Search This Blog

Showing posts with label Russian Hackers. Show all posts

Representatives of the Russian government commented on the statements of Western media about the attack of "Russian Hackers"


The media of the United Kingdom and the United States are working in the interests of the authorities, trying to reduce the intensity of critical sentiment among British and American residents, said Alexander Malkevich, First Deputy Chairman of the Commission on Media of the Public Chamber of the Russian Federation, President of the Foundation for the Protection of National Values.

The Daily Telegraph, New York Times, Financial Times and Metro said that the hacker group ART29, allegedly linked to Russian intelligence services, attacked British research centers working on the creation of a vaccine against COVID-19.

In addition, British Foreign Secretary Dominic Raab said that in December last year, Russian hackers "almost certainly" tried to influence the outcome of the parliamentary elections in Great Britain by circulating "illegally obtained" government documents on the Internet.
London threatened to retaliate at the diplomatic level, without providing any evidence of confirmation about the "Russian hackers".

According to Maria Zakharova, spokesman for the Russian Foreign Ministry, British and American tabloids, and newspapers like the New York Times and the Financial Times, do not need real evidence: anti-Russian publications are published there regularly. Britain did not make any real attempts to understand the situation.

“The British authorities are aware of the Russian National Coordination Center for Computer Incidents, specially created for this purpose. However, we did not receive any calls in connection with these incidents through official channels, ”said an employee of the Russian embassy in London.

Russia's ambassador to the UK, Andrei Kelin, called “meaningless” accusations of attempts to steal data on a coronavirus vaccine by hackers led by Russian intelligence services.  According to him, in the current world, it is impossible to attribute hacker attacks to any country.

Three countries have accused Russia of trying to steal data on the vaccine


The UK's National Cyber Security Center (NCSC) said that Russian hackers, led by Russian intelligence agencies, tried to steal information about the development of a coronavirus vaccine in the UK, Canada and the United States.

The report clarifies that the "cyber espionage group" APT29, or Dukes and Cozy Bear, which is "almost certainly" part of the Russian intelligence structure, has been carrying out attacks on various organizations that participated in the creation of the drug throughout the year.

According to the NCSC, hackers used malicious software WellMess and WellMail and phishing to gain access to the developers' computers. From the point of view of intelligence, many of these data were not valuable, but the stolen information can allegedly be used later or in case they become significant.

In the UK, SARS-CoV-2 vaccines are being developed by two research centers: the University of Oxford and Imperial College in London. The British media, citing information from sources in the special services, write that both organizations were “attacked by hackers”.

In turn, the Press Secretary of the Russian President Dmitry Peskov called the allegations of the British side unfounded. "We do not have information about who could have hacked pharmaceutical companies and research centers in the UK. We can say one thing - Russia has nothing to do with these attempts. We do not accept such accusations," said the Kremlin spokesman.

Hundreds of laboratories around the world are searching for a COVID-19 vaccine. The World Health Organization has said that without creating a vaccine, a pandemic cannot be defeated. Currently, nine research centers have begun clinical trials in the world. In Russia, clinical trials should begin in June. The Russian Ministry of Health expects a vaccine to appear at the end of July.
Earlier, E Hacking News reported that accusations of the British authorities against Russia of allegedly stealing coronavirus developments by Russian hackers are "typical corona - madness".

Russian hacker who hacked Dropbox and LinkedIn found guilty


Russian citizen Yevgeny Nikulin, accused of hacking LinkedIn eight years ago, was found guilty by a jury in San Francisco

The verdict in Nikulin's case was announced on Friday after a trial that began in March, which was interrupted due to the coronavirus pandemic and resumed in July.

In 2016, there were a number of large-scale data leaks, and many dumps, including MySpace, LinkedIn, Tumblr and Vkontakte, were eventually put up for sale.
In 2016, one of the hackers, Russian Evgeny Nikulin, was arrested and extradited to the United States in 2017.

