Page 51 of 53 FirstFirst ... 414950515253 LastLast
Results 1,001 to 1,020 of 1043

Thread: Russian Info, Cyber and Disinformation (Jan-June 2017).

  1. #1001
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Not sure is this is just limited to Ukraine......

    Maersk says IT breakdown could be global
    http://www.dailymail.co.uk/wires/reu...n-global.html#

    The sites of the National Police and the Cyber Police are inaccessible and served from the cache as of 16:40:


    16:18 Oshchadbank state bank limited services for clients due to a "hacker attack", ATMs don't service clients.

    Crimean Tatar #ATR TV channel was attacked, however it keeps broadcasting.

    Ukraine interior minister adviser says believes cyber attacks originated from Russia.
    http://reut.rs/2sdut4H

    It is in fact being directed and controlled from Russia..end of story...

    Russia was not cut out off SWIFT for its war against Ukraine. Instead, she blocked financial trasactions in Ukraine.

    PayPass is down as major banks in Ukraine have been attacked by Russian hackers on the eve of Ukraine's Conatitution Day.
    Last edited by OUTLAW 09; 06-27-2017 at 02:05 PM.

  2. #1002
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Deputy head of SBU: our experts have identified "body" of the #CyberAttack virus and study it. This type of virus wasn't seen/used before.

    Coincidentally, this article from two days ago re cyber attacks on Ukraine.

    https://www.axios.com/what-russias-c...paign=organic#

  3. #1003
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Russian first hacking and then release of a new variant of Wannacry MS SMB ransomware first against Ukraine is now bleeding into the rest of Europe....


    This ransomware did not insert itself in the usual manner of having the end user clink of the wrong link and or via phishing..this was inserted in the hacked network and then worked its way to a pc...evidently the Russian cybersecurity company Kaspersky knows nothing of the variant which is unusual as they seem to know what is floating out in the dark net from Russian developers....

    Major ransomware virus hits computer servers across Europe:
    http://reut.rs/2rXEBKB

    PM @Groysman called the attack "unprecedented" but added that "vital systems haven't been affected" - AFP
    Last edited by OUTLAW 09; 06-27-2017 at 04:06 PM.

  4. #1004
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Russian Rosneft stated in their press release that they had been hit as well...RIGT now that stands as a blatant lie..they still are up and running and the other reported Russian companies were not touched as well by this attack....

    Rosneft a part of "plausible deniability" scenario?

    Most certainly....especially if you really understand the irony in their press release...as if they were not even concerned.....VS the panic outbreak in Russia when in fact the entire country got hit with Wannacry......

  5. #1005
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Russia's cyberattack hit Chernobyl computers. Fortunately, radiation monitoring & other systems are operational.

    Has been shifted to manual operations....
    Last edited by OUTLAW 09; 06-27-2017 at 04:53 PM.

  6. #1006
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    .@Europol "urgently responding" to reports of the Petya ransomware attack hitting European businesses

    JUST IN: Norway's National Security Authority says ransomware attack ongoing, affects 'one international company'

    Maersk‏#
    @Maersk
    We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation.
    Last edited by OUTLAW 09; 06-27-2017 at 05:11 PM.

  7. #1007
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    NOW this is in fact interesting to say the least...Kaspersky is usually well informed.

    Kaspersky Lab analysts say new attacks are not a variant of Petya ransomware as publicly reported, but a new ransomware they call NotPetya

    Analysis is coming faster from field IT types than from Kaspersky....

    I am on a train analysing Petya. I think this will be bigger than WannaCry. It's much better designed. Has automated lateral movement.
    Attached Images Attached Images
    Last edited by OUTLAW 09; 06-27-2017 at 05:36 PM.

  8. #1008
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down
    http://www.telegraph.co.uk/news/2017...yber-attack1/#

    KEY....this attack started in Ukraine as the main initial target.......with bleed over into other countries simply because the internet is the internet......

    Right now there is no evidence that the number of Ukraine firms hit was caused by phishing...a large number were actually hacked and the malware inserted into the network and then it spread on its own due to the ability to move laterally.....
    Attached Images Attached Images
    Last edited by OUTLAW 09; 06-27-2017 at 05:48 PM.

