Connect with us

Internet

Ukraine Suspects Belarus Intelligence-Linked UNC1151 Group Over Cyberattack

Published

on

By Reuters | Updated: 17 January 2022

Kyiv believes a hacker group linked to Belarusian intelligence carried out a cyberattack that hit Ukrainian government websites this week and used malware similar to that used by a group tied to Russian intelligence, a senior Ukrainian security official said.

Serhiy Demedyuk, deputy secretary of the national security and defence council, told Reuters that Ukraine blamed Friday’s attack – which defaced government websites with threatening messages – on a group known as UNC1151 and that it was cover for more destructive actions behind the scenes.

“We believe preliminarily that the group UNC1151 may be involved in this attack,” he said.

His comments offer the first detailed analysis by Kyiv on the suspected culprits behind the cyberattack on dozens of websites. Officials on Friday said Russia was probably involved but gave no details. Belarus is a close ally of Russia.

The cyberattack splashed websites with a warning to “be afraid and expect the worst” at a time when Russia has massed troops near Ukraine’s borders, and Kyiv and Washington fear Moscow is planning a new military assault on Ukraine.

Russia has dismissed such fears as “unfounded”.

The office of Belarusian President Alexander Lukashenko did not immediately respond to a request for comment about Demedyuk’s remarks.

Russia’s foreign ministry also did not immediately respond to a request for comment on his remarks. It has previously denied involvement in cyberattacks, including against Ukraine.

“The defacement of the sites was just a cover for more destructive actions that were taking place behind the scenes and the consequences of which we will feel in the near future,” Demedyuk said in written comments.

In a reference to UNC1151, he said: “This is a cyber-espionage group affiliated with the special services of the Republic of Belarus.”

‘Track record’

Demedyuk, who used to be the head of Ukraine’s cyber police, said the group had a track record of targeting Lithuania, Latvia, Poland and Ukraine and had spread narratives decrying the NATO alliance’s presence in Europe.

“The malicious software used to encrypt some government servers is very similar in its characteristics to that used by the ATP-29 group,” he said, referring to a group suspected of involvement in hacking the Democratic National Committee before the 2016 US presidential election.

“The group specialises in cyber espionage, which is associated with the Russian special services (Foreign Intelligence Service of the Russian Federation) and which, for its attacks, resorts to recruiting or undercover work of its insiders in the right company,” Demedyuk said.

The messages left on the Ukrainian websites on Friday were in three languages: Ukrainian, Russian, and Polish. They referred to Volhynia and Eastern Galicia, where mass killings were carried out in Nazi German-occupied Poland by the Ukrainian Insurgent Army (UPA). The episode remains a point of contention between Poland and Ukraine.

Demedyuk suggested the hackers had used Google Translate for the Polish translation.

“It is obvious that they did not succeed in misleading anyone with this primitive method, but still this is evidence that the attackers ‘played’ on the Polish-Ukrainian relations (which are only getting stronger every day),” he said.

© Thomson Reuters 2022

Internet

Facebook, Twitter, Google, Other Tech Firms Ask US Supreme Court to Block Texas Social Media Law

Published

on

By Reuters | Updated: 14 May 2022

Lobbying groups representing Facebook, Twitter, Google and other tech companies filed an emergency request with the US Supreme Court on Friday, seeking to block a Texas law that prohibits large social media platforms from banning users based on their political views.

The Texas law went into effect on Wednesday when the 5th US Circuit Court of Appeals granted the state’s request for a stay of a district judge’s injunction blocking the law.

The law forbids social media companies with more than 50 million active users per month from banning members based on their political views and requires them to publicly disclose how they moderate content.

It was signed into law by Texas Governor Greg Abbott, a Republican, in September.

Internet lobbying groups NetChoice and the Computer & Communications Industry Association filed a lawsuit against the measure, and US District Judge Robert Pitman in Austin, Texas, issued a preliminary injunction in December.

Pitman had found that the law would harm social media companies’ free speech rights under the First Amendment of the US Constitution.

The tech groups, in their emergency request, asked the Supreme Court to “allow the District Court’s careful reasoning to remain in effect while an orderly appellate process plays out.”

