Search This Blog

Showing posts with label United States. Show all posts

Maryland Officials Found 508,000 “Potentially Fraudulent” Unemployment Claims

 

Over the last six weeks, more than half a million "potentially fraudulent" jobless claims have been made in Maryland, according to state labour officials. Officials say about 508,000 unemployment claims have been flagged as Maryland Governor Larry Hogan joins a group of 25 other GOP governors who have decided to discontinue federal unemployment payments. According to The Washington Post, approximately 1.3 million bogus claims have been made in Maryland since the beginning of the pandemic.

“As the economy recovers and states across the country continue to opt out of the federal benefits program, bad actors are becoming more brazen and aggressive in their attempts to exploit unemployment insurance programs than ever before,” Maryland Labor Secretary Tiffany Robinson told the Post in a statement. 

Fallon Pearre, a spokeswoman for the Labor Department, declined to say how many of the "potentially fraudulent" claims have been proven to be false or whether any will result in legal action, but she did tell the Washington Post that the claims had been submitted to federal law enforcement. 

Marylanders will lose an additional $300 per week in benefits under Hogan's decision, which comes two months ahead of the Biden administration's original deadline, and gig workers will be without benefits entirely, according to the Post. 

According to the Washington Post, Robinson recently stated that the Labor Department had hired LexisNexis Risk Solutions to assist in the identification of possibly false claims. Over 64% of the nearly 200,000 transactions were detected as fraudulent, according to the business. 

According to the Washington Post, Robinson told the Maryland state House Economic Matters Committee, "Fraud is rampant, so we have to remain on top of it." When pushed by a state senator about the types of fraud that had been discovered, Robison stated that the bulk of the cases involved stolen identities. “We know there are foreign actors across the country and across the world that are using the identities that they have obtained,” she said. 

Maryland officials identified an unemployment fraud operation last year that resulted in $501 million in bogus claims, with over 47,000 phoney claims filed using stolen identities and information obtained from earlier data breaches.

Audi And Volkswagen's Data Breach Affected 3.3 Million Customers

 

Volkswagen announced that a massive data breach exposed the personal information of over 3.3 million customers after one of its vendors left a cache of customer data unencrypted on the internet. In a letter to customers, Volkswagen said that the vendor utilized by Volkswagen, its subsidiary Audi, and authorized dealers in the United States and Canada had left customer data from 2014 to 2019 unsecured for two years between August 2019 and May 2021. 

Personal information about clients and potential buyers were included in the data, which was collected for sales and marketing purposes. Volkswagen Group of America, Inc. (VWGoA) is the German Volkswagen Group's North American subsidiary, responsible for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc. operations in the United States and Canada. 

Between August 2019 and May 2021, a vendor left insecure data accessible on the Internet, according to data breach notices submitted with the California and Maine Attorney General's offices. This specific vendor informed the VWGoA in March that an unauthorized person had gained access to the data and may have accessed customer information for Audi, Volkswagen, and some authorized dealers. 

According to VWGoA authorities, the hack affected 3.3 million customers, with almost 97% of those affected being Audi customers or potential buyers. The data breach appears to have exposed information ranging from contact information to more sensitive data including social security numbers and loan numbers. 

"The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages," disclosed VWGoA in a data breach notification. 

"The data also included more sensitive information relating to eligibility for purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers." 

The hackers are demanding between $4,000 and $5,000 for all of the records, claiming that the database contains no social security numbers. The threat actors earlier stated that the database for a VPN service provider with various Android apps on the Google Play Store was on sale for $1,000. 

Volkswagen is offering free credit protection and monitoring services to the 90,000 customers whose personal information was exposed, as well as $1 million in identity theft insurance.

Putin called the accusations of launching a cyber war against the United States unsubstantiated

 Russian President Vladimir Putin said that the US accusations against Russia, including cyber attacks and election interference, are groundless, the US side has never provided any evidence.

"We are accused of a variety of things: interference in elections, cyber attacks, and so on. And they [the accusers] did not bother to provide any evidence. Just baseless accusations," he said, calling statements about Russia's involvement in cyber attacks in the United States a farce.

"The issue of cybersecurity is one of the most important today because all sorts of shutdowns of entire systems lead to very serious consequences, and this is possible," the Russian leader said in an interview with the program "Moscow. The Kremlin. Putin" of the Russia-1 TV channel.

According to Putin, the Russian Federation will be ready to extradite cybercriminals to the United States if the American side also extradites criminals to Russia.

He stressed that such agreements are expressed in the relevant interstate agreements, where the parties undertake certain obligations.

"And they are in the vast majority of cases equivalent. Both sides assume the same obligations," Putin explained.

