Ukrainian cyber police again caught Russian hackers

It is not the first time when the Ukrainian cyber police declared about declassifying a group of Russian hackers.

According to police officers, hackers created a mailbox, using the Anonymizer and worked from the territory of Russia.

It turned out that they sent fake emails on behalf of Interior Minister Arsen Avakov. Emails contained rules of conduct for police officers during the elections. In addition, the police were required to take certain actions in favor of one of the candidates.

On the Internet, there is an opinion that the news is fake. Many people know that real hackers do not even need to create a mail to send messages. They can go to the server of the police and send emails directly. And can do it from any other host on which the port number 25 is open, intended for the SMTP protocol.

Perhaps citizens of Ukraine decided to joke this way. They just installed a browser with VPN and created mail. That's enough to hide location. Moreover, this incident was another reason to accuse Russia of intervening in the Ukrainian presidential election.

 

Hacker who was offering Cybercrime-as-a-service detained in Novokuznetsk



Employees of the Ministry of Internal Affairs of Russia with the assistance of experts of Group-IB, an international company specializing in the prevention of cyber attacks, detained a hacker in Russian city Novokuznetsk who hacked computers around the world.

The detainee offered Cybercrime-as-a-service services to cyber criminals.  He created and maintained admin panels for managing malware and botnets. 
 
According to the local report, he infected more than 50 thousands computers across the world.  He managed to steal usernames and passwords from browsers, mail clients of the infected computers.  He also reportedly stole financial information such as bank card details.

The investigation began in the spring of 2018, when the hacker infected around 1000 of computers with malicious software Formgrabber.

"He administered the botnet, which counted several thousand infected computers of Russian and foreign users,” the press service of the Ministry of Internal Affairs reported.

It turned out that the hacker is only 26 years old, since 15 he has earned money by creating websites for computer games, but then he decided to learn the profession of a hacker.  More recently, he was testing malware targeting Android platform.

He has already been charged under the article "Creation and distribution of malicious computer programs". He completely admitted his guilt.

President of Ukraine accused Russia of cyber attacks on the website of the Central Election Commission of Ukraine



Petro Poroshenko accused Russia of hacker attacks on the Ukrainian Central Election Commission. According to him, Ukrainian experts on February 24 and 25 recorded a DDoS attack on the Central Election Commission.

Poroshenko pointed out that the National Security and Defense Council, the Security Service of Ukraine and the Department of Information Security, together with their American partners, have developed mechanisms to protect the CEC.

The Head of Ukraine also spoke about the negotiations with representatives of the Armed Forces and the US State Department on cooperation in the field of cybersecurity, which took place in Odessa.

Two weeks earlier, Sergey Demedyuk, the Head of the Cyber Police Department of the National Police of Ukraine, said that Russia is preparing a large-scale cyber attack on the Ukrainian CEC. According to Demedyuk, Russian hackers are going to penetrate into the computer systems of the Election Committee in order to be able to influence the results of the presidential elections, which will be held on March 31, 2019.

The director of national intelligence of the United States, Dan Coats, also agreed with Demedyuk, who admitted that Russia will try to intervene in the elections in Ukraine with the help of hackers.

The Kremlin denied the statements of the Ukrainian authorities about Russia's cyber attacks on the eve of the presidential elections.

"We do not know anything about this. I can only say that we hear a huge number of similar statements from around the world, it seems that it takes the character of some mania or phobia," - said Dmitry Peskov, press secretary of the Russian president.

A spokesman for Vladimir Putin noted that Russia had never had anything to do with various manifestations of cyber crime.

Interestingly, at the beginning of this month, hackers attacked the website of the showman and presidential candidate of Ukraine Vladimir Zelensky immediately after the launch.

A little earlier, the YouTube channel of another candidate for President of Ukraine, mayor of Lviv Andrei Sadovoi was attacked by a hacker and was destroyed.


Moldovan Parliament Speaker accused Russia of trying to interfere in the elections


Andrian Candu, Speaker of the Moldovan Parliament, Vice-Chairman of the Democratic Party, said that Russia tried to interfere in the electoral process in Moldova.

As previously stated by the official representative of the Russian Foreign Ministry, Maria Zakharova, Russia does not interfere in the elections in Moldova. Moscow has repeatedly denied accusations of trying to influence the elections in different countries and stressed that there is no evidence to confirm this.

Candu told reporters that the Russian authorities used a number of tools to influence the election campaign. "This includes the Amnesty for migrants, and the removal of customs duties, and the situation with the pilots rescued from Afghanistan," the politician said.

However, the President of Moldova, Igor Dodon, denied the allegations Andrian Candu.

"Russia does not interfere in our elections, and the speaker's statements are blasphemous," Dodon said after visiting the polling station.

The President accused the Democrats of carrying out an anti-Russian policy and that they did not care about the difficulties of Moldovan producers, who lost the main Russian market.

