Dateline
Ukraine at D+302: Implausible insistence on Russia's blamelessness for the war. (CyberWire) As Russia looks for ways of supplying its forces with basics (like ammunition, which it's been reduced to buying from North Korea), its diplomats try to fix the blame for their war on the Americans and (of course) Nazis. And its hackers may be turning their attention to healthcare providers.
Ukraine Russia war latest news: Separatist leader killed by car bomb in Kherson (The Telegraph) The Russian-installed head of a village in Kherson oblast has been killed in a car-bomb explosion.
Russia-Ukraine war live: Russian ambassador warns of ‘high’ risk of clash with US (the Guardian) Kremlin ambassador to US, Anatoly Antonov, compares relations between two countries to ‘ice age’
Former Russian space chief wounded by blast while celebrating birthday near Ukraine front line (The Telegraph) Ex deputy prime minister Dmitry Rogozin was injured inside a Donetsk restaurant while two others were killed
Putin declares ‘war’ – aloud – forsaking his special euphemistic operation (Washington Post) After nearly 10 months of war, but referring to the brutal invasion of Ukraine instead as “a special military operation,” Russian President Vladimir Putin on Thursday finally called it a “war” for the first time, setting off an uproar among antiwar Russians who have been prosecuted for merely challenging the Kremlin-approved euphemism.
Will Putin force Belarus to join the Russian invasion of Ukraine? (Atlantic Council) Vladimir Putin traveled to Minsk this week for the first time in three-and-a-half years, fueling speculation that he is seeking to pressure Belarus dictator Alyaksandr Lukashenka into joining the failing invasion of Ukraine.
With or Without Troops, Belarus Is Already Part of the War in Ukraine (World Politics Review) Belarusian troops are not yet on the ground in Ukraine, but the Lukashenko regime is already involved in the war in other ways.
North Korea providing arms to Russia's Wagner Group for Ukraine fight: White House (Breaking Defense) Some 50,000 Wagner fighters are currently in Ukraine, mostly poorly trained convicts, costing over $100 million per month, National Security Council spokesperson John Kirby said.
Europe Is Rushing Arms to Ukraine but Running Out of Ammo (Wall Street Journal) The continent is struggling to produce enough ammunition for Ukraine and for itself, jeopardizing NATO’s defense capacity and its support for Kyiv, officials and industry leaders say.
Caught on Camera, Traced by Phone: The Russian Military Unit That Killed Dozens in Bucha (New York Times) Exclusive evidence obtained in a monthslong investigation identifies the Russian regiment — and commander — behind one of the worst atrocities in Ukraine.
CCTV shows chilling moment Russian FSB agents and soldiers scour Ukrainian orphanage for children (Sky News) The footage has been exclusively obtained by Sky News as part of an investigation, during which orphanage workers said they have no idea about the location of children in their care after Russian soldiers took them.
Putin’s Pit Bull Is Making a Power Play (Foreign Policy) As hard-liners shuffle for power amid a failing war, Russia’s military could turn even more aggressive.
2022 REVIEW: Russia’s invasion has united Ukraine (Atlantic Council) The February 2022 Russian invasion of Ukraine was meant to extinguish Ukrainian statehood but Putin's plan has backfired disastrously and united Ukraine as the country fights for its right to exist, writes Taras Kuzio.
Experts react: The lasting impact of Zelenskyy's Washington visit (Atlantic Council) What are the stakes for Zelenskyy, Biden, and Congress—and what does the Ukrainian president want the American people to know? Here's your expert guide.
Zelenskyy's surprise visit to DC was months in the making (AP NEWS) The idea of a daring wartime trip by Volodymyr Zelenskyy to Washington had percolated for some time before the surprise visit was revealed just hours ahead of the Ukrainian president's arrival.
Zelenskyy gets a Washington embrace. Will he also get more weapons? (Atlantic Council) Zelenskyy came armed with a thank you for the billions of dollars in aid and materiel the United States has sent, and a subtle request for more. Will he get the rest of his wish list?
Zelensky’s Weapons Wish List Goes Mostly Unfulfilled on Trip to Washington (New York Times) The Biden administration continues to balk at sending U.S. battle tanks, fighter jets and long-range missiles to Ukraine.
Military weighs training Ukrainians on Patriot in United States (POLITICO) Since the invasion in February, the U.S. has trained Ukrainians in Europe.
Ukraine’s Fate and America’s Destiny (The Atlantic) Zelensky’s address to Congress challenged us to remember America’s mission in the world.
Joe Biden’s attack on the EU was as striking as it was disingenuous (The Telegraph) US president’s claim the Union and Nato would fall apart over Russia threat is a smokescreen to hide his reluctance to risk a real world war
Vladimir Putin’s war has humiliated the EU (The Telegraph) That Zelensky went to the US, not Brussels, is a sign of Europe’s disgraceful failure to back Ukraine
Mr. Zelensky Goes to Washington (Foreign Policy) He’s asking for big arms, and the Biden administration is not abiding, balking on long-range weapons and shirking from slapping a terror designation on Russia.
Ukraine must be given the tools to stop Vladimir Putin in 2023 (Atlantic Council) As we approach the start of a new year, it is vital that Ukraine’s Western partners demonstrate a long-term commitment to defeating Russia, writes Ukrainian MP and Holos Party leader Kira Rudik.
Russia's defeat is the top global priority for 2023 (Atlantic Council) Ensuring that the Russian invasion of Ukraine ends in defeat is vital for the international security system and must be the strategic priority for 2023, writes Ukrainian Defense Minister Oleksii Reznikov.
For ‘Peace Activists,’ War Is About America, Never Russia (Foreign Policy) Their own hard-left worldview is so absorbing that they will take the side of any aggressor in the anti-Western camp.
Could Joe Biden’s Ukraine support define his presidency? (The Spectator World) Republicans may not realize it, but by flexing his muscles on Ukraine, Joe Biden looks like a resolute leader
‘Get Rid of the Video!’: Putin Crony Freaks Out in Live TV Flop Over Zelensky Clip (The Daily Beast) An on-air mishap over a video depicting Volodymyr Zelensky in Washington did not go over well with Moscow’s top mouthpiece.
A Ukrainian Steals $25,000 In Bitcoin From Russian Dark Web Drug Market And Gives It To A Kyiv Charity (Forbes) Solaris drug market’s master wallet has been hacked and its funds diverted to a Ukrainian humanitarian charity.
Pro-Russian Hacktivist Group ‘KillNet’ Threat to HPH Sector (HC3) HC3 is closely tracking hacktivist groups which have previously affected a wide range of countries and industries, including the United States Healthcare and Public Health (HPH) sector. One of these hacktivist groups—dubbed ‘KillNet’—recently targeted a U.S. organization in the healthcare industry. The group is known to launch DDoS attacks primarily targeting European countries perceived to be hostile to Russia, and operates multiple public channels aimed at recruitment and garnering attention from these attacks.
HHS alert warns KillNet hacktivist group targeted US healthcare entity (SC Media) Provider organizations are being urged to shore up defenses, after the pro-Russian hacktivist group known as "KillNet" recently targeted a U.S. entity in the healthcare sector.
HC3 Analyst Note TLP Clear Pro-Russian Hacktivist Group Killnet Threat to HPH Sector December 22, 2022 | AHA (American Hospital Association) HC3 is closely tracking hacktivist groups which have previously affected a wide range of countries and industries, including the United States Healthcare and Public Health (HPH) sector.
Espionage, Not Blackouts, Is Theme of Russian Hacking in Ukraine (Bloomberg) Ukrainians spent months preparing, testing for vulnerabilities
Cybercom disrupted Russian and Iranian hackers throughout the midterms (Washington Post) U.S. conducted offensive cyber operations to counter state-sponsored cyberattacks, including new ‘Hunt Forward’ missions
German intel employee held for passing information to Russia (AP NEWS) An employee of Germany's foreign intelligence service has been arrested on suspicion of treason for allegedly passing secret information to Russia, German prosecutors said Thursday. The man, a German citizen who was identified only as Carsten L.
Apple accused of censoring apps in Hong Kong and Russia (Register) Activists note absence of VPNs ponder whether Apple may put revenue above human rights in some markets
Attacks, Threats, and Vulnerabilities
N.Korea to 'step up' cyber attacks against S.Korea: Seoul spy agency (News Room Odisha) Seoul: North Korea is expected to “intensify” cyber offences targeting South Korea next year to “steal information” on advanced technologies, such as nuclear power and space programmes, Seoul’s spy agency said on Thursday. North Korean hacking groups will likely focus on “stealing” the South’s technologies related to nuclear plants, chips and the defence industry, and […]
Guacamaya leaks spark debate about militarization, spyware, but no accountability (The Record by Recorded Future) The Guacamaya leaks in September exposed corruption, militarization and surveillance throughout Latin America.
New STEPPY#KAVACH Attack Campaign Likely Targeting Indian Government: Technical Insights and Detection Using Securonix (Securonix) The Securonix Threat Research team has recently identified a new malicious attack campaign related to a malicious threat actor (MTA) tracked by Securonix as STEPPY#KAVACH targeting victims likely associated with the Indian government.