On June 4, Putin called the accusations of cyber attacks on American companies made against Moscow ridiculous and suggested that the situation could have been provoked to increase disagreements in connection with the upcoming meeting with US President Joe Biden. The press secretary of the Russian leader Dmitry Peskov assured that Moscow will promptly consider the appeals of the American side in connection with the hacker attack on the JBS enterprises if such requests are received. He also stressed that Russia does not have data on the organizers of cyber attacks on JBS.

Putin did not rule out that Western intelligence services, including American ones, may conduct activities against Russia in the cyber sphere.

"I am not afraid of this, but I do not rule out that it may be so," the Russian leader said.

“What the US is afraid of may pose a threat to us. NATO has declared cyberspace a war zone. They are planning something, and this cannot but worry us," the Russian president added.

Suspects Linked to the Clop Ransomware Gang Detained in Ukraine

 

Following a joint operation by law enforcement agencies from Ukraine, South Korea, and the United States, multiple persons alleged to be affiliated with the Clop ransomware gang have been arrested in Ukraine. Six arrests were made during searches at 21 locations in Kyiv and the surrounding regions, according to the National Police of Ukraine's Cyber Police Department. 

While it's unclear if the defendants are ransomware affiliates or core developers, they're accused of a "double extortion" technique in which victims who fail to pay the ransom are threatened with the leak of data stolen from their networks before their files are encrypted. “It was established that six defendants carried out attacks of malicious software such as ‘ransomware’ on the servers of American and [South] Korean companies,” alleged Ukraine’s national police force in a statement. 

The police also seized equipment from the alleged Clop ransomware gang, which is accused of causing $500 million in financial losses. This includes computer equipment, a Tesla and a Mercedes, as well as 5 million Ukrainian Hryvnia (about $185,000) in cash. 

Authorities also claim to have successfully shut down the server infrastructure used by gang members to launch prior operations. “Together, law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies,” the statement added. 

“The Cl0p operation has been used to disrupt and extort organizations globally in a variety of sectors including telecommunications, pharmaceuticals, oil and gas, aerospace, and technology,” said John Hultquist, vice president of analysis at Mandiant’s threat intelligence unit. 

In February 2019, the gang launched an attack on four Korean organizations, encrypting 810 internal services and personal PCs. Clop has since been connected to a slew of high-profile ransomware attacks. These include the attack on ExecuPharm, a US pharmaceutical company, in April 2020, and the attack on E-Land, a South Korean e-commerce company, in November, which prompted the retailer to close over half of its outlets.

Clop is also related to the Accellion ransomware attack and data theft, in which hackers exploited flaws in the IT firm's File Transfer Appliance (FTA) software to steal data from dozens of its clients. Singaporean telecom Singtel, law firm Jones Day, supermarket retail chain Kroger, and cybersecurity firm Qualys are among the victims of this breach.

New Evil Corp Ransomware Disguised as PayloadBin to Avoid Sanctions

 

The new PayloadBIN ransomware has been linked to the Evil Corp cybercrime gang, which rebranded to avoid US Treasury Department restrictions issued by the Office of Foreign Assets Control (OFAC). The Evil Corp gang, also known as the Indrik Spider and the Dridex gang, began as a ZeuS botnet affiliate. They eventually organized a group dedicated to disseminating the Dridex banking virus and downloader via phishing emails. 

According to the FBI, Dridex was used to steal more than $100 million from banks in more than 40 nations. Following that, the software was utilized as a loader to install the BitPaymer ransomware on victims' computers. Two Russian nationals, Maksim Yakubets and Igor Turashev were indicted by a US grand jury in December 2019 for allegedly running Evil Corp. 

Yakubets was functioning "as Evil Corp's head and is answerable for overseeing the group's illicit cyber activities," the Treasury Department claimed at the time, after assisting with money laundering and the GameOver/Zeus botnet and malware operation. It said Yukabets had been working for Russia's Federal Security Service, or FSB, since at least 2017, and that it had previously sanctioned the FSB for assaults against US targets. It also announced a $5 million reward for information leading to his apprehension. 

The Babuk gang said that they would stop using ransomware encryption and instead focus on data theft and extortion after breaching the Metropolitan Police Department in Washington, DC, and taking unencrypted data. The Babuk data leak site had a graphic makeover at the end of May, and the ransomware gang rebranded as 'payload bin.' 

On Thursday, BleepingComputer discovered PayloadBIN, a new ransomware strain linked to the rebranding of Babuk Locker. When the ransomware is installed, the ransomware will append the . PAYLOADBIN extension to encrypted files. The ransom message is also known as 'PAYLOADBIN-README.txt,' and it claims that the victim's "networks are LOCKED with PAYLOADBIN ransomware." 

