Search This Blog

Showing posts with label Russian Hackers. Show all posts

The Russian who hacked JPMorgan was demanded $20 million in compensation

In January, Andrei Tyurin was sentenced to 12 years in prison for the largest theft of personal data of bank clients in US history.  He acted as part of a hacker group and stole data that brought the hackers hundreds of millions of dollars

The Federal Court for the Southern District of New York ordered to pay compensation in the amount of $19.9 million to Russian Andrei Tyurin, who was sentenced in January to 12 years in prison for cybercrimes.  This is evidenced by the documents received on Monday in the electronic database of the court.

As follows from these materials, the parties came to an agreement on the amount that Tyurin should provide to individuals and legal entities affected by his actions.  According to the agreements approved by the court, Tyurin "will pay compensation in the amount of $19,952,861."  The full list of companies and individuals who will receive these funds is not provided in the documents.  It is also not specified whether Tyurin has the ability to pay the specified amount.

In early January, Tyurin was sentenced to 144 months in prison.  According to Judge Laura Taylor Swain, the Russian was involved in "large-scale criminal activities of a financial nature."  According to the investigation, he was involved in cyber attacks on large American companies in order to obtain customer data.

The US prosecutor's office said that Tyurin hacked the data of nearly 140 million customers and stole information from 12 companies.  Among them are JPMоrgan Chase Bank, Dow Jones & Co, Fidelity Investments, E-Trade Financial.  The authorities called the actions of the Russian the largest theft of data from the bank's clients in the history of the country.

Tyurin was extradited to the United States from Georgia in September 2018.  The American authorities charged him with hacking into the computer systems of financial structures, brokerage houses and the media specializing in the publication of economic information.  Representatives of the Secret Service claimed that the Russian was involved in "the largest theft of customer data from US financial structures in history."  They noted that Tyurin could be sentenced to imprisonment for up to 92 years.

 The Russian initially declared his innocence.  According to the materials of the court, in September 2019 Tyurin made a deal with the prosecutor's office.  He pleaded guilty to several counts.  The US Secret Service claimed that Tyurin and his accomplices "embezzled hundreds of millions of dollars."

Russian hackers suspected of stealing thousands of US State Department emails

In 2020, Russian hackers stole thousands of emails from U.S. State Department employees. As Politico reported, this is the second major hack of the department's email server in the last ten years, carried out "with the support of the Kremlin."

According to Politico sources, this time, hackers accessed the emails of the U.S. State Department's Bureau of European and Eurasian Affairs, as well as the Bureau of East Asian and Pacific Affairs. A Politico source said it was unclear whether classified information was among the stolen emails. It also remains unclear whether the hack was part of a larger SolarWinds attack that gave hackers access to dozens of U.S. federal agencies.

The U.S. State Department declined to comment to the publication on the likely attack. "For security reasons, we cannot discuss the nature or extent of any alleged cybersecurity incidents at this time," said a State Department spokesman. Politico also sent a request to the Russian embassy in the United States. At the time of publication, the Russian side had not responded.

Recall, U.S. media reported on the large-scale hacking attack on the U.S. government on December 14, 2020. The hack was later confirmed by U.S. intelligence agencies. According to their information, dozens of agencies were hacked, it was organized by Russian hackers. U.S. President Joe Biden announced his intention to impose sanctions against Russia for cyber attacks. On March 8, 2021, the media reported on White House plans to conduct covert cyberattacks on Russian networks in response to the SolarWinds hack.

Russian presidential press secretary Dmitry Peskov stressed Moscow's noninvolvement in the cyberattacks. Russian Foreign Ministry spokeswoman Maria Zakharova also said that U.S. accusations that Russia was involved in a massive hacking attack on U.S. federal agencies were unproven.

Russian Kryuchkov pleaded guilty to conspiring to hack Tesla's computer network

 Tesla CEO Elon Musk commented in Russian on the news that Russian Egor Kryuchkov had pleaded guilty on Twitter on Friday

According to the federal prosecutor's office in the state of Nevada, the verdict of Russian Egor Kryuchkov, who pleaded guilty to conspiracy to hack Tesla's computer network, will be sentenced on May 10.

"A Russian national pleaded guilty in federal court today to conspiracy to travel to the US to hire a Nevada-based employee to install software on the company's computer network," the document said.

It specifies that the Russian "pleaded guilty to one count of intentionally damaging a protected computer, and is scheduled to be sentenced on May 10."

According to the US Department of Justice, the Russian was trying to bribe a Tesla employee for $1 million to install the necessary software. The attackers intended to use the data to blackmail the company by threatening to make the information public. "This was a serious attack," Musk said at the time.