  9. #1009
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    List of Ukrainian companies & agencies whose websites were attacked on June 27 (live updates)
    https://en.censor.net.ua/news/445650..._live_updates#

  10. #1010
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Interesting to say the least.....
    Attached Images Attached Images

  11. #1011
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Not confirmed and the company denies it was their update causing the attack....appears if true to have used an app to transfer the malware kind of an end run hack using an app...again if true....

    Ukrainian Cyber Police on MeDoc vulnerability, -latest "auto update" of app was hijacked by Petya.

    And hit all computers with MeDoc

  12. #1012
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Following elimination of the malware is now being used...

    It seems if you run fixdisk /all and reboot the computer you get rid of NotPetya malware.

    Not so sure the malware coders actually thought this kill trigger through when they were coding NotPetya......

  13. #1013
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    There seems to be differing statements as to exactly what the malware was from yesterdays attack.....NotPetya or Goldeneye.....both being ransomware....

    But if the literature and all the researchers are correct both are distributed via phishing attacks...and here is where the problem begins....

    That would in fact mean that whoever turned it loose has spent the last several months infecting computers when users fell for a particular phishing style...AND that had to be done in countless networks and in countless companies across of all Ukrainer yesterday

    The problem is then once it is triggered we would have seen the instant screen pop up demanding a ransom of 300 USD in bitcoin....

    So to believe that suddenly and thoroughly all across Ukraine yesterday all Ukrainian computer end users simply clicked on a phished email is nothing but stupid to say the least...and that in multiple different types of businesses and networks with varying degrees of security.

    Especially since this version seems to travel laterally ...question then arises is ...was the targeted network first hacked and then the ransom injected into the network....

    BUT then we had some good analysts saying it was a ransomware version called Petwrap.....also designed to address the#Windows SMBv1 vulnerability.

    BUT again all of these different ransomware types still takes a successful phishing campaign....and again hitting all networks and all types of business models at the same time takes a well thought out attack plan and it takes the end users to be clicking on that phished email all at the same time....which is totally unnormal human behavior which phishing is designed to use in its favour.....

    At the same time this so called ransomware attack was ongoing there was a series of actual hacker attacks which hit all of the business models that were affected....and either routers and then switches were attacked and downed but only for a certain period and then they came back on line after they rebooted....and rebuilt their routing tables....

    So was this deliberate hacking event the trigger for the sudden and widespread explosion of a ransom malware attack....

    KEY is the Kaspersky statement where they stated early on that this is a malware never seen before.....Petya...NotPetya...Goldeneye.....Petwra p have all been seen before in both the wild and in attacks....so why would Kaspersky state this is something totally new and which has not been seen before???

    So exactly how does a group of ransomeware using normally in the past get into a network without phishing????

    Secondly, another bad news is that currently, only a small portion of antivirus software is able to detect the threat, according to VirusTotal, only 15 out of 61 anti-virus services are able to detect Petwrap.
    Last edited by OUTLAW 09; 06-28-2017 at 07:19 AM.

  14. #1014
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    This paragraph from a security organization points to what I am saying....

    Do not open unsolicited emails or messages from unknown senders – Many ransomware variants are distributed through phishing attacks or email attachments. Increased mindfulness when handling ‘suspect’ emails can be effective in combating ransomware
    So if this version is one designed to attack the Windows SMBv1 vulnerability and phishing was not the delivery system ..what was it then???

    AND if many MS users conducted their MS March 2017 patching session then they should not have been affected.....WHICH after the Wannacry attack actually did occur especially in Ukraine and other countries that got hit by Wannacry.....

    So how did this ransomware sidestep phishing and sidestep the MS patch??

    AND why did it not trigger a large number of anti viral software packages.....
    Last edited by davidbfpo; 06-28-2017 at 10:24 AM. Reason: brevity

  15. #1015
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    But this from a rather good security blogsite tends to confirm what I am saying as well....

    Security firm Symantec confirmed that Petya uses the “Eternal Blue” exploit, a digital weapon that was believed to have been developed by the U.S. National Security Agency and in April 2017 leaked online by a hacker group calling itself the Shadow Brokers.

