The Dark Side of Kremlin- The Catalogue of Russian Data Leaks: All You Need To Know




Thousands of Russian emails and documents were leaked online in the late January in a catalogue named “The Dark Side of Kremlin”.


The catalogue was published by a “transparency collective” which goes by the name of “Distributed Denial of Secrets”.

DDoS encompasses an anonymous group of journalists, researchers, tech-experts and activists.

The documents contained private information regarding all the major hot-shots of Russia including the politicians, religious figures and the military.

The DDoS say, that their only job is to provide information to those who need it. If the information strengthens suspicions it hardly matters.

They also mentioned that their collection of data including emails, chat logs and attachments were hacked a few years ago by several hacking groups in Russia and Ukraine.

The Cyber Junta, Russian hackers Shaltai-Boltai, Ukrainian Cyber Alliance and other international parties were among the few accused.

The information leaked includes private documents and emails from the Ministry of Defense, the Russian Presidential Administration and other high-level political operatives.

Russia’s Prime Minister Dimitry Medvedev’s phone was hacked and his holiday pictures were uploaded online.

Russian President’s chef who controls companies that cater fancy banquets in Kremlin also lost his private notes to the leak.

The leak also includes the elaborate personal notes made by the chef on conversations between Putin and European leaders from Italy and Britain.

The most revealing hacks were the ones that came from the Russian Presidential Administration, which fairly let the Russian government, be a little more “transparent”.

The leak had details on how the government controls the Russian media and the way it transmits messages etc.

The most concerning part is that no one knows for sure how much and what kinds of information have been laid out bare in the open.

The leaks also provide an insight about the relations between Ukraine and Russia.

The inner-doings of Russia’s proxies and other insidious groups have also been brought into the light.

The DDoS had experienced a wipe on their servers making it imperative for them to upload it soon, in order to prevent the data from being censored.

Reportedly, this leak can’t be considered as a revenge for anything that has happened before, it was just an attempt at transparency.

A lot of the information present in the leaks was already available on the web but a lot of new investigations have been given birth due to this massive leakage.

This Russian document leak has created a paradigm shift in the way countries take their cyber-security seriously.

Analyzing these leaks could possibly lead Russia to adopting a new way of securing the web and its Presidential administration.

The government has already started taking care of its cyber-security vigilantly and all the loop holes will soon be filled up.

Anonymous use of messengers in Russia is prohibited


After 180 days, all messengers will be required to identify their users by phone numbers of operators. Prime Minister Dmitry Medvedev signed a government resolution approving the relevant rules last week. He believes that this is necessary for the safety and convenience of users.

The administrators of the messenger will check the information about the correctness of the number. The mobile operator is given 20 minutes to process the request from the Service.

Services will be available only to persons to whom the phone number is issued. In addition, mobile operators will enter information into their databases about which applications their customers are using.

According to the Head of Roskomnadzor Alexander Zharov, anonymous use of messengers prevents to investigate crimes. "The possibility of anonymous communication in messengers complicates the activities of Law Enforcement Agencies in the investigation of crimes."

In turn, the experts were skeptical about the initiative. Thus, the Director of the Association of professional users of social networks and messengers Vladimir Zykov believes that foreigners may face problems with SIM-cards of their countries. In addition, illegal sale of SIM cards of foreign operators may begin.

According to citizens, the legalization of relations between messengers and operators will only lead to negative consequences: the increase in the price of tariffs, the disappearance of anonymity in messengers, the growth of hacker attacks.

In General, the Russians do not believe that these rules will work at all. As we remember, Roskomnadzor's attempt to destroy Telegram led to the blocking of thousands of IP addresses and serious financial losses of innocent companies. And the messenger continued to work.
 

Investing in the digital economy - A Special communication network for Russian officials


The Russian government approved the national program "Digital economy" and allocated 1 trillion rubles (217 billions $) from the Federal budget for the implementation of the presidential task — in six years to triple domestic investment in the digital economy, to create a modern, safe and accessible to all IT-structure, to transfer state agencies mainly to Russian software.

In other words, the government decided to move from the category of countries with developing economies to the list of developed economies at the expense of IT-projects.

It is interesting to note that experts have already begun work on the creation of a wireless network for officials and representatives of law enforcement agencies. It should appear by 2024. You can find this proposal in the passport of the national program "Digital economy."

The network will use LTE-450 technology, which is characterized by high-speed and low latency data transmission. Devices in this range can work walkie-talkies, as well as transmit video.

By the way, for the operation of the announced network requires a frequency range of 450MHz, which uses the company Tele2. Tele2 representatives say that the company is ready to take part in the project and now they are discussing it with the authorities.

