Search This Blog

Showing posts with label Russia. Show all posts

Hackers accessed thousands of surveillance cameras, network devices and even the displays on the platforms of Russian Railways

 A user of the Habr website discovered a vulnerability that allows him to penetrate the video surveillance system of Russian Railways. According to him, during the day, the holding's specialists managed to close it. Information security experts said that now Russian Railways needs to conduct an audit of internal systems to make sure that the attackers who gained access could not go further.

Specialists of Russian Railways closed the vulnerability that allowed access to video cameras and internal services of Russian Railways, as follows from the blog of one of the Habr users. Earlier, on the morning of January 13, the author of the blog published an article about how he managed to gain access to the Russian Railways system by exploiting a vulnerability in its perimeter. According to him, the problem was related to non-changed passwords installed by default on MikroTik routers.

"The vulnerability could allow attackers to block all cameras on the railways in a week, which would cost the holding at least 130 million rubles ($1,8 million), and the restoration of video surveillance would take at least a month," warned the hacker.

Russian Railways were unable to promptly confirm information about the vulnerability and its elimination and stressed that illegal access to computer information is a criminal offense.

"After changing the accounts of Russian Railways, it is necessary to check for traces of outsiders in its infrastructure, conduct a large-scale audit of all IT systems, as well as review existing threat detection scenarios", recommended information security expert Alexey Lukatsky.

MikroTik routers, which, according to the author of the blog, are used by Russian Railways, belong to the segment of home and office equipment, and users often leave default passwords on such devices and on video cameras of any manufacturer. Attackers often use this in automated DDoS attacks.

Russian Railways had security problems before: in August 2019, the personal data of 703 thousand employees of the state monopoly were publicly available, and in November 2020, the database of the Russian Railways Bonus website "leaked" to the network.

The Russian expert explained why scammers distribute free SIM cards

 

SIM cards that are distributed on the street without signing a contract are most likely issued to someone else. Most often, they are used to establishing control over your account in a service. According to Dmitry Pudov, Deputy General Director for Technology and Development of the Angara Group of information security companies, the use of such a SIM card can turn into various troubles.

"It is better to refuse such offers and certainly not to use these SIM cards. The main argument is that you can't prove that this SIM card belongs to you. Accordingly, from the point of view of the law, you are not a subscriber and do not have any rights," explained the expert.

Fraudsters can reissue the card and then all calls and SMS messages will be sent to the new SIM card. Now there are a lot of services and applications that use SMS to restore access in case you forget your password.

"Be prepared to lose access to these services if you use free SIM cards", warned the expert.

Many Internet services still use SMS for delivery and other confidential information. However, for several years now, short text messages (SMS) have been recognized as an unreliable means of communication. Increasingly, this method of data transportation discredits itself and leads to various incidents.

According to Mr. Pudov, attackers will try to establish control over your accounts, they will request a password reset and, if the password comes to the number of the SIM card issued to you, they will get access to it. Then the only question is how they can benefit from this: monetize the traffic of your social network account, send your friends a request to "urgently help with money", use your account to send phishing messages.

"Previously, this attack was actively used to intercept online banking confirmation codes to steal money, even if the SIM card belonged to you. Using banking Trojans or other hacking methods, hackers obtained the victims 'online banking credentials, and then a duplicate SIM card," concluded Pudov.

The data of 1.3 million Russian Hyundai customers are on sale

The database, which contains information about 1.3 million Russian owners of Hyundai cars, is put up for sale on Darknet. This is reported by Telegram-channel "Information Leaks".

According to him, the data of 1.3 million registered users of the hyundai.ru website were put up for sale. The database contains the full names, phone numbers, email addresses and home addresses of the automaker's customers, as well as information about the vehicles they purchased, spare parts orders and participation in the brand's marketing activities.

Ashot Hovhannisyan, the founder of the DLBI data leak intelligence service, said in an interview that the database with Hyundai customer data is sold for about $2 thousand. According to him, the seller of the database has a high rating and has not previously been seen selling fake data. Hovhannisyan clarified that the latest data on user operations contained in the "testers" of the database refers to 2019.

The seller of the database, as other interviewed information security experts told, has a good reputation, so the leak is similar to the real one. One of the interlocutors claims that the seller of the base is a Russian who lives in Moscow.

According to Hovhannisyan, the database is a "dump" of the SQL server that serves the site of the Russian office of Hyundai, so most likely the source of the leak was a vulnerability in this server found by an automatic scanner or a backup copy of the data accessed by cybercriminals.