An employee with whom the Russian allegedly tried to negotiate in the summer of 2020 notified his management about this plan. It informed the US FBI.

The US Justice Department reported in August that Kryuchkov had been detained in Los Angeles, California, on charges of conspiracy to intentionally harm a protected computer. Initially, the Russian did not admit his guilt. His relatives and acquaintances said Kryuchkov had nothing to do with the IT industry and had never programmed.

However, on March 18, the US Department of Justice announced that the man had pleaded guilty to one count of deliberately damaging a protected computer.

It is worth noting that Tesla CEO Elon Musk commented in Russian on the news that Russian Egor Kryuchkov had pleaded guilty. Musk published a corresponding entry on Twitter on Friday.

The head of Tesla, following the rules of the pre-reform spelling of the Russian language, wrote the title of the novel by Fyodor Dostoevsky (1821-1881) "Crime and Punishment".

Musk had previously tweeted in Russian on several occasions. 

Data from the Russian cybercriminal forum Maza (Mazafaka) leaked to the network

Attackers hacked the Russian-language forum Maza, which was used by the hacker "elite". According to experts, competitors or an anti-hacker group may be behind the hacking

The forum of elite Russian-speaking hackers Maza was hacked in February, as a result of the attack, the data of more than 2 thousand cybercriminals were freely available.

This is a community of cybercriminals and financial fraudsters, many of whom began their criminal activities in the mid-1990s.

According to the US cybersecurity company Flashpoint Intel, the forum was hacked on February 18. As a result, "usernames, passwords, e-mails of users and alternative ways of communicating with them, such as contacts in ICQ, Skype, Yahoo and Msn," leaked to the network.

The message about the hacking of the site appeared on the forum itself, and it was translated into Russian with the help of an online translator. Experts believe that this is either proof that the forum was hacked by non-Russian-speaking criminals, or it may be an attempt by attackers to "send analysts on a wild goose chase."

The experts suggest that anti-hacker groups or so-called white hackers working on behalf of the authorities may be behind the cyberattack on Maza. The forum could also be hacked by competitors.

Mikhail Kondrashin, Technical Director of Trend Micro Russia and the CIS, notes that Maza was already hacked ten years ago.

"But this has not shaken the stronghold of the cybercrime underground," said the expert.

According to him, the data from this forum is "invaluable information" for law enforcement agencies, and with the proper operational application, this information can help reduce the overall level of cyber threats in the world.

According to Ilya Tikhonov, an expert of the information security department of Softline, the data obtained can be very valuable for combating cyber attacks, even if there was no hacker software on the forum.

"The correspondence and user credentials will also be useful," added he.

At the same time, the founder of the DLBI data leak intelligence service, Ashot Hovhannisyan, doubts that such a leak will affect the fate of hackers. In his opinion, the disclosure of email addresses on the forum is not proof that they participated in illegal activities.

At the same time, Hovhannisyan noted that usually hacker forums are hacked by competitors. Hacking Maza, in his opinion, could be a warning to the owners of the forum from competitors.

Other experts suggested that, most likely, the reason for the attack was personal or financial interest. It is possible that some of the participants were insulted or someone has underpaid the money promised from the fraudulent scheme.


AIVD says they face cyber attacks from Russia and China every day

According to the head of the country's General Intelligence and Security Service, these hackers break into the computers of companies and educational institutions

The head of the General Intelligence and Security Service of the Netherlands (AIVD), Erik Akerboom, said that the country's special services allegedly "every day" catch hackers from China and Russia, who, according to him, break into the computers of companies and educational institutions. At the same time, the head of the AIVD did not provide any evidence.

"Every day we catch hackers from both China and Russia hacking into the computers of companies and educational institutions," the head of AIVD said in an interview with Vu Magazine.

According to Akerboom, the target of these hackers is vital infrastructure, such as drinking water, banks, telecommunications, and energy networks." However, he did not give an example of any specific cyberattack.

In 2018, the Ministry of Defense of the Netherlands said that the country's special services prevented a hacker attack on the Organization for the Prohibition of Chemical Weapons (OPCW), which four Russian citizens allegedly tried to carry out. According to the head of department Ankh Beyleveld, the suspects with diplomatic passports were expelled from the Netherlands on April 13. The Russian Foreign Ministry called such accusations "another staged propaganda" action and said that the unleashed "anti-Russian espionage campaign" causes serious harm to bilateral relations.

Besides, in December 2020, the Netherlands was accused of the espionage of two Russian diplomats, calling them employees of the Foreign Intelligence Service undercover. The Russians were declared persona non grata. In response, Moscow sent two employees of the Dutch Embassy from Russia. The accusations of activities incompatible with the diplomatic status of the Russians were called "unfounded and defamatory".

