Search This Blog

Showing posts with label National Cyber Security. Show all posts

The White House believes that the attackers on the Colonial Pipeline are located in Russia

 The Russian authorities should take action against the hacker group DarkSide, which, according to Washington, is located in Russia and is involved in the cyberattack on the U.S. pipeline company Colonial Pipeline. This opinion was expressed on Tuesday by the press secretary of the White House Jennifer Psaki at a regular briefing for journalists.

She was asked whether Russia has any responsibility in connection with the fact that DarkSide is on Russian territory. "U.S. President Joe Biden said his intelligence community has not yet completed a comprehensive analysis of the incident. Moreover, according to the FBI, the attack is attributed to the hacker group DarkSide, located in Russia, so this country must act responsibly," noted Psaki.

"But, again, we will wait until our intelligence community to conduct a comprehensive analysis before we can report anything else on this," she concluded.

On Monday, Biden suggested that the criminal elements who carried out the hacking attack on the Colonial Pipeline may be in Russia. Brandon Wales, the Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA), said on Tuesday that FBI experts are confident that criminal elements, not authorities of any state, were responsible for the cyber attack.

Press Secretary of the Russian President Dmitry Peskov stressed that Russia had nothing to do with the cyber attack. He stressed that "the United States refuses to cooperate in countering cybercrime."

The Russian Embassy in Washington rejected "baseless fabrications by individual journalists" about Moscow's possible involvement in this attack.

Earlier, E Hacking News reported that the hackers who caused Colonial Pipeline to shut down the biggest US petrol pipeline last Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, as per the sources.

According to the two reports, the intruders, who are members of the DarkSide cybercrime group, took nearly 100 gigabytes of data from the Alpharetta, Georgia-based company's network in just two hours on Thursday.

Chinese hackers attacked a Russian developer of military submarines

Chinese hackers reportedly attacked the Rubin Central Design Bureau for Marine Engineering (СKB Rubin), which designs submarines for the Russian Navy, by sending images of a submarine with malicious code to its CEO. Experts believe the hackers are acting in the interests of the Chinese government.

According to cybersecurity company Cybereason, in April, Chinese hackers attacked the Russian CKB Rubin. The attack began with a fake letter that the hackers sent to the general director of CKB Rubin allegedly on behalf of the JCS “Concern “Sea Underwater Weapon – Gidropribor”, the State Research Centre of the Russian Federation.

The letter contained a malicious attachment in a file with images of an autonomous unmanned underwater vehicle. "It is very likely that hackers attacked Gidropribor or some other institution before that," the author of the Telegram channel Secator believes.

The RoyalRoad malware attachment used in the CKB Rubin attack is one of the tools that guarantees delivery of malicious code to the end system, which is most often used by groups of Asian origin, said Igor Zalewski, head of the Solar JSOC CERT Cyber Incident Investigation Department at Rostelecom-Solar.

Cybereason pointed out that the attack on CKB Rubin has similarities to the work of Tonto and TA428 groups. Both have been previously seen in attacks on Russian organizations associated with science and defense.

It is worth noting that the CKB Rubin traces its history back to 1901. More than 85% of the submarines which were part of the Soviet and Russian Navy at various times were built according to its designs.

According to Igor Zalevsky, the main Rubin's customer is the Ministry of Defense, CKB Rubin deals with critically important and unique information related to the military-industrial complex of the Russian Federation which explains the interest of cyber-criminals.

Experts believe that such attacks will gain momentum because specialized cyber centers are being created due to aggravation of information confrontation between states.

Information security expert Denis Batrankov noted that designers are attacked for the sake of industrial espionage mainly by special services of other states. "The problem is that we all use software, which has many hacking methods that are not yet known. Intelligence agencies are buying new vulnerabilities from the black market for millions of dollars,” added he.


Sweden accused Russia of a hacking attack on the Confederation of Sports

The Swedish Prosecutor's Office and the Swedish State Security Service accused Russia's Main Intelligence Directorate of a hacking attack on the Swedish Sports Confederation

The hacker group Fancy Bear, which has been linked to the Russian GRU, was behind the attack. However, the attacks were not a one-time event. Investigators found successful attacks in 2017 and 2018, allowing the hackers to access the personal data of Swedish athletes. Among them were medical records. This data was subsequently released to the public.