Nikulin was accused of a number of articles, and all of them were connected with penetration into other people's networks and data theft. According to court documents, Nikulin hacked Dropbox, Formspring and LinkedIn in the spring and summer of 2012 and stole about 117,000,000 user records, including usernames, passwords and email addresses.

Nikulin then used the data stolen from LinkedIn to send phishing emails to employees of other companies. Authorities said that this way Nikulin managed to collect a lot of information about 68,000,000 Dropbox users, including usernames, email addresses and hashed passwords.
Similarly, Nikulin managed to get into the account of the Formspring engineer. Thus, in June 2012, he gained access to the company's internal user database, which at that time numbered more than 30,000,000 people.

According to data from Radio Free Europe journalists, his activity brought a good income. Nikulin bought expensive cars, watches and traveled a lot. For example, Nikulin admitted that he owns a Lamborghini Huracan, Bentley, Continental GT and Mercedes-Benz G-Class.

The sentence to Nikulin will be announced on September 29. The jury took less than one day to reach a verdict. Nikulin faces up to 32 years in prison and fines exceeding a million dollars.
Lawyer Arkady Bukh said that the defense intends to challenge the verdict. According to him, the psychiatrist who was appointed by the judge previously recognized Nikulin as mentally abnormal.
Nikulin always denied guilt and even called the charges revenge of the United States for providing political asylum in Russia to Edward Snowden.

Expert: the image of a "Russian hacker" has become a means of information warfare with the Russian Federation


Experts commented on the release of the report of independent public organizations "Information fight against Russia: constructing the image of the enemy".

The director of the Center for Political Information, Alexei Mukhin, noted that the report analyzed how the image of the "Russian hacker" works. According to him, this image is replicated much less through the media than through social networks.

The image of a "Russian hacker", as Mukhin said, is mainly distributed via Twitter using similar hashtags, such as #Russianhacker. This is done to attract attention, to redirect the user to materials that demonstrate "horror and lawlessness".

This forms a "public opinion", with which not only politicians but also the military are already working. This is bad, because, in their hands, the information struggle turns into a hybrid war.

In different years, according to this scheme, Russia was accused of various outrages. In 2014, in the participation in the war in the Donbass, in 2016, in interference in the American elections.

It is characteristic that as soon as Russia requires to show evidence, it turns out that they are not.
Anna Shafran, a TV and radio host, believes that an open information war has already begun. 

According to her, recently, YouTube blocked without warning or explanation three popular Russian resources, including the TV company "Crimea-24". The Russian Foreign Ministry, of course, protested and rightly qualified the incident as an attack on Russian-language resources from the American Internet platform.

Sergei Sudakov, a Professor at the Military Academy of Sciences, said that the meme "Russian mafia" was created in the interests of the United States in the 1990s. It is outdated, replaced by a new meme "Russian hacker". It is fashionable to present Russia as an international information terrorist.
It is worth noting that in the Russian sector of the Internet, the meme “Russian hackers” is perceived approximately as “British scientists”. At the same time, in the foreign segment, the concept of "Russian hackers" is linked to such concepts as danger, interference, and more recently, incitement to riot.

Russian hackers attacked Poland due to NATO exercises


The Polish government announced a large-scale information attack by Russia, which is aimed at worsening relations between Warsaw and Washington, as well as the Polish army

Poland announced about hacker attacks on Internet pages and posting false and manipulative information about the NATO exercises Defender Europe 2020 on Polish and foreign resources.

"Poland again became the target of information attacks that coincide with the Kremlin's actions against the West, especially against NATO countries. The organizers of such actions used well-known methods: hacking, spoofing content on web pages, as well as a fake interview with an American General," said Stanislav Zharin, the speaker of the coordinating Minister in the Government of Poland for Special Services.

He added that the disinformation attack coincides with the beginning of the next phase of the Defender Europe-2020 exercise and concerns military cooperation between Poland and the United States.
As noted, as a result of hacker attacks on several Polish sites, materials about the training of Defender Europe 2020 were posted. The article was posted on the Internet pages of Niezalezna[dot]pl, Olsztyn24[dot]com, RadioSzczecin[dot]pl, ePoznan[dot]pl, which makes fun of Poland and its army.

