Search This Blog

Showing posts with label Russian Hackers. Show all posts

Russian hackers attacked the systems of the Dutch police during the investigation of the Boeing crash

 The Dutch newspaper Volkskrant on the day of the start of the hearing on the crash of the Malaysian Boeing in Ukraine published a material in which, citing anonymous sources, it claims that hackers allegedly connected with the Russian Foreign Intelligence Service (SVR) gained access to the Dutch police system in 2017 when the investigation into the crash of Flight MH17 was conducted.

According to the newspaper, the hacking was not noticed by the police, but it was the information of the Security Service (AIVD) that helped to detect it.

The hack led to a "great panic" over the MH17 investigation. The information was provided to the newspaper by people with knowledge of the incident, but the police and the AIVD refused to confirm or deny the hacking.

Sources told the newspaper that the hack detected by the AIVD came from the Dutch IP address of the police academy's server. "Traces of hackers were found in several places," Volkskrant reports, citing four sources. It is unclear if the hackers were able to gain access to any information relevant to the MH17 investigation, or what information they might have obtained.

Recall, a Malaysian Boeing flying from Amsterdam to Kuala Lumpur on flight MH17 crashed near Donetsk in 2014. All 298 people on board were killed. Kiev blamed the militia for the crash, but they said they did not have the means to shoot down an aircraft at such a height.

During the investigation of the joint investigation group (JIT) under the leadership of the Prosecutor General of the Netherlands, the investigation concluded that the Boeing was shot down from the Buk anti-aircraft missile system belonging to the Russian Armed Forces.

The Russian Foreign Ministry said that the accusations of Russia's involvement in the crash of the Malaysian Boeing are unfounded and regrettable, the investigation is biased and one-sided. President Vladimir Putin noted that Russia is not allowed to investigate the crash of the airliner in eastern Ukraine, and Moscow can recognize the results of the investigation if it takes a full part in it.

The Russian expert assessed the threat of the United States to launch "offensive cyber operations" against "Russian hackers"

"If the United States does carry out an "offensive operation", Russia will be able to both prevent it and respond symmetrically," said military expert Viktor Murakhovsky, commenting on reports about the US president's plans to instruct the US military to prepare "offensive cyber operations" against hackers based in Russia

"The US doctrinal documents say that in response to hacker attacks, they can use not only cyber weapons but also military means. However, I have little faith that the Americans, in response to an attack, would risk striking Russian territory with conventional weapons. Instead, they can carry out attacks on public networks and on local networks of Russian organizations," said Viktor Murakhovsky, a member of the expert council of the board of the Military-Industrial Commission of the Russian Federation.

In addition, according to him, the US authorities may declare some persons on the international wanted list and detain them on the territory of other states. "It is known that several Russian citizens have been charged by the US Department of Justice with participating in cyber attacks," the expert added.

"At the same time, it is extremely difficult to determine exactly where the attack was carried out. Therefore, such accusations are based on certain assumptions. However, if we talk about attacks on the cyber structure of foreign states, then DDOS attacks are used. Many Russian state information resources have already been subjected to such attacks," Murakhovsky said.

According to the expert, the problem lies in the fact that Russia proposes not to consider cyberspace, including social networks, as a battlefield. And the Americans do not agree with this view.

The expert suggests that if the United States does carry out an "offensive operation", then Russia will be able to both prevent it and respond symmetrically. "We have all the necessary technical means for this," he explained.

In addition, as Murakhovsky noted, Russia has specially trained cyber-military specialists under the control of the General Staff of the Russian Armed Forces.

On Friday, government sources told NBC that the President of the United States, Joe Biden, may instruct the US military to prepare "offensive cyber operations" against hackers based in Russia.

As the TV company points out, the head of the White House will resort to such measures if he fails to reach an understanding on the issue of hacking activity at the upcoming meeting with Russian President Vladimir Putin in Geneva on June 16.

Japan predicts hacker attack on Tokyo Summer Olympics by Russian hackers

According to Masatoshi Fujitani, head of the Tokyo-based Japan Forum for Strategic Studies (JFSS), the Summer Olympic Games in Tokyo will be the target of violent cyberattacks. He is expecting a hacker attack from Russia.

Mr. Fujitani, a former top police officer in Japan, published an article in the online publication JB Press, based on the reasoning around the hacker group DarkSide, allegedly involved in the attack on the biggest US petrol pipeline Colonial Pipeline and allegedly linked to Russia.

He believes that "a Russian hacker group is targeting the Tokyo Olympics."

"In Japan, we have already started training "white hackers" and creating government hacker organizations," noted the Japanese expert.