In addition, Fancy Bear used this data to discredit Swedish athletes. One of these was the football player Olivia Schug. In 2018, hackers hacked into the computers of the Swedish Sports Confederation's anti-doping division, gaining access and publishing the athletes' doping test records. And they accused Schug of doping. All because of asthma medication containing banned drugs. So Shug was wrongly suspended.

The names of other athletes who were similarly affected by Fancy Bear, Swedish law enforcers decided not to name them.

"We have had the help of security services from other countries to secure this evidence, which clearly indicates that it is Russian military intelligence that is behind these data breaches," said Daniel Stenling, head of the security police's counterintelligence unit.

According to prosecutor Mats Ljungqvist, these are serious crimes because the state is behind the crimes, they are large-scale and involve access to sensitive medical information that is subject to secrecy.

But there will be no punishment for the hackers. The prosecutor's office has decided to drop the case. After all, all the suspects in the hacking attacks are foreign nationals, who apparently work for the GRU. Therefore, there will be no opportunity to conduct an investigation abroad, nor will there be any extradition of the suspects.

This is not the first time Fancy Bear has been accused of hacking sports organizations.

- In 2016, the World Anti-Doping Agency accused Russian hackers of stealing medical information about U.S. Olympic athletes and publishing it online;

- This year there was an attack on the Court of Arbitration for Sport in Lausanne;

- In 2018, Fancy Bear published stolen International Olympic Committee documents;

- In 2018, they published information about Swedish athletes and their medical.

The United States imposes sanctions against 25 Russian companies for cyber attacks and Crimea

 On 15 April, the US Treasury Department put 25 Russian companies, six of which are IT companies, on its sanctions list as a response to allegedly organized cyber attacks by Russia, the situation in Crimea, and interference in the election.

The U.S. Treasury Department also listed 16 organizations and 16 individuals from the Russian Federation that U.S. authorities believe were behind the hacking of SolarWinds software and an attack on the networks of several U.S. departments, as well as interfering in the 2020 U.S. presidential election.

Recall that in February 2020, U.S. intelligence officials said that Russia had begun interfering in the 2020 presidential election. Specifically, they claimed that Russia was interfering in both the Democratic Party primaries and the overall course of the election, "hoping to sow chaos and discord." In addition, Russian secret services allegedly tried to force U.S. citizens to spread disinformation and bypass social media mechanisms aimed at combating fake news. However, no evidence of interference was presented.

On March 16, 2021, a report of the Office of the Director of National Intelligence of the United States was made public. According to the authors of the report, the Russian authorities, with the approval of Russian President Vladimir Putin, organized a campaign aimed at "denigrating" Democratic Party candidate Joseph Biden and supporting his Republican rival Donald Trump, as well as "undermining confidence in the election in general and aggravating sociopolitical controversy in the United States."

At the highest level, Moscow has repeatedly rejected claims that Russia tried to interfere in U.S. election processes.

In March 2021, Russian presidential spokesman Dmitry Peskov suggested that the publication of the U.S. National Intelligence Report was "a reason to put on the agenda the issue of new sanctions against our country."

"Russia also did not interfere in previous elections and did not interfere in the elections mentioned in this report in 2020. Russia has nothing to do with any campaign against any of the candidates. In this regard, we consider this report incorrect, as it is absolutely groundless and unsubstantiated," said Peskov.

On March 17, 2021, Russian Foreign Ministry spokeswoman Maria Zakharova, speaking on the Russia-24 television channel, described the report of the U.S. intelligence agencies on Russian "interference" in the election as "an excuse for their existence."

U.S. authorities found no evidence of Russian hackers' influence on the presidential election

U.S. authorities found no evidence that hackers affiliated with foreign governments were able to block voters from voting, alter votes, interfere with the counting or timely transmission of election results, alter technical aspects of the voting process, or otherwise compromise the integrity of voter registration or ballot information submitted during the 2020 federal election.

This is reported in a joint report by the US Department of Justice (including the FBI) ​​and the Department of Homeland Security (including the Cyber ​​and Infrastructure Security Agency).

According to the report, "as part of Russia's and Iran's extensive campaigns against critical infrastructure, the security of several networks to manage some election functions was indeed compromised. But it had no meaningful impact on the integrity of voter data, the ability to vote, the counting of votes, or the timely transmission of election results. Iran's claims to undermine public confidence in the U.S. election infrastructure were false or exaggerated".

However, experts have identified several incidents in which malicious actors linked to the governments of Russia, China and Iran significantly affected the security of networks linked to U.S. political organizations, candidates and campaigns during the 2020 federal election. In most cases, it is unclear whether the attackers sought access to the networks for foreign political interests or for operations related to election interference.