BleepingComputer suspected Babuk of lying about their plans to move away from ransomware and relaunched under a new name after discovering the sample. After examining the new ransomware, both Emsisoft's Fabian Wosar and ID Ransomware's Michael Gillespie confirmed that it is a rebranding of Evil Corp's prior ransomware operations.

Russian Man Convicted of $7 Million Digital Advertising Scam

 

A Russian person was found guilty in the United States of using a bot farm and hiring servers to create fraudulent internet traffic on media sites, causing businesses to pay inflated advertising rates. 

Prosecutors said Aleksandr Zhukov, 41, was the brains of the Methbot operation, in which 1,900 servers were used to generate millions of bogus online ad views on websites such as the New York Times and the Wall Street Journal. According to the US, Zhukov gained $7 million from the scheme and channeled the money into offshore accounts around the world, citing a text in which he referred to himself as the "King of Fraud." 

The group allegedly called their plan "Metan," which is the Russian term for methane, while the FBI and prosecutors referred to it as Methbot, and later as Media Methane, which was the name of Zhukov's company with operations in Russia and Bulgaria. 

Zhukov and his colleagues negotiated deals with advertising networks to display their ads on websites, then received a commission for each ad that was viewed. According to prosecution filings, Zhukov and his collaborators instead established bogus sites and manipulated data centres to produce false users to make it appear like actual people were viewing the ads from September 2014 to December 2016.

"Zhukov represented to others that he ran a legitimate ad network that delivered advertisements to real human internet users accessing real internet web pages," according to a superseding indictment filed on February 12, 2020. 

"In fact, Zhukov faked both the users and the webpages: he and his co-conspirators programmed computers that they had rented from commercial data centers in the United States and elsewhere to load advertisements on fabricated webpages, via an automated program, in order to fraudulently obtain digital advertising revenue," it says. 

Victims of the scheme "included The New York Times, The New York Post, Comcast, Nestle Purina, the Texas Scottish Rite Hospital for Children, and Time Warner Cable," the Department of Justice said in a news release. 

On a temporary US arrest order, Zhukov was arrested in Bulgaria in November 2018. In January 2019, he was extradited to the United States and pleaded not guilty to the accusations against him.

US Soldiers Exposed Information About the Nuclear Weapons Stockpile

 

According to a new report, U.S. soldiers stationed at several bases in Europe accidentally revealed confidential data connected to America's nuclear weapons arsenal while using inadequately secured flashcard apps to memorize those secrets. 

The soldiers accidentally revealed “not just the bases” where the nukes were stored, but also “the exact shelters with ‘hot' vaults that likely contain nuclear weapons,” writes Foeke Postma, a researcher with the OSINT-focused investigative team Bellingcat, in what appears to be a mind-boggling mishandling of America's most sensitive national security information. They also gave a slew of other information, including secret codes, passwords, and security layouts in various locations. 

According to Postma's investigation, the troops utilized common study apps like Chegg, Cram, and Quizlet to save highly classified data on European nuclear bases, then forgot to change the applications' settings from public to private. 

Some of the same soldiers allegedly made their usernames public, which “included the full identities of the persons who established them,” and used the same images they had on their LinkedIn pages, making them easier to track down. 

Postma believes that he was able to find a lot of this information by Googling official words and acronyms related to the US nuclear weapons development. When he did, he discovered a set of 70 public-facing flashcards titled "Study!" that disclosed details on the alleged nuclear inventory at Volkel Air Base in the Netherlands (a long-rumored locale of a U.S. nuke stockpile). Postma further alleges that subsequent open-source searches uncovered further flashcard caches, which revealed “details about vaults at all the other facilities in Europe that supposedly host nuclear weapons.” 

"Some flashcards detailed the number of security cameras and their positions at various bases, information on sensors and radar systems, the unique identifiers of restricted area badges (RAB) for Incirlik, Volkel, and Aviano as well as secret duress words and the type of equipment carried by response forces protecting bases," Postma said. 

"The scale to which soldiers have uploaded and inadvertently shared security details represents a massive operational security failure,” said Postma. “Due to the potential implications around public safety, Bellingcat contacted NATO, US European Command (EUCOM), the US Department of Defence (DoD), and the Dutch Ministry of Defence (MoD) four weeks in advance." The flashcards linked to these disclosures have been taken down since then, according to Postma.

Zeppelin Ransomware have Resumed their Operations After a Temporary Pause

 

According to BleepingComputer, the operators behind the Zeppelin ransomware-as-a-service (RaaS), aka Buran, have resumed operations following a brief outage. Zeppelin's operators, unlike other ransomware, do not steal data from victims or maintain a leak site. 