The head of the JFSS calls on developed countries such as Japan, the United States and the United Kingdom to unite and take decisive action in collaboration with public and private specialized organizations working in the field of cyber defense.

Summarizing information from the Russian cybersecurity company Kaspersky and other companies, Mr. Fujitani points out that the new hacker group DarkSide "avoids attacks on sites written in Russian, Ukrainian, Georgian and Belarusian."

At the same time, he notes that DarkSide is not the only hacker group "that conducts cyber attacks on Japan". He claims that in October 2020, "the GRU of Russia allegedly conducted a cyber attack on people and organizations planning to participate in the Olympic and Paralympic Games in Tokyo", and that in February 2018, the GRU carried out a cyber attack on the Winter Olympic Games in Pyeongchang in South Korea."

“Apparently, it was revenge for the fact that the Russian teams were not admitted to the Olympic Games in Pyeongchang and Tokyo due to systemic problems with doping. We can assume that the Tokyo Olympics will be the target of violent cyber attacks," the Japanese expert stated.

It is worth noting that anti-Russian sentiment in Japan intensified after the visit of Japanese Prime Minister Yoshihide Sugi to Washington in mid-April, where he met with President Joe Biden.

Recall that the Summer Olympic Games in Tokyo are scheduled to begin on July 23 and last until August 8, 2021.

Ireland suspected Russian hackers of attacking the health service

 The National Cyber Security Centre of Ireland (NCSC) believes that the attack on the country's  Health Service Executive (HSE)  was most likely carried out by a group that is allegedly based in Russia.

The HSE said on May 14 that its IT systems were shut down after a hacker attack. The country's health ministry later announced that it was also cyberattacked on May 13.

On May 15, the American technology news site Bleeping Computer posted a message from hackers purportedly addressed to the HSE. In it, the attackers claim to have gained access to the HSE network more than two weeks ago. They are demanding a $ 20 million ransom for more than 700 gigabytes of personal data. The Irish authorities refused to pay the ransom.

According to local TV channel RTE, the Irish cybersecurity services believe that the attack was carried out by the Wizard Spider hacker group, which is allegedly based in St. Petersburg. It is reported that local officials have already contacted the Russian authorities. The Russian Ambassador to Ireland Yuri Filatov condemned the cyberattack and offered the government assistance in investigating the case.

The channel also reports that hackers provided the country's authorities with decryption keys, but in messages addressed to HSE employees, the attackers said that if they were not contacted, they would publish or sell personal data.

According to the channel, the attackers could have been pressured by the country or countries where they are based due to the damage done to the health care system in Ireland.

It is reported that the received keys are checked by an IT company hired by the HSE, and experts have reason to believe that the keys are genuine. However, they will not be used until they have passed a full malware scan. According to RTE, this is likely to take several days.

The West has repeatedly accused the Russian Federation of interfering in internal affairs and cyber attacks. Russia has denied all the charges, saying that Western countries have not provided any evidence. Moscow has repeatedly stated that it is ready for a dialogue on cybersecurity.


The famous Russian-language hacker forum has banned the mention of ransomware

XSS is a well-known forum where users discuss all kinds of vulnerabilities, exploits, malware, and ways to penetrate other people's networks. Ransomware was also actively discussed there, moreover, among the forum participants there are representatives of Ransomware groups who actively recruited new partners to work on the "Ransomware-as-a-Service" (RaaS) model.

The decision to ban the discussion of Ransomware was made personally by the forum administrator.

The administrator stated that Ransomware is usually not interesting from a technical point of view, while the main purpose of the forum is "knowledge".

"We are a technical forum, we learn, research, share knowledge, write interesting articles. The goal of Ransomware is only to earn money. The goals are not the same," the forum administrator wrote.

He noted that there is a degradation: newcomers see "crazy virtual millions" that are paid from time to time as a ransom for unlocking data, and think that they will be able to get them. Therefore, beginners "do not want anything, do not learn anything, do not code anything, even just do not think, their whole life is reduced to "encrypt - get $”.

The administrator of XSS Forum also said that there is too much PR around the topic, as well as "nonsense, hype, noise" and even politics. The topic of Politics is obviously related to the Ransomware attack on the Colonial Pipeline, which led to a large-scale crisis in the United States.

"The word "ransom" was equated with a number of unpleasant phenomena — geopolitics, extortion, state hacking. This word has become dangerous and toxic," the forum administrator said.

So he decided to ban everything related to Ransomware. Even old forum threads related to this topic will be deleted.

According to Alexey Vodiasov, technical director of SEC Consult Services said that Ransomware is really a way to make quick money with very little effort. It is possible that after the attack on the Colonial Pipeline, US law enforcement agencies may launch an intensive campaign against the cyber underground.

