April 2022 in Review

The first of a long series of review of the articles our team has been reading.

Russian military-linked hackers target Ukrainian power company, investigators say

According to Ukrainian government officials and private investigators, a Russian military-linked hacking gang attempted to infiltrate Ukrainian power substations and deploy harmful code capable of cutting electricity.

The cyberattacks appear to have been thwarted, with the Ukrainian government’s Computer Emergency Response Team taking credit for stopping the perpetrators.

The hackers behind the attack, a group known as Sandworm, which the US Justice Department has linked to Russia’s GRU military intelligence agency, are a major source of concern for cybersecurity experts around the world because they disrupted electricity in regions of Ukraine in 2015 and 2016.

“In recent years, the Sandworm hacking group has been all over the news. This article is fascinating because it shows the intent and capabilities of the threat actors. Lupovis has been using faux services from its inception to detect these types of attacks ” — Xavier Bellekens, CEO

Source: CNN April 14, 2022

Senior EU officials were targeted with Israeli spyware

Between February and September 2021, NSO Group capabilities were allegedly used to target at least five senior officials and personnel at the European Commission.

When Apple informed iPhone owners in November that they could be the target of a state-sponsored hacking campaign, officials were alerted. The officials’ computers were infected with the ForcedEntry virus, that had previously been linked to Israeli spyware vendors such as the NSO Group and QuaDream, though NSO Group has denied any involvement in the event.

The actor that was behind the campaign is still unknown. This revelation comes only a week before the European Parliament’s April 19 start of a committee of inquiry into member states’ use of surveillance tools.

It’s interesting to observe how some of the approaches used by threat actors are difficult to handle with typical cybersecurity security products, and how much deception technology could have helped in the early stages. — Lupovis, Junior Threat Analyst

Source: Reuters April 11, 2022

New Industrial Spy stolen data market promoted through cracks, adware

Threat actors have established “Industrial Spy”, a new marketplace that sells stolen data from firms that have been hacked as well as providing free stolen data to its users.

Different tiers of data are available on the marketplace, with “premium” stolen data packages costing millions of dollars and lower-tier data available as individual files for as little as $5. While these types of marketplaces aren’t new, Industrial Spy, mostly focuses on intellectual property and markets itself as a “place where you can buy competitor’s secrets”

This marketplace emphasizes the difficulty of keeping up with external attackers and insider threats alike, despite layers of conventional cybersecurity solutions. Deceptive assets such as files and services can help companies detect data theft and most importantly, protect their IP

— Ivan Andonovic, CSO

Source: bleepingcomputer April 16, 2022

Don’t miss our next review. Follow us on LinkedIn, Twitter, or sign up for our newsletter to have our lattest news.