In a number of cases, the attackers collected at least some information that they might have published in order to exert influence. However, no evidence of publishing, modifying or destroying this information was found.

"We found no evidence (either through intelligence gathering on the foreign attackers themselves, through monitoring the physical security and cybersecurity of voting systems across the country, or through post-election audits or any other means) that a foreign government or other parties compromised the election infrastructure to manipulate the election results," the report authors summarized.

Russian military-industrial complex announced a ban on the use of WhatsApp and Zoom for work

Business communication between defense industry employees in WhatsApp, Skype and Zoom has become stricter suppressed by the management

A source in the military-industrial complex (MIC) said that all corporate and working chats of employees of the Rostec State Corporation and its subsidiary holdings and companies are to be transferred from WhatsApp to another messenger in the near future.

According to him, this decision was made due to the fact that the management of the messenger WhatsApp announced changes in the privacy policy and the transfer of additional personal data of users to Facebook. "At the same time, employees of the state corporation and its enterprises will still be allowed to have WhatsApp on their personal phones for personal communication," added the source.

A second source in the military-industrial complex said that the ban on the use of foreign applications for work purposes by employees of the MIC has always existed, but not all employees paid due attention to it. "Both now and before, it was simply impossible to install WhatsApp or Skype on a work computer. But to speed up communication processes and their own convenience, many employees unauthorizedly used Zoom, Skype and so on," explained he.

Rostec confirmed that there are restrictions on the use of foreign applications such as Zoom, Skype, WhatsApp, etc., specifying that these applications are prohibited to be installed on corporate laptops and computers.

Instead, it is proposed to use domestic solutions, including Rostec's own developments. "In particular, throughout the pandemic, online meetings were held on the IVA platform," said Rostec.

The personal equipment of employees are not affected by these restrictions, the press service of the state corporation clarified, assuring that they have nothing to do with the new policy of WhatsApp: "The risks did not arise now, they have always existed, and we were obliged to mitigate them."

Rostec is a major industrial company that operates in the defense sector and develops high-tech civilian areas - in aviation, engine construction, electronics, medicine, pharmaceuticals and other areas. "This dictates very serious requirements to information security", summed up the press service of the state corporation.

Kremlin concerned about the report of possible US cyber attacks

The New York Times previously reported that the United States plans to carry out cyber attacks on the internal systems of the Russian authorities within the next three weeks

Russian presidential spokesman Dmitry Peskov said that Moscow is concerned about the report of possible cyber attacks by the United States. He also called the accusations of the US State Department of Russia spreading misinformation about foreign vaccines absurd.

Mr. Peskov commented on The New York Times report on the impending cyberattacks on the internal systems of the Russian authorities in response to the attack on SolarWinds. A Kremlin spokesman called it "alarming information" that appeared in a "fairly reputable American publication."

Dmitry Peskov said that "this is nothing but international cybercrime." "Of course, the fact that the publication admits the possibility that the American state may be involved in this cybercrime is a reason for our extreme concern," Mr. Peskov told reporters during a press call.

He also commented on the statement of the official representative of the US State Department, Ned Price, that four Russian online platforms run by the Russian intelligence services spread misinformation about vaccines approved in the United States. "We do not understand the reasons for such statements. We will continue to patiently explain that such reports are completely absurd," said Dmitry Peskov. "We have always been against politicizing any issues related to the vaccine in any way," added the Kremlin spokesman.

Mr. Peskov also said that the Russian vaccine "Sputnik V" is constantly criticized without any serious grounds. “The Russian vaccine is criticized on a daily basis with an attempt to pretend to be objective or without any attempts to pretend to be objective - just sweeping criticism. We've always been against it. The Russian Federation has not participated and is not going to participate in such an information campaign against any other vaccines," stated Dmitry Peskov.

Recall that on Sunday, The New York Times, citing sources in the US administration, reported that the US plans to carry out a series of cyberattacks on the internal systems of the Russian authorities over the next three weeks in response to an attributed hacker attack through SolarWinds software.

IBM: Cyber attacks on Linux systems of Russian government agencies will increase

The problem will also affect Russian government agencies, which are switching to domestic Linux operating systems as part of import substitution. Businesses that have started actively using the cloud against the background of the pandemic face increased costs: attackers can hack their cloud environments and use them for mining cryptocurrencies and DDoS attacks.