The Head of State expressed the hope that the vote will help change the Parliament and Government and improve the difficult situation in the country.

25 million rubles disappeared from the IT Bank, again hacker group Silence?






On February 12, it became known that on February 7 a hacker attack was committed on the IT Bank of the Russian city Omsk. Hackers stole 25 million rubles. Experts suggest that this may be the group Silence.


Recall that Silence is a group of Russian-speaking hackers, the first activity was recorded in 2016. Hackers specialize in targeted attacks on Banks, sending phishing emails with malicious attachments.

The experts were not surprised that the Bank could not withstand the attack, as The Bank's management allocated too little money for security. According to the Bank's reports on the official website of the Central Bank, the annual spending on communication services, telecommunications and information systems for three years amounted to about 2 million rubles.

According to Alexey Novikov, the Director of the expert center for security at Positive Technologies, hacking is small and for an insufficiently protected organization can be an intermediate step before an attack on another, larger company.

The Central Bank commented that they were working on the problem of information security in credit and financial institutions.
The management of IT Bank refused to comment but assured that the customers did not suffer.

US intelligence warns of Russian cyber attacks to interfere in the Ukrainian elections


It has long been known about Moscow's plans to influence the results of the presidential election in Ukraine. In recent years, Western countries have a new tradition of accusing Russia of such interference.

In the National Intelligence Agency of the USA believes that Russia will use cybertechnology for interference in the presidential election in Ukraine on March 31. This was stated by the Head of the National Intelligence Agency Dan Coats at the hearings in the US Senate Intelligence Committee.

Also, Dan Coats said that hackers from Russia can make attacks during the upcoming US elections in 2020.

It is known that the United States is ready to protect Ukraine from Russian interference in the elections, as declared by the President Donald Trump's national security advisor, John Bolton, during a visit the capital city of Ukraine (Kiev) in August last year.

In turn, the Head of the Foreign Intelligence Service of Ukraine Egor Bozhok recently said that the Russian Special Services received 350 million $ to interfere in the Ukrainian elections.

"The Kremlin will definitely try to interfere in the elections in Ukraine because Russia used to do this with the United States and African countries" - said the Head of the Security Service of Ukraine Vasily Gritsak.

The Security Service of Ukraine, the National Police and the Prosecutor General's Office are ready to resist Russian interference and know where Moscow can strike. Most actively Moscow is trying to make an information attack on Ukraine through TV screens. In addition, Russia uses information propaganda, cyber provocations, financially supports candidates and will try to capture polling stations.

NotPetya; a Significantly Greater Danger than Wannacry Malware




With the rising conflict amongst Ukraine and Russia that prompted the killings of more than 10,000 Ukrainians and affected millions more , the Russian hackers, in June 2017 came up with  the most pulverizing cyber security breaches to attack systems of the victims through an encrypted code that ranged from media outlets to railway firms.

Andy Greenberg, author of Sandworm and a senior writer with the WIRED chronicled the birth of this biggest cyber attack , in an excerpt from his book he says,

”For the past four and a half years, Ukraine has been locked in a grinding, undeclared war with Russia that has ultimately led to Ukraine becoming a scorched-earth testing ground for the Russian cyber war tactics. In 2015 and 2016, while the Kremlin-linked hackers known as Fancy Bear were busy breaking into the US Democratic National Committee’s servers, another group of agents known as Sandworm was hacking into dozens of Ukrainian governmental organisations and companies. They successfully managed to penetrate the networks of victims ranging from media outlets to railway firms, detonating logic bombs that destroyed terabytes of data.”

This thought of obliteration brought forth NotPetya, a significantly greater danger to the world than the scandalous Wannacry malware.

Petya is amongst the family of those encrypting ransomware that was first discovered in 2016. It goes for focusing only on Microsoft Windows-based frameworks, infecting the master boot record in the process to execute a payload that encodes a hard drive's file system table thus keeping Windows from booting. At the same time consequently demanding from the user to make a payment in Bitcoin with a specific end goal to recapture access to the system.

NotPetya is simply one more form originating from Petya as both plan to encode the hard drive of infected computers, there exists enough common features between the two.

Now in spite of the fact that NotPetya was focusing on war-ridden Ukraine, the result was felt by the world. The malware could destruct computers, data and wired machines over the world.

In an excerpt from Sandworm published by WIRED, the writer describes how the spread of the malware influenced not simply its expected casualty, i.e. Ukraine, but also machineries all around the world.

The after-effect of this attack was more than $10 billion in aggregation says the Former Homeland Security advisor Tom Bossert, who amid the investigation and analysis of the malware was US President Donald Trump's most senior cyber security-¬focused official. Indeed, even the scandalous WannaCry, that spread a month before NotPetya in May 2017, is assessed to have taken a toll between $4 billion and $8 billion.

Inevitably the attack, which had begun as an impetus to win the war against Ukraine, unequivocally focusing on a few hardware and computers in lodgings, hospitals, government workplaces and many places of importance in the nation, spread like wildfire, wreaking havoc  and causing tremendous destruction across the world.