© Thomson Reuters 2022

Continue Reading

Internet

Cyberattacks Grown in Last 2 Years During Pandemic, Global Cost Topped $6 Billion in 2021: Italian Defence Firm

Published

on

By Agencies | Updated: 11 May 2022

The global cost of cybercrime topped $6 trillion (roughly Rs. 4,63,52,100 crore) last year, as the coronavirus pandemic caused online activity to soar, the head of Italian defence, security and aerospace giant Leonardo said Tuesday.

“New cybersecurity threats over the last two years have been a ‘collateral damage’ of the COVID-19 pandemic and the acceleration of digitalisation it induced,” Alessandro Profumo said at the opening of the Cybertech Europe 2022 conference in Rome.”

Cyberattacks have grown in number, sophistication and impact — in 2021 the global cost of cybercrime exceeded $6 trillion. “The figures came from Clusit, the Italian association for information security, and compare to an estimate of losses of $1 trillion (roughly Rs. 77,25,550 crore) in 2020.

One fifth of the total attacks was directed at Europe, Profumo said, but the continent lacked at least 200,000 cybersecurity professionals.

Speaking to foreign journalists in Rome last month, he said cybersecurity issues had increased following Russia’s invasion of Ukraine. “We are noticing additional pressure,” said the boss of Leonardo, which has a specialised branch dedicated to cybersecurity.

The statement from Italian defence firm comes a day after the European Union (EU), the UK and the US accused Russia to be behind a series of cyberattacks linked with its conflict with Ukraine earlier this year with wide-ranging impact across Europe.

The western allies said the most recent attack was on the communications company Viasat in Ukraine, which had a wider impact across the European continent, disrupting wind farms and internet users in central Europe. The UK’s National Cyber Security Centre (NCSC) assesses that the Russian Military Intelligence was “almost certainly” involved in the January 13 defacements of Ukrainian government websites and the deployment of a destructive malware called Whispergate.

“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said UK Foreign Secretary Liz Truss.

Continue Reading

Internet

EU, US, UK Accuse Russia of Cyberattacks Amid Invasion of Ukraine; Blame It for Deployment of Whispergate

Published

on

By Press Trust of India | Updated: 10 May 2022

Russia has been behind a series of cyberattacks linked with its conflict with Ukraine earlier this year with wide-ranging impact across Europe, the European Union (EU), the UK and the US said on Tuesday. The western allies said the most recent attack was on the communications company Viasat in Ukraine, which had a wider impact across the European continent, disrupting wind farms and internet users in central Europe.

The UK’s National Cyber Security Centre (NCSC) assesses that the Russian Military Intelligence was “almost certainly” involved in the January 13 defacements of Ukrainian government websites and the deployment of a destructive malware called Whispergate.

“This is clear and shocking evidence of a deliberate and malicious attack by Russia against Ukraine which had significant consequences on ordinary people and businesses in Ukraine and across Europe,” said UK Foreign Secretary Liz Truss.

“We will continue to call out Russia’s malign behaviour and unprovoked aggression across land, sea and cyberspace, and ensure it faces severe consequences,” she said.

The NCSC said it also assesses that it is “almost certain” Russia was responsible for the subsequent cyberattack impacting Viasat on February 24.

At the time, a cyberattack against Viasat began approximately one hour before Russia launched its major invasion of Ukraine. Although the primary target is believed to have been the Ukrainian military, other customers were affected, including personal and commercial internet users. Wind farms in central Europe and internet users were also affected.

Viasat has said that “tens of thousands of terminals have been damaged, made inoperable and cannot be repaired”.

The announcement this week comes as cybersecurity leaders from the Five Eyes intelligence alliance – comprising Australia, Canada, New Zealand, the United Kingdom and the United States – the EU and others are meeting at the NCSC’s Cyber UK conference in Newport to discuss the cyber threats facing the world.

The UK government highlighted that it has already sanctioned the Russian Intelligence network GRU after their poisoning incidents in the city of Salisbury, and has frozen more than GBP 940 billion (roughly Rs. 89,38,530 crore) worth of bank assets and GBP 117 billion (roughly Rs. 11,12,613 crore) in personal net worth from oligarchs and their family members who back Russian President Vladimir Putin.

Continue Reading

Internet

Russia’s RuTube Knocked Out for Second Day by Victory Day Cyberattack

Published

on

By Reuters | Updated: 10 May 2022

RuTube, Russia’s answer to YouTube, was crippled for a second day on Tuesday by a cyber attack whose timing it linked to this week’s anniversary celebrations of victory over Nazi Germany in World War Two.