FIN7 is Spreading a Backdoor Called Lizar

 

Under the pretext of being a Windows pen-testing platform for ethical hackers, the infamous FIN7 cybercrime gang, a financially motivated organization, is spreading a backdoor called Lizar. 

Since mid-2015, the Russian criminal advanced persistent threat group FIN7 has targeted the retail, restaurant, and hospitality sectors in the United States. Combi Security, the front company for FIN7, manages a portion of the operation. It has been dubbed one of the world's most prolific criminal hacking organizations. FIN7 is also known as the Carbanak Group, but these two groups appear to be using the same Carbanak malware and are therefore monitored separately. 

FIN7 is posing as a legitimate company selling a security-analysis platform, according to the BI.ZONE Cyber Threats Research Team. According to the researchers, they go to great lengths to ensure authenticity: “These groups recruit workers who are unaware that they are dealing with actual malware or that their employer is a real criminal group.” 

The group usually targets victims with malware-laced phishing attacks in the hopes of infiltrating networks and selling bank-card data. It has also introduced ransomware/data exfiltration attacks to its arsenal since 2020, carefully choosing targets based on revenue using the ZoomInfo service, according to researchers. 

Its malware selection is often changing, with researchers sometimes being surprised by never-before-seen samples. However, the Carbanak remote-access trojan (RAT), which is highly complex and sophisticated in comparison to its peers, has been its go-to toolkit. Carbanak is commonly used for network reconnaissance and gaining a foothold. 

However, BI.ZONE researchers have recently discovered that the community is employing a new form of backdoor known as Lizar. According to an article published on Thursday, the new edition has been in use since February and provides a strong range of data extraction and lateral movement capabilities. 

 “Lizar is a diverse and complex toolkit,” according to the firm. “It is currently still under active development and testing, yet it is already being widely used to control infected computers, mostly throughout the United States.” 

Attacks on a gambling establishment, several educational institutions, and pharmaceutical firms in the United States, as well as an IT corporation headquartered in Germany and a financial institution in Panama, have been recorded so far.

Toshiba Unit Hacked by DarkSide

 

The DarkSide criminal gang, which was also responsible for the assault on Colonial Pipeline, which triggered widespread gas shortages and panic buying across the Southeast, hacked a Toshiba business unit earlier this month. 

Toshiba Tec said in a statement that the cyberattack affected its European subsidiaries, and the company is investigating the extent of the damage. It stated that “some details and data could have been leaked by the criminal gang,” but it did not confirm that customer information was leaked. 

"There are around 30 groups within DarkSide that are attempting to hack companies all the time, and they succeeded this time with Toshiba," said Takashi Yoshikawa, a senior malware analyst at Mitsui Bussan Secure Directions. During pandemic lockdowns, employees accessing company computer systems from home have made businesses more susceptible to cyber-attacks, he said. 

The assault seems to have been carried out by the Russian criminal group DarkSide, according to a company representative who spoke to Reuters. The attack happened on May 4, according to a spokesperson that confirmed the same to CNBC. According to the outlet, the hackers demanded a ransom, but the company refused to pay. Colonial Pipeline, on the other hand, is said to have paid a ransom of approximately $5 million within hours of the attack last week. 

The assault, which resulted in gas shortages and panic buying at US gas stations across the Southeast, likely drew more attention to DarkSide than it had hoped for, with President Biden promising to go after the group. 

According to screenshots of DarkSide's post given by the cybersecurity company, more than 740 gigabytes of data, including passports and other personal details, was compromised. On Friday, Reuters was unable to reach DarkSide's public-facing website. DarkSide's numerous websites, according to security researchers, have become inaccessible. 

Hackers encrypt data and demand payment in cryptocurrency to decrypt it, increasing the number and size of ransomware attacks. They are gradually releasing or threatening to release stolen data unless they are paid more. 

The attack software was distributed by DarkSide, according to investigators in the US Colonial case, which involves Russian speakers and avoids hacking targets in the former Soviet Union. DarkSide allows "affiliates" to hack into targets in other countries, and then manages the ransom and data release.

Apple will pay $100 million to Russian hackers for leaking data on new products

Apple's database was hacked due to cybersecurity deficiencies of the Taiwanese equipment manufacturer. The stolen information is estimated at $50 million, and the Russian hacker group is to be blamed.

Quanta, which produces MacBooks and peripherals for Apple, reported hacking of its own system and theft of engineering, production schemes of current and future products. We are talking, in particular, about the Air 2020, M1 2020 model of laptops and an unreleased copy with additional ports.