According to KELA analyst Viktoria Kivilevich, the seller of the database has many ads in which he offers databases of other companies in the same format, so it is likely that the hacker massively scans vulnerable networks, "selects those that are more delicious" and exploits vulnerabilities.

Security Expert listed the largest data leaks of Russian residents in 2020

Founder of DLBI data leak intelligence service Ashot Hovhannisyan spoke about the most large-scale database leaks in the Russian Federation in the past year.

According to him, one of the most high-profile cases of data leakage in Russia occurred at the end of 2020. In December, a database of more than 100 thousand lines containing personal data of Moscow residents who had recovered from COVID-19 was made publicly available.

In November more than 1.3 million lines of data of Russian Railways Bonus customers appeared on the black market, containing the e-mail address and user ID, an encrypted password, the date of registration and last login, as well as service data.

"In June, there were data leaks from clients of the SuperJob.ru portal and the Skyeng online school of English, each of which was about 5 million lines and contained the full name, gender, date of birth, phone number, email address and other data," said Mr. Hovhannisyan.

He also recalled that in April there were leaks of 12 million records of Russians who issued microloans in various microfinance organizations in 2017-2019. At the same time, “almost a million lines of data of clients of the loyalty program of the retail chains K-Ruoka and K-Rauta appeared on the Internet, containing their full name, e-mail address, mobile and home phone numbers, gender, date of birth, date of filling out the questionnaire, numbers loyalty cards".

“Finally, the largest leak of nearly 600 million lines of data of customers of the Premium Bonus service, which was discovered in March 2020, containing personal data of customers of the service, was the largest leak this year. It provides loyalty programs to popular cafes and restaurants, for example, Mu-Mu, Jean Jacques, Pizza Empire”, concluded the expert.

US Intelligence Task Force Accuses Russia Of Cyber Attack

 

Previously, US President Donald Trump had accused China of malicious security incidents; security experts and officials have suspected China to be involved in the recent cyberattacks on the US government and several other organizations in the nation but now other members of his administration are pointing out the finger at Moscow. 

In a joint statement on 5 January, the intelligence bodies said, "the attack believed to be an 'intelligence gathering' attempt, rather than cyber warfare, as touted by multiple lawmakers including President Donald Trump. Currently, it is also being observed that cyber-attack which attempted to sabotage online privacy and information has affected fewer than ten US government agencies along with several other organizations outside government”. 

 A collective report of government organizations, the UGC, also called Cyber Unified Coordination Group which has been set up to deal with the recent attack, stated that the Advance Persistence Threat (APT) actor which is responsible for the cyberattack was “likely Russian in origin”. It also said other government organizations that are collaborating for the collective report, are the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Office of the Director of National Intelligence (ODNI), and the National Security. 

The intelligence stated that the research regarding this is still going on to understand the scope of the data compromised during cyber attacks. According to the committee, the hacking attempts were initially made in March 2019 when the updated version of the IT network management tool called Orion was compromised. 
The report says those thousands of people who had installed this hacked tool across American territory, many of whom worked in important US federal agencies. Besides non-government organizations, a major part of the US government was compromised during the recent cyber attacks such as the Treasury and Department of Commerce, and the National Telecommunications and Information Administration.

"This is a serious compromise that will require a sustained and dedicated effort to remediate. Many organizations have to scour their systems for signs that they may have been compromised. The incident sent shockwaves across the US partly because the breach was undiscovered for many months and was potentially far-reaching in terms of who it might have affected. It also suggested a degree of sophistication and stealth which was widely seen as a trademark of hackers from the SVR", Russia's foreign intelligence agency, the Intelligence committee said in a statement.

Russian experts give tips on how to prevent personal data leakage

In Russia, the number of cyber attacks increased by almost a quarter in the first quarter of 2020, said Anton Kukanov, head of the Russian Quality System (Roskachestvo) for Digital Expertise, citing Positive Technologies data.

The expert also clarified that about 13% of fraudulent links were related to the topic of the coronavirus pandemic. He drew attention to the fact that almost half of all stolen information in the first quarter of 2020 were usernames and passwords.

According to Anton Kukanov, the main purpose of scammers is not the personal data of users, but payment information.

"They use phishing campaigns, social engineering techniques, and a wide range of malicious programs for this purpose, such as keyloggers that record and transmit passwords, remote access programs that allow a hacker to control the device," said Mr. Kukanov.