Usually packed with video content, RuTube’s site is currently black, with a short message reading: “Attention! The site is undergoing technical work. The site was attacked. At the moment the situation is under control. User data has been saved.”

The attack began on Monday, a major national holiday when Russia commemorated the Soviet victory over Adolf Hitler and President Vladimir Putin delivered a speech likening that struggle to the current war in Ukraine.

“Someone really wanted to prevent RuTube from showing the Victory Day parade and celebratory fireworks,” RuTube said. “It is not a sin to remember the battles our guys won. The battle for RuTube continues.”

It described the cyberattack as the worst in the site’s history.

In a separate incident on Monday, Russian satellite television menus were hacked to show viewers in Moscow messages about events in Ukraine, including “You have blood on your hands”, according to screenshots obtained by Reuters.

The websites of state-owned companies and news websites have fallen under sporadic hacking efforts since Russia invaded Ukraine on February 24, often to show information that is at odds with Moscow’s official line on what it calls a “special military operation”.

RuTube said a large team was working to restore the service, and denied reports it had lost the website’s source code.

The long outage goes some way to explaining why Russia has not yet blocked Alphabet’s YouTube, despite repeatedly fining and warning the US service over its removal of some state-backed Russian channels and for failing to delete content Moscow deems illegal.

Russia restricted access to Twitter and Meta Platform’s Facebook and Instagram in early March.

Critics have previously told Reuters that RuTube, despite its weekly user numbers jumping in early March as other foreign social media were forced out of the Russian market, still has a long way to go to rival Google’s video product.

© Thomson Reuters 2022

Continue Reading

Internet

US Offers $15 Million Reward for Information on Conti Ransomware Group

Published

on

By Reuters | Updated: 7 May 2022

The US on Friday offered a reward of up to $15 million (roughly Rs. 115 crore) for information on the Russia-based Conti ransomware group, which has been blamed for cyber extortion attacks worldwide, State Department spokesman Ned Price said.

The FBI estimates that more than 1,000 victims of the Conti group have paid a total in excess of $150 million (roughly Rs. 1,154 crore) in ransomware payments, Price said in a statement.

“In offering this reward, the United States demonstrates its commitment to protecting potential ransomware victims around the world from exploitation by cyber criminals,” he said.

The reward comprises $10 million (roughly Rs. 77 crore) for the identification or the location of leaders of the group, and $5 million (roughly Rs. 38 crore) for information that results in the arrest of anyone conspiring with Conti.

Last year, the FBI said Conti was responsible for striking 16 medical and first responder networks in the US.

Price noted that Conti was blamed for an attack in April on Costa Rica’s tax and customs platforms, impacting the Central American country’s foreign trade.

In February, the Conti group vowed to attack enemies of the Kremlin if they respond to Russia’s invasion of Ukraine.

© Thomson Reuters 2022

Continue Reading

Internet

AGCO Ransomware Attack Disrupts Tractor Sales During US Planting Season

Published

on

By Reuters | Updated: 7 May 2022

AGCO did not disclose the names of the facilities or if any data was stolen, but said it was still probing the extent of the attack that occurred on Thursday and working to repair its systems.

Tim Brannon, president and owner of B&G Equipment in Tennessee, told Reuters he has not been able to access AGCO’s website for ordering and looking up parts since Thursday morning.

“We just have to trust that it will be over as soon as possible because we are coming into our busiest time of the year and it will be very damaging to our business and customers,” Brannon said.

AGCO, which competes with larger rival Deere & Co, sells tractors and combines, manufactures and assembles products in 42 locations worldwide with 1,810 dealerships in North America.

Dealers are now struggling to keep up with orders that were already backlogged.

The company told dealers that it was “prioritising” the most business critical systems in an e-mail read to Reuters by a dealer who declined to be identified.

“I’ve got about nine orders that I need to place right now,” said the dealer.

He said AGCO told him “digital systems” had been impacted worldwide.

AGCO did not respond to requests for additional comment.

AGCO’s shares were down 6 percent at $125.55 (roughly Rs. 9,600) in late afternoon trading.

Ransomware attacks have targeted food and fuel companies in the United States in recent years, including the Colonial Pipeline’s oil network and meat processing company JBS. Last autumn, at least three grain handlers in the Midwest were hit with ransomware attacks.

© Thomson Reuters 2022

Continue Reading

Trending