Experts from BlackBerry Cylance discovered a new version of the Vega RaaS, called Zeppelin, and it first appeared on the threat landscape in November 2019. In Europe, the United States, and Canada, the latest version was used in attacks against technology and healthcare firms. Zeppelin was discovered in November and was spread via a watering hole attack in which the PowerShell payloads were hosted on the Pastebin website. 

The Zeppelin ransomware does not infect users in Russia or other ex-USSR countries like Ukraine, Belorussia, or Kazakhstan, unlike other Vega ransomware variants. The ransomware enumerates files on all drives and network shares and attempts to encrypt them after being executed. Experts found that the encryption algorithm used is the same as that used by other Vega variants. 

“This is in contrast with the classic RaaS operations, where developers typically look for partners to breach into a victim network, to steal data, and deploy the file-encrypting malware. The two parties then split paid ransoms, with developers getting the smaller piece (up to 30%),” reported BleepingComputer. 

Advanced Intel (AdvIntel), threat detection and loss avoidance firm, discovered that the Zeppelin ransomware developers revised their operation in March. They announced a "big software upgrade" as well as a new round of sales. According to an intelligence survey, the new Zeppelin version costs $2,300 per core build, as per AdvIntel head of research Yelisey Boguslavskiy. 

Following the major update, Zeppelin's developers released a new version of the malware on April 27 that had few new features but improved the encryption's stability. They also promised that development on the malware would continue and that long-term users, known as "subscribers," would receive special care. 

“We continue to work. We provide individual conditions and a loyal approach for each subscriber, the conditions are negotiable. Write to us, and we will be able to agree on a mutually beneficial term of cooperation”, said Zeppelin ransomware. 

Zeppelin is one of the few ransomware operations on the market that does not use a pure RaaS model, and it is also one of the most common, with high-profile members of the cybercrime community recommending it.

FIN7 is Spreading a Backdoor Called Lizar

 

Under the pretext of being a Windows pen-testing platform for ethical hackers, the infamous FIN7 cybercrime gang, a financially motivated organization, is spreading a backdoor called Lizar. 

Since mid-2015, the Russian criminal advanced persistent threat group FIN7 has targeted the retail, restaurant, and hospitality sectors in the United States. Combi Security, the front company for FIN7, manages a portion of the operation. It has been dubbed one of the world's most prolific criminal hacking organizations. FIN7 is also known as the Carbanak Group, but these two groups appear to be using the same Carbanak malware and are therefore monitored separately. 

FIN7 is posing as a legitimate company selling a security-analysis platform, according to the BI.ZONE Cyber Threats Research Team. According to the researchers, they go to great lengths to ensure authenticity: “These groups recruit workers who are unaware that they are dealing with actual malware or that their employer is a real criminal group.” 

The group usually targets victims with malware-laced phishing attacks in the hopes of infiltrating networks and selling bank-card data. It has also introduced ransomware/data exfiltration attacks to its arsenal since 2020, carefully choosing targets based on revenue using the ZoomInfo service, according to researchers. 

Its malware selection is often changing, with researchers sometimes being surprised by never-before-seen samples. However, the Carbanak remote-access trojan (RAT), which is highly complex and sophisticated in comparison to its peers, has been its go-to toolkit. Carbanak is commonly used for network reconnaissance and gaining a foothold. 

However, BI.ZONE researchers have recently discovered that the community is employing a new form of backdoor known as Lizar. According to an article published on Thursday, the new edition has been in use since February and provides a strong range of data extraction and lateral movement capabilities. 

 “Lizar is a diverse and complex toolkit,” according to the firm. “It is currently still under active development and testing, yet it is already being widely used to control infected computers, mostly throughout the United States.” 

Attacks on a gambling establishment, several educational institutions, and pharmaceutical firms in the United States, as well as an IT corporation headquartered in Germany and a financial institution in Panama, have been recorded so far.

The White House believes that the attackers on the Colonial Pipeline are located in Russia

 The Russian authorities should take action against the hacker group DarkSide, which, according to Washington, is located in Russia and is involved in the cyberattack on the U.S. pipeline company Colonial Pipeline. This opinion was expressed on Tuesday by the press secretary of the White House Jennifer Psaki at a regular briefing for journalists.

She was asked whether Russia has any responsibility in connection with the fact that DarkSide is on Russian territory. "U.S. President Joe Biden said his intelligence community has not yet completed a comprehensive analysis of the incident. Moreover, according to the FBI, the attack is attributed to the hacker group DarkSide, located in Russia, so this country must act responsibly," noted Psaki.

"But, again, we will wait until our intelligence community to conduct a comprehensive analysis before we can report anything else on this," she concluded.