The expert advises not to click on suspicious links and not to use sites with illegal content in order to prevent fraudsters from stealing logins and passwords. In particular, resources with free movies, including new products, or games that users love so much, can actually be "monetized" by viral software.

"It is also not recommended downloading applications on third-party sites. You need to do it exclusively in official stores, otherwise, you can quickly "catch" the virus. However, there is a risk of "infecting" the gadget through the official store, although less", noted Anton Kukanov.

Moreover, a specialist from Roskachestvo advises looking at the rating of the application before installing it and read reviews without fail in order not to download an application with a virus.

He also recommended paying attention to the permissions that are requested by installed applications. For security reasons, according to Kukanov, it is better to reject those that contradict the meaning of the application.

SolarWinds Attack Update: Russian Hackers Breached 250 US Agencies and Top Companies

More than 250 US Federal Agencies and big companies have been attacked by alleged state-sponsored Russian hackers. The attackers gained access by hacking into 'SolarWinds Orion' management and monitoring software. The hack was much worse than what I expected, says US Senator Mark Warner according to New York Times report. The scale of the attack keeps increasing, it's evident that the US government failed to detect the attack. As per the report, companies like Amazon and Microsoft who offer cloud-based services, now investigate further to find evidence. 

The report suggests that Russian hackers compromised multiple supply chain layers to breach more than 250 networks and gain access. According to Microsoft, hackers exploited the SolarWinds software which allowed them to copy user accounts of the company, some of which were top-level individual accounts. Microsoft found unusual activity in a few company accounts and upon investigation, it found that hackers used one account to access source code in multiple source codes repositories. Besides this, Microsoft confirms that the account didn't allow hackers to change code or modify engineering systems. 

The further investigation cleared that no other unusual activities were found. During the investigation, these accounts were tested and then restored. Earlier assumptions suggested Russian actors breached more than 18000 public and private networks (including government agencies).  According to the reports, it suggests that few breached SolarWinds softwares were modified in Eastern Europe. Cybersecurity experts and federal officers currently investigate if the large scale attack operated from areas where Russian intelligence is deeply embedded. 

CISA (Cybersecurity and Infrastructure Security Agency) has alarmed US federal agencies to either shut down all the exploits SolarWinds applications or update the hacked SolarWinds Orion software. E-Hacking News earlier reported "currently, Microsoft hints to “a very sophisticated nation-state actor” as the attacker, cybersecurity experts, and the U.S government has alleged Russia for orchestrating the SolarWinds attack. The cyberattack also revealed a listing of susceptible companies. However, Microsoft didn't disclose how much the hackers were able to view the source code and what the hackers did with it. "

Russians ‘InfoWarrior’ Hackers New Game Changer for the Geopolitical Agenda?

The worse cyber attack of the year 2020 on SolarWinds which was allegedly carried out by Russian state-backed threat actors is signs of advancement in different ways as Moscow is seemingly improving its technical abilities that might pose a bigger threat of cyber espionage globally. 

The attack has compromised many important departments of the U.S. government, big tech companies, hospitals, and universities, showing a big loop of online intrusion, which is illustrating how cyber espionage operations have become a left-hand job for Russian ‘infowarrior’. Should it make the West more concerned about the security of its government or should the whole world consider these attacks as a new normal? 

Russia’s diplomatic relation with the West has always been bitter since the World Wars, and even today the situation continues to border on bitterness. Moscow sees the cyber attacks as a cheap and effective way to achieve and win its geopolitical aspirations, and therefore Russia is unlikely to take a step back from such tactics, whilst facing U.S. sanctions or countermeasures. 

Bilyana Lilly, a researcher at think tank Rand Corp said, “Such operations are a relatively inexpensive and effective way to conduct geopolitics that is crucial for Russia, which is facing considerable economic and demographic challenges and whose economy is smaller than Italy’s. 

Referencing from an article in a Russian military journal, “the complete destruction of the information infrastructures” of the U.S. or Russia could be carried out by just one battalion of 600 “info warriors” at a price tag of $100 million’’. 

It’s been an ardent task for the West to vehemently retort to Moscow’s growing cyber abilities. Washington’s vengeance measures including sanctions, diplomatic expulsions, property seizures, and even big threats such as expulsion from the world-leading economic organizations appear to have little to no impact on its operations. 

Pavel Sharikov, a senior fellow at the Russian Academy of Science’s Institute for U.S. and Canadian Studies said, “Russia doesn’t see sanctions as an instrument of pressure but as an instrument of punishment. The Russian government says, ‘Yes we understand that you don’t like what we are doing, but we don’t really care”. 

Notably, US officials and tech companies have accused the Russian regime of cyber espionage attacks on multiple occasions, including attempts to intervene before the 2020 election. The WSJ discovered how Moscow’s cyber espionage and trolls have enlarged their 2016 toolbox with a new stratagem. 

Inferring from a paper co-written by Rand’s Ms. Lilly, “in recent years, so-called information confrontation has become an established part of Russia’s military doctrine”. In 2019, Gen. Valery Gerasimov, Russia’s General Staff chief, said that in modern warfare, cyberspace “provides opportunities for remote, covert influence not only on critical information infrastructures but also on the population of the country, directly influencing national security.” 

According to the authorities, Moscow is trying to advance its geopolitical agenda by using its cyberattack tactics; the initial target was ex-Soviet countries. It was in 2007 when Russia-backed hackers attacked Estonia which compromised websites government, bank credentials, and newspapers. 

Following up, Ukraine and Georgia have also been attacked. In most cases, states’ media firms, and election infrastructures have been targeted. “Russian state-backed hackers set their sights on the West. In 2014, they penetrated the State Department’s unclassified email system and a White House computer server and stole President Barack Obama’s unclassified schedule, U.S. officials said. 

According to the German authorities, in 2015, they got into the German parliament, in what experts described as the most significant hack in the country’s history’’. 

Interestingly, that's not all, Russia was accused of its interference in the French elections and the ‘Pyeongchang’ Winter Olympics and for the NotPetya malware attacks on the corporate webwork. And now, the Western administration is accusing Russia of cyber espionage attacks against the COVID-19 vaccine supply chain. Russia has denied its involvement. 

Russian hackers gained access to the source codes of Microsoft programs and systems

Microsoft believes that hackers who previously attacked US government departments and businesses have gained access to internal information about its software code.

Microsoft is among the clients of the US firm SolarWinds, whose systems were hacked earlier this year. On December 17, Microsoft representatives admitted that "malicious SolarWinds code was detected in its ecosystem, it was isolated and removed."

The company's specialists reported that "one account was used to view program code in a number of repositories."

As it became known earlier, the Orion software of SolarWinds was hacked in March of this year. Hackers managed to inject the virus into the Orion update, which was then downloaded and used by thousands of SolarWinds customers, including leading government agencies, as well as more than 400 major American companies.

In a joint statement released last week, the Office of the US Director of National Intelligence, the FBI and the Infrastructure and Cybersecurity Agency said they had documented a major attack on the federal government's computer networks.

US Secretary of State Michael Pompeo outlined the version according to which Russia was involved in the attack. Meanwhile, US President Donald Trump stressed that the media exaggerated the scale of the incident.

Press Secretary of the Russian President Dmitry Peskov said that Moscow was not involved in hacker attacks on US government agencies and companies.

Experts agree that by raising the topic of cyber attacks, the new US administration is preparing the ground for another package of anti-Russian sanctions. This can be both the introduction of sanctions and a cyber attack, for example, on the main state institutions, says Konstantin Blokhin, a researcher at the Center for Security Research of the Russian Academy of Sciences. And the fact that Trump did not blame Russia does not mean a change in Washington's foreign policy.

A similar point of view is expressed by the political scientist-Americanist Mikhail Sinelnikov-Orishak. "This is a great reason to accuse Moscow of interfering in internal affairs, to justify any measures, since it is impossible to determine exactly who is behind these attacks. In addition, this is a good justification for allocating additional funds from the budget for the cyberspace," said the political scientist.

Experts listed the possible goals of cyber criminals who hack websites

According to Positive Technologies, in 2020, cybercriminals have become increasingly interested in hacking sites: in seven out of ten cases, the purpose of an attack is to gain access to a resource, including for its further sale to another attacker.

The company's experts, to find out the most popular targets of hacking sites, examined more than 80 million messages on the ten most active forums in the shadow segment of the Internet, which provide services for hacking sites, buying and selling databases, and accessing web resources.

According to Positive Technologies analyst Yan Yurakov, since March 2020, interest in the topic of hacking sites has been identified. He also explained that this trend could lead to an increase in the number of companies represented on the Internet, which was provoked by the pandemic.

In seven out of ten requests related to hacking sites, the main goal is to gain access to a web resource. Attackers can not only steal confidential information but also sell access to a web application.

In another 21% of cases, the purpose of hacking a site is to extract and obtain databases of users or clients of the attacked resource. According to Positive Technologies, competitors and spammers who collect lists of addresses for targeted thematic mailing lists aimed at a specific audience are primarily interested in acquiring such information.

