AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 04/13/2022

Sandworm hackers fail to take down Ukrainian energy provider

The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware. The threat actor used a version of the Industroyer ICS malware customized for the target high-voltage electrical substations and then tried to erase the traces of the attack by executing CaddyWiper and other data-wiping malware families tracked as Orcshred, Soloshred, and Awfulshred for Linux and Solaris systems. Researchers at cybersecurity company ESET collaborating with the Ukrainian Computer Emergency Response Team (CERT) to remediate and protect the attacked network say that they do not know how the attacker compromised the environment or how they managed to move from the IT network into the ICS environment.


U.S. Leads Seizure of One of the World’s Largest Hacker Forums and Arrests Administrator

The U.S. Department of Justice today announced the seizure of the RaidForums website, a popular marketplace for cybercriminals to buy and sell hacked data, and unsealed criminal charges against RaidForums’ founder and chief administrator, Diogo Santos Coelho, 21, of Portugal. Coelho was arrested in the United Kingdom on January 31, at the United States’ request, and remains in custody pending the resolution of his extradition proceedings. “Our interagency efforts to dismantle this sophisticated online platform – which facilitated a wide range of criminal activity – should come as a relief to the millions victimized by it, and as a warning to those cybercriminals who participated in these types of nefarious activities,” said Jessica D. Aber, U.S. Attorney for the Eastern District of Virginia. “Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either.”


Russia is jamming GPS satellite signals in Ukraine, US Space Force says

Another piece of space infrastructure for Ukraine is under attack, according to an NBC report. Jammers from Russian forces besieging the country are targeting global positioning system (GPS) satellites that are used for navigation, mapping and other purposes, the report said, quoting the U.S. Space Force. “Ukraine may not be able to use GPS because there are jammers around that prevent them from receiving any usable signal,” David Thompson, the Space Force’s vice chief of space operations, told NBC Nightly News Monday (April 11). “Certainly the Russians understand the value and importance of GPS and try to prevent others from using it,” Thompson added. He noted that Russia has not directly attacked any satellites in orbit, but the Space Force is keeping an eye out for such possibilities.


Craig Newmark pledges $50+ million for ‘Cyber Civil Defense’

Craig Newmark of craigslist fame on Monday promised a major investment in the cybersecurity community and public cyber education by targeting more than $50 million towards what he called a Cyber Civil Defense. Newmark announced the news in a Tweet earlier today. Craig Newmark Philanthropies (CNP) said the $50 million will support efforts to raise public awareness of threats and online security choices, in addition to the creation of online tools and digital infrastructure that can help secure the country’s networks. The effort will also include programming aimed at developing a diverse, inclusive, and equitable workforce capable of meeting the technical cybersecurity challenges ahead.


EU officials are targeted using Pegasus Software

Senior EU officials were targeted via NSO Group’s famous spying software Pegasus as per the latest report from Reuters. As per the report minimum five individuals including European Justice Commissioner Didier Reynders have been targeted along with other two EU officials. However, it is not known who is behind the usage of this surveillance software on the EU officials and what is the information they are looking into. The NSO group said in a statement shared the information with Reuters that they weren’t behind the hacking attempts, The spying incident was identified after Apple notified the victims of the state sponsored attacks last November as a measure to nullify Israeli spyware projects targeting its customers.


USPS “Your package could not be delivered” text is a smishing scam

A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: “[U.S. Postal Service] We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit [bit(dot)ly]“ I’ve never received an SMS from the US Postal Service, but I have to imagine they don’t use bit.ly redirect links in text messages. The bit.ly link hides the actual URL being sent to people’s phones. You can view stats for a bit.ly link by placing “+” at the end of the URL. Detailed stats about the shortener’s creation date, number of clicks, and more are available through this method. On this occasion, data is hidden with the message “This link has been flagged as redirecting to malicious or spam content”.

Related Posts