According to the IBM report on the main information security risks in 2021, the number of attacks on cloud environments and open-source Linux operating systems will increase this year. Users of Russian operating systems on Linux can also suffer, said Oleg Bakshinsky, a leading information security adviser for IBM in Russia.

The attackers began using the extensible computing power of Linux-based cloud environments, said Mr. Bakshinsky.

The customer can enable the service in their cloud settings, and at times of peak loads, their resources will be expanded for an additional fee. Attackers take advantage of this by gaining unauthorized access to the victim's cloud environment, increasing the company's costs for paying for cloud services.

The authorities have already acknowledged the problem. So, to check the security of operating systems based on Linux, the Federal Service for Technical and Export Control of Russia will create a research center for 300 million rubles ($4 million).

Cybersecurity experts also confirmed the growing interest of hackers in Linux systems. Check Point records about 20 attacks on Linux-based cloud environments in Russia, which is 3.45% of the total number of such attacks worldwide.

The main targets of the attackers, according to Nikita Durov, technical director of Check Point in Russia, are the financial industry and the government.

Alexander Tyurnikov, head of software development at Cross Technologies, is convinced that attacks on cloud environments "will not be so large-scale as to lead to the collapse of state and commercial systems."

AIVD says they face cyber attacks from Russia and China every day

According to the head of the country's General Intelligence and Security Service, these hackers break into the computers of companies and educational institutions

The head of the General Intelligence and Security Service of the Netherlands (AIVD), Erik Akerboom, said that the country's special services allegedly "every day" catch hackers from China and Russia, who, according to him, break into the computers of companies and educational institutions. At the same time, the head of the AIVD did not provide any evidence.

"Every day we catch hackers from both China and Russia hacking into the computers of companies and educational institutions," the head of AIVD said in an interview with Vu Magazine.

According to Akerboom, the target of these hackers is vital infrastructure, such as drinking water, banks, telecommunications, and energy networks." However, he did not give an example of any specific cyberattack.

In 2018, the Ministry of Defense of the Netherlands said that the country's special services prevented a hacker attack on the Organization for the Prohibition of Chemical Weapons (OPCW), which four Russian citizens allegedly tried to carry out. According to the head of department Ankh Beyleveld, the suspects with diplomatic passports were expelled from the Netherlands on April 13. The Russian Foreign Ministry called such accusations "another staged propaganda" action and said that the unleashed "anti-Russian espionage campaign" causes serious harm to bilateral relations.

Besides, in December 2020, the Netherlands was accused of the espionage of two Russian diplomats, calling them employees of the Foreign Intelligence Service undercover. The Russians were declared persona non grata. In response, Moscow sent two employees of the Dutch Embassy from Russia. The accusations of activities incompatible with the diplomatic status of the Russians were called "unfounded and defamatory".

Recall that recently Washington accused Moscow of large-scale cyber attacks, which were allegedly carried out in order to get intelligence data. The representative of the Russian Ministry of Foreign Affairs, Maria Zakharova, said in response that such statements by the United States about hacker attacks allegedly by Russia have already become routine.

The press secretary of the Russian president denied Russia's connection with the hackers who attacked France

As the press secretary of the President of the Russian Federation noted, the report of the French special services "contains accusations of committing certain cybercrimes by a certain group of hackers"

The press secretary of the President of Russia Dmitry Peskov considers absurd the wording from the report of the French special services about the involvement of the Russian Federation in cyber attacks on enterprises of this country.

"If I understand correctly, they did not accuse Russia, but a certain group of some hackers who, as they say, maybe related to Russia. This wording is a little absurd, and here it is impossible to say that Russia was accused of something," Mr. Peskov told reporters on Tuesday.

He once again stressed that the report "contains accusations of committing certain cybercrimes by a certain group of hackers."

Peskov noted that Moscow "did not, does not, and cannot have any involvement in any manifestations of cybercrime." "In this context, I would like to remind you that it is Russia that constantly speaks about the need for international cooperation in countering cyber security," concluded he.

On Monday, the French National Agency for the Security of Information Systems (ANSSI) of France published a report according to which French businesses have been subjected to cyberattacks since 2017. At the same time, the report does not specify what damage was caused to enterprises and what exactly the hackers did.

The agency concluded in this report that "this campaign is very similar to previous campaigns based on the principles of hacker group Sandworm". A number of Western countries associate the Sandworm group with Russia.