On Monday, Biden suggested that the criminal elements who carried out the hacking attack on the Colonial Pipeline may be in Russia. Brandon Wales, the Acting Director of the Cybersecurity and Infrastructure Security Agency (CISA), said on Tuesday that FBI experts are confident that criminal elements, not authorities of any state, were responsible for the cyber attack.

Press Secretary of the Russian President Dmitry Peskov stressed that Russia had nothing to do with the cyber attack. He stressed that "the United States refuses to cooperate in countering cybercrime."

The Russian Embassy in Washington rejected "baseless fabrications by individual journalists" about Moscow's possible involvement in this attack.

Earlier, E Hacking News reported that the hackers who caused Colonial Pipeline to shut down the biggest US petrol pipeline last Friday began their blitz against the company a day earlier, stealing a large amount of data before locking computers with ransomware and demanding payment, as per the sources.

According to the two reports, the intruders, who are members of the DarkSide cybercrime group, took nearly 100 gigabytes of data from the Alpharetta, Georgia-based company's network in just two hours on Thursday.

Positive Technologies reported on the impact of U.S. sanctions on its IPO plans

Positive Technologies head Yury Maksimov positively assessed the impact of sanctions against the company on its plans to go public. It may shorten the timing of the IPO, and the "realized threat" of sanctions has ceased to be a threat

Positive Technologies, a cybersecurity company, plans to shorten the time of a stock exchange listing due to the U.S. sanctions imposed on it. Its CEO Yuri Maksimov told about it. He did not name specific placement dates, but specified that in a month or two "the panic will pass" and "the professional community will understand how the company will develop further".

In the middle of March, E Hacking News reported about the plans of Positive Technologies to conduct an IPO at the Moscow Stock Exchange, placing up to 10 percent of the shares. The volume of the offering may be up to $200-300 million if the company's value reaches $2-4 billion by the end of 2021. According to the Telegram channel SecAtor, Positive Technologies values itself at $1 billion, while Forbes quoted a figure of $580 million.

Maksimov specified that the IPO is one of the possible tools to make the company public. He considers a direct listing, when the company's shareholders may start operations on the stock exchange, as a more likely option. "In a classical IPO a mass sale is assumed, with a greater focus on funds," but the goal of making Positive Technologies public is not to attract investments, but to find co-owners who can bring "advice, examples, awareness" to the business. In particular, the company expects that IT people will be buyers of the shares.

Another goal of a public offering is to turn the stock into a liquid instrument so that it is possible to take out large loans against it and motivate employees.

Yury Maksimov "positively" assessed the influence of sanctions on the IPO plans of Positive Technologies. According to him, when a company in the cyber security industry is listed on the stock exchange, the very risk of sanctions being imposed on it provokes fear in investors and leads to a discount in the price. If, however, sanctions are imposed on such a company before the offering, "the realized threat ceases to be a threat."

Researchers Found Three New Malware Strains in a Phishing Campaign

 

A global phishing program used never-before-seen malware strains distributed by specially-tailored lures to attack global organizations across a broad range of industries. According to a Mandiant report released today, the attacks targeted at least 50 organizations from a diverse range of sectors in two waves, on December 2nd and between December 11th and 18th. 

UNC2529 is the name of the threat actors behind the malware, who are identified as "experienced and well-resourced." Organizations in the United States, the EMEA zone, Asia, and Australia have been attacked in two waves so far. 

Threat actors would also pose as account executives touting services suitable for various industries, such as security, medication, transportation, the military, and electronics, in phishing messages sent to prospective victims. 

The global phishing scheme was controlled by over 50 domains in total. UNC2529 hacked a domain owned by a US heating and cooling services company, tampered with its DNS data, and used this structure to conduct phishing attacks against at least 22 entities in one successful attack. The lure emails included links to URLs that led to malicious.PDF payloads and a JavaScript file stored in a.zip folder. The records, which were obtained from public databases, were compromised to the point that they were unreadable, prompting victims to double-click the.js file in an effort to read the content. 

"The threat actor made extensive use of obfuscation and file-less malware to complicate detection to deliver a well-coded and extensible backdoor," Mandiant said. 

The threat group used phishing emails with links to a JavaScript-based downloader (labeled DOUBLEDRAG) or an Excel document with an embedded macro that downloaded an in-memory PowerShell-based dropper (labeled DOUBLEDROP) from attackers' command-and-control (C2) servers during the two waves of attacks. The DOUBLEDROP dropper includes 32-bit and 64-bit versions of the DOUBLEBACK backdoor, which is implemented as a PE dynamic library. 