Recall that recently Washington accused Moscow of large-scale cyber attacks, which were allegedly carried out in order to get intelligence data. The representative of the Russian Ministry of Foreign Affairs, Maria Zakharova, said in response that such statements by the United States about hacker attacks allegedly by Russia have already become routine.

The head of Microsoft announced evidence of the involvement of Russian intelligence in the cyber attack

Approximately 100 US companies and nine government agencies were affected by the hack using Orion software of SolarWinds, which is blamed on "Russian hackers." The real scale of the cyberattack became known during a hearing of the US Senate.

According to Microsoft president Brad Smith, "at least a thousand very skilled, very capable programmers" worked on the SolarWinds hack. "This is the largest and most complex operation we've seen," noted Smith.

The head of Microsoft compared the SolarWinds software to a health care system. According to him, the hacking of this program by the attackers was similar to the robber turning off the alarm for all residents instead of just one apartment where he wanted to enter. "Everyone's safety was threatened. That's what we're up against," added Smith. He added that hackers could use up to a dozen different ways to break into the networks of their victims.

In addition, the President of Microsoft said during the hearing that the company has evidence of the involvement of Russian intelligence in a massive cyber attack on the systems of US departments of the federal government and commercial companies in December 2020.

"At this stage, we have solid evidence that points to Russian intelligence, and no indications that would lead to anyone else," stressed Smith.

At the same time, the head of Crowdstrike specializing in cybersecurity, George Kurtz, said that his company had no information about Moscow's involvement in the attack.

The head of the cyber security company FireEye, Kevin Mandia, said at the hearing that the hackers used tools similar to those used by Russia in the attack. "The tools used in the hacking are not similar to those used by China, North Korea or Iran," noted he.

Earlier, E Hacking News reported that more than 250 US Federal Agencies and big companies have been attacked by alleged state-sponsored Russian hackers. Press Secretary of the Russian President Dmitry Peskov said that Moscow was not involved in hacker attacks on US government agencies and companies.

The Russian pleaded guilty to cybercrime charges in the United States

 Kirill Firsov admitted his guilt in trying to obtain secret information about the clients of a certain company for fraudulent purposes

A hearing on the sentencing of Russian citizen Kirill Firsov, who pleaded guilty in the United States to data theft, will be held on April 12.

As noted, before the announcement of the punishment, the court will be presented with additional materials about the case. Firsov agreed to attend the meeting via videoconference.

Recently, the Russian has reached an agreement with representatives of the prosecutor's office. Firsov pleaded guilty to trying to fraudulently obtain confidential information about the clients of a certain company. He could be sentenced to up to 10 years in prison and ordered to pay a fine of up to $250,000.

The prosecution agreed not to seek the most severe punishment for the Russian. He waived the right to insist on a trial and to challenge the charges in question.

Recall, the US authorities detained Firsov on suspicion of stealing the personal data of California residents for their further sale with the aim of using them in false identity cards. The Prosecutor's Office of the Southern District of California names Firsov the administrator of the platform DEER.IO.

The US authorities claimed that this platform is based in Russia. This resource was allegedly used to sell information stolen by hackers, including personal data and information about bank accounts.

As follows from the materials, the site operated from 2013 to 2020, the income from illegal sales amounted to $17 million.

Firsov said that most of his victims were Russians, but about $1.2 million was earned by selling information about Americans. This fact allowed the FBI to pursue Firsov and detain him upon arrival in the country.

The Russian was arrested on March 7 at the John F. Kennedy Airport, in New York. Three days earlier, the FBI made a "test purchase" on his website, acquiring information about 1,100 gamers for $20 in bitcoins.

Russian hackers hacked the first level Olympiad in a second

A new Olympic season has begun in Russia. Many competitions have been moved online due to the COVID-19 pandemic. The first level Olympiad allows the winner to enter the university without exams.

It turns out that the hacker could theoretically ensure admission to the best universities in the country, putting graduates in unequal conditions.

SQL injections and XSS vulnerabilities were discovered on the site, which make it is possible to influence the results of the competition. As a result, according to the hacker, it is easily possible: 1) find out the tasks in advance and change the answer data during the Olympiad; 2) see the sessions and data of other users; and 3) massively upload user information, including personal information (information from the passport, registration, phone, e-mail).

"SQL injection is one of the easiest ways to hack a site. Indeed, in a very short period of time and by replacing several characters, an attacker can gain access to all personal data of the Olympiad and to all tasks," said Oleg Bakhtadze-Karnaukhov, an independent researcher on the Darknet.

