2024-02-20
“We have hacked the hackers” - UK's National Crime Agency head says revealing operation to disrupt what is thought to be largest criminal ransomware group. The NCA infiltrated systems belonging to Lockbit and stole its data. https://www.bbc.com/...
BleepingComputer
Law enforcement agencies arrest two LockBit operators in Poland and Ukraine, issue three arrest warrants, offer a decryption tool, and seize 200+ crypto wallets
Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool …
2024-01-25
Artificial Intelligence will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, according to a UK intelligence assessment. Main impact will be with ransomware, including making social engineering easier. https://www.ncsc.gov.uk/...
The Record
The UK NCSC's all-source intelligence assessment: ransomware attacks will almost certainly increase in both volume and impact over the next two years due to AI
2023-12-09
Centre 18, a unit within FSB, identified as being accountable for a range of cyber espionage operations. Also known as Star Blizzard; Callisto Group, SEABORGIUM or COLDRIVER and is operated by FSB officers. One serving FSB officer is being sanctioned by UK.
Wall Street Journal
The US and the UK accuse Russia's FSB of orchestrating a global hacking campaign since 2015 to interfere in UK elections and target US energy networks and spies
NEW - The Russian Ambassador to the UK has been summoned as Moscow's FSB Security Service is accused of a sustained campaign to interfere in political life by hacking and stealing emails and data from those in public life. UK officials say the campaign has been unsuccessful.
Wall Street Journal
The US and the UK accuse Russia's FSB of orchestrating a global hacking campaign since 2015 to interfere in UK elections and target US energy networks and spies
2023-12-08
NEW - The Russian Ambassador to the UK has been summoned as Moscow's FSB Security Service is accused of a sustained campaign to interfere in political life by hacking and stealing emails and data from those in public life. UK officials say the campaign has been unsuccessful.
Wall Street Journal
The US and the UK accuse Russia's FSB of orchestrating a global hacking campaign since 2015 to interfere in UK elections and target US energy networks and spies
The cyberattacks also allegedly took aim at U.S. energy networks and American spies — LONDON—The U.S. and U.K. governments …
Centre 18, a unit within FSB, identified as being accountable for a range of cyber espionage operations. Also known as Star Blizzard; Callisto Group, SEABORGIUM or COLDRIVER and is operated by FSB officers. One serving FSB officer is being sanctioned by UK.
Wall Street Journal
The US and the UK accuse Russia's FSB of orchestrating a global hacking campaign since 2015 to interfere in UK elections and target US energy networks and spies
The cyberattacks also allegedly took aim at U.S. energy networks and American spies — LONDON—The U.S. and U.K. governments …
2023-12-07
NEW - The Russian Ambassador to the UK has been summoned as Moscow's FSB Security Service is accused of a sustained campaign to interfere in political life by hacking and stealing emails and data from those in public life. UK officials say the campaign has been unsuccessful.
The Record
The UK accuses a unit of Russia's FSB of using cyberattacks in a “sustained but unsuccessful” campaign to undermine democratic institutions since 2015
The British government accused a unit of Russia's Federal Security Service (FSB) on Thursday of using cyberattacks in a …
Centre 18, a unit within FSB, identified as being accountable for a range of cyber espionage operations. Also known as Star Blizzard; Callisto Group, SEABORGIUM or COLDRIVER and is operated by FSB officers. One serving FSB officer is being sanctioned by UK.
The Record
The UK accuses a unit of Russia's FSB of using cyberattacks in a “sustained but unsuccessful” campaign to undermine democratic institutions since 2015
The British government accused a unit of Russia's Federal Security Service (FSB) on Thursday of using cyberattacks in a …
2023-05-10
New - joint cyber advisory from UK's NCSC and US CISA detailing ‘Snake’ - said to be 'the most sophisticated cyber espionage tool in the FSB's arsenal'. Goes back to 2003 with this image often embedded. https://www.cisa.gov/... https://twitter.com/...
CyberScoop
The US says the FBI disrupted a long-running Russian cyberespionage operation by inspecting FSB's Snake malware and decrypting and decoding its communications
AJ Vicens / CyberScoop :
2022-03-18
New-Google on how group working with Russian based Conti ransomware gang used AI generated human faces to create fake profiles to gain access."Initial access brokers are the opportunistic locksmiths of the security world, and it's a full-time job" https://blog.google/... https://twitter.com/...
TechCrunch
Google details Exotic Lily, a “financially-motivated threat actor” that works as an initial access broker for Russian hackers and ransomware gangs like Conti
Carly Page / TechCrunch :
2022-03-03
“It turns out that the next war was not fought in cyberspace after all.” - @ciaranmartinoxf looks at the relatively low level of military-linked cyber activity so far. My guess is that when shooting starts, the traditional military men in Moscow elbow aside the cyber operators. https://twitter.com/...