"The backdoor, once it has the execution control, loads its plugins and then enters a communication loop, fetching commands from its [command-and-control] C2 server and dispatching them," Mandiant notes. "One interesting fact about the whole ecosystem is that only the downloader exists in the file system. The rest of the components are serialized in the registry database, which makes their detection somewhat harder, especially by file-based antivirus engines."

The United States imposes sanctions against 25 Russian companies for cyber attacks and Crimea

 On 15 April, the US Treasury Department put 25 Russian companies, six of which are IT companies, on its sanctions list as a response to allegedly organized cyber attacks by Russia, the situation in Crimea, and interference in the election.

The U.S. Treasury Department also listed 16 organizations and 16 individuals from the Russian Federation that U.S. authorities believe were behind the hacking of SolarWinds software and an attack on the networks of several U.S. departments, as well as interfering in the 2020 U.S. presidential election.

Recall that in February 2020, U.S. intelligence officials said that Russia had begun interfering in the 2020 presidential election. Specifically, they claimed that Russia was interfering in both the Democratic Party primaries and the overall course of the election, "hoping to sow chaos and discord." In addition, Russian secret services allegedly tried to force U.S. citizens to spread disinformation and bypass social media mechanisms aimed at combating fake news. However, no evidence of interference was presented.

On March 16, 2021, a report of the Office of the Director of National Intelligence of the United States was made public. According to the authors of the report, the Russian authorities, with the approval of Russian President Vladimir Putin, organized a campaign aimed at "denigrating" Democratic Party candidate Joseph Biden and supporting his Republican rival Donald Trump, as well as "undermining confidence in the election in general and aggravating sociopolitical controversy in the United States."

At the highest level, Moscow has repeatedly rejected claims that Russia tried to interfere in U.S. election processes.

In March 2021, Russian presidential spokesman Dmitry Peskov suggested that the publication of the U.S. National Intelligence Report was "a reason to put on the agenda the issue of new sanctions against our country."

"Russia also did not interfere in previous elections and did not interfere in the elections mentioned in this report in 2020. Russia has nothing to do with any campaign against any of the candidates. In this regard, we consider this report incorrect, as it is absolutely groundless and unsubstantiated," said Peskov.

On March 17, 2021, Russian Foreign Ministry spokeswoman Maria Zakharova, speaking on the Russia-24 television channel, described the report of the U.S. intelligence agencies on Russian "interference" in the election as "an excuse for their existence."

Man Sentenced To 12 Years For Attempting To Purchase Chemical Weapon On The Dark Web

 

A 46-year-old Missouri man has been sentenced to 12 years without parole in US federal prison today for trying to obtain a chemical weapon via an illicit Dark Website with Bitcoin currency; the weapon has the capacity to kill hundreds of people. 

According to the court, the man named Jason Siesser had admitted his cybercrime and accepted that he attempted to purchase a chemical weapon two times between 14 June and August 4, 2018. Additionally, the court document has also mentioned that he had provided the order shipping address in the name of a juvenile, whose name, address he used illegally to acquire this highly toxic weapon including five batches of cadmium arsenide, hydrochloric acid, and other chemical compounds. 

As per the information that the court has provided, three batches of this chemical concoction would be enough to kill more than 300 people at once. On August 4, 2020, Siesser has been to prison for attempting to obtain a chemical weapon. 

Jason had ordered chemical weapons on two different occasions, at first, he ordered two 10 milliliter units of chemical on 4th July of 2018 with the use of cryptocurrencies. When the seller did not ship the order, he contacted him continuously. Then it was on 9th July of 2018, when he contacted the seller and asked him to ship the order as early as possible because he planned to use it immediately after receiving it. 

Jason ordered his second chemical on 5th august of 2018 and again he made the payment with help of Bitcoin, worth roughly $150. Notably, what he ordered, was a very toxic chemical. 

During the investigating officers' raid at Siesser's home, they had found nearly 10 grams of the toxic chemical including cadmium arsenide, which can be deadly if it ingested or inhaled; approximately 100 grams of cadmium metal and more than 500 mL of hydrochloric acid had been found. 

"Writings located within the home articulated Siesser’s heartache, anger and resentment over a breakup, and a desire for the person who caused the heartache to die," said the Department of Justice.

Russian hackers suspected of stealing thousands of US State Department emails

In 2020, Russian hackers stole thousands of emails from U.S. State Department employees. As Politico reported, this is the second major hack of the department's email server in the last ten years, carried out "with the support of the Kremlin."

According to Politico sources, this time, hackers accessed the emails of the U.S. State Department's Bureau of European and Eurasian Affairs, as well as the Bureau of East Asian and Pacific Affairs. A Politico source said it was unclear whether classified information was among the stolen emails. It also remains unclear whether the hack was part of a larger SolarWinds attack that gave hackers access to dozens of U.S. federal agencies.