According to the researcher, most likely, there was not enough time to detect such errors during the programming of this site, although it takes little time to find and fix them.

"If the site contains vulnerabilities, then a command in a specific programming language can be inserted, for example, in a link, and the page will display information that was not intended for users initially," explained Dmitry Galov, Cybersecurity Expert at Kaspersky Lab.

According to Alexei Drozd, head of the information security department at SearchInform, the reason may be design errors, as a result of which the site, for example, poorly checks or does not check incoming information at all.

"Unfortunately, when developing websites and applications, security issues are always in the background. First, there is a question of functionality," concluded Alexey Drozd.


Court in the United States has sentenced Russian Andrey Tyurin to 12 years in prison for cybercrime

The Federal Court of the Southern District of New York sentenced Russian Andrey Tyurin to 12 years in prison for committing a number of cybercrimes. In addition, he was ordered to pay the United States 19 million dollars

The Russian Consulate General in New York is in contact with law enforcement agencies in the United States in the case of the Russian Andrei Tyurin, who was sentenced by the court to 12 years in prison for cybercrime, said the press secretary of the diplomatic mission Alexey Topolsky.

According to him, the conditions of detention of the Russian citizen were difficult in the context of the COVID-19 pandemic. Topolsky recalled that Tyurin contracted the coronavirus in an American prison.

"The Russian Consulate General in New York is monitoring the case of Andrei Tyurin and is in contact with US law enforcement agencies," said Topolsky.

In his last speech, Tyurin said that he sincerely repents for what he did.

According to the judge, Tyurin must reimburse the United States 19 million 214 thousand 956 dollars, this is the profit that he derived from his criminal activities.

By US standards, a 12-year sentence is not the harshest for such a crime, says international lawyer Timur Marchani.

"In the United States, for crimes related to cybersecurity, for crimes that entail hacking the banking system, some of the harshest penalties are provided. Here, the court took into account first of all the hacker's remorse and, most importantly, cooperation with the preliminary investigation authorities and then with the court," said Mr. Marchani.

Recall that the Russian was detained in Georgia at the request of the United States in December 2017. In September 2018, he was extradited to the United States. In September 2019, the Turin pleaded guilty to six counts of the indictment.

According to the investigation, Tyurin participated in a "global hacking campaign" against major financial institutions, brokerage firms, news agencies and other companies, including Fidelity Investments, E-Trade Financial and Dow Jones & Co.

Prosecutor Jeffrey Berman said that Tyurin ultimately collected client data from more than 80 million victims, "which is one of the largest thefts of American client data for one financial institution in history."

Russian hackers selling program in darknet that bypasses spam protection

The Russian-language Darknet site sells a program that allows you to distribute spam messages bypassing traffic and email protection tools. The program uses a function in the IMAP protocol

A new tool for spammers is actively being sold on the Darknet, which allows you to bypass the standard protection of e-mail accounts. By exploiting a feature in the Internet Message Access Protocol (IMAP), attackers upload the messages they need directly into the mailboxes of victims.

To trigger the attack, it is necessary that the attackers already have access to the victim's account. The Email Appender malware has been actively promoted on Russian-language hacker forums since the fall of 2020.

The author offers to use the program through a subscription — $50 for one day, $300 for a week or $1000 per month. This is very expensive, but judging by the latest campaigns, the demand for this service is very high.

Experts of the information security company Vade Security indicate that companies in Italy, France, Denmark and the United States have already been subjected to full-scale attacks by spammers using Email Appender. One of the affected organizations claims that it received 300 thousand spam messages in one day and was forced to spend very substantial resources to disable compromised accounts or change usernames and passwords.

Databases of usernames and passwords to mail are actively sold out on hacker forums. According to Gemini Advisory, an attacker can upload such a database to Email Appender, after which the program will try to connect to accounts that match pairs of usernames and passwords via IMAP. Next, it remains to use the IMAP function, which allows hackers to upload ready-made mail messages to the mailbox.

"There are a number of ways to block such spam campaigns, but the main one is to regularly change passwords and not use the same combination (or similar to it) more than once," said Alexey Vodiasov, technical Director of the company SEC Consult Services.

In addition, according to Vodiasov, two-factor authorization is effective, so that even a compromised account cannot be connected without attracting the attention of its rightful owner.

The expert added that it is also possible to enable notifications of cases of logging into an account from unusual IP addresses. Mail systems are quite capable of doing this.

Russians ‘InfoWarrior’ Hackers New Game Changer for the Geopolitical Agenda?