For about 4% of hackers, the main goal is not to hack the site itself, but to place malware on it. About 3% of customers are looking for a hacker to remove certain data from the site after hacking, and 2% sell ready-made programs and scripts for hacking.

Recently it became known that the list of pre-installed Russian software for smartphones, tablets, computers and Smart TV will include an application that combines sites with free access. Since April 1, the Ministry of Digital Industry has been conducting an experiment to provide residents of Russia with free access to 371 sites.

The Ministry of Internal Affairs of Russia is creating a cyber police

 Deputy Interior Minister Igor Zubov noted that the number of cybercrimes has increased significantly in the context of the coronavirus pandemic

The Ministry of Internal Affairs of Russia organizes cyber police in its structure, the corresponding decision has already been made by the head of the department, Vladimir Kolokoltsev.

"Today we can talk about the phenomenon of influence on the mass consciousness of young people in terms of changing their behavior in a destructive way. Therefore, this part of the work requires very serious attention. We are making serious changes directly in our structures. The Minister of Internal Affairs Kolokoltsev Vladimir made the decision on the creation of cyber police, it is a question not of one day, it will take a lot of time, demands both money, and equipment, and changes of qualification of employees" said he.

Zubov also noted that in the context of the coronavirus pandemic, the overall crime rate in Russia remained the same, but the number of cybercrimes increased significantly.

"For a number of reasons, this is the impact of digitalization of society, and the fact that people, being isolated, have more opportunities to draw on the Internet various knowledge, including criminal plan, and try themselves in this," added he.

Zubov said that once he tried to file a complaint with a district police officer about an Internet crime, but the officer did not understand anything. Accordingly, here we are talking about concentrating all competent people in one place and investigating cybercrime.

At the same time, the ex-adviser to the president doubted that the Ministry of Internal Affairs will be able to provide such specialists with decent wages since professionals in the IT-sphere are highly paid employees.

Earlier this year, it was reported that the investigative Department of the Ministry of Internal Affairs created units to combat IT crimes. This measure has become necessary, as police investigators increasingly have to investigate crimes of this kind.

US Cyberattack: More than 50 Companies Suffer A Massive Breach

FireEye, the cybersecurity firm responsible for finding out about the massive hacking campaign against the US government says that 50 organizations have suffered major breaches from the attack. According to BBC, "Several other organizations around the world, including in the UK, are understood to have been targeted by hackers using the same network management software." FireEye CEO, Kevin Mandia said a total of 18,000 organizations had suffered an attack, out of which 50 have suffered a major data breach. 

Among the targets include DHS(Department of Homeland Security), The US Treasury, and state and defenses.  Mike Pompeo, US Secretary of State, says Russia is responsible for the attack. Whereas former US President Donald Trump suspects China behind the cyberattacks. Trump took to Twitter last Saturday and said that he believes China is responsible for the attack against the US. According to FireEye, the hacking breach is very serious and consistent. The US officials believe that the attack is the work of SVR, a Russian foreign intelligence agency. 

According to Mr. Mandia, these might be the same hackers that the US encountered in the 90s and the early 2000s. It all started when the hackers breached SolarWinds Orion, a Texas-based firm. In the SolarWinds supply chain hack, a "big" telecommunications company, various government organizations, and a fortune 500 company have been the targets of the breaches. The news comes a day after Microsoft agreed that it had informed its 40 customers of a breach in its Defender antivirus software. Mr. Pompeo has a firm belief that Russia is engaged with this activity. He alleges Russia for undermining the US government and says Russian President Putin is the real risk. 

"Hackers managed to gain access to major organizations by compromising network management software developed by the Texas-based IT company SolarWinds," reports BBC news. The access could have allowed the hackers to take a high degree of control over the networks of organizations using that software, but appears to have been used to steal data rather than for any disruptive or destructive impact, it further says.

SolarWinds Cyberattacks, Microsoft's Turn?

 

The United States is witnessing major cyberattacks, multiple government departments’ agencies are being targeted including treasury and commerce departments, homeland security and now Microsoft is the latest victim of a cyber attack. 

The ‘SolarWinds hack’ has emerged as one of the biggest cyberattacks against the US government, its agencies, and several other private companies, so much so that it has been said the world is under global cyber attack.  

According to Microsoft’s president, Brad Smith, more victims are expected to surface as investigations continue. 

Government departments and private organizations all across the globe are facing difficulties in disabling the compromised SolarWinds products from their systems. 

