AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 02/28/2022

Nobelium Returns to the Political World Stage

Nobelium, also known as APT29 and Cozy Bear, is a highly sophisticated group of Russian-sponsored cybercriminals. Approximately two years ago, countless system administrators and IT teams were forced to work around the clock to address Nobelium’s attack on SolarWinds. And last year, they similarly targeted numerous IT supply chains in the hopes of being able to embed themselves once again deep inside IT networks. But fast forward to today, and the Nobelium group seems to have shifted their focus. This time, rather than targeting software solutions, they have begun targeting embassies. While these attacks may not impact the average Windows computer user, they do have potentially larger political ramifications.


Anonymous Hacking Group Declares “Cyber War” Against Russia

Hacktivist group Anonymous has declared “cyber war” against Vladimir Putin’s government following the Russian invasion of Ukraine. The well-known international hacking collective made the announcement on its Twitter account on Thursday, shortly after the Kremlin commenced military action. The message read: “The Anonymous collective is officially in cyber war against the Russian government. #Anonymous #Ukraine.” Shortly after, the group claimed responsibility for taking down Russian government websites, including the Kremlin and State Duma.

Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store

A new malware capable of controlling social media accounts is being distributed through Microsoft’s official app store in the form of trojanized gaming apps, infecting more than 5,000 Windows machines in Sweden, Bulgaria, Russia, Bermuda, and Spain. Israeli cybersecurity company Check Point dubbed the malware “Electron Bot,” in reference to a command-and-control (C2) domain used in recent campaigns. The identity of the attackers is not known, but evidence suggests that they could be based out of Bulgaria. “Electron Bot is a modular SEO poisoning malware, which is used for social media promotion and click fraud,” Check Point’s Moshe Marelus said in a report published this week.


FCC to probe domestic Russian-owned media and telecom companies

The Federal Communications Commission launched an investigation this week into a large number of media, telecom and infrastructure companies that operate in the United States with ties to Russia, CNN reported. The probe, allegedly being conducted jointly with the Department of Homeland Security and the Department of Justice, is aimed at firms considered a “national security risk,” and covers a wide array of business types including wireless providers, VoIP services and submarine cable operators. The FCC’s review also arrives as many US cybersecurity experts warn of the increased danger of cyber attacks, especially on critical infrastructure. The US recently imposed a number of sanctions on Russia in response to its invasion of Ukraine, and it’s possible Russia may retaliate through cyber warfare.


Beware of charity scams exploiting war in Ukraine

Times of crisis may bring out the best in you, but they also have a way of bringing out the worst in scammers. They, too, follow the headlines and will go into overdrive in their attempts to part people from their money. We’ve seen this time and again during the COVID-19 pandemic, and just a few days into it the war in Ukraine is no different. If the crisis has you worried and you’re looking to support humanitarian work on the ground through a donation, make sure your money goes to the right cause. ESET researchers have spotted a bevy of websites that solicit money under the guise of charitable purposes. They tend to riff on a similar theme, making emotional but nonetheless fake appeals for solidarity with the people of Ukraine or urging the public to help fund the country’s defense efforts.


Ukraine recruits “IT Army” to hack Russian entities, lists 31 targets

Ukraine is recruiting a volunteer “IT army” of security researchers and hackers to conduct cyberattacks on thirty-one Russian entities, including government agencies, critical infrastructure, and banks. Saturday afternoon, Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov announced that they need volunteer “digital talents” for an “IT Army” to conduct operational tasks against Russia on the cyber frontline. Soon after, a Telegram channel created to organize the IT Army’s operations released a list of Russian targets. This list includes 31 targets, including Russian government agencies, government IP addresses, government storage devices and mail servers, three banks, large corporations supporting critical infrastructure, and even the popular Russian search engine and email portal, Yandex. The IT Army came soon after the Defense Ministry began recruiting Ukraine’s underground hacker community to assist in cyberattacks against Russia.

Related Posts