The worse cyber attack of the year 2020 on SolarWinds which was allegedly carried out by Russian state-backed threat actors is signs of advancement in different ways as Moscow is seemingly improving its technical abilities that might pose a bigger threat of cyber espionage globally. 

The attack has compromised many important departments of the U.S. government, big tech companies, hospitals, and universities, showing a big loop of online intrusion, which is illustrating how cyber espionage operations have become a left-hand job for Russian ‘infowarrior’. Should it make the West more concerned about the security of its government or should the whole world consider these attacks as a new normal? 

Russia’s diplomatic relation with the West has always been bitter since the World Wars, and even today the situation continues to border on bitterness. Moscow sees the cyber attacks as a cheap and effective way to achieve and win its geopolitical aspirations, and therefore Russia is unlikely to take a step back from such tactics, whilst facing U.S. sanctions or countermeasures. 

Bilyana Lilly, a researcher at think tank Rand Corp said, “Such operations are a relatively inexpensive and effective way to conduct geopolitics that is crucial for Russia, which is facing considerable economic and demographic challenges and whose economy is smaller than Italy’s. 

Referencing from an article in a Russian military journal, “the complete destruction of the information infrastructures” of the U.S. or Russia could be carried out by just one battalion of 600 “info warriors” at a price tag of $100 million’’. 

It’s been an ardent task for the West to vehemently retort to Moscow’s growing cyber abilities. Washington’s vengeance measures including sanctions, diplomatic expulsions, property seizures, and even big threats such as expulsion from the world-leading economic organizations appear to have little to no impact on its operations. 

Pavel Sharikov, a senior fellow at the Russian Academy of Science’s Institute for U.S. and Canadian Studies said, “Russia doesn’t see sanctions as an instrument of pressure but as an instrument of punishment. The Russian government says, ‘Yes we understand that you don’t like what we are doing, but we don’t really care”. 

Notably, US officials and tech companies have accused the Russian regime of cyber espionage attacks on multiple occasions, including attempts to intervene before the 2020 election. The WSJ discovered how Moscow’s cyber espionage and trolls have enlarged their 2016 toolbox with a new stratagem. 

Inferring from a paper co-written by Rand’s Ms. Lilly, “in recent years, so-called information confrontation has become an established part of Russia’s military doctrine”. In 2019, Gen. Valery Gerasimov, Russia’s General Staff chief, said that in modern warfare, cyberspace “provides opportunities for remote, covert influence not only on critical information infrastructures but also on the population of the country, directly influencing national security.” 

According to the authorities, Moscow is trying to advance its geopolitical agenda by using its cyberattack tactics; the initial target was ex-Soviet countries. It was in 2007 when Russia-backed hackers attacked Estonia which compromised websites government, bank credentials, and newspapers. 

Following up, Ukraine and Georgia have also been attacked. In most cases, states’ media firms, and election infrastructures have been targeted. “Russian state-backed hackers set their sights on the West. In 2014, they penetrated the State Department’s unclassified email system and a White House computer server and stole President Barack Obama’s unclassified schedule, U.S. officials said. 

According to the German authorities, in 2015, they got into the German parliament, in what experts described as the most significant hack in the country’s history’’. 

Interestingly, that's not all, Russia was accused of its interference in the French elections and the ‘Pyeongchang’ Winter Olympics and for the NotPetya malware attacks on the corporate webwork. And now, the Western administration is accusing Russia of cyber espionage attacks against the COVID-19 vaccine supply chain. Russia has denied its involvement. 

Russian hackers gained access to the source codes of Microsoft programs and systems

Microsoft believes that hackers who previously attacked US government departments and businesses have gained access to internal information about its software code.

Microsoft is among the clients of the US firm SolarWinds, whose systems were hacked earlier this year. On December 17, Microsoft representatives admitted that "malicious SolarWinds code was detected in its ecosystem, it was isolated and removed."

The company's specialists reported that "one account was used to view program code in a number of repositories."

As it became known earlier, the Orion software of SolarWinds was hacked in March of this year. Hackers managed to inject the virus into the Orion update, which was then downloaded and used by thousands of SolarWinds customers, including leading government agencies, as well as more than 400 major American companies.

In a joint statement released last week, the Office of the US Director of National Intelligence, the FBI and the Infrastructure and Cybersecurity Agency said they had documented a major attack on the federal government's computer networks.

US Secretary of State Michael Pompeo outlined the version according to which Russia was involved in the attack. Meanwhile, US President Donald Trump stressed that the media exaggerated the scale of the incident.

Press Secretary of the Russian President Dmitry Peskov said that Moscow was not involved in hacker attacks on US government agencies and companies.