In any case, even after over a year, the uncouth demonstrations of the NotPetya malware has not been wiped out totally as a few experts assert that the malware still has the potential to emerge as sessions in various parts of the world or even reoccur taking a much bigger frame.
Since the ransomware is digging in for the long haul the admonition pretty much continues as before for the users i.e. not to click on some obscure connections, use of solid and one of a kind passwords, at the same time staying up with the latest reinforcement which requires keeping an up-to-date backup.


Author of Sigrun Ransomware helps Russian victims for free, charges other countries

The author of Sigrun ransomware is offering to decrypt computers of victims from Russia and some former USSR countries for free, while asking for payment in Bitcoin or Dash to citizens of other countries.

The ransomware already tries to avoid attacking computers of Russians by checking the keyboard layout of the computer. If it detects a Russian layout, it deletes itself and does not encrypt the computer. However, the ransomware has no provision for those computers who do not use a Russian layout, so some people from former USSR countries who choose not to use that layout can still be affected.

This is a common practice amongst Russian hackers and malware developers, who try to prevent from infecting Russian victims as they are concerned that the authorities will apprehend them, unlike when they are attacking victims from other countries.

This instance was first reported by Twitter user and security researcher Alex Svirid.


Another malware researcher, S!Ri, replied to the tweet with two pictures from ransomware victims of another attack.


Russian victim

U.S. victim

According to the Bleeping Computer, the ransomware author has added the Ukranian layout as well to be avoided during encryption.

"Ukranian users don't use Russian layout because of political reasons. So we decided to help them if they was infected," the author told them via email. "We have already added avoiding Ukrainian layout like was in Sage ransomware before."

They also reportedly said that they are not from former USSR republics, but rather added the condition “because of his Belarus partners”.


Cisco Warns Of a Suspected Russian Plan to Attack Ukraine



Cisco CEO Chuck Robbins.

The U.S. government said on Wednesday that it would look to wrestle a huge number of infected routers and storage gadgets from the control of the so-called hackers against whom the security researchers had cautioned that they were intending to utilize the "botnet" to attack Ukraine.

A federal judge in Pennsylvania gave the FBI, consent to seize an internet domain that experts charge a Russian hacking group known as Sofacy was utilizing to control the infected gadgets.

The order enables them to guide the gadgets to effectively communicate with a FBI-controlled server, which will be further utilized to query location to pass on to experts around the world who can remove the malware from the infected hardware.

 “This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” Assistant Attorney General for National Security John Demers said in a statement.

. The U.S. government declared the takedown exertion after Cisco System Inc (CSCO.O) at an opportune time on Wednesday discharged a report regarding the hacking campaign that it said focused solely on gadgets from Linksys, MikroTik, Netgear Inc (NTGR.O), TP-Connection and QNAP.

The majority of infections from the VPN Filter malware were in Ukraine, which led Cisco to believe that Russia was planning an attack on that nation. Cisco even imparted the technical details to the United States and Ukraine governments and in addition to the rivals who offer security software, equipment and services.




CSCO.ONASDAQ
+0.00(+0.00%)

CSCO.O
  • CSCO.O
  • NTGR.O



Ukraine's SBU state security service reacted to the report by saying that it demonstrated that Russia was preparing a large-scale cyber-attack before the Champions Leagues soccer last, due to be held in Kiev on Saturday. Cyber security firms, governments and corporate security teams closely monitor occasions and events in Ukraine, where a portion of the world's most expensive and ruinous cyber-attacks have been propelled.

In addition to this, Russia has denied assertions by countries including Ukraine and Western cyber security firms that it is behind a massive worldwide hacking program that has included endeavors to target and harm Ukraine's economy and meddling in the 2016 U.S. presidential election.


US sanctions Russians for interfering with elections

The trump administration on Thursday sanctioned 19 Russian individuals and five groups for interfering with the 2016 US elections and other “malicious cyber attacks.”

Experts say that this comes as the US joined Britain, France, and Germany in denouncing Russia for its alleged role in a nerve-gas attack on a former Russian spy Sergei Skripal and his daughter in southern England. They called it a “clear violation” of international law, but nothing was said about their actions in response.

While President Trump seems to agree that Russia was behind the incident, he has still not given any comments regarding the sanctions.

Russia denies meddling in the US elections but US intelligence agencies have concluded that Russia used hacking, propaganda, and social media to interfere in the 2016 presidential elections.

Treasury Secretary Steve Mnuchin said in a statement, “The administration is confronting and countering malign Russian cyber activity, including their attempted interference in US elections, destructive cyber-attacks, and intrusions targeting critical infrastructure.”

He said that there would be additional sanctions against Russian government officials and oligarchs for their “destabilizing activities” in the US, though he did not provide a specific time-frame.

The sanctions will supposedly sever their access to the US financial system.