It is worth noting that cybersecurity experts have reported on the activity of the Sandworm group since 2008 when they were accused of DDoS attacks on facilities in Georgia. In October 2020, the US Department of Justice charged six Russian citizens with working for the Sandworm group, participating in attacks on companies and hospitals in the United States, Ukraine's power systems in 2016, the French presidential election in 2017, and the Pyeongchang Winter Olympics in 2018.

Accusations against "Russian hackers" periodically appear in the West. Russia has repeatedly denied such accusations.

Medvedev mentions about the possible disconnection of Russia from the global network

Disconnecting Russia from the global network is possible, but the authorities have a plan of action in this case, said the Deputy Chairman of the Security Council Dmitry Medvedev.

Medvedev said that Russia has the technical capabilities to ensure the autonomous operation of the Russian segment of the Internet, but no one would like to take it to such extremes.

"Technologically, everything is ready for this. At the legislative level, too, all decisions have been made. But once again I emphasize: this is not easy, and I would really not want it,” stressed he.

Medvedev acknowledged that the isolation of the Russian segment of the Internet is only a backup plan in the extreme case if Russia is disconnected from the global network. "Of course, we have a plan for how to act in such a situation. The Internet, as you know, appeared at a certain time, and, of course, the key management rights are located in the United States of America. So potentially, Russia's disconnection from the global network can happen," said Medvedev. 

The politician recalled the constant talk about disconnecting Russia from the international interbank system for transmitting information and making SWIFT payments. "They constantly frighten us with this. We were even forced to create our own system for the transfer of information if suddenly this happens so that electronic messages can be exchanged. The same thing can potentially happen with the Internet, and then we will not have access to the main nodes of this network," said the deputy head of the Security Council.

The Deputy Head of the Security Council recalled that against the background of such risks, a law on the Russian segment of the Internet was adopted so that it could be managed autonomously.

Nevertheless, the deputy head of the Security Council urged to be realistic and understand that if the Runet is isolated, it will create big problems.

Earlier, E Hacking News was reported that Russian business expressed fear about the isolation from the global Internet.

What is "Sunburst"? A look into the Most Serious Cyberattack in American History

 

A number of organisations have been attacked by what has been chronicled as one of the most severe acts of cyber-espionage in history named "Sunburst", the attackers breached the US Treasury, departments of homeland security, state, defence and the National Nuclear Security Administration (NNSA), part of Department of Energy responsible for safeguarding national security via the military application of nuclear science. While 4 out of 5 victims were US organisations, other targets include the UK, the UAE, Mexico, Canada, Spain, Belgium, and Israel. 
 
The attack came in the wake of the recent state-sponsored attack on the US cybersecurity firm FireEye. The company's CEO, Kevin Mandia said in his blog that the attackers primarily sought information pertaining to certain government customers.  
 
FireEye classified the attack as being 'highly sophisticated and customized; on the basis of his 25 years of experience in cybersecurity, Mandia concluded that FireEye has been attacked by a nation with world-class offensive capabilities. 

Similarly, last Sunday, the news of SolarWinds being hacked made headlines for what is being called as one of the most successful cyber attacks yet seen. As the attack crippled SolarWinds, its customers were advised to disengage the Orion Platform, which is one of the principal products of SolarWinds   used to monitor the health and performance of networks.  
 
Gauging the amplitude of the attack, the US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA) described the security incident as a "serious threat", while other requesting for anonymity labelled it as the "the most serious hacking incident in the United State's history". The attack is ongoing and the number of affected organisations and nations will unquestionably rise. The espionage has been called as "unusual", even in this digital age.  
 
As experts were assessing how the perpetrator managed to bypass the defences of a networking software company like SolarWinds, Rick Holland came up with a theory, "We do know that SolarWinds, in their filing to the Security and Exchange Commission this week, alluded to Microsoft, which makes me think that the initial access into the SolarWinds environment was through a phishing email. So someone clicked on something they thought was benign - turned out it was not benign." 
 
Meanwhile, certain US government officials have alleged Russia for being behind these supply chain attacks, while Russia has constantly denied the allegations as the Russian Embassy wrote on Facebook, "Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,".  
 
"Russia does not conduct offensive operations in the cyber domain." The embassy added in its post to the US.

Putin: the US State Department and the US intelligence agencies come up with fake about Russian hackers

According to the Russian President, he is counting on the experience of the President-elect of the United States, which will help solve some problems in relations between the two countries

Vladimir Putin called a provocation the question of the general producer of the RTVI channel Sergey Shnurov, who during a press conference asked why Russian hackers this time did not help Donald Trump become President of the United States and whether Russia is ready to provide asylum to the outgoing American leader.