The group, described as the most dangerous in global cyberspace, REvil, sent an extortion message to Apple with samples of stolen technical files. The hackers are demanding a ransom of $50 million if Quanta pays the full amount by April 27. After that date, the amount will double to $100 million. The message was distributed through the Tor anonymous network connection, protected from eavesdropping.

According to profile portal Bleeping Computer, by Saturday, April 24, REvil had published more than a dozen schematics and diagrams of laptop components on its Darknet leak site. However, no links were found to the fact that the data relate to Apple products.

Quanta confirmed that its servers had been hacked. As Bloomberg reported, Quanta Computer's information security team is working with outside IT experts to review several cyberattacks on a few Quanta servers. The manufacturer says the hack will not significantly affect the company's future operations

The company also said that it has not yet figured out the extent of the leak. The images that leaked to the Net include the schematics of the redesign of the iMac just presented by Apple, which until this situation has not been seen by anyone outside of Apple's sphere of influence. This confirms the fact that the documents are indeed accurate.

Recall that REvil's largest illegal extortion profit was $18 million. The money was anonymously cashed and laundered through a cryptocurrency exchange.

Russian hackers reportedly stole secret device blueprints from Apple

Hackers reportedly gained access to blueprints of the latest Apple developments by attacking the servers of the Taiwanese company Quanta Computer. The announcement of the results of the attack was made in Russian.

One of Apple's main suppliers, the Taiwanese company Quanta Computer, faced a ransomware attack. The hackers demanded to pay them $50 million. Quanta Computer also produces goods for HP, Facebook and Google Alphabet.

The attack was carried out by a group of REvil ransomware operators, also known as Sodinokibi. The group announced the penetration into the computer network of Quanta Computer in its blog on the Darknet. On Sunday, a REvil spokesman, known as Unknown, said the ransomware group would soon announce "the largest attack in history," the message was made in Russian on a channel where the REvil group is recruiting new partners.

Quanta acknowledged the attack without explaining whether data was stolen.

According to the agency, REvil members tried to engage Quanta Computer in ransomware talks in the past week, ahead of Apple's first new product launch in 2021, which took place April 20.

A spokesman for the hackers claimed to have stolen and encrypted "all the local network data," demanding $50 million for the decryption key.

The hackers received a response two days later from a person who said he was "not responsible for the company," but wanted to find out the terms of the interaction. Two days later, a REvil spokesperson threatened to release data about new Apple products. This was followed by the first publication of images, which, according to the hackers, were working materials about new Apple laptops. The materials contained specific component serial numbers, dimensions and performance parameters detailing the many components inside an Apple laptop. One of the images was signed by Apple designer John Andreadis and dated March 9, 2021.

Now REvil is trying to get money from Apple, the group has demanded a ransom by May 1, and until then plans to continue publishing new files every day.

Apple declined to respond to questions about the hack.

Recall, on April 20, Apple held a presentation of its new products, it showed a new generation of iMacs with processors of its own design, iPad Pro tablets, as well as Air Tag tags for tracking the location of objects through the application.

Sweden accused Russia of a hacking attack on the Confederation of Sports

The Swedish Prosecutor's Office and the Swedish State Security Service accused Russia's Main Intelligence Directorate of a hacking attack on the Swedish Sports Confederation

The hacker group Fancy Bear, which has been linked to the Russian GRU, was behind the attack. However, the attacks were not a one-time event. Investigators found successful attacks in 2017 and 2018, allowing the hackers to access the personal data of Swedish athletes. Among them were medical records. This data was subsequently released to the public.

In addition, Fancy Bear used this data to discredit Swedish athletes. One of these was the football player Olivia Schug. In 2018, hackers hacked into the computers of the Swedish Sports Confederation's anti-doping division, gaining access and publishing the athletes' doping test records. And they accused Schug of doping. All because of asthma medication containing banned drugs. So Shug was wrongly suspended.

The names of other athletes who were similarly affected by Fancy Bear, Swedish law enforcers decided not to name them.

"We have had the help of security services from other countries to secure this evidence, which clearly indicates that it is Russian military intelligence that is behind these data breaches," said Daniel Stenling, head of the security police's counterintelligence unit.

According to prosecutor Mats Ljungqvist, these are serious crimes because the state is behind the crimes, they are large-scale and involve access to sensitive medical information that is subject to secrecy.

But there will be no punishment for the hackers. The prosecutor's office has decided to drop the case. After all, all the suspects in the hacking attacks are foreign nationals, who apparently work for the GRU. Therefore, there will be no opportunity to conduct an investigation abroad, nor will there be any extradition of the suspects.

This is not the first time Fancy Bear has been accused of hacking sports organizations.