Lawfare
An in-depth look at Russia's offensive cyber capabilities, their potential use in Ukraine, the limitations of cyber power, and implications for the West
2021-07-19
And White House statement: “The United States is deeply concerned that the PRC has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit” https://www.whitehouse.gov/...
Axios
US, NATO, and other allies collectively blame China for malicious cyberattacks, including a March attack that exploited a flaw in Microsoft's Exchange Server
The U.S., NATO and other allies are collectively calling out China for malicious cyberattacks, including a March attack that exploited a flaw in Microsoft's Exchange Server.
2021-07-02
NEW-US and UK accuse Fancy Bear - Russia's GRU - of cyber campaign, likely ongoing, targeting political parties and parliaments+defense companies, law firms, media. ‘Brute force’ guessing of passwords, often stealing emails from Microsoft Office 365 Cloud https://www.nsa.gov/...
The Record
NSA, FBI, and others say Russian hacking group Fancy Bear has been using Kubernetes to run brute force attacks on US and foreign organizations since mid-2019
essentially, trying different passwords until the attackers gained access — and then use other known software vulnerabilities to steal emails, compromise other accounts and collect...
2021-04-16
“US poised to impose sanctions on Russia for cyber-attacks” - There's been back and forth about these sanctions, partly it seems over whether to separate out issues like cyber or encompass everything. Looks like washington opting for max impact https://www.bbc.com/...
MIT Technology Review
A look at Positive Technologies, a Russian cybersecurity firm sanctioned by the US, which sources say provides hacking tools and ops support for Russian spies
Washington has sanctioned Russian cybersecurity firm Positive Technologies. US intelligence reports claim it provides hacking tools and runs operations for the Kremlin.
2021-03-07
“the Chinese theft of email seemed stealthy and targeted......Then suddenly about a week ago, shortly before Microsoft issued its patch, the activity exploded.....It was, he said, almost as if they suspected a patch was forthcoming” 🤔 https://www.washingtonpost.com/ ...
Krebs on Security
Sources: at least 30K US organizations have been hacked by an aggressive Chinese espionage group exploiting unpatched flaws in Microsoft's Exchange Server
At least 30,000 organizations across the United States — including a significant number of small businesses, towns …
2020-11-15
New-Microsoft says it detected cyberattacks from three nation-state actors targeting 7 companies involved in COVID vaccines and treatments in Canada, France, India, S Korea and US. Attacks came from Strontium (Russian group) and two groups from N Korea https://blogs.microsoft.com/ ...
ZDNet
Microsoft says it detected three APTs, from N. Korea and Russia, that launched attacks on at least seven companies developing a COVID-19 vaccine or treatments
The three state-sponsored hacker groups (APTs) are Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium.
2020-11-14
New-Microsoft says it detected cyberattacks from three nation-state actors targeting 7 companies involved in COVID vaccines and treatments in Canada, France, India, S Korea and US. Attacks came from Strontium (Russian group) and two groups from N Korea https://blogs.microsoft.com/ ...
ZDNet
Microsoft says it detected three APTs, from N. Korea and Russia, that launched attacks on at least seven companies developing a COVID-19 vaccine or treatments
The three state-sponsored hacker groups (APTs) are Russia's Strontium (Fancy Bear) and North Korea's Zinc (Lazarus Group) and Cerium.
2020-10-02
Latest UK Huawei oversight report says company ‘failed to improve UK security standards’ and says a ‘nationally significant’ vulnerability had to be fixed - though no sign of Chinese state interference. https://www.bbc.co.uk/...
BBC
UK report says Huawei has failed to adequately tackle security flaws in its telco equipment despite previous complaints
Gordon Corera / BBC :
2020-04-05
Interesting research from Citizen Lab on Zoom - it raises concerns about Chinese end of the company - ‘during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China’ https://citizenlab.ca/...
Washington Post
Zoom is being banned over security concerns by some US school districts, including NYC, which is directing teachers to switch to Microsoft Teams
Some school districts around the country have started to ban the use of Zoom for online learning from home during the coronavirus crisis …
2020-04-04
Interesting research from Citizen Lab on Zoom - it raises concerns about Chinese end of the company - ‘during multiple test calls in North America, we observed keys for encrypting and decrypting meetings transmitted to servers in Beijing, China’ https://citizenlab.ca/...
The Intercept
Researchers: Zoom sometimes uses encryption keys issued by servers in China, uses a flawed encryption method, and hence is not suited to communicate secrets
but it can be fixed Stephen Warwick / iMore : Today on Zoom: ‘Not suited for secrets’, encryption issues and more Mercury News : Zoombombing: FBI warns video calls are getting hija...