    Microsoft released a patch for the Eternal Blue exploit in March (MS17-010), but many businesses put off installing the fix. Many of those that procrastinated were hit with the WannaCry ransomware attacks in May. U.S. intelligence agencies assess with medium confidence that WannaCry was the work of North Korean hackers.
    Russian security firm Group-IB reports that Petya bundles a tool called “LSADump,” which can gather passwords and credential data from Windows computers and domain controllers on the network.

    Nicholas Weaver, a security researcher at the International Computer Science Institute and a lecturer at UC Berkeley, said Petya appears to have been well engineered to be destructive while masquerading as a ransomware strain.
    Weaver noted that Petya’s ransom note includes the same Bitcoin address for every victim, whereas most ransomware strains create a custom Bitcoin payment address for each victim.
    Also, he said, Petya urges victims to communicate with the extortionists via an email address, while the majority of ransomware strains require victims who wish to pay or communicate with the attackers to use Tor, a global anonymity network that can be used to host Web sites which can be very difficult to take down.
    “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,” Weaver said. “The best way to put it is that Petya’s payment infrastructure is a fecal theater.”
    Here is the problem....Wannacry was declared by US IC probably NSA with a degree of confidence that it was released by NK.....

    Our active ongoing research in assistance to two Ukrainian IT companies indicated control servers sitting deep inside Russia which we took offline to their surprise....but wait NSA stated the previous attack was by NK....

    What is the connection now between NK state sponsored military hacking and individuals sitting deep inside Russia....??? Criminals working for RIS and or on their own OR outright RIS......

    This my assumption as well....so any of the above combination of who was using it in Russia....
    “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware”

    If we accept that Ukraine has been the test bed by Russian state sponsored hacking of critical infrastructure since 2015 with three attacks and if we accept there have been other such attacks by Russian hackers in Baltic power grids and if we accept that Ukraine is in fact the Russian cyber attack testbed.....then this comment cements the concept of a deliberate cyber attack using ransomware as a disguise...

    The attack if one looks at the Ukrainian networks hit....reads like a military air strike target list except just on an economics level.....banks, telecos, major fuel companies causing a shortage of fuel, food markets, airports, government agencies, news media, power grids and power generation, etc...ALL designed to create a certain level of civilian panic
    The connection between a COL in the Ukrainian SOF Military Intelligence who had just returned from the Minsk front line and who was responsible for the collection of evidence of Russian military involvement for The Hague ICC is killed by a car bomb in Kyiv in the early morning timeframe and the "so called phishing attack" started almost immediately after that attack is not just a single lonely coincidence....

    This was a deliberate and well thought out cyber attack using a new strain of NK released previous ransomware being used by Russians in Russia to sent a Russian warning to the West.....

    REMEMBER NK military is also in the business of making money for the government and if the price is right software always changes hands in the middle of the night these days....either to criminal gangs or to state sponsored groups...

    BTW...this is exactly what we saw yesterday...this type of data being exfiltrated out of attacked networks...thus making it not so easy but doable..tracking it to their control and command servers....which in this case ended in Russia.....

    Russian security firm Group-IB reports that Petya bundles a tool called “LSADump,” which can gather passwords and credential data from Windows computers and domain controllers on the network.

    This type of gathered data is important for future attacks on the compromised networks...
    Last edited by davidbfpo; 06-28-2017 at 10:25 AM. Reason: brevity

  16. #1016
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    This is key as it indicates that while the ransomware was the issue this was running in the background....LSADump which was programed into the malware this indicating that hackers were in actual control of the malware attack.....

    Effects#
    Lsadump is a hacking tool. These tools, even though they are not by nature viruses, are considered as dangerous to victims of attacks.

    Means of transmission

    Lsadump does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
    Further Details
    Lsadump has the following additional characteristics:
    It is written in the programming language Visual C++ 6.
    It is 32768 bytesi in size.

    I am still puzzled though by the Kaspersky statement yesterday that defines this malware as something new...