Experts agree that by raising the topic of cyber attacks, the new US administration is preparing the ground for another package of anti-Russian sanctions. This can be both the introduction of sanctions and a cyber attack, for example, on the main state institutions, says Konstantin Blokhin, a researcher at the Center for Security Research of the Russian Academy of Sciences. And the fact that Trump did not blame Russia does not mean a change in Washington's foreign policy.

A similar point of view is expressed by the political scientist-Americanist Mikhail Sinelnikov-Orishak. "This is a great reason to accuse Moscow of interfering in internal affairs, to justify any measures, since it is impossible to determine exactly who is behind these attacks. In addition, this is a good justification for allocating additional funds from the budget for the cyberspace," said the political scientist.

What is "Sunburst"? A look into the Most Serious Cyberattack in American History

 

A number of organisations have been attacked by what has been chronicled as one of the most severe acts of cyber-espionage in history named "Sunburst", the attackers breached the US Treasury, departments of homeland security, state, defence and the National Nuclear Security Administration (NNSA), part of Department of Energy responsible for safeguarding national security via the military application of nuclear science. While 4 out of 5 victims were US organisations, other targets include the UK, the UAE, Mexico, Canada, Spain, Belgium, and Israel. 
 
The attack came in the wake of the recent state-sponsored attack on the US cybersecurity firm FireEye. The company's CEO, Kevin Mandia said in his blog that the attackers primarily sought information pertaining to certain government customers.  
 
FireEye classified the attack as being 'highly sophisticated and customized; on the basis of his 25 years of experience in cybersecurity, Mandia concluded that FireEye has been attacked by a nation with world-class offensive capabilities. 

Similarly, last Sunday, the news of SolarWinds being hacked made headlines for what is being called as one of the most successful cyber attacks yet seen. As the attack crippled SolarWinds, its customers were advised to disengage the Orion Platform, which is one of the principal products of SolarWinds   used to monitor the health and performance of networks.  
 
Gauging the amplitude of the attack, the US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA) described the security incident as a "serious threat", while other requesting for anonymity labelled it as the "the most serious hacking incident in the United State's history". The attack is ongoing and the number of affected organisations and nations will unquestionably rise. The espionage has been called as "unusual", even in this digital age.  
 
As experts were assessing how the perpetrator managed to bypass the defences of a networking software company like SolarWinds, Rick Holland came up with a theory, "We do know that SolarWinds, in their filing to the Security and Exchange Commission this week, alluded to Microsoft, which makes me think that the initial access into the SolarWinds environment was through a phishing email. So someone clicked on something they thought was benign - turned out it was not benign." 
 
Meanwhile, certain US government officials have alleged Russia for being behind these supply chain attacks, while Russia has constantly denied the allegations as the Russian Embassy wrote on Facebook, "Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,".  
 
"Russia does not conduct offensive operations in the cyber domain." The embassy added in its post to the US.

Russian hackers broke into the systems of the United States Department of the Treasury and Department of Commerce

The Russian Embassy in the United States has already called the accusations against Moscow baseless. They recalled that Vladimir Putin offered to restore bilateral relations in the field of international information security, but Russia did not receive a response from the United States

According to Reuters and the Washington Post, Russian hackers broke into the systems of the US Department of the Treasury and the National Telecommunications and Information Administration, a division of the US Department of Commerce.

According to media reports, a group of hackers Cozy Bear, close to Russian intelligence, was involved in the attack. After breaking into the system, the hackers gained access to Microsoft Office and read the Ministry of Finance's e-mail for several months.

The New York Times has already called this hack the largest in the last five years. The data leak was confirmed only by the Department of Commerce. According to Reuters, a meeting of the national security Council was held at the White House on Saturday. The investigation is just beginning, the amount of data that hackers received is unknown.

"Unfortunately, publications in the press have ceased to be a reliable source of information for us. As for why these hacks continue or why they allow them to be hacked, it seems to me that this is an endless race of the security system. Among other things, this is a huge business," comments Yuri Rogulev, Director of the Franklin Roosevelt Foundation for the study of the United States.

"Again, there is no evidence that Russian hackers are involved", said Roman Romachev, General Director of the R-Techno intelligence technology agency.

According to him, everything is aimed at once again increasing tensions in the first place in cyberspace in relation to Russia. And in order for taxpayers to understand where their billions are going, the US authorities periodically whip up such hysteria against alleged Russian hackers.

The Russian Embassy in the United States has already called the accusations against Moscow baseless. They recalled that Vladimir Putin offered to restore bilateral relations in the field of international information security, but Russia did not receive a response from the United States.