- In 2016, the World Anti-Doping Agency accused Russian hackers of stealing medical information about U.S. Olympic athletes and publishing it online;

- This year there was an attack on the Court of Arbitration for Sport in Lausanne;

- In 2018, Fancy Bear published stolen International Olympic Committee documents;

- In 2018, they published information about Swedish athletes and their medical.

The Russian who hacked JPMorgan was demanded $20 million in compensation

In January, Andrei Tyurin was sentenced to 12 years in prison for the largest theft of personal data of bank clients in US history.  He acted as part of a hacker group and stole data that brought the hackers hundreds of millions of dollars

The Federal Court for the Southern District of New York ordered to pay compensation in the amount of $19.9 million to Russian Andrei Tyurin, who was sentenced in January to 12 years in prison for cybercrimes.  This is evidenced by the documents received on Monday in the electronic database of the court.

As follows from these materials, the parties came to an agreement on the amount that Tyurin should provide to individuals and legal entities affected by his actions.  According to the agreements approved by the court, Tyurin "will pay compensation in the amount of $19,952,861."  The full list of companies and individuals who will receive these funds is not provided in the documents.  It is also not specified whether Tyurin has the ability to pay the specified amount.

In early January, Tyurin was sentenced to 144 months in prison.  According to Judge Laura Taylor Swain, the Russian was involved in "large-scale criminal activities of a financial nature."  According to the investigation, he was involved in cyber attacks on large American companies in order to obtain customer data.

The US prosecutor's office said that Tyurin hacked the data of nearly 140 million customers and stole information from 12 companies.  Among them are JPMоrgan Chase Bank, Dow Jones & Co, Fidelity Investments, E-Trade Financial.  The authorities called the actions of the Russian the largest theft of data from the bank's clients in the history of the country.

Tyurin was extradited to the United States from Georgia in September 2018.  The American authorities charged him with hacking into the computer systems of financial structures, brokerage houses and the media specializing in the publication of economic information.  Representatives of the Secret Service claimed that the Russian was involved in "the largest theft of customer data from US financial structures in history."  They noted that Tyurin could be sentenced to imprisonment for up to 92 years.

 The Russian initially declared his innocence.  According to the materials of the court, in September 2019 Tyurin made a deal with the prosecutor's office.  He pleaded guilty to several counts.  The US Secret Service claimed that Tyurin and his accomplices "embezzled hundreds of millions of dollars."

Russian hackers suspected of stealing thousands of US State Department emails

In 2020, Russian hackers stole thousands of emails from U.S. State Department employees. As Politico reported, this is the second major hack of the department's email server in the last ten years, carried out "with the support of the Kremlin."

According to Politico sources, this time, hackers accessed the emails of the U.S. State Department's Bureau of European and Eurasian Affairs, as well as the Bureau of East Asian and Pacific Affairs. A Politico source said it was unclear whether classified information was among the stolen emails. It also remains unclear whether the hack was part of a larger SolarWinds attack that gave hackers access to dozens of U.S. federal agencies.

The U.S. State Department declined to comment to the publication on the likely attack. "For security reasons, we cannot discuss the nature or extent of any alleged cybersecurity incidents at this time," said a State Department spokesman. Politico also sent a request to the Russian embassy in the United States. At the time of publication, the Russian side had not responded.

Recall, U.S. media reported on the large-scale hacking attack on the U.S. government on December 14, 2020. The hack was later confirmed by U.S. intelligence agencies. According to their information, dozens of agencies were hacked, it was organized by Russian hackers. U.S. President Joe Biden announced his intention to impose sanctions against Russia for cyber attacks. On March 8, 2021, the media reported on White House plans to conduct covert cyberattacks on Russian networks in response to the SolarWinds hack.

Russian presidential press secretary Dmitry Peskov stressed Moscow's noninvolvement in the cyberattacks. Russian Foreign Ministry spokeswoman Maria Zakharova also said that U.S. accusations that Russia was involved in a massive hacking attack on U.S. federal agencies were unproven.

Russian Kryuchkov pleaded guilty to conspiring to hack Tesla's computer network

 Tesla CEO Elon Musk commented in Russian on the news that Russian Egor Kryuchkov had pleaded guilty on Twitter on Friday

According to the federal prosecutor's office in the state of Nevada, the verdict of Russian Egor Kryuchkov, who pleaded guilty to conspiracy to hack Tesla's computer network, will be sentenced on May 10.

"A Russian national pleaded guilty in federal court today to conspiracy to travel to the US to hire a Nevada-based employee to install software on the company's computer network," the document said.

It specifies that the Russian "pleaded guilty to one count of intentionally damaging a protected computer, and is scheduled to be sentenced on May 10."

