Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+553: Drone war, hacktivism, and Infamous Chisel malware. (CyberWire) Russia and Ukraine continue their drone war as Ukraine pushes into Russian lines in Zaporizhzhia. The Five Eyes confirm Ukrainian reports of GRU cyberespionage. Russian hacktivist auxiliaries turn to Czech targets (and to X).
Russia-Ukraine war: List of key events, day 554 (Al Jazeera) As the war enters its 554th day, these are the main developments.
Russia-Ukraine war at a glance: what we know on day 554 of the invasion (the Guardian) Alleged co-founder of mercenary group Wagner buried; video surfaces of Yevgeny Prigozhin appearing to show him discussing threats to his life
Russia says Ukraine drone attack reaches deep into its territory (Military Times) Ukraine sent waves of drones deep into western Russia in nighttime attacks that lasted more than four hours and struck military assets.
Ukrainian drones attack six Russian regions and hit military planes (the Guardian) Kyiv says four cargo planes destroyed in city 500 miles from border with Ukraine
Ukraine steps up air war with Russia using homegrown drones, Moscow retaliates against Kyiv (Washington Examiner) DEEP STRIKE: While the West anxiously watches the cautious advance of Ukrainian ground forces in the south, Kyiv is demonstrating its expanding capability to hit Russia on its home turf.
Ukraine uses flat-pack drones to strike Russian military planes (The Telegraph) 'Flat-pack’ aircraft supplied by the Australian government hits fighter jets in attack on Russian airfield, says Kyiv’s security service
Ukraine breaches Russia’s heavily fortified defensive line (Telegraph) Footage appears to show Kyiv’s 82nd Air Assault Brigade advancing through southern ‘Surovikin line’ of mines, barriers and trenches
Ukraine’s Elite Snipers Fight Russians, Bullet by Bullet (Wall Street Journal) Stealthy assassins aim to sow chaos in enemy ranks by picking off commanders and key troops.
US Not Running Out of Munitions Due to Ukraine Aid, Pentagon Acquisition Boss Says (Air & Space Forces Magazine) The U.S. isn't running out of munitions as a result of its aid to Ukraine, Pentagon acquisition chief William LaPlante said.
Ukraine-Russia war live: Prigozhin plane crash may have been 'deliberate atrocity', says Kremlin (The Telegraph) The Kremlin has not ruled out the possibility that the plane carrying Yevgeny Prigozhin was downed on purpose.
WSJ News Exclusive | Prigozhin’s Life on the Run: Wagner Chief Used Jets to Evade Tracking for Years (Wall Street Journal) Mercenary leader moved around Russia, blocked surveillance and eluded sanctions until assassination in plane crash.
Yevgeny Prigozhin spoke of threats to his life days before death, video appears to show (the Guardian) Wagner boss apparently seen in Africa saying ‘everything’s fine’ as he addressed rumours about wellbeing
'The Kremlin Has Broken All Records Of Nastiness': Prigozhin Buried In A Cloud Of Uncertainty (RadioFreeEurope/RadioLiberty) For two months after launching the greatest challenge to Vladimir Putin in his 24 years as Russia's preeminent figure, Yevgeny Prigozhin was a man of mystery. That aura continued even in death, as Prigozhin was buried amid secrecy -- and with none of the honors befitting a "Hero of Russia."
In Ukraine, Winning Against Russia Means Fighting the Disinformation War (Smerconish) In an abandoned garage in Vinnytsia, three hours’ drive southwest of Kyiv, Ukraine’s Cyber Police burst in on an outwardly unassuming building. A search of the building revealed