A Russian-speaking hacker put up for sale the accounts of the heads of the world's largest companies

 A Russian-speaking hacker under the pseudonym Byte leaked passwords from the personal profiles of managers of many large companies in the world

Data for accessing the personal accounts of Microsoft's online services and the email addresses of several hundred senior executives are put up for sale on a Russian-language hacker forum.  This was done by a Russian-speaking hacker under the pseudonym Byte. The seller claims that he has hundreds of passwords of different top managers from all over the world. He is ready to confirm the authenticity of the data to the buyer.

Offer to sell credentials appeared on a private forum Exploit.in for Russian-speaking cybercriminals. The description states that you can purchase email addresses and passwords to access the accounts of Office 365 and other Microsoft services of presidents, their deputies, CEOs, and other high-ranking executives of companies from around the world.

Byte asks for each address from $100 to $1500, the price directly depends on the size of the company and the position held by the account owner.

An information security specialist entered into negotiations with the seller to confirm how relevant the database offered for sale is. For verification, he received the credentials of two accounts: the CEO of an American software development company and the CFO of a chain of retail stores in one of the EU countries. As a result of verification, he got access to the data of these people. 

The attacker did not disclose the source of the data but claims that it can provide access to hundreds of accounts.

Analysts at KELA reported that the person selling these credentials previously tried to purchase information collected from computers infected with the Azorult malware. It usually contains usernames and passwords that the program extracts from victims' browsers.

This incident once again highlights the need for better data protection. Two-factor authentication or 2FA is often recommended.

Russia was included in the list of countries with the most active hackers

The company Group-IB, which specializes in the disclosure of IT crimes, listed the countries from which cyber attacks are most often committed. This list includes China, Iran, North Korea, and Russia

Hacker attacks are most often carried out from China, Iran, North Korea and Russia, according to the report Hi Tech Crime Trends 2020 of the company Group-IB. The Asia-Pacific region was the most attacked in the second half of 2019 and the first half of 2020.

Groups of hackers associated with the security services are mainly concentrated in China, where they counted 23, in Iran — 8 groups, in North Korea and Russia — 4 groups, in India-3 groups, in Pakistan and the Gaza Strip-2 groups. Another one is in Vietnam, Turkey and South Korea. At the same time, their main area of interest is the Asia - Pacific region, as well as Europe.

According to a report, Russia and the United States were less likely to be attacked. So, 15 campaigns were conducted in the United States and 9 in Russia. They were attacked by groups from China, North Korea and Iran. Russia also recorded one attack by Kazakhstan's security services and the United States - from the Gaza Strip and Pakistan.

Experts note that the attacking teams are actively replenished with tools for attacks on physically isolated networks. So, this year, incidents occurred at nuclear facilities in Iran and India.

Another high-profile attack was a sabotage attempt in Israel, where water supply systems were targeted, where hackers tried to change the level of chlorine content. 

The Russian was convicted as a LinkedIn hacker


The Federal court for the Northern District of California in San Francisco sentenced Russian Yevgeny Nikulin to seven years and four months in prison for computer fraud. According to the Americans, Nikulin hacked the databases of LinkedIn, Dropbox and Formspring,  as a result of which about 117 million account login codes were stolen.

One of his lawyers, Arkady Bukh, informed the Russian about the verdict. According to him, the four years spent in prison after the arrest of Yevgeny Nikulin in Prague in October 2016 at the request of the FBI will be counted in the sentence.

The Prosecutor's Office recommended that the court appoint Nikulin 12 years in prison after the jury ruled guilty on all nine counts. The Russian did not admit his guilt and refused the last word before sentencing.

The judge, determining the punishment, noted the mind, abilities and sense of humor of Nikulin, but considered that these qualities only aggravate the guilt of the Russian.

Yevgeny Nikulin was extradited to the United States in March 2018. He was accused of hacking the databases of LinkedIn, Dropbox and Formspring, as a result of which about 117 million login codes were stolen, causing damage to computer devices, and transferring stolen personal data to third parties. The prosecution materials are classified as "secret", their volume is six terabytes of information.

Recall that in Prague, Nikulin claimed that an FBI employee during interrogation put pressure on him to get information about Russian interference in the US presidential election in 2016.

The Russian Foreign Ministry previously called the Nikulin case an example of how American intelligence agencies are hunting for Russians around the world.

Russian-speaking hackers attacked Russian companies and demanded ransom

Group-IB recorded a successful attack by the criminal group OldGremlin on a Russian medical company. The attackers completely encrypted its corporate network and demanded a ransom of $50,000.

Russian-speaking hackers from the OldGremlin group attacked several Russian companies, despite the ban: among cybercriminals, there is an unspoken rule "do not work on RU".