Intelligences investigating the matter, have named the hack ‘Sunburst’, saying that it will take years to fully decipher these cyber-attacks including the attack vectors and the origin. In this regard, Smith further stated, “We should all be prepared for stories about additional victims in the public sector and other enterprises and organizations.” 

Furthermore, he said that Microsoft has already notified 40 of its security customers that its products are being found to be compromised. The malicious actors are seen to be targeting them “more precisely and breaching the security through additional and sophisticated measures". Experts have predicted the continuity of the attacks, saying more victims are likely to come up. 

As per the researchers, approximately 80 percent of these customers were located in the United States, while others were from Mexico and Canada in North America, Spain, Belgium, and the United Kingdom in Europe, and UAE and Israel in the Middle East. 

Attackers have targeted the government agencies, security and other technology firms, and private organizations of the abovementioned nations. 

However, above all, the campaign is “effectively an attack on the United States and its government and other critical institutions,” Smith warned. So far, six federal entities have been attacked: the Department of Energy, The Pentagon, the National Institute of Health, the Department of Homeland Security the Department of Treasury, and the Department of Commerce. 

The information about the attack has come from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as the agency warned government and non-government agencies that there could be additional initial-access vectors, beyond the SolarWinds Orion platform. 

Sources from Reuters told that the malicious actors used Microsoft’s Azure cloud as part of their attacks, however, a Microsoft spokesperson denied this by saying that “there are no indications that our systems were used to attack others’’

What is "Sunburst"? A look into the Most Serious Cyberattack in American History

 

A number of organisations have been attacked by what has been chronicled as one of the most severe acts of cyber-espionage in history named "Sunburst", the attackers breached the US Treasury, departments of homeland security, state, defence and the National Nuclear Security Administration (NNSA), part of Department of Energy responsible for safeguarding national security via the military application of nuclear science. While 4 out of 5 victims were US organisations, other targets include the UK, the UAE, Mexico, Canada, Spain, Belgium, and Israel. 
 
The attack came in the wake of the recent state-sponsored attack on the US cybersecurity firm FireEye. The company's CEO, Kevin Mandia said in his blog that the attackers primarily sought information pertaining to certain government customers.  
 
FireEye classified the attack as being 'highly sophisticated and customized; on the basis of his 25 years of experience in cybersecurity, Mandia concluded that FireEye has been attacked by a nation with world-class offensive capabilities. 

Similarly, last Sunday, the news of SolarWinds being hacked made headlines for what is being called as one of the most successful cyber attacks yet seen. As the attack crippled SolarWinds, its customers were advised to disengage the Orion Platform, which is one of the principal products of SolarWinds   used to monitor the health and performance of networks.  
 
Gauging the amplitude of the attack, the US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA) described the security incident as a "serious threat", while other requesting for anonymity labelled it as the "the most serious hacking incident in the United State's history". The attack is ongoing and the number of affected organisations and nations will unquestionably rise. The espionage has been called as "unusual", even in this digital age.  
 
As experts were assessing how the perpetrator managed to bypass the defences of a networking software company like SolarWinds, Rick Holland came up with a theory, "We do know that SolarWinds, in their filing to the Security and Exchange Commission this week, alluded to Microsoft, which makes me think that the initial access into the SolarWinds environment was through a phishing email. So someone clicked on something they thought was benign - turned out it was not benign." 
 
Meanwhile, certain US government officials have alleged Russia for being behind these supply chain attacks, while Russia has constantly denied the allegations as the Russian Embassy wrote on Facebook, "Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,".  
 
"Russia does not conduct offensive operations in the cyber domain." The embassy added in its post to the US.

The European Commission added VKontakte and Telegram to the list of pirate sites

VKontakte is surprised by the decision of the European Commission to include the social network in the list of resources that contribute to online piracy, the company has been interacting with copyright holders for many years and quickly restricts access to controversial content

The European Commission has published a new list of resources that promote piracy and can benefit from it. The list for the first time included the Telegram messenger and the social network VKontakte.

The list is formed on the basis of reports from groups of right holders. According to the European Commission, Telegram users, including using public channels, "exchange illegal content, in particular music, books, news publications, films and TV programs." In addition, subscribers share links to other sites that host pirated content.

The social network "VKontakte" is also included in the list due to many complaints from copyright holders. Users of the social network can have unauthorized access to books, as well as to movies and TV shows, in particular through the built-in video players.