According to the US Department of Justice, the Russian was trying to bribe a Tesla employee for $1 million to install the necessary software. The attackers intended to use the data to blackmail the company by threatening to make the information public. "This was a serious attack," Musk said at the time.

An employee with whom the Russian allegedly tried to negotiate in the summer of 2020 notified his management about this plan. It informed the US FBI.

The US Justice Department reported in August that Kryuchkov had been detained in Los Angeles, California, on charges of conspiracy to intentionally harm a protected computer. Initially, the Russian did not admit his guilt. His relatives and acquaintances said Kryuchkov had nothing to do with the IT industry and had never programmed.

However, on March 18, the US Department of Justice announced that the man had pleaded guilty to one count of deliberately damaging a protected computer.

It is worth noting that Tesla CEO Elon Musk commented in Russian on the news that Russian Egor Kryuchkov had pleaded guilty. Musk published a corresponding entry on Twitter on Friday.

The head of Tesla, following the rules of the pre-reform spelling of the Russian language, wrote the title of the novel by Fyodor Dostoevsky (1821-1881) "Crime and Punishment".

Musk had previously tweeted in Russian on several occasions. 

Data from the Russian cybercriminal forum Maza (Mazafaka) leaked to the network

Attackers hacked the Russian-language forum Maza, which was used by the hacker "elite". According to experts, competitors or an anti-hacker group may be behind the hacking

The forum of elite Russian-speaking hackers Maza was hacked in February, as a result of the attack, the data of more than 2 thousand cybercriminals were freely available.

This is a community of cybercriminals and financial fraudsters, many of whom began their criminal activities in the mid-1990s.

According to the US cybersecurity company Flashpoint Intel, the forum was hacked on February 18. As a result, "usernames, passwords, e-mails of users and alternative ways of communicating with them, such as contacts in ICQ, Skype, Yahoo and Msn," leaked to the network.

The message about the hacking of the site appeared on the forum itself, and it was translated into Russian with the help of an online translator. Experts believe that this is either proof that the forum was hacked by non-Russian-speaking criminals, or it may be an attempt by attackers to "send analysts on a wild goose chase."

The experts suggest that anti-hacker groups or so-called white hackers working on behalf of the authorities may be behind the cyberattack on Maza. The forum could also be hacked by competitors.

Mikhail Kondrashin, Technical Director of Trend Micro Russia and the CIS, notes that Maza was already hacked ten years ago.

"But this has not shaken the stronghold of the cybercrime underground," said the expert.

According to him, the data from this forum is "invaluable information" for law enforcement agencies, and with the proper operational application, this information can help reduce the overall level of cyber threats in the world.

According to Ilya Tikhonov, an expert of the information security department of Softline, the data obtained can be very valuable for combating cyber attacks, even if there was no hacker software on the forum.

"The correspondence and user credentials will also be useful," added he.

At the same time, the founder of the DLBI data leak intelligence service, Ashot Hovhannisyan, doubts that such a leak will affect the fate of hackers. In his opinion, the disclosure of email addresses on the forum is not proof that they participated in illegal activities.

At the same time, Hovhannisyan noted that usually hacker forums are hacked by competitors. Hacking Maza, in his opinion, could be a warning to the owners of the forum from competitors.

Other experts suggested that, most likely, the reason for the attack was personal or financial interest. It is possible that some of the participants were insulted or someone has underpaid the money promised from the fraudulent scheme.


AIVD says they face cyber attacks from Russia and China every day

According to the head of the country's General Intelligence and Security Service, these hackers break into the computers of companies and educational institutions

The head of the General Intelligence and Security Service of the Netherlands (AIVD), Erik Akerboom, said that the country's special services allegedly "every day" catch hackers from China and Russia, who, according to him, break into the computers of companies and educational institutions. At the same time, the head of the AIVD did not provide any evidence.

"Every day we catch hackers from both China and Russia hacking into the computers of companies and educational institutions," the head of AIVD said in an interview with Vu Magazine.

According to Akerboom, the target of these hackers is vital infrastructure, such as drinking water, banks, telecommunications, and energy networks." However, he did not give an example of any specific cyberattack.

In 2018, the Ministry of Defense of the Netherlands said that the country's special services prevented a hacker attack on the Organization for the Prohibition of Chemical Weapons (OPCW), which four Russian citizens allegedly tried to carry out. According to the head of department Ankh Beyleveld, the suspects with diplomatic passports were expelled from the Netherlands on April 13. The Russian Foreign Ministry called such accusations "another staged propaganda" action and said that the unleashed "anti-Russian espionage campaign" causes serious harm to bilateral relations.