The U.S. State Department declined to comment to the publication on the likely attack. "For security reasons, we cannot discuss the nature or extent of any alleged cybersecurity incidents at this time," said a State Department spokesman. Politico also sent a request to the Russian embassy in the United States. At the time of publication, the Russian side had not responded.

Recall, U.S. media reported on the large-scale hacking attack on the U.S. government on December 14, 2020. The hack was later confirmed by U.S. intelligence agencies. According to their information, dozens of agencies were hacked, it was organized by Russian hackers. U.S. President Joe Biden announced his intention to impose sanctions against Russia for cyber attacks. On March 8, 2021, the media reported on White House plans to conduct covert cyberattacks on Russian networks in response to the SolarWinds hack.

Russian presidential press secretary Dmitry Peskov stressed Moscow's noninvolvement in the cyberattacks. Russian Foreign Ministry spokeswoman Maria Zakharova also said that U.S. accusations that Russia was involved in a massive hacking attack on U.S. federal agencies were unproven.

Man Indicted In Kansas Water Facility Breach

 

Today the US Department of Justice charged a Kansas man for breaching a public water system and trying to shut down the water functioning process with the intention of damaging the local community. 

The official statement has been posted on Wednesday by the Department of Justice (DOJ); The 22-year-old man named Wyatt A. Travnichek, accused of hacking into the computer system of the local water utility is a native of Ellsworth County, Kan. He was well aware of the public damage that could be caused by getting access to the Ellsworth County Rural Water District's (also known as Post Rock Rural Water District) computer system with illegal means. He tried to sabotage the water running system, according to the sources. 

The episode first appeared on 27 March 2019, when Post Rock experienced an uncertified remote trespass the facility system and successfully shut down the whole functioning operations. 
Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas said that “By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community…”

“…EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.” 

Nevertheless, the court’s documents had not mentioned whether Travnichek’s operation was successful or not. Additionally, the court did not explain how the operation was detected. In this regard, the officials stated that Travnichek was an employee of the Post Rock Rural Water District from January 2018 to January 2019 until he resigned from the facility in January 2019. 

Post Rock provides water facilities around eight Kansas counties. Part of Travnichek's job was to log in to the Post Rock computer system to monitor the plant after hours, but he ended up exploiting the system by illicitly accessing it. 

"He logged in remotely to Post Rock Rural Water District's computer system and performed activities that shut down processes at the facility which affect the facility's cleaning and disinfecting procedures with the intention of harming the Ellsworth County Rural Water District No. 1," the document further reads.

Hades Ransomware Attacks US Big Game

 

An obscure monetarily spurred threat group is utilizing the self-proclaimed Hades ransomware variant in cybercrime activities that have affected at least three victims since December 2020. Known victims incorporate a huge US transportation and logistics organization, a huge US consumer products organization, and a worldwide manufacturing organization. 

Tactics, Techniques, and Procedures (TTP) utilized to compromise a victim network, escalate privileges, move laterally, evade defenses, exfiltrate data and deploy Hades ransomware are relatively consistent with other notable ransomware operators, utilizing a mix of commodity tooling and various living-off-the-land techniques. When Hades lands on a victim's machine, it duplicates itself and relaunches itself through the command line. The 'spare' duplicate is then erased and an executable is unloaded in memory. A scan is then performed in local directories and network offers to discover content to encrypt however every Hades sample secured uses a different extension. 

Moreover, Accenture recognized extra Tor covered up services and clearnet URLs by means of different open-source reporting relating to the Hades ransomware samples. For every examined sample, the ransom notes distinguished educate the victim to install Tor browser and visit the predetermined page. The Tor pages vary just in the Victim ID that is given, demonstrating every Tor address might be particularly created for every victim. Accenture Security distinguished an aggregate of six of these addresses, showing there could be three extra victims that they are unaware of as of now. 

Right now, it is hazy if the obscure threat group works under an affiliate model, or if Hades is appropriated by a solitary group. Under an affiliate model, developers partner with affiliates who are answerable for different undertakings or phases of the operation lifecycle, for example, conveying the malware, giving starting admittance to associations, or even target selection and reconnaissance. In any case, in light of intrusion information from incident response engagements, the operators tailor their strategies and tooling to deliberately chose targets and run a more “hands-on keyboard” operation to inflict maximum damage and higher payouts. 

Likewise, Accenture recognized similarities in the Hades ransom notes to those that have been utilized by REvil ransomware operators, where parts of the ransom notes observed contain identical wording.

U.S. authorities found no evidence of Russian hackers' influence on the presidential election

U.S. authorities found no evidence that hackers affiliated with foreign governments were able to block voters from voting, alter votes, interfere with the counting or timely transmission of election results, alter technical aspects of the voting process, or otherwise compromise the integrity of voter registration or ballot information submitted during the 2020 federal election.

This is reported in a joint report by the US Department of Justice (including the FBI) ​​and the Department of Homeland Security (including the Cyber ​​and Infrastructure Security Agency).

According to the report, "as part of Russia's and Iran's extensive campaigns against critical infrastructure, the security of several networks to manage some election functions was indeed compromised. But it had no meaningful impact on the integrity of voter data, the ability to vote, the counting of votes, or the timely transmission of election results. Iran's claims to undermine public confidence in the U.S. election infrastructure were false or exaggerated".

However, experts have identified several incidents in which malicious actors linked to the governments of Russia, China and Iran significantly affected the security of networks linked to U.S. political organizations, candidates and campaigns during the 2020 federal election. In most cases, it is unclear whether the attackers sought access to the networks for foreign political interests or for operations related to election interference.

In a number of cases, the attackers collected at least some information that they might have published in order to exert influence. However, no evidence of publishing, modifying or destroying this information was found.

"We found no evidence (either through intelligence gathering on the foreign attackers themselves, through monitoring the physical security and cybersecurity of voting systems across the country, or through post-election audits or any other means) that a foreign government or other parties compromised the election infrastructure to manipulate the election results," the report authors summarized.

Kremlin concerned about the report of possible US cyber attacks

The New York Times previously reported that the United States plans to carry out cyber attacks on the internal systems of the Russian authorities within the next three weeks

Russian presidential spokesman Dmitry Peskov said that Moscow is concerned about the report of possible cyber attacks by the United States. He also called the accusations of the US State Department of Russia spreading misinformation about foreign vaccines absurd.

Mr. Peskov commented on The New York Times report on the impending cyberattacks on the internal systems of the Russian authorities in response to the attack on SolarWinds. A Kremlin spokesman called it "alarming information" that appeared in a "fairly reputable American publication."

Dmitry Peskov said that "this is nothing but international cybercrime." "Of course, the fact that the publication admits the possibility that the American state may be involved in this cybercrime is a reason for our extreme concern," Mr. Peskov told reporters during a press call.

He also commented on the statement of the official representative of the US State Department, Ned Price, that four Russian online platforms run by the Russian intelligence services spread misinformation about vaccines approved in the United States. "We do not understand the reasons for such statements. We will continue to patiently explain that such reports are completely absurd," said Dmitry Peskov. "We have always been against politicizing any issues related to the vaccine in any way," added the Kremlin spokesman.

Mr. Peskov also said that the Russian vaccine "Sputnik V" is constantly criticized without any serious grounds. “The Russian vaccine is criticized on a daily basis with an attempt to pretend to be objective or without any attempts to pretend to be objective - just sweeping criticism. We've always been against it. The Russian Federation has not participated and is not going to participate in such an information campaign against any other vaccines," stated Dmitry Peskov.

Recall that on Sunday, The New York Times, citing sources in the US administration, reported that the US plans to carry out a series of cyberattacks on the internal systems of the Russian authorities over the next three weeks in response to an attributed hacker attack through SolarWinds software.

US court sentenced Ukrainian to seven years in prison for electronic fraud

A court in the United States has sentenced Ukrainian citizen Alexander Musienko to more than seven years in prison for participating in an online money-laundering scheme that legalized millions of dollars.

The suspect admitted his guilt in electronic fraud. On February 11, the court sentenced him to 87 months in prison (more than seven years). In addition, a citizen of Ukraine is obliged to pay more than $98.7 thousand in compensation.

As follows from the materials of the case, from 2009 to 2012, the 38-year-old Alexander Musienko from Odessa collaborated with computer hackers from Eastern Europe in order to get more than $3 million from the bank accounts of American companies. These funds were eventually stolen and legalized using bank accounts abroad.

According to the U.S. Department of Justice, he legalized funds stolen by hackers in the United States. This task was entrusted to private individuals whom Musienko hired by fraud to perform the duties of financial assistants. They transferred the stolen funds to their bank accounts at the agreed time and immediately transferred them to third-party accounts registered outside the United States.

So, in September 2011, Musienko's financial assistants, who were sure that they were working for a legitimate business, hacked the online accounts of the North Carolina company and transferred a total of almost $296.3 thousand to two bank accounts controlled by Musienko.

The Department added that Musienko was arrested in South Korea in 2018 and extradited to the United States in 2019. Around April 2019, the FBI investigated the information on Musienko's laptop. As a result, files containing about 120 thousand payment card numbers and associated identification information were found.