AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 03/23/2022

Italy Investigates Russia’s Kaspersky Antivirus Software

Italy’s data privacy watchdog said Friday it was investigating the “potential risks” that Russian antivirus software Kaspersky could be used to launch cyberattacks. It followed what it called “alarms sounded by many Italian and European organisations specialised in computer security” over the potential use of Kaspersky software for hacking assaults in the wake of Russia’s invasion of Ukraine. The watchdog has asked the company to provide details on the number and profile of its Italian customers, and whether users’ personal data is “transferred outside the European Union” to Russia or elsewhere. Italy’s cybersecurity agency recommended Tuesday that users of Russian software diversify their wares, warning of a potential “technological risk” following the invasion of Ukraine.


Anonymous Hackers Fire ‘Warning Shot’ at Companies Refusing to Pull Out of Russia

Anonymous hacktivists warned that the next #OpRussia target will be corporations that refuse to pull their business from Russia as one group of hackers decided to try to use their data haul from a Russian company to financially help the people of Ukraine. “We call on all companies that continue to operate in Russia by paying taxes to the budget of the Kremlin’s criminal regime: Pull out of Russia! We give you 48 hours to reflect and withdraw from Russia or else you will be under our target!” a prominent Anonymous account tweeted Sunday. The same account reported Thursday that the #OpRussia cyber offensive started nearly a month ago by the collective was “launching unprecedented attacks on the websites of Russian gov’t. Increasing their capacity at peak times from 500 GB earlier, it is now up to 1 TB. That is, two to three times more powerful than the most serious incidents.”


Bridgestone Hit as Ransomware Torches Toyota Supply Chain

On Friday, Bridgestone Corp. admitted that a subsidiary experienced a ransomware attack in February, prompting it to shut down the computer network and production at its factories in North and Middle America for about a week, said Reuters. Among other things, Bridgestone is a major supplier of tires for Toyota vehicles. This is notable because, only 11 days after Bridgestone’s attack, another Toyota supplier – Denso Corp. – fell victim to its own ransomware attack. Manufacturers like Toyota, already hampered by supply chain shortages, are proving to be particularly attractive targets for ransomware groups. Late last month, within hours of Japan having joined Western allies in blocking some Russian banks from accessing the SWIFT international payment system and committing to giving Ukraine $100 million in emergency aid, a spokesperson at Toyota supplier Kojima Industries Corp. said that it had apparently been hit by “some kind of cyber attack,” causing Toyota to shut down about a third of the company’s global production.


Microsoft confirms they were hacked by Lapsus$ extortion group

Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code. Last night, the Lapsus$ gang released 37GB of source code stolen from Microsoft’s Azure DevOps server. The source code is for various internal Microsoft projects, including for Bing, Cortana, and Bing Maps. In a new blog post published tonight, Microsoft has confirmed that one of their employee’s accounts was compromised by Lapsus$, providing limited access to source code repositories.


Okta ‘identifying and contacting’ customers potentially affected by Lapsus$ breach

Okta’s chief security officer David Bradbury released a statement on Tuesday afternoon saying Okta “has not been breached and remains fully operational.” Extortion group Lapsus$ claimed this weekend on its Telegram channel that it had access to Okta’s systems, and the company said on Monday night that it was investigating the claims.  While Bradbury denied that the company was affected by the Lapsus$ hack, it said there was a five-day window of time between January 16 and 21 where an attacker “had access to an Okta support engineer’s laptop,” noting that this “is consistent with the screenshots” that Lapsus$ shared on Telegram.

Related Posts