Besides, in December 2020, the Netherlands was accused of the espionage of two Russian diplomats, calling them employees of the Foreign Intelligence Service undercover. The Russians were declared persona non grata. In response, Moscow sent two employees of the Dutch Embassy from Russia. The accusations of activities incompatible with the diplomatic status of the Russians were called "unfounded and defamatory".

Recall that recently Washington accused Moscow of large-scale cyber attacks, which were allegedly carried out in order to get intelligence data. The representative of the Russian Ministry of Foreign Affairs, Maria Zakharova, said in response that such statements by the United States about hacker attacks allegedly by Russia have already become routine.

The head of Microsoft announced evidence of the involvement of Russian intelligence in the cyber attack

Approximately 100 US companies and nine government agencies were affected by the hack using Orion software of SolarWinds, which is blamed on "Russian hackers." The real scale of the cyberattack became known during a hearing of the US Senate.

According to Microsoft president Brad Smith, "at least a thousand very skilled, very capable programmers" worked on the SolarWinds hack. "This is the largest and most complex operation we've seen," noted Smith.

The head of Microsoft compared the SolarWinds software to a health care system. According to him, the hacking of this program by the attackers was similar to the robber turning off the alarm for all residents instead of just one apartment where he wanted to enter. "Everyone's safety was threatened. That's what we're up against," added Smith. He added that hackers could use up to a dozen different ways to break into the networks of their victims.

In addition, the President of Microsoft said during the hearing that the company has evidence of the involvement of Russian intelligence in a massive cyber attack on the systems of US departments of the federal government and commercial companies in December 2020.

"At this stage, we have solid evidence that points to Russian intelligence, and no indications that would lead to anyone else," stressed Smith.

At the same time, the head of Crowdstrike specializing in cybersecurity, George Kurtz, said that his company had no information about Moscow's involvement in the attack.

The head of the cyber security company FireEye, Kevin Mandia, said at the hearing that the hackers used tools similar to those used by Russia in the attack. "The tools used in the hacking are not similar to those used by China, North Korea or Iran," noted he.

Earlier, E Hacking News reported that more than 250 US Federal Agencies and big companies have been attacked by alleged state-sponsored Russian hackers. Press Secretary of the Russian President Dmitry Peskov said that Moscow was not involved in hacker attacks on US government agencies and companies.

The Russian pleaded guilty to cybercrime charges in the United States

 Kirill Firsov admitted his guilt in trying to obtain secret information about the clients of a certain company for fraudulent purposes

A hearing on the sentencing of Russian citizen Kirill Firsov, who pleaded guilty in the United States to data theft, will be held on April 12.

As noted, before the announcement of the punishment, the court will be presented with additional materials about the case. Firsov agreed to attend the meeting via videoconference.

Recently, the Russian has reached an agreement with representatives of the prosecutor's office. Firsov pleaded guilty to trying to fraudulently obtain confidential information about the clients of a certain company. He could be sentenced to up to 10 years in prison and ordered to pay a fine of up to $250,000.

The prosecution agreed not to seek the most severe punishment for the Russian. He waived the right to insist on a trial and to challenge the charges in question.

Recall, the US authorities detained Firsov on suspicion of stealing the personal data of California residents for their further sale with the aim of using them in false identity cards. The Prosecutor's Office of the Southern District of California names Firsov the administrator of the platform DEER.IO.

The US authorities claimed that this platform is based in Russia. This resource was allegedly used to sell information stolen by hackers, including personal data and information about bank accounts.

As follows from the materials, the site operated from 2013 to 2020, the income from illegal sales amounted to $17 million.

Firsov said that most of his victims were Russians, but about $1.2 million was earned by selling information about Americans. This fact allowed the FBI to pursue Firsov and detain him upon arrival in the country.

The Russian was arrested on March 7 at the John F. Kennedy Airport, in New York. Three days earlier, the FBI made a "test purchase" on his website, acquiring information about 1,100 gamers for $20 in bitcoins.

Russian hackers hacked the first level Olympiad in a second

A new Olympic season has begun in Russia. Many competitions have been moved online due to the COVID-19 pandemic. The first level Olympiad allows the winner to enter the university without exams.

It turns out that the hacker could theoretically ensure admission to the best universities in the country, putting graduates in unequal conditions.

SQL injections and XSS vulnerabilities were discovered on the site, which make it is possible to influence the results of the competition. As a result, according to the hacker, it is easily possible: 1) find out the tasks in advance and change the answer data during the Olympiad; 2) see the sessions and data of other users; and 3) massively upload user information, including personal information (information from the passport, registration, phone, e-mail).