Both Telegram and VKontakte objected to their inclusion in the"piracy watch list". Telegram told the European Commission that it "does not tolerate any malicious content on its platform" and removes it within 24 hours. VKontakte also noted that it is fighting piracy. In particular, the social network indicated that the copyright holder can complain about copyright infringement through an electronic form. According to VKontakte, its employees processed more than 1.36 million such complaints, most of which ended with the removal of content.

"We are surprised by the inclusion of VKontakte in this list, as for many years we have been actively interacting with copyright holders in various areas," said the press service of the social network.

According to them, the company signed agreements with the world's largest copyright holders of music products, including Universal Music, Sony Music, and Warner Music, The Orchard, Merlin Network, Believe Digital.

Massive Cyberattack On US Government Exposes Shortcomings, Russia Named Top Suspect

Not long ago, US agencies had confirmed a massive data breach that compromised their networks. The problem persists, and US federals are still grappling to comprehend the extent of the breach. The data breach is linked to a large-scale hacking campaign that the experts have associated with Russia's operations. "The broad Russian espionage attack on the US government and private companies, underway since spring and detected only a few weeks ago, is among the most significant intelligence failures of modern times," reports The New York Times

As of now, various firms are investigating the issue, and a cybersecurity agency Fireye on Wednesday revealed that the malware has a "killswitch" that allows the software to shutdown. However, even if the malware is deactivated, the infected systems can remain susceptible to hackers' attacks. Besides this, currently, US federal agencies are under a lot of pressure to take strict action against Russia. In reality, the officials are still trying to address the exploited vulnerabilities and officially find the threat actor. 

The attack has exposed the vulnerabilities and shortcomings of the US cyber defenses. The news appears at a delicate time when the Biden administration has just taken over the office. President Joe Biden's administration is currently meeting with various agencies to look for options for dealing with this alarming threat. The Biden staff came to know about the massive intrusion on Monday, says DHS and Infrastructure Security Agency. US cybersecurity experts and officials say that the incident should be a warning to both the US government and private sector organizations because foreign actors will keep charging more damage in the future. 

"House and Senate Intelligence Committee aides received a phone briefing on the hack from administration officials on Wednesday, but the full extent of the breach remains unclear, according to sources familiar with the briefing. The Biden transition team was also briefed on the attack this week, an official from the Department of Homeland Security's cyber arm told CNN. The official declined to provide additional details about what was discussed," reports CNN.

Putin: the US State Department and the US intelligence agencies come up with fake about Russian hackers

According to the Russian President, he is counting on the experience of the President-elect of the United States, which will help solve some problems in relations between the two countries

Vladimir Putin called a provocation the question of the general producer of the RTVI channel Sergey Shnurov, who during a press conference asked why Russian hackers this time did not help Donald Trump become President of the United States and whether Russia is ready to provide asylum to the outgoing American leader.

"This is not a question, but a provocation. Hackers did not help Trump and did not interfere in the American elections. This is all speculation, an excuse to spoil relations between Russia and the United States, an excuse not to recognize the legitimacy of the US president for domestic political reasons," Putin said.

According to the Russian President, relations between Moscow and Washington have become hostages of the internal political situation in the United States: "It is their choice, let them do what they want."

Putin also expressed hope that "the elected President of the United States will understand what is happening." "He is an experienced man. We hope that some problems will be resolved under the new administration," the President said.

It is worth noting that the US authorities previously reported that hackers working for Russia obtained information from the databases of the Department of Homeland Security (DHS) and the US Treasury and Commerce Department.

During a press conference, Russian President Vladimir Putin named the real authors of the fakes about Russian hackers.

According to the President, they are the US State Department and the US intelligence agencies. He also added that it was they who in 2016 made a throw-in about the connections of hackers who hacked the mail of members of the US Democratic Party with Russian military intelligence.

"So they are the authors in fact. In any case, according to their instructions, this was done, it is quite obvious," the head of state said in a live broadcast.

On Thursday, December 17, the head of state held a large press conference. The event included a direct line with the President.

Facebook Shuts Down Fake Accounts Associated With Russia and French Military

Earlier this week, in a press conference, Facebook closed two misinformation networks related to Russia, one of which was associated with the French military. Facebook has accused these accounts of orchestrating interference campaigns in African regions. Two networks using multiple FB accounts were given to users associated with the Russian Internet Research Agency. In contrast, the third account had links to persons related to the French military, says Facebook. 