Gootkit Loader continues to be used on multiple Australian networks (Australian Cyber Security Centre) The Australian Cyber Security Centre continues to observe instances of Gootkit JavaScript (JS) Loaders on multiple Australian networks in 2022. Open source reporting also indicates continued Gootkit activity.
Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks (Trend Micro) From September to December, we detected multiple attacks from the Royal ransomware group. In this blog entry, we discuss findings from our investigation of this ransomware and the tools that Royal ransomware actors used to carry out their attacks.
Researchers Link Royal Ransomware to Conti Group (SecurityWeek) Royal ransomware appears to be operated by seasoned threat actors who used to be part of Conti Team One.
Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development (SentinelOne) New PolyVice ransomware is likely in use by multiple threat actors building re-branded payloads with the same custom encryption scheme.
Vice Society ransomware gang switches to new custom encryptor (BleepingComputer) The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305.
Microsoft: Zerobot adds new exploits, DDoS attack capabilities (The Record by Recorded Future) The newly discovered Zerobot botnet continues to evolve, increasingly targeting connected Internet of Things devices.
Microsoft research uncovers new Zerobot capabilities (Microsoft Security Threat Intelligence) Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of distributions and objectives, modifying existing botnets to scale operations and add as many devices as possible to their infrastructure.
Ransomware Roundup – Play Ransomware (Fortinet Blog) In this week's ransomware roundup, FortiGuard Labs covers the Play ransomware along with protection recommendations. Read our blog to find out more.…
Trying to Steal Christmas (Again!) (Fortinet Blog) FortiGuard Labs discovered some holiday-themed phishing examples that exploit excitement and interest in the holidays created by an AgentTesla affiliate. Read our blog to learn more about how malwa…
The Taxman Never Sleeps (Fortinet Blog) FortiGuardLabs discovered a malicious email that included a tax form seemingly from the United States Internal Revenue Service (IRS) sent by the recently resurgent Emotet group. Read our blog to le…
Comcast Xfinity accounts hacked in widespread 2FA bypass attacks (BleepingComputer) Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges.
Major Australian university dealing with suspected cybersecurity attack (7NEWS) Printers on campus produced suspicious messages in bulk.
Printers at Queensland's second-largest university spit out ransomware messages after cyber attack (ABC) University printers began spitting out ransomware notes and the vice-chancellor says the university has shut down multiple IT systems in response.
After ransomware hits Colombian energy firm, Moody's says low patch rate suggests inadequacies in cyber practices (SC Media) A ransomware attack at top Colombian energy company Empresas Publicas de Medellin (EPM) may damage its credit quality, setting an alarm clock for the critical infrastructure industry to develop efficient mitigation practices and vulnerability management programs, Moody’s said.
Notice of Recent Security Incident (The LastPass Blog) We are working diligently to understand the scope of the incident and identify what specific information has been accessed.
Update on SickKids response to cybersecurity incident (SickKids) Impacted systems may be offline for a prolonged time but patient care is continuing
Hands On With Flipper Zero, the Hacker Tool Blowing Up on TikTok (WIRED) Don’t be fooled by its fun name and Tamagotchi-like interface—this do-everything gadget is trouble waiting to happen and a whole lot more.
Revealed: The Israeli Firm Selling ‘Dystopian’ Hacking Capabilities (Haaretz) Meet Toka, the Israeli cyber firm founded by Ehud Barak, that lets clients hack cameras and change their feeds – just like in Hollywood heist movies
Products, Services, and Solutions
Brave launches FrodoPIR, a privacy-focused database query system (BleepingComputer) Brave Software developers have created a new privacy-centric database query system called FrodoPIR that retrieves data from servers without disclosing the content of user queries.
StarLink signs up with Rapid7 for Middle East distribution (ACE Times) This Collaboration will Aim to Enable Enterprises with Continuous Cloud Security and Compliance
Technologies, Techniques, and Standards
Cyber Liability Insurance: 5 Best Practices to Ensure You’re Approved (Channel Futures) There are key security controls you should have in place to increase the odds that you’ll be approved for cyber liability insurance.
Averting cyberattacks on operations a key focus for rail, expert says (FreightWaves) Miki Shifman, co-founder and chief technology officer for Israeli company Cylus, discusses the cybersecurity landscape for freight and passenger rail operations worldwide.
Cyber Agency Needs Vendor Input for New Threat Data Dashboard (Bloomberg Law) The nation’s cybersecurity agency will build a dashboard for real-time analysis of potential threats and is reaching out to federal contractors for industry insight into how the platform should work.