"SQL injection is one of the easiest ways to hack a site. Indeed, in a very short period of time and by replacing several characters, an attacker can gain access to all personal data of the Olympiad and to all tasks," said Oleg Bakhtadze-Karnaukhov, an independent researcher on the Darknet.

According to the researcher, most likely, there was not enough time to detect such errors during the programming of this site, although it takes little time to find and fix them.

"If the site contains vulnerabilities, then a command in a specific programming language can be inserted, for example, in a link, and the page will display information that was not intended for users initially," explained Dmitry Galov, Cybersecurity Expert at Kaspersky Lab.

According to Alexei Drozd, head of the information security department at SearchInform, the reason may be design errors, as a result of which the site, for example, poorly checks or does not check incoming information at all.

"Unfortunately, when developing websites and applications, security issues are always in the background. First, there is a question of functionality," concluded Alexey Drozd.


Court in the United States has sentenced Russian Andrey Tyurin to 12 years in prison for cybercrime

The Federal Court of the Southern District of New York sentenced Russian Andrey Tyurin to 12 years in prison for committing a number of cybercrimes. In addition, he was ordered to pay the United States 19 million dollars

The Russian Consulate General in New York is in contact with law enforcement agencies in the United States in the case of the Russian Andrei Tyurin, who was sentenced by the court to 12 years in prison for cybercrime, said the press secretary of the diplomatic mission Alexey Topolsky.

According to him, the conditions of detention of the Russian citizen were difficult in the context of the COVID-19 pandemic. Topolsky recalled that Tyurin contracted the coronavirus in an American prison.

"The Russian Consulate General in New York is monitoring the case of Andrei Tyurin and is in contact with US law enforcement agencies," said Topolsky.

In his last speech, Tyurin said that he sincerely repents for what he did.

According to the judge, Tyurin must reimburse the United States 19 million 214 thousand 956 dollars, this is the profit that he derived from his criminal activities.

By US standards, a 12-year sentence is not the harshest for such a crime, says international lawyer Timur Marchani.

"In the United States, for crimes related to cybersecurity, for crimes that entail hacking the banking system, some of the harshest penalties are provided. Here, the court took into account first of all the hacker's remorse and, most importantly, cooperation with the preliminary investigation authorities and then with the court," said Mr. Marchani.

Recall that the Russian was detained in Georgia at the request of the United States in December 2017. In September 2018, he was extradited to the United States. In September 2019, the Turin pleaded guilty to six counts of the indictment.

According to the investigation, Tyurin participated in a "global hacking campaign" against major financial institutions, brokerage firms, news agencies and other companies, including Fidelity Investments, E-Trade Financial and Dow Jones & Co.

Prosecutor Jeffrey Berman said that Tyurin ultimately collected client data from more than 80 million victims, "which is one of the largest thefts of American client data for one financial institution in history."

Russian hackers selling program in darknet that bypasses spam protection

The Russian-language Darknet site sells a program that allows you to distribute spam messages bypassing traffic and email protection tools. The program uses a function in the IMAP protocol

A new tool for spammers is actively being sold on the Darknet, which allows you to bypass the standard protection of e-mail accounts. By exploiting a feature in the Internet Message Access Protocol (IMAP), attackers upload the messages they need directly into the mailboxes of victims.

To trigger the attack, it is necessary that the attackers already have access to the victim's account. The Email Appender malware has been actively promoted on Russian-language hacker forums since the fall of 2020.

The author offers to use the program through a subscription — $50 for one day, $300 for a week or $1000 per month. This is very expensive, but judging by the latest campaigns, the demand for this service is very high.

Experts of the information security company Vade Security indicate that companies in Italy, France, Denmark and the United States have already been subjected to full-scale attacks by spammers using Email Appender. One of the affected organizations claims that it received 300 thousand spam messages in one day and was forced to spend very substantial resources to disable compromised accounts or change usernames and passwords.

Databases of usernames and passwords to mail are actively sold out on hacker forums. According to Gemini Advisory, an attacker can upload such a database to Email Appender, after which the program will try to connect to accounts that match pairs of usernames and passwords via IMAP. Next, it remains to use the IMAP function, which allows hackers to upload ready-made mail messages to the mailbox.

"There are a number of ways to block such spam campaigns, but the main one is to regularly change passwords and not use the same combination (or similar to it) more than once," said Alexey Vodiasov, technical Director of the company SEC Consult Services.

In addition, according to Vodiasov, two-factor authorization is effective, so that even a compromised account cannot be connected without attracting the attention of its rightful owner.

The expert added that it is also possible to enable notifications of cases of logging into an account from unusual IP addresses. Mail systems are quite capable of doing this.