"This is not a question, but a provocation. Hackers did not help Trump and did not interfere in the American elections. This is all speculation, an excuse to spoil relations between Russia and the United States, an excuse not to recognize the legitimacy of the US president for domestic political reasons," Putin said.

According to the Russian President, relations between Moscow and Washington have become hostages of the internal political situation in the United States: "It is their choice, let them do what they want."

Putin also expressed hope that "the elected President of the United States will understand what is happening." "He is an experienced man. We hope that some problems will be resolved under the new administration," the President said.

It is worth noting that the US authorities previously reported that hackers working for Russia obtained information from the databases of the Department of Homeland Security (DHS) and the US Treasury and Commerce Department.

During a press conference, Russian President Vladimir Putin named the real authors of the fakes about Russian hackers.

According to the President, they are the US State Department and the US intelligence agencies. He also added that it was they who in 2016 made a throw-in about the connections of hackers who hacked the mail of members of the US Democratic Party with Russian military intelligence.

"So they are the authors in fact. In any case, according to their instructions, this was done, it is quite obvious," the head of state said in a live broadcast.

On Thursday, December 17, the head of state held a large press conference. The event included a direct line with the President.

Russian embassy responds to Norwegian allegations of cyberattack

Hacker groups APT28 and Fancy Bear may have been involved in a cyber attack on the Norwegian Parliament in August 2020. This statement was made on Tuesday by the Norwegian Police Security Service.

Police say the operation was likely carried out by cyber groups, known publicly as APT28 and Fancy Bear. According to them, they are connected with the Russian military intelligence GRU, and more specifically with its main headquarters for special operations.

The Russian Embassy in Norway expressed on Facebook on Tuesday the opinion that Norway's accusations of Russia in hacker attacks without providing evidence are unacceptable and do not contribute to strengthening the dialogue.

"Accusations without evidence in a highly likely regime are unacceptable. Unlike Norwegian politicians, Russia is careful to maintain a dialogue with Norway and even more cherish the centuries-old friendship and cooperation with the Norwegian people,” stressed they.

"One more request to journalists and experts — if you comment on any statements of the special services, follow the professional code, namely: do not publish hastily the" hottest" news if you have no evidence,“ concluded the Embassy.

On September 1, the Parliament of the Kingdom reported that it was subjected to a cyber attack, as a result of which unknown hackers gained access to the email of a number of deputies and employees of the legislative body. According to Marianne Andreassen, the administrative head of the Parliament, a number of immediate measures were taken to stop the attack. The Norwegian Police Security Service later said it would investigate whether "any state" was behind the cyber attack that occurred on August 24.

Norwegian Foreign Minister Ine Eriksen Søreide made a statement that Russia was behind the cyber attack on parliament.

NSA Issued Warning Against Russian State-Sponsored Attackers for Exploiting VMware Access

An advisory warning has been issued by the United States National Security Agency (NSA) on 7th December that Russian malicious actors are posing a big threat to VMware by installing malware on corporate systems and accessing protected data. 
The attack came two weeks after the virtualization software company publicly disclosed vulnerabilities. According to the company malicious actor (s) is accessing —VMware workspace one, Connector, Identity Manager, and Identity Manager Connector products for Windows and Linux. However, the identities of malicious actors and when all of this started have not been disclosed. 

What is VMware? 

VMware is an American Software Company that provides cloud computing and virtualization software and services. VMware was one of the commercially successful companies to virtualize the x86 architecture.

Its desktop software runs on Microsoft Windows, Linux, and macOS, while its enterprise software hypervisor for servers, VMware ESXi, is a bare-metal hypervisor that runs directly on server hardware without requiring an additional underlying operating system. 

When The Threat Surfaced? 

It was about in late November when Vmware had addressed the attacking threat and pushed temporary workarounds to dig deeper into the issue. However, the ‘escalation-of-privileges ‘bug resolution had to wait till the 3rd of December 2020 to get resolved. 

The same day witnessed the United States Cybersecurity and Infrastructure Security Agency (CISA) releasing a brief bulletin to encourage administrators to review, apply, and patch as soon as possible.

Meanwhile, as per the National Security Advisor, VMware didn’t clearly disclose that the bug was being actively exploited by the attackers, which led to adversaries leveraging the vulnerability for launching attacks to steal data and exploit shared authentication systems. 

''The misuse via shell injection led to the installation of a web shell and follow up malicious activity where Security Assertion Markup Language (SAML) in the form of authentication assertions generated and sent to Microsoft Active Directory Federation Services, which allow actors access to protected data," the agency said. 

What is SAML? 

Security Assertion Markup Language or SAML an Open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). 

Besides insisting on the organizations to update compromised systems to the latest version, the agency is also moving forward towards securing strong management. 

As of now, the threat hasn’t gone anywhere; the US National Security Advisory has advised the agencies to monitor all the systems, scan server logs for the presence of "exit statements" that indicate possible malicious activity. 

Lithuania to allot seven million euros to combat hackers

Lithuania has applied to host the European Cyber Security Competence Center, which is designed to develop technologies and develop protective measures. The Raimundas Karoblis, the Minister of National Defense of the Baltic Republic, openly links the request for its creation with the "Russian threat".The vulnerability of NATO's "eastern flank" continues to worry European countries, which believe that after the protests in Belarus, the issue of Russia's influence is more acute.

Lithuania will compete for hosting the institution with Belgium, Germany, Luxembourg, Poland, Romania and Spain.

Ministry of Defense of the Baltic Republic draws attention to the activity of China and Russia, which are often associated with the hacker threat.

The Minister of Defense claims that "Russian cyber attacks happen quite often," although at the same time he makes a reservation: it is very difficult to formally establish the "authorship" of hacker attacks.

According to him, this is accompanied by information campaigns. It is likely that the work of the European Cybersecurity Competence Center will also be aimed at countering those information messages that will be considered propaganda in Vilnius. By the way, Lithuania offers to place the institution itself in the Vilnius TV tower.

It is worth noting that in January, the Prime Minister of the Republic Saulius Skvernialis called Lithuania "a leader in the field of information security". According to him, this area is a priority for the Baltic Republic.

In addition, Lithuania ranked fourth in the Global Cybersecurity Index (GCI) with a score of 0.908 points. The rating was led by the United Kingdom, which scored 0.931 points. The second and third places are occupied by the United States (0.926) and France (0.918). The top five is completed by Estonia, whose security level was estimated at 0.905 points.

Lithuanian authorities often claim cyber attacks and "Russian interference” without providing any evidence of the "guilt" of the Russian side. Moscow denied all such accusations and stressed that they were "absolutely unfounded".

However, Lithuania is currently concerned about military activity near its borders, which, according to its estimates, has increased against the background of the Belarusian events.

United States rejected Putin's offer to cooperate on cybersecurity

The US authorities for the first time publicly responded to the proposal of Russian President Vladimir Putin to resume cooperation in the field of international information security. US Assistant Attorney General for National Security John Demers called the Kremlin's initiative "nothing more than false rhetoric, cynical and cheap propaganda.” And Secretary of State Mike Pompeo said that Russia is dismissive of public security and international stability in cyberspace.

On September 25, Vladimir Putin invited the US authorities to resume cooperation in the field of international information security, which began in 2013 but was frozen due to disagreements over Ukraine and Russia's alleged interference in the 2016 US presidential election.

The President of the Russian Federation then stated that the dialogue in the cyber sphere should not be a "hostage" of political disputes, and proposed a four-point program for restoring cooperation.

In a statement, the Russian President said that "the risk of a large-scale confrontation in the digital sphere is one of the main strategic challenges of our time." "Special responsibility" for preventing cyberwarfare lies, as the Kremlin said, "on key players in the field of international information security," that is, primarily on Russia and the United States.

On October 7, in an interview with the Russia TV channel, Vladimir Putin complained that there was no response to his proposal from the United States. "Unfortunately, as with a number of our other initiatives, there is no response to this, I believe, very important topic, although there are continuing complaints against us about our hyperactivity in the information sphere, interference in elections there, and so on, which have absolutely no basis,” said Mr. Putin.

Russian military companies were reportedly attacked by hackers from North Korea

North Korean hacker group Kimsuky has reportedly conducted several attacks on the Russian military-industrial complex in order to obtain military and technological secrets of Russia

According to the cybersecurity company Group-IB, attacks by hackers from the Democratic People's Republic of Korea on the Russian defense industry took place in the spring of 2020. North Korean cyber criminals sought to obtain data from aerospace and defense companies, as well as from enterprises that produce artillery equipment.