These materials were blocked by the administrators of information resources, but after that, some of them again became targets of cyberattacks. 

The speaker of the coordinating Minister noted that the theses published in the articles coincide with the long-term actions of the Russian Federation against Poland. According to Zharin, the purpose of this was to strike at the unity of NATO and the possibility of joint actions of US and Polish forces, to destabilize relations between Warsaw and Washington, as well as question official documents regarding threats to Poland.

It is interesting to note that Poland plans to completely abandon Russian gas from 2022.

Germany has put a Russian "Dmitry Badin" on the international wanted list on suspicion of a cyberattack


The Office of the German Federal Public Prosecutor issued an arrest warrant for a Russian whom they suspect of hacking into the computer systems of the German Parliament in 2015, writes the newspaper Sueddeutsche Zeitung. The publication reports that the suspect's name is Dmitry Badin, he is allegedly an officer of the GRU.

Mr. Badin is also wanted by US authorities for hacking attacks, including the theft of emails from Hillary Clinton and the Democratic Party on the eve of the 2016 presidential election. US investigators rank him among a group of seven Russians suspected of cyber-hacking. The FBI believes that he is a Russian military intelligence officer from the GRU.

According to German law enforcement agencies, Badin is a member of the hacker group Fancy Bear. The Russian is accused of carrying out secret intelligence activities and illegally extracting computer data. Sources say that the Russian was one of the organizers of the attack on the networks of the German Parliament. Cybercrime was investigated by the Federal Criminal Investigation Agency and the police.

The newspaper reported that investigators are confident that 29-year-old Mr. Badin was also involved in a hacker attack on the German Bundestag Parliament in April 2015.

Recall that in January 2019, Germany experienced the largest leak of personal data of politicians in the history of the country. The German authorities suspected Moscow of the cyberattacks that had occurred before. Then Der Spiegel reported with reference to the country's counterintelligence that the hacker group Snake, linked to the Russian special services, tried to get access to the electronic resources of the Bundestag, the Bundeswehr and the German Foreign Ministry. The German intelligence services previously accused the same group of massed cyberattacks against German government agencies registered at the end of 2017.

Russia repeatedly denied accusations of involvement in hacker attacks. None of the German law enforcement agencies has ever provided any evidence in support of the media version about the connections of cybercriminals with Moscow.

The Federal Security Service (FSB) of the Russian Federation purchased equipment for hacking smart devices - Hacker group Digital Revolution


Hacker group Digital Revolution published documents according to which the FSB ordered the creation of the Fronton program for organizing cyberattacks using the Internet of things devices.

According to the technical documentation published by hackers, there are three versions of the program — Fronton, Fronton-3D and Fronton-18. They allow infecting smart devices (from digital assistants to smart homes), integrate them into a network and “crash” the servers responsible for the stability of large Internet services and the Internet in entire countries.

It's interesting to note that the Moscow company 0day (LLC 0DT) could have participated in the development of the programs. Previously, the company also carried out orders of the Ministry of Internal Affairs.

According to the published documents, the Internet of things is "less secure, unlike mobile devices and servers." This is due to the fact that many users use smart devices instantly, without changing factory usernames and passwords.

FSB contractors cite the experience of Mirai, the largest network of infected IoT devices, which had 600,000 bots. In 2016, it disabled the DNS servers of the American company Dyn, which made PayPal, Twitter, Netflix and about 70 other services unavailable for some time. At the same time, the organizers of the attack did not use computers, but printers, children's monitors and IoT routers.
Hackers noted that Fronton can be used for "spying on the whole world". The BBC suggests that, most likely, the main targets of cyberattacks may be digital cameras.

The documents note that 95% of the botnet should consist of IP cameras and digital video recorders. Search server must find targets for hacking, which can be connected via a virtual private network or the Tor browser. Documentation also emphasizes that "the use of the Russian language and the connected Cyrillic alphabet is excluded". It is suggested to hack devices using a dictionary of typical passwords from the Internet of things devices.

