27 April 2022 | by Xavier Bellekens
The first of a long series of review of the articles our team has been reading.
According to Ukrainian government officials and private investigators, a Russian military-linked hacking gang attempted to infiltrate Ukrainian power substations and deploy harmful code capable of cutting electricity.
The cyberattacks appear to have been thwarted, with the Ukrainian government’s Computer Emergency Response Team taking credit for stopping the perpetrators.
The hackers behind the attack, a group known as Sandworm, which the US Justice Department has linked to Russia’s GRU military intelligence agency, are a major source of concern for cybersecurity experts around the world because they disrupted electricity in regions of Ukraine in 2015 and 2016.
“In recent years, the Sandworm hacking group has been all over the news. This article is fascinating because it shows the intent and capabilities of the threat actors. Lupovis has been using faux services from its inception to detect these types of attacks ” — Xavier Bellekens, CEO
Source: CNN April 14, 2022
Between February and September 2021, NSO Group capabilities were allegedly used to target at least five senior officials and personnel at the European Commission.
When Apple informed iPhone owners in November that they could be the target of a state-sponsored hacking campaign, officials were alerted. The officials’ computers were infected with the ForcedEntry virus, that had previously been linked to Israeli spyware vendors such as the NSO Group and QuaDream, though NSO Group has denied any involvement in the event.
The actor that was behind the campaign is still unknown. This revelation comes only a week before the European Parliament’s April 19 start of a committee of inquiry into member states’ use of surveillance tools.
It’s interesting to observe how some of the approaches used by threat actors are difficult to handle with typical cybersecurity security products, and how much deception technology could have helped in the early stages. — Lupovis, Junior Threat Analyst
Source: Reuters April 11, 2022
Threat actors have established “Industrial Spy”, a new marketplace that sells stolen data from firms that have been hacked as well as providing free stolen data to its users.
Different tiers of data are available on the marketplace, with “premium” stolen data packages costing millions of dollars and lower-tier data available as individual files for as little as $5. While these types of marketplaces aren’t new, Industrial Spy, mostly focuses on intellectual property and markets itself as a “place where you can buy competitor’s secrets”
This marketplace emphasizes the difficulty of keeping up with external attackers and insider threats alike, despite layers of conventional cybersecurity solutions. Deceptive assets such as files and services can help companies detect data theft and most importantly, protect their IP
— Ivan Andonovic, CSO
Source: bleepingcomputer April 16, 2022