Facebook has closed all three accounts for violating the policy of foreign or government interference. These networks, according to Facebook, attacked targets in North Africa and Middle East countries. As of now, the French military has offered no comments on Facebook's allegations. The campaigns battled with each other, said Nathaniel Gleicher, Facebook's head of security policy, and David Agranovich, head of global threat disruption in a blog. 

It is the first time that Facebook found two campaigns (from France and Russia) fighting with each other, commenting on each other's accounts, claiming it is fake. These accounts used fake accounts as a central part of their operations to mislead people about who they are and what they are doing, and that was the basis for our action, says Facebook. One sample post read, "The Russian imperialists are a gangrene on Mali!" The French network accounts mainly targeted Mali and the Central African Republic. Other targets include Cote d'Ivoire, Chad, Algeria, Niger, and Burkina Faso. It involved 84 FB accounts, six pages, nine groups, and fourteen Instagram accounts that infringed a policy facing "coordinated inauthentic practice." 

In French and Arabic, some of the posts were about France's Francophone Africa systems, allegations of Russian meddling in CAR elections, supportive comments about the French military, and Russia's criticism. According to Gleicher and Agranovich, "we shared information about our findings with law enforcement and industry partners. We are making progress rooting out this abuse, but as we've said before, it's an ongoing effort, and we're committed to continually improving to stay ahead." As of now, the investigation is ongoing, and no further detail has been offered.

Russian hackers broke into the systems of the United States Department of the Treasury and Department of Commerce

The Russian Embassy in the United States has already called the accusations against Moscow baseless. They recalled that Vladimir Putin offered to restore bilateral relations in the field of international information security, but Russia did not receive a response from the United States

According to Reuters and the Washington Post, Russian hackers broke into the systems of the US Department of the Treasury and the National Telecommunications and Information Administration, a division of the US Department of Commerce.

According to media reports, a group of hackers Cozy Bear, close to Russian intelligence, was involved in the attack. After breaking into the system, the hackers gained access to Microsoft Office and read the Ministry of Finance's e-mail for several months.

The New York Times has already called this hack the largest in the last five years. The data leak was confirmed only by the Department of Commerce. According to Reuters, a meeting of the national security Council was held at the White House on Saturday. The investigation is just beginning, the amount of data that hackers received is unknown.

"Unfortunately, publications in the press have ceased to be a reliable source of information for us. As for why these hacks continue or why they allow them to be hacked, it seems to me that this is an endless race of the security system. Among other things, this is a huge business," comments Yuri Rogulev, Director of the Franklin Roosevelt Foundation for the study of the United States.

"Again, there is no evidence that Russian hackers are involved", said Roman Romachev, General Director of the R-Techno intelligence technology agency.

According to him, everything is aimed at once again increasing tensions in the first place in cyberspace in relation to Russia. And in order for taxpayers to understand where their billions are going, the US authorities periodically whip up such hysteria against alleged Russian hackers.

The Russian Embassy in the United States has already called the accusations against Moscow baseless. They recalled that Vladimir Putin offered to restore bilateral relations in the field of international information security, but Russia did not receive a response from the United States.

Russian embassy responds to Norwegian allegations of cyberattack

Hacker groups APT28 and Fancy Bear may have been involved in a cyber attack on the Norwegian Parliament in August 2020. This statement was made on Tuesday by the Norwegian Police Security Service.

Police say the operation was likely carried out by cyber groups, known publicly as APT28 and Fancy Bear. According to them, they are connected with the Russian military intelligence GRU, and more specifically with its main headquarters for special operations.

The Russian Embassy in Norway expressed on Facebook on Tuesday the opinion that Norway's accusations of Russia in hacker attacks without providing evidence are unacceptable and do not contribute to strengthening the dialogue.

"Accusations without evidence in a highly likely regime are unacceptable. Unlike Norwegian politicians, Russia is careful to maintain a dialogue with Norway and even more cherish the centuries-old friendship and cooperation with the Norwegian people,” stressed they.

"One more request to journalists and experts — if you comment on any statements of the special services, follow the professional code, namely: do not publish hastily the" hottest" news if you have no evidence,“ concluded the Embassy.

On September 1, the Parliament of the Kingdom reported that it was subjected to a cyber attack, as a result of which unknown hackers gained access to the email of a number of deputies and employees of the legislative body. According to Marianne Andreassen, the administrative head of the Parliament, a number of immediate measures were taken to stop the attack. The Norwegian Police Security Service later said it would investigate whether "any state" was behind the cyber attack that occurred on August 24.

Norwegian Foreign Minister Ine Eriksen Søreide made a statement that Russia was behind the cyber attack on parliament.