    They also stated that it was an complex attack using multiple attack vectors...meaning different attack methods and directions BUT that their anti viral detector picked it up under a generic filter......

    Which is strange that a generic detector was available to detect a not previously seen in the wild totally new strain that they were not aware of....that comment in itself is unusual even for Kaspersky.

    Also sitting outside of the malware attack zone they were quick to state and stated early before much was known at the time ...a complex attack from multiple attack vectors......
    Last edited by OUTLAW 09; 06-28-2017 at 09:03 AM.

  17. #1017
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Local kill switch has been found in Petya malware.
    https://twitter.com/ptsecurity/statu...6638731591680#

    This is what Russian military jargon types would call an "asymmetric response".
    Attached Images Attached Images

  18. #1018
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Shadowbrokers (~ adversary intel agency), tagging Petya, seem to escalate by threatening dump against ex-NSA member
    https://web.archive.org/web/20170628...ice-july-2017#
    Attached Images Attached Images

  19. #1019
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    .@CarbonDynamics:
    Petya is fake Ransomware, not designed to make money, but to spread fast and cause max damage


    "Petya" attackers knew that M.E.DOC will impact mostly Ukraine, all other infections are "side effect". Not Criminal act but Cyberwar

    M.E.DOC was doing an upgrade and evidently the Russian hackers got their malware into the upgrade routine thus it hit all of Ukraine at virtually the same time....no analysis so far indicates that it came in via phishing BUT it does indicate the possibility of a direct hack and malware injection into the upgrading code patch.....

    THIS supports my assumption that this was in fact a Russian state sponsored attack directed straight at Ukraine....

    TASS is authorized to declare: Russian also suffered a cyberattack but due to superiority of Russian cybersecurity expertise, no outages.

    BUT WAIT...the only confirmed attacks were really just written press releases with not a single Russian citizen complaining of anything unusual happening.

    Rosneft the Russian state owned oil company was the only real company "complaining" but indicators seem to point to actually nothing happening to their networks...

    So how does one explain the simple fact that Ukraine next door to Russia and Russia has not a truly recorded hacking attack and or malware attack....

    Kaspersky mentioned some customers were attacked in Russia BUT does not name them.....

    Assumption...Russia knew the attack was coming.

    THAT was the reason Kaspersky had a generic filter to detect it and was able to suddenly rush a new filter quickly to their customers...it was already known to them....

    BUT WAIT.....only a single malware attack reported in the Russian occupied eastern Ukraine.....that is strange...SO it can be assumed Russia knew the attack was coming....
    Last edited by OUTLAW 09; 06-28-2017 at 09:44 AM.

  20. #1020
    Council Member
    Join Date
    Nov 2013
    Posts
    35,749

    Default

    Quote Originally Posted by OUTLAW 09 View Post
    .@CarbonDynamics:
    Petya is fake Ransomware, not designed to make money, but to spread fast and cause max damage
    MEDoc is a Ukrainian-only tax accounting program. Exploiting its vulnerabilities proves that Ukrainian IT structures were targeted by #Petya

    THIS was not another so called NK Petya ransomware attack....
    Last edited by davidbfpo; 06-28-2017 at 10:28 AM. Reason: brevity

Similar Threads

  1. Malware & other nasty IT / cyber things
    By AdamG in forum Media, Information & Cyber Warriors
    Replies: 111
    Last Post: 02-07-2018, 10:37 PM
  2. Russian Info, Cyber and Disinformation (Catch all till 2017)
    By TheCurmudgeon in forum Media, Information & Cyber Warriors
    Replies: 373
    Last Post: 02-14-2017, 11:30 AM
  3. Syria in 2016 (January-March)
    By davidbfpo in forum Middle East
    Replies: 3135
    Last Post: 03-31-2016, 08:51 PM
  4. Social Media: the widest impact of (merged thread)
    By zenpundit in forum Media, Information & Cyber Warriors
    Replies: 55
    Last Post: 02-29-2016, 06:57 AM
  5. Ukraine: Russo-Ukr War (June-December 2015)
    By davidbfpo in forum Europe
    Replies: 3393
    Last Post: 12-31-2015, 11:53 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •