The Star (Kenya): How Chinese hackers attacked Kenyan presidency, NIS – Reuters. “Chinese hackers are said to have attacked eight Kenyan government agencies between 2019 and 2022. As reported by Reuters on Wednesday, the hacks constitute a three-year campaign that targeted eight of Kenya’s ministries and government departments, including the presidential office, the National Intelligence Service among others.”
The Guardian: Revealed: the hacking and disinformation team meddling in elections. “A team of Israeli contractors who claim to have manipulated more than 30 elections around the world using hacking, sabotage and automated disinformation on social media has been exposed in a new investigation.”
Jerusalem Post: Iranian hackers claim to have obtained files of Iran’s ‘dirty nuclear projects’ . “Iranian hacker group ‘Black Reward’ announced over the weekend that it had successfully hacked the internal email system of Iran’s Nuclear Power Production and Development Company and that it was releasing 50GB of files to the web.”
Ars Technica: Numerous orgs hacked after installing weaponized open source apps. “Hackers backed by the North Korean government are weaponizing well-known pieces of open source software in an ongoing campaign that has already succeeded in compromising ‘numerous’ organizations in the media, defense and aerospace, and IT services industries, Microsoft said on Thursday.”
Bleeping Computer: UK Police arrests teen believed to be behind Uber, Rockstar hacks. “While there are no details about the investigation, the arrest is believed to be tied to the Lapsus$ hacking group, which is suspected to be behind recent cyberattacks on Uber, Rockstar Games, and 2K.”
TechRadar Pro: Google slams the door on dozens of hack-for-hire groups. “In a new blog post(opens in new tab) published on the Google Threat Analysis Group (TAG) page, the department’s director, Shane Huntley, said it’s been keeping tabs on numerous hack-for-hire groups since 2012. And today, 37 new domains and websites have been added to its Safe Browsing feature.”
ProPublica: Why It’s Hard to Sanction Ransomware Groups. “The Russia-linked ransomware gang Conti avoided the sanctions that hit Russian banks and businesses after the invasion of Ukraine, spotlighting the difficulty of reining in cybercriminals. Meanwhile, confused victims face uncertainty.”
Associated Press: Ransomware gang threatens to overthrow Costa Rica government. “A ransomware gang that infiltrated some Costa Rican government computer systems has upped its threat, saying its goal is now to overthrow the government.”
Lawfare Blog: How to Fight Foreign Hackers With Civil Litigation. “Since 2010, Microsoft alone has won court orders to seize command and control (C2) servers and sinkhole malicious traffic in 24 cases, seizing a total of more than 16,000 malicious domains. Mechanically, these cases work a lot like the Justice Department’s botnet takedowns: Both entities compile evidence that particular domains are being used to control botnets and use that evidence to obtain court orders requiring U.S.-based domain registries to redirect those domains to servers controlled by the entity that sought the order, among other possible court-authorized remedies.”
BBC: Eurovision 2022: Russian vote hacking attempt foiled, police say. “Police in Italy, where this year’s contest was staged, said the Killnet hacker group targeted the first semi-final – in which Ukraine performed – as well as Saturday’s grand final. But they said their cybersecurity division blocked the attacks.”
Bleeping Computer: Hackers stole data undetected from US, European orgs since 2019. “The Chinese hacking group known as ‘Winnti’ has been stealthily stealing intellectual property assets like patents, copyrights, trademarks, and other corporate data – all while remaining undetected by researchers and targets since 2019. Winnti, also tracked as APT41, is an advanced and elusive cyber-espionage group that is believed to be backed by the Chinese state and operates on behalf of its national interests.”
SecurityWeek: Chinese Cyberspies Targeting Russian Military. “A China-linked state-sponsored cyberespionage group has started targeting the Russian military in recent attacks, which aligns with China’s interests in the Russia-Ukraine war, Secureworks reports.”
Financial Times: Prepare for Armageddon: Ukraine’s tactic against Russian hackers. “Armageddon is not the most sophisticated of Russian government-affiliated hacking groups that have attacked Ukraine, but it is among the most prolific. In 5,000 different attempts, it has unleashed ever more effective malware, hidden within cleverly engineered emails to spy on Ukrainian government bodies. But following Russia’s invasion on February 24, its latest attacks have been parried thanks, in large part, to Ukraine’s deep knowledge of Armageddon’s signature moves.”
The Verge: Ukraine says it stopped a Russian cyberattack on its power grid. “An attack on Ukraine’s power grid was foiled by cybersecurity analysts and officials, as reported by Reuters. After investigating the methods and software used by the attackers, cybersecurity firm ESET says that it was likely carried out by a hacking group called Sandworm, which The Record reports allegedly has ties to the Russian government.”
Bleeping Computer: Germany takes down Hydra, world’s largest darknet market. “The servers of Hydra Market, the most prominent Russian darknet platform for selling drugs and money laundering, have been seized by the German police. The police were also able to seize 543 bitcoins from the profits of Hydra, which are currently worth a little over $25 million.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.