In December 2018, Digital Revolution said that it hacked the server of the Kvant Scientific Research Institute, owned by the FSB, and found documents on the system of automatic monitoring of social networks for protest moods. In the summer of 2019, hackers said that they broke into the servers of the Moscow IT company Sitek, which carried out projects for Russian special services and agencies.

Group of 10 hackers was convicted for stealing gasoline and selling


The court issued a verdict on February 3 in the case of theft of fuel at Rosneft gas stations.
The court and investigation found that there were ten people in the hacker group, two women and eight men. They divided criminal roles, came up with a scheme using special equipment and software in order not to top up gasoline at gas stations.

Attackers stole at "Rosneft-Kubannefteprodukt" gas stations. They launched the equipment and modified the information on the computer, which gave them the opportunity not to top up the fuel to customers. They sold the surplus again and divided the profits.

The damage to Rosneft gas stations amounted to more than 1.7 million rubles ($27,000). Its size was calculated based on the price of spare parts that were damaged by attackers in the fuel dispensers.
A criminal case has been opened on the creation, use and distribution of malicious computer programs. The court found the defendants guilty. Depending on the role of each, they were assigned from 1.5 years to 4 years in prison with fines of 200 to 500 thousand rubles ($3,000-$8,000).

Earlier, EhackingNews reported that employees of the Ministry of Internal Affairs in the Khabarovsk region detained 13 employees of one of the companies engaged in retail and wholesale of petroleum products. The hackers introduced the virus into the control system of gas stations. This allowed hackers to steal part of the product purchased by customers.

It is worth noting that in 2018, the FSB found viruses in dozens of gas stations in the South of Russia that allow to not top up fuel. The creator and distributor of viruses was Russian hacker Denis Zaev. In August 2019, Zaev hid several times from law enforcement agencies and was on the Federal wanted list, and then hid on the territory of Georgia. In total, 24 defendants are involving in this criminal case.

Hackers from Russia hacked the Ukrainian gas company Burisma


Russian hackers in November 2019 attacked the Ukrainian energy company Burisma in order to gain potentially compromising information about former US Vice President Joe Biden and his son Hunter.

Starting in November 2019, a series of phishing attacks were carried out to gain access to the usernames and passwords of employees of Burisma, as well as other companies belonging to Burisma Holdings. According to an American cybersecurity company Area 1, hackers allegedly linked to the GRU and members of the Fancy Bear group, also known as Sofacy and APT28, are behind these attacks.

It is known that hackers managed to hack the accounts of some employees and thus gain access to one of the company's servers. Experts said that the timing and scale of the attacks suggest that hackers may have been looking for potentially compromising material about the former US Vice President and his son, who was part of the leadership of Burisma.

According to experts from Area 1, the tactics of Russian hackers, are strikingly similar to the hacking of the servers of the National Committee of the Democratic Party of the United States during the 2016 presidential campaign, for which the American special services also blame Russia. Then, as now, Russian hackers used phishing emails.

The story involving the son of Joe Biden in the work of Burisma caused of a loud political scandal in the United States. In this regard, an investigation was launched to impeach President Donald Trump.
In particular, it was pointed out that Trump, during his July phone conversation with his Ukrainian president Vladimir Zelensky, asked him to resume the investigation into Burisma, with which Joe Biden and his son were associated. Moreover, Trump threatened to freeze military aid to Kiev.

The Kremlin opposed cross-border persecution of Russians in the United States


Dmitry Peskov, the Press Secretary for the President of Russia, commenting on the largest award in history appointed for Russian hacker Maxim Yakubets, said that Moscow opposes cross-border persecution of Russians by the American authorities. The State Department announced awards of $5 million for information that would help detain the Russian Maxim Yakubets. American authorities consider this citizen of the Russian Federation the leader of the hacker group Evil Corp.

"The Russian side has repeatedly offered cooperation [in the fight against cybercrime], and our proposals were undesirable and misunderstood," said the Kremlin representative.