According to experts, since the spring of 2020, hackers from OldGremlin have conducted at least nine attacks on Russian companies. It is noted that they send malicious emails allegedly on behalf of the Russian media holding RBC, the Russian metallurgical holding, the Minsk Tractor Plant, the Union of microfinance organizations and other individuals and enterprises. Under various pretexts, attackers are asked to click on the link and download the file. After trying to open it on the victim's computer, the backdoor malware TinyPosh runs.

This time a large Russian medical company became the victim of the criminals. After gaining access to the computer of one of the employees, they deleted the organization's backups, and also spread the TinyCrypton ransomware virus on the computers of the employees. As a result of their actions, the work of regional branches of the medical company was stopped. Then the hackers demanded a ransom: they wanted to get 50 thousand dollars in cryptocurrency for restoring access.

"The lack of a strong communication channel between organizations that resist cybercrime, as well as the difficult political situation, lead to the emergence of new criminal groups that feel safe," said Rustam Mirkasymov, head of the dynamic analysis of malicious code at Group-IB. The expert also stressed that businesses often underestimate the threats posed by cybercriminals, and do not use the necessary means of protection. 

Microsoft Confirms Cyber-Attacks on Biden and Trump Campaigns

Microsoft reports breaching of email accounts belonging to individuals associated with the Biden and Trump election campaigns by Chinese, Iranian, and Russian state-sponsored hackers. 

Tom Burt, Corporate VP for Customer Security and Trust at Microsoft, revealed the occurrences in a detailed blog post after Reuters announced about a portion of the Russian attacks against the Biden camp. 

"Most of these assaults" were recognized and blocked, which is what he added later and revealed in the blog post with respect to the additional attacks and furthermore affirmed a DNI report from August that asserted that Chinese and Iranian hackers were likewise focusing on the US election process.

 As indicated by Microsoft, the attacks conducted by Russian hackers were connected back to a group that the organization has been tracking under the name of Strontium and the cybersecurity industry as APT28 or Fancy Bear. 

 While Strontium generally carried out the spear-phishing email attacks, as of late, the group has been utilizing 'brute-force' and password spraying techniques as an integral technique to breaching accounts. 

Then again, the attacks by Iranian hackers originated from a group tracked as Phosphorous (APT35, Charming Kitten, and the Ajax Security Group). 

These attacks are a continuation of a campaign that began a year ago, and which Microsoft recognized and cautioned about in October 2019. At that point, Microsoft cautioned that the hackers focused on "a 2020 US presidential campaign" yet didn't name which one. 

Through some open-source detective work, a few individuals from the security community later linked the attacks to the Trump campaign. 

What's more, only a couple of days back Microsoft affirmed that the attacks are indeed focused on the Trump campaign, yet in addition unveiled a new activity identified with the said group. The attacks were likewise identified by Chinese groups. 

While presently there are several hacking groups that are assumed to work under orders and the security of the Chinese government, Microsoft said that the attacks focusing on US campaigns originated from a group known as Zirconium (APT31), which is a similar group that Google spotted not long ago, in June. 

Microsoft says it detected thousands of attacks coordinated by this group between March 2020 and September 2020, with the hackers accessing almost some 150 accounts during that time period.


Russian citizen arrested in the United States on charges of organizing a cyber crime


According to the Ministry of Justice, 27-year-old Yegor Kryuchkov tried to pay $1 million to an employee of a company from Nevada in order to introduce malware into its computer network. When the FBI joined the investigation, the Russian tried to run from the United States

A Federal Court in Los Angeles has arrested a Russian citizen, Yegor Kryuchkov, on charges of conspiring to commit cybercrime. This was reported by the press service of the US Department of Justice.

According to the Department, 27-year-old Kryuchkov in the period from July 15 to August 22 this year tried to bribe an employee of an unnamed American company located in the state of Nevada. The statement claims that the Russian offered him $1 million for participation in the implementation of the fraudulent scheme.

The Ministry of Justice reported that Kryuchkov allegedly planned to load malicious software into the computer system of this company. This would allow him and his associates to gain unhindered access to company data.

Last week, Kryuchkov was contacted by the Federal Bureau of Investigation (FBI), after which he left Reno (Nevada) and went to Los Angeles in order to leave the United States. The Russian, according to the Department, asked his friend to buy him a plane ticket.

Kryuchkov was detained in Los Angeles on August 22. According to the Ministry of Justice, the Russian entered the United States on a tourist visa.

The Russian Embassy in the United States said that diplomats are aware of Kryuchkov's arrest. "We will contact the Russian in the near future to find out the problem. We will provide him with the necessary consular and legal assistance,” said the diplomatic mission.