What is an IP address and how can you change it with a VPN? (ZDNET) Your IP address can be a gold mine for invasive advertisers, as well as thieves, hackers, and other bad actors. We'll explain why it's so sought after, and how you can protect your IP address by using a VPN.
Aubrey Kirchhoff: What we should and should not do about kids and social media (Rochester Post Bulletin) The urge to leap into action when there is a crisis is strong, especially when it affects younger generations. But remember: No matter how well intentioned, our attempts to help can backfire.
Research and Development
Air Force Research Lab Taps Battelle for Microelectronics Security Tech R&D (ExecutiveBiz) Looking for the latest Government Contracting News? Check out our story: Air Force Research Lab Taps Battelle for Microelectronics Security Tech R&D.
Legislation, Policy, and Regulation
Biden Signs National Defense Authorization Act Into Law (U.S. Department of Defense) President Joe Biden has signed the Fiscal 2023 National Defense Authorization Act into law allotting $816.7 billion to the Defense Department.
Insiders worry CISA is too distracted from critical cyber mission (FedScoop) The agency appears to be struggling with internal divisions, morale problems and growing concerns about leadership priorities.
Insiders worry CISA is too distracted from critical cyber mission (CyberScoop) The agency appears to be struggling with internal divisions, morale problems and growing concerns about leadership priorities.
Partnerships Key to DHS Cyber Goals, Official Says (Meritalk) The Department of Homeland Security (DHS) has several initiatives underway to help U.S. critical infrastructure providers reduce risks – with partnerships between the public and private sectors positioned as the key to ensuring success of those initiatives, an agency official said this week.
Military Branches Losing Expensive Cyber Talent to the Private Sector, Watchdog Says (Nextgov.com) The Government Accountability Office found that the lack of required service time commitments within some of the military branches is making it difficult to retain personnel who have completed expensive and advanced cyber courses.
Wyden: When government hacks our devices (Oregon Business Report) Wyden Calls for Transparency on Government Hacking of Americans’ Devices — Wyden Requests FBI Policies, Legal Justifications for Use of Malware Made by NSO and Other Foreign Hacking Tools, Statistics on How Many Devices and People Are Hacked Annually By US Senator Ron Wyden, Washington, D.C. – U.S. Sen. Ron …
How Cyber Command has ‘built and rebuilt’ its strategy around cyberspace operations (The Record by Recorded Future) Kurt Sanger, a former U.S. Cyber Command top attorney, said he joined the command force by “happenstance.”
Litigation, Investigation, and Law Enforcement
Data brokers raise privacy concerns — but get millions from the federal government (POLITICO) How an old privacy law and new security demands force Washington to rely on an industry in the crosshairs.
FTX's Bankman-Fried, charged with 'epic' fraud, released on $250 million bond (Reuters) The bail package would require Bankman-Fried to surrender his passport and remain in home confinement at his parents' home in Palo Alto, California. He would also be required to undergo regular mental health treatment and evaluation.
Sam Bankman-Fried to Be Released on $250 Million Bond (Wall Street Journal) The FTX founder makes first U.S. court appearance following his extradition from the Bahamas
FTX founder Sam Bankman-Fried will be confined to his parents' Palo Alto home as part of a $250M bond deal (Silicon Valley Business Journal) The news of Sam Bankman-Fried's imminent return to his native Palo Alto comes after two of his close associates pleaded guilty to several criminal offenses.
SEC Charges Caroline Ellison and Gary Wang with Defrauding Investors in Crypto Asset Trading Platform FTX (US Securities and Exchange Commission) The Securities and Exchange Commission today charged Caroline Ellison, the former CEO of Alameda Research, and Zixiao (Gary) Wang, the former Chief Technology Officer of FTX Trading Ltd. (FTX), for their roles in a multiyear scheme to defraud equity investors in FTX, the crypto trading platform co-founded by Samuel Bankman-Fried and Wang. Investigations into other securities law violations and into other entities and persons relating to the alleged misconduct are ongoing.
Two Bankman-Fried colleagues plead guilty to fraud (Washington Post) Caroline Ellison and Gary Wang helped the disgraced crypto mogul divert funds and are now aiding prosecutors
SEC Calls FTT Exchange Token a Security (CoinDesk) The complaint against Alameda's Caroline Ellison and FTX's Gary Wang contains allegations that FTX's exchange token, FTT, constitutes an investment contract.
AI-Created Comic Has Been Deemed Ineligible for Copyright Protection (CBR) Reversing an earlier decision, the United States Copyright Office rules that a comic book made using A.I. art is ineligible for copyright protection