According to Peskov, Moscow considers crimes in the cybersphere very serious, the people who committed them should bear the deserved punishment.

"We traditionally advocate for cooperation in the investigation of such crimes and the capture of criminals, but in this case, we can't speak about cooperation, this is not our fault," said the representative of the Kremlin.

On December 5, the US State Department announced its readiness to pay $5 million for information that will help detain the alleged leader of the hacker group Evil Corp (also known as the Dridex Gang) Maxim Yakubets. This award was the largest in history of all that has ever been nominated for the head of a cybercriminal. Earlier, another Russian Evgeny Bogachev was the “leader” in this indicator, for whom in 2015 a prize of $3 million was offered.

Us and UK authorities accuse Yakubets of leading a group of hackers who stole more than $100 million. According to the US Treasury, Evil Corp is responsible for the development and distribution of the malware Dridex, used to infect the computers of 300 banks and financial companies in more than 40 countries.

According to Washington, Yakubets also provided direct assistance to the Russian government. The US Treasury Department claims that Yakubets worked for the FSB of Russia in 2017, and in April 2018 was allegedly in the process of obtaining permission from the FSB to work with Russian secret documents.

Russian hackers switched from Russian banks to foreign ones


Two of the most dangerous Russian-language hacker groups over the past year have almost stopped attacking Russian banks and concentrated on foreign banks. Damage from targeted attacks on credit institutions fell by 14 times.

"Until 2018, Russian-speaking groups often attacked banks in Russia and the CIS, but over the past year, this trend has changed. Now the attackers focus mainly on foreign banks and organizations," said experts.

"New hacker groups often start working in their region: this was the case with Cobalt, with Silence in Russia, this is happening now with SilentCards in Africa. Home regions are a testing ground for them. Having worked out the techniques, they move on. For example, the same Russian-speaking groups focused on goals in Asia, Africa, Europe and America," added the representative of Group-IB.

Recall that in the world, according to Group-IB, there are five major hacker groups that hack financial institutions, three of them Cobalt, Silence and MoneyTaker are Russian-speaking.

A representative of Kaspersky Lab confirmed the statement about this trend. He noted that the attackers switched to the countries of Eastern Europe and the CIS, which are less protected.

"But a new generation of hackers will soon grow up who will again attack banks in their homeland," predicts the representative of Group-IB.

Experts have already recorded an increase in the number of Russian-speaking young people who are still engaged in "harmless attacks".

In addition, cyber experts Group-IB identified the most frightening trend of 2019. This is the use of cyberweapons in open military operations. According to the representative of the company, interstate conflicts have now acquired new features and cyber activity has begun to play a key role in this confrontation. Thus, experts found many previously unknown groups sponsored by states.

However, the activities of such hackers can go unnoticed for years. And their actions can destabilize the situation in the states, as well as cause social and economic damage.

Technology Company Hit by Ransomware Attack, Prevented Access to Crucial Patient Records


Virtual Care Provider Inc, a Wisconsin based technology company that provides cloud data hosting, security, and access management to more than 100 nursing homes was hit by a ransomware attack carried out by Russian hackers. The involvement of Ryuk encryption prevented access to crucial medical records of the patients and administration data related to the medication. After encrypting all the data hosted by the company for its patients and clients, attackers demanded a $14 million ransom in bitcoin in turn for a digital key that would unlock access to the data. Unable to afford the ransom, the company owner said that she is fearful of the consequences of the incident which could lead to the premature death of certain patients and the shutdown of her business.

Reportedly, the ransomware was spread via a virus known as 'TrickBot', the company told that it is 'feverishly working' to regain access to crucial data. The officials estimated that about 20% of the company's servers were compromised during the attack.

In a letter addressed to the company's clients, obtained via the Milwaukee Journal Sentinel, Christianson and Koch said that VCPI is "prioritizing servers that provide Active Directory access, email, eMAR, and EHR applications. We will be communicating status updates often and transparently, and, in preparation for service restoration, recommending to you the most efficient manner for your users to regain authenticated access."