Telegram-channel SecAtor reported that Rostec was among the companies that were attacked. RT-Inform, a subsidiary of Rostec that deals with information security, did not confirm or deny these data, but noted that the number of cyber attacks on the resources of the state corporation increased from April to September.

"Most of the attacks were poorly prepared and did not pose a significant threat when they were exposed, but this could only be preparation," said RT-Inform.

Experts believe that in this case, hackers from the DPRK will soon launch new, more well-prepared attacks.

Kimsuky is also known by the names Velvet Chollima and Black Banshee, it is engaged in cyber espionage. According to Group-IB, North Korean hackers previously attacked facilities in South Korea, but then engaged in enterprises in the production of artillery equipment and armored vehicles in Russia, Ukraine, Slovakia and Turkey, using fraudulent mailings.

According to Denis Legezo, a cybersecurity expert at Kaspersky Lab, some fraudulent emails from North Korean groups contain information about vacancies in the aerospace and defense industries. He believes that this indicates the interest of hackers in industrial espionage.

As reported by E Hacking News, in September in Russia there were cases of attacks by the Chinese hacker group Winnti on software developers for banks, as well as on companies in the construction sector. Winnti has previously repeatedly hacked the networks of industrial and high-tech companies from Taiwan and Europe, but the group's activities have not yet been reported in Russia.

Russia considers the accusations by the Norwegian authorities of the cyber attack as a provocation

 Russia considers the accusations by the Norwegian authorities against it in the cyber attack a deliberate provocation. This statement was made on Tuesday by the Russian Embassy in Norway on Facebook.

"We regard the incident as a serious deliberate provocation that is detrimental to bilateral relations,” said the statement.

"Millions of cyber attacks are made annually on Russian state Internet resources (including foreign institutions in Norway) from abroad (for example, 77 million attacks were made on the Foreign Ministry website in January-September 2018), but this does not give the right to accuse the authorities of the countries of their possible origin,” stressed the Embassy.

They pointed out that "in May 2020, a note was sent to the Norwegian Foreign Ministry setting out the procedure for dealing with computer incidents - there are official channels for investigating them." "There was no reaction at the time, which indicates the reluctance of the Norwegian authorities to conduct a dialogue. The question is why did we create specialized response mechanisms and create a legislative framework together with European countries? We expect explanations from the Norwegian side,” said the diplomatic mission.

The head of the Federation Council for International Affairs, Konstantin Kosachev, called the Norwegian government's accusations unsubstantiated. According to him, Oslo did not offer to discuss the incident at the expert level.

Earlier on Tuesday, Norwegian Foreign Minister Ine Eriksen Soreide claimed that Russia was behind the cyber attack on the country's Parliament in August 2020.

On September 1, the Parliament of the Kingdom reported that it had been subjected to a cyber attack, as a result of which unknown hackers gained access to the email of a number of deputies and employees of the legislative body. Later, the Norwegian Police Security Service (PST) said it would investigate whether "any state" was behind the cyber attack that occurred on August 24.

Spending on information security in Russia will increase eightfold

Russia intends to sharply increase the cost of information security, and mainly on cryptography, and not on personal data protection

According to the published draft of the Federal budget for the next three years, it was decided to increase the expenditures on information security in the amount of 2 billion rubles (25 million dollars) initially laid down for 2022–2023 to 16 billion rubles (204 million dollars). This is the most significant increase in the budget in comparison with other Federal projects included in the Digital Economy direction.

The authorities plan to pay the greatest attention to the development of domestic cryptography, the functioning of cyber polygons, filtering Internet traffic and countering computer attacks. At the same time, the creation and operation of the national center for the introduction of modern cryptography methods can take over more than half of the total budget of the Federal project.

Budget money should also be used to analyze the security of state systems. However, the largest expenditures are allocated for the technical implementation of various project areas: equipment, specialized software, and staffing and production support.

The disadvantage of the project is the lack of measures aimed at preventing data leaks and protecting the personal information of Russians. Analysts pointed out that it would be logical to allocate part of the funds to system security in matters of interaction between the state and citizens on digital platforms. In addition, according to market participants, specialized education and training of qualified specialists receive insufficient funding.

Ivan Mershkov, technical Director of NGRSOFTLAB, said that it is critically important to envisage measures to increase digital literacy among the population. The number of phishing attacks shows explosive growth, which will only increase with the increase in digital consumption.

Nevertheless, the increase in funding for this federal project was seen as a good sign, indicating that the issue of cybersecurity is coming to the fore in Russia.