have unsecured devices on your network. Take steps to identify and secure unmanaged devices. Eradicate potential blind spots like internet of things devices. Even if Emotet appears to be confined to an unsecured machine, the threat has not been neutralized because it’s polymorphic, constantly updating itself and working towards spreading further. Given enough time, it has a good chance of finding a weakness in your defenses that can be exploited.

The Head of the FSB appealed for the creation of international rules on the Internet


The Head of the FSB of Russia Alexander Bortnikov stated the need to create international rules on the Internet. In particular, to make encrypted messages in mobile applications open to intelligence agencies.

If the international community can come to a consensus on this issue, the terrorists will actually lose the list of opportunities, such as propaganda, recruitment, financing, communication, management, said Bortnikov at an International Conference on Countering Terrorism on 18 April 2019 in St. Petersburg.

He noted that the use of cryptography in services for communication prevents the effective fight against terror. According to him, Russia has developed a concept for the creation of "the system of the deposit of encryption keys generated by mobile applications, which will be open for control” to solve this problem. Bortnikov proposed to the world community to realize this idea together and to provide intelligence agencies with legal access to important encrypted information of the terrorists.

In addition, Bortnikov noted that at the moment there are more than 10 thousand sites of existing international terrorist structures and thousands of accounts in social networks. The information is published in more than 40 languages, but the leading positions are occupied by Arabic, English and Russian languages.

Bortnikov added that the ability to hide data in IP-telephony and foreign e-mail servers leads to an increase in the spread of false reports of terrorist attacks, as well as the sale of weapons and explosives.

According to one of the amendments to the law on Autonomous RUnet (http://www.ehackingnews.com/2019/02/the-kremlin-told-about-hacker-attacks.html), IT-companies were obliged to use Russian cryptography for all traffic in the Russian segment. It is assumed that the Government will determine the issuance and use of codes and encryption.

In addition, in April 2018 Russia tried to block the Telegram messenger for refusing to provide the FSB with the encryption key of the negotiations of suspected terrorists (http://www.ehackingnews.com/2018/04/russian-court-orders-to-block-telegram.html).

Hackers stole 150 thousand rubles from the accounts of Belarusian enterprises through the Client Bank

At the beginning of April 2019, the police received a statement from an employee of one of a metropolitan organization, who reported that an unknown person had made unauthorized access to the computer of the organization, which uses the Client Bank software.

As it became known, the hacker not only made unauthorized access to the organization's computer, but also infected it with malware, which allowed him to make illegal payments to a certain account.

It turned out that the scammer had used RTM malware (Redaman) and sent it by e-mail.

During the investigation, it was found that the attacker made three money transfers to the account of another Bank. The amount of damage was about 30 thousand rubles (470 $). The account to which the amounts were transferred was opened in the name of the foreigner.

The investigators found out that the hacker gained access to the Bank account via a USB key, which the chief accountant had left inside the computer after the end of the working day. This allowed remote access to the system and illegally transfer money.

It was established that such a malicious program was sent by e-mail to more than 90 business entities, the total damage amounted to more than 150 thousand rubles (2 350 $).




Bitcoin SV’s blockchain suffers block reorganisation

While Bitcoin SV or Bitcoin Satoshi Vision (BSV)’s staunchest supporter Craig Wright is busy with lawsuits against people who criticize him, the project is crumbling under the weight of its own expectations.

On April 18th , BitcoinSV blockchain has suffered a series of “block re-oganizations,” putting the integrity of its network in question.

According to BitMEX Research, the analysis wing of cryptocurrency exchange BitMEX, their “Bitcoin Cash SV [sic] node experienced two block re-organizations. First, a three-block re-organization, followed by a six-block re-organization.”

The company announced it on its Twitter account, raising questions about the series of block organizations that the blockchain is suffering from.

Block re-organizations occur when cryptocurrency miners are forced to “orphan” blocks after they’ve been mined. This can happen when the network is too slow to “propagate” blocks effectively, and bigger blocks (like the ones featured by BitcoinSV) are especially susceptible to orphaning.

Blockchain reorgs occur when miners are forced to orphan blocks after mining them. This usually happens when the size of a block is too large or when the network is too slow to propagate these new blocks. BSV has an especially large maximum block size of 128 MB, which was one of the major points of contentions of its fork. Note that a few months ago, Bitcoin Cash blockchain forked to create two parallel chains- Bitcoin Cash ABC and Bitcoin Satoshi Vision.

While BitMEX detected two block reorgs, the trouble runs deeper. The last time this occurred was in November 2018, when two blocks – one 16MB and another 13MB in size – were orphaned for being too large. At the time, BitMEX researchers also blamed bad network connectivity. This means that the chain has undergone three reorgs in just six months.

BitcoinSV is a fork of Bitcoin Cash (which is a fork of Bitcoin). It raised Bitcoin Cash‘s block size limit from 32MB to 128MB. Bitcoin‘s block size limit is still 1MB.