Operated by WIZARD SPIDER (eCrime group), Ryuk is a targeted, well-planned and sophisticated ransomware that has targeted large organizations, primarily those that supply services to other businesses. It is employed to target the enterprise ecosystem and has mainly focused on wire fraud in the recent past. Despite having relatively low technical abilities and being under constant development since its release in August 2018, Ryuk has successfully encrypted hundreds of systems, storage and data centers in all the companies it attacked.

VCPI chief executive and owner Karen Christianson said, “We have employees asking when we’re going to make payroll,” “But right now all we’re dealing with is getting electronic medical records back up and life-threatening situations handled first.”

“We’ve got some facilities where the nurses can’t get the drugs updated and the order put in so the drugs can arrive on time,” she further told. “In another case, we have this one small assisted living place that is just a single unit that connects to billing. And if they don’t get their billing into Medicaid by December 5, they close their doors. Seniors that don’t have a family to go to are then done. We have a lot of [clients] right now who are like, ‘Just give me my data,’ but we can’t.”

Russian school hackers hacked the NATO website


Russian hackers who are members of the well-known on the Internet 2ch imageboard hacked the website of NATO Rapid Deployable Corps Italy. This is one of NATO’s most combat-ready formations on the European continent.

Unlike Russian military units and formations, NATO formations have direct access to the Internet and even their own websites linked to each other via the Internet. Russian school hackers from the 2ch portal took advantage of this loophole to guide the Italian Corps website.

Hackers renamed the name of the corps, it began to be named NATO Rapid Deployable Corps 2ch.

Then they added the name of their organization 2ch to the number of special forces that are part of the corps. And finally, the name and biography of the corps commander, Lieutenant General Roberto Perretti, were replaced with the data of the administrator of 2ch portal Nariman Namazov, better known under the nickname Abu. Thus, the Russian hacker commanded the Italian NATO corps for some time.
In addition, hackers added a video "Appeal to Obama" in the section with videos, where a drunk Russian man threatens the ex-President of the United States, and a modified anthem of Russia was set as background music.

It is hard to say how far the hackers got into the system and what were the true goals of the hacking arranged as petty hooliganism.

Note that NATO Rapid Deployable Corps Italy, whose website was hacked, is one of the nine rapid deployment corps. They include the most high-tech units of the member countries of the Alliance, including special forces units. One of these units is the Italian corps. It includes a number of Italian special forces, including the one known as Vittorio Veneto, the best special unit of the Italian Bersaglieri. In addition to the Italian parts of the corps subordinated Hungarian, Slovenian, Greek and one of the British special forces units.

The task of the Italian corps is to control southern Europe and North Africa, as well as the organization of special operations in these territories.

Russian-speaking hacker group silence stole 272 million rubles from banks in three years


Russian-speaking hacker group Silence has damaged financial institutions around the world, including Russia, in the amount of $4.2 million over the past three years. This is stated in the report of the international company Group-IB, specialising in the prevention of cyberattacks.

According to Group-IB, for three years (from June 2016 to June 2019), Silence attacked financial institutions in more than 30 countries in Europe and Asia, including Russian banks. As a result, the hacker group was stolen at least 272 million rubles.

As Group-IB noted, the company's specialists continuously monitor the activity of Silence since 2016. As a result, Group-IB discovered that in 2019 the geography of Silence attacks became the largest ever.

Recall that hacker groups Silence and Cobalt performed a large-scale attack on Russian banks in late 2018, they managed to steal $ 20 million.

In addition, in January this year, the hacker group Silence made about 80 thousand malicious mailings to employees of Russian Banks, credit and financial institutions and payment systems. Hackers started sending phishing emails on behalf of "Forum iFin-2019" with an attached ZIP archive, inside of which there is an invitation to the banking forum, as well as a malicious attachment Silence.Downloader aka TrueBot.

On February 7 a hacker attack was committed on the IT Bank of the Russian city Omsk. Hacker group Silence stole 25 million rubles.

During 2018, the General Directorate of protection and information security at the Bank of Russia (FinCERT) repeatedly recorded targeted attacks on credit and financial institutions, which were committed by two major criminal groups - Cobalt and Silence.

For example, cybercriminals performed a large-scale attack on Russian banks in late 2018, they managed to steal $ 20 million. The scammers on behalf of the FinCERT division of the Central Bank sent out malicious documents with macros. In addition, a compromised account of an employee of the company Alfacapital was used.

It is interesting to note that, according to Group-IB, the attackers have now come up with another method for more successful attacks in the future.

Ukrainian cyber police again caught Russian hackers

It is not the first time when the Ukrainian cyber police declared about declassifying a group of Russian hackers.

According to police officers, hackers created a mailbox, using the Anonymizer and worked from the territory of Russia.

It turned out that they sent fake emails on behalf of Interior Minister Arsen Avakov. Emails contained rules of conduct for police officers during the elections. In addition, the police were required to take certain actions in favor of one of the candidates.

On the Internet, there is an opinion that the news is fake. Many people know that real hackers do not even need to create a mail to send messages. They can go to the server of the police and send emails directly. And can do it from any other host on which the port number 25 is open, intended for the SMTP protocol.

Perhaps citizens of Ukraine decided to joke this way. They just installed a browser with VPN and created mail. That's enough to hide location. Moreover, this incident was another reason to accuse Russia of intervening in the Ukrainian presidential election.

 

Hacker who was offering Cybercrime-as-a-service detained in Novokuznetsk



Employees of the Ministry of Internal Affairs of Russia with the assistance of experts of Group-IB, an international company specializing in the prevention of cyber attacks, detained a hacker in Russian city Novokuznetsk who hacked computers around the world.

The detainee offered Cybercrime-as-a-service services to cyber criminals.  He created and maintained admin panels for managing malware and botnets. 
 
According to the local report, he infected more than 50 thousands computers across the world.  He managed to steal usernames and passwords from browsers, mail clients of the infected computers.  He also reportedly stole financial information such as bank card details.

The investigation began in the spring of 2018, when the hacker infected around 1000 of computers with malicious software Formgrabber.

"He administered the botnet, which counted several thousand infected computers of Russian and foreign users,” the press service of the Ministry of Internal Affairs reported.

It turned out that the hacker is only 26 years old, since 15 he has earned money by creating websites for computer games, but then he decided to learn the profession of a hacker.  More recently, he was testing malware targeting Android platform.

He has already been charged under the article "Creation and distribution of malicious computer programs". He completely admitted his guilt.

President of Ukraine accused Russia of cyber attacks on the website of the Central Election Commission of Ukraine



Petro Poroshenko accused Russia of hacker attacks on the Ukrainian Central Election Commission. According to him, Ukrainian experts on February 24 and 25 recorded a DDoS attack on the Central Election Commission.

Poroshenko pointed out that the National Security and Defense Council, the Security Service of Ukraine and the Department of Information Security, together with their American partners, have developed mechanisms to protect the CEC.

The Head of Ukraine also spoke about the negotiations with representatives of the Armed Forces and the US State Department on cooperation in the field of cybersecurity, which took place in Odessa.

Two weeks earlier, Sergey Demedyuk, the Head of the Cyber Police Department of the National Police of Ukraine, said that Russia is preparing a large-scale cyber attack on the Ukrainian CEC. According to Demedyuk, Russian hackers are going to penetrate into the computer systems of the Election Committee in order to be able to influence the results of the presidential elections, which will be held on March 31, 2019.

The director of national intelligence of the United States, Dan Coats, also agreed with Demedyuk, who admitted that Russia will try to intervene in the elections in Ukraine with the help of hackers.

The Kremlin denied the statements of the Ukrainian authorities about Russia's cyber attacks on the eve of the presidential elections.

"We do not know anything about this. I can only say that we hear a huge number of similar statements from around the world, it seems that it takes the character of some mania or phobia," - said Dmitry Peskov, press secretary of the Russian president.