The passport of the "Digital Economy" does not say how much money will be required to create a communication network.

Ransomware Attack from Russian IP’s jeopardizes the Victims and Locks Their PC’s



A Newfound Ransomware by the name of Sigma is known to be spreading from Russia-based IP's with the assortment of social engineering procedures in order to jeopardize the victims and lock the contagion computer.

User's that were targeted on through the malignant SPAM Messages that contained a proclamation originated from the "United States District Court" with a pernicious attachment.


Presently the attackers utilizing the Email scam so as to make sure that the targeted victims perform the diverse malicious activities all the while manipulating the user by some emergency strings of dread and giving rise to the victim’s inquisitiveness.The Sigma Ransomware Attack directed from around 32 Russian based IP's and the attacker enlisted in the particular domain which is specifically utilized to perform different attacks.

The creators of the Malware utilized more obfuscation works by asking for the password to open the file and avoid the discovery.At first, the malignant documents required a password to open since it tricks the user to download the attachment that ought to be protected since the mail is originated from the court.

In the event that it finds that the Macros are turned off on the victim's machine then it further convinces the users to turn it on which contains malevolent VBScript.

Then, the VBScript will download the first Sigma Ransomware payload from the attack summon, control server and save it in the %TEMP% folder.Downloaded malware emulates as a legit svchost.exe process which assists in downloading an additional malware.

The Malware utilized a variety of obscurity strategy to conceal it and sidestep the discovery and it revokes itself on the off chance that it finds any virtual machine or sandboxes present.

 "Looking with malware so complex on the sides, social engineering traps and technical design is a challenge hard even for even security-mindful users," says Fatih Orhan, the Head of Comodo Threat Research Labs.

As indicated by the Comodo Research, uncommon to a portion of its ransomware relatives, Sigma does not act promptly but rather sneaks and makes secretive observations first. It makes a rundown of important documents, checks them and sends this incentive to its C&C server alongside other data 
about the victim's machine.

Likewise if the sigma Ransomware finds no files then it erases itself and it stops the infection in the event that it finds the country location of Russian Alliance or Ukraine. Later it associates with its order and control servers and builds up the Tor Connection and Sigma Ransomware begins to encode documents on the machine.

After the complete encryption, it will show the ransom notes of that contains the definite and detailed data of the attack and the request of the attack to the victims   to get in touch with them by means of sigmacs@protonmail.com and furthermore mentioning the infection ID.

Additionally, the attack demands the payoff sum through bitcoin and the cost will be settled in view of how instantly the victims contact to the attack.



Britain's National Cyber Security Centre Issues a Warning of a Global Campaign for the Possibility of Some Kind of Russian Activity


Britain's National Cyber Security Centre (NCSC) is on high caution for the likelihood of some kind of Russian movement. More people and resources have been dedicated towards the examination and investigation.

 The FBI and the US Department of Homeland Security issued a joint alarm cautioning of a global campaign with the foremost targets being internet service providers, firms running critical infrastructure, government departments and large companies.

White House cyber security co-ordinator Rob Joyce in a press conference session about the alert said that the US and its allies had "high confidence" that Russia was behind this "broad campaign".

He additionally said that, a huge number of machines coordinating information and data around the net were being targeted, as suggested by the insight gathered by the US and UK.

Despite the fact that it is conceivable that Russian intrusions might increment in the coming future, yet, it is too soon to be sure without a doubt if so. Up until this point, there has been moderately minimal indication of this in the US or UK, in spite of the fact that Russia is blamed for propelling ruinous attacks against Ukraine.

It merits saying that Britain and the US will do relatively indistinguishable activities in Russia, pre-positioning in Russian networks to have the capacity to react.

What nobody is very certain of is whether this makes an impediment somewhat like commonly assured nuclear destruction in the Cold War.
Furthermore, Mr. Joyce said that:
 “Many different organisations had come under attack for months at a time in a bid to scoop up valuable intellectual property, business information or to get at their customers and when we see malicious cyber-activity, whether Kremlin or other nation state actors, we are going to push back.

Ciaran Martin, head of the UK's NCSC, said that the issuing of the alert denoted a "significant moment" as the two forces had at no other time given joint exhortation on the most proficient method to manage attacks.

The worldwide crusade contained nitty gritty data about attack techniques, including the signs left when hardware has been compromised , and how networks arranges change when they have been broken.

Mr Martin said GCHQ, NCSC's parent association, had followed the risk postured by Russian cyber-gangs for over 20 years. Further intelligence about the attacks had been included by "multiple" cyber security associations and organizations, he added.

Nevertheless the guidance given to firms incorporates approaches to design their systems accurately and also gives an insight on how to apply patches to address hardware vulnerabilities