AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 11/17/2022

Russia’s cyber personnel has ‘underperformed’ in Ukraine: U.S. Defense official

A senior Pentagon official on Wednesday said that Russia’s cyber personnel “underperformed” during the initial invasion of Ukraine, prompting it to ultimately rely less on digital attacks during the now months-long conflict than was expected. Speaking at the Aspen Cyber Summit, Mieke Eoyang, the deputy assistant secretary of defense for cyber policy, said Moscow “was not prepared for the conflict to go on as long as it did” and noted the Kremlin had sacrificed “intensity and sophistication” in order to rebuild its arsenal and avoid potential conflict that would draw in NATO. “We have to understand how those factors play against each other,” Eoyang told the audience. Her remarks come as the war approaches its ninth month. And while Russian groups have been blamed for ransomware attacks and other malign activities against Kyiv, larger strikes on the country’s critical infrastructure, like its electric grid, have not occurred.


Iran-linked threat actors compromise US Federal Network

According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw (CVE-2021-44228) and deployed a cryptomining malware. Log4Shell impacts the products of several major companies that use Log4j, but in many attacks, the vulnerability has been exploited against affected VMware software. In this specific case, the Iranian hackers hacked an unpatched VMware Horizon server to gain remote code execution.“CISA obtained four malicious files for analysis during an on-site incident response engagement at a Federal Civilian Executive Branch (FCEB) organization compromised by Iranian government sponsored advanced persistent threat (APT) actors.” reads the Malware Analysis Report (AR22-320A) published by CISA. 


Commercial repair shops caught snooping on customer data by canny Canadian research crew

Computer scientists affiliated with Canada’s University of Guelph have found that electronics repair services lack effective privacy protocols and that technicians often snoop on customers’ data. In a four-part research study distributed via ArXiv, “No Privacy in the Electronics Repair Industry,” University of Guelph researchers Jason Ceci, Jonah Stegman, and Hassan Khan describe how they tested the privacy policies and practices of electronics repair shops. The inquiry consisted of a field survey of 18 repair service providers in North America – three national, three regional, and five local service providers, as well as two national smartphone repair service providers and five device manufacturers.


Nvidia and Microsoft team up to build ‘massive’ AI supercomputer

Nvidia has announced a “multi-year collaboration” with Microsoft to build “one of the most powerful AI supercomputers in the world,” designed to handle the huge computing workloads needed to train and scale AI. The collaboration will see Nvidia utilizing Microsoft’s scalable virtual machine instances to accelerate advances in generative AI models like DALL-E.  Based on Microsoft’s Azure cloud infrastructure, the AI supercomputer will use tens of thousands of Nvidia’s powerful and data center GPUs and its . According to Nvidia, the combination of Microsoft’s Azure cloud platform and Nvidia’s GPUs, networking, and full AI suite will allow more enterprises to train, deploy, and scale AI — including large, state-of-the-art models. The two companies will also collaboratively develop DeepSpeed, Microsoft’s deep learning optimization software.


FBI-Wanted Leader of the Notorious Zeus Botnet Gang Arrested in Geneva

A Ukrainian national who has been wanted by the U.S for over a decade has been arrested by Swiss authorities for his role in a notorious cybercriminal ring that stole millions of dollars from victims’ bank accounts using malware called Zeus. Vyacheslav Igorevich Penchukov, who went by online pseu­do­nyms “tank” and “father,” is said to have been involved in the day-to-day operations of the group. He was apprehended on October 23, 2022, and is pending extradition to the U.S. Details of the arrest were first reported by independent security journalist Brian Krebs. Penchukov, along with Ivan Viktorovich Klepikov (aka “petrovich” and “nowhere”) and Alexey Dmitrievich Bron (aka “thehead”), was first charged in the District of Nebraska in August 2012.

Related Posts