A spokesman for Vladimir Putin noted that Russia had never had anything to do with various manifestations of cyber crime.

Interestingly, at the beginning of this month, hackers attacked the website of the showman and presidential candidate of Ukraine Vladimir Zelensky immediately after the launch.

A little earlier, the YouTube channel of another candidate for President of Ukraine, mayor of Lviv Andrei Sadovoi was attacked by a hacker and was destroyed.

Moldovan Parliament Speaker accused Russia of trying to interfere in the elections


Andrian Candu, Speaker of the Moldovan Parliament, Vice-Chairman of the Democratic Party, said that Russia tried to interfere in the electoral process in Moldova.

As previously stated by the official representative of the Russian Foreign Ministry, Maria Zakharova, Russia does not interfere in the elections in Moldova. Moscow has repeatedly denied accusations of trying to influence the elections in different countries and stressed that there is no evidence to confirm this.

Candu told reporters that the Russian authorities used a number of tools to influence the election campaign. "This includes the Amnesty for migrants, and the removal of customs duties, and the situation with the pilots rescued from Afghanistan," the politician said.

However, the President of Moldova, Igor Dodon, denied the allegations Andrian Candu.

"Russia does not interfere in our elections, and the speaker's statements are blasphemous," Dodon said after visiting the polling station.

The President accused the Democrats of carrying out an anti-Russian policy and that they did not care about the difficulties of Moldovan producers, who lost the main Russian market.

The Head of State expressed the hope that the vote will help change the Parliament and Government and improve the difficult situation in the country.

25 million rubles disappeared from the IT Bank, again hacker group Silence?






On February 12, it became known that on February 7 a hacker attack was committed on the IT Bank of the Russian city Omsk. Hackers stole 25 million rubles. Experts suggest that this may be the group Silence.


Recall that Silence is a group of Russian-speaking hackers, the first activity was recorded in 2016. Hackers specialize in targeted attacks on Banks, sending phishing emails with malicious attachments.

The experts were not surprised that the Bank could not withstand the attack, as The Bank's management allocated too little money for security. According to the Bank's reports on the official website of the Central Bank, the annual spending on communication services, telecommunications and information systems for three years amounted to about 2 million rubles.

According to Alexey Novikov, the Director of the expert center for security at Positive Technologies, hacking is small and for an insufficiently protected organization can be an intermediate step before an attack on another, larger company.

The Central Bank commented that they were working on the problem of information security in credit and financial institutions.
The management of IT Bank refused to comment but assured that the customers did not suffer.

US intelligence warns of Russian cyber attacks to interfere in the Ukrainian elections


It has long been known about Moscow's plans to influence the results of the presidential election in Ukraine. In recent years, Western countries have a new tradition of accusing Russia of such interference.

In the National Intelligence Agency of the USA believes that Russia will use cybertechnology for interference in the presidential election in Ukraine on March 31. This was stated by the Head of the National Intelligence Agency Dan Coats at the hearings in the US Senate Intelligence Committee.

Also, Dan Coats said that hackers from Russia can make attacks during the upcoming US elections in 2020.

It is known that the United States is ready to protect Ukraine from Russian interference in the elections, as declared by the President Donald Trump's national security advisor, John Bolton, during a visit the capital city of Ukraine (Kiev) in August last year.

In turn, the Head of the Foreign Intelligence Service of Ukraine Egor Bozhok recently said that the Russian Special Services received 350 million $ to interfere in the Ukrainian elections.

"The Kremlin will definitely try to interfere in the elections in Ukraine because Russia used to do this with the United States and African countries" - said the Head of the Security Service of Ukraine Vasily Gritsak.

The Security Service of Ukraine, the National Police and the Prosecutor General's Office are ready to resist Russian interference and know where Moscow can strike. Most actively Moscow is trying to make an information attack on Ukraine through TV screens. In addition, Russia uses information propaganda, cyber provocations, financially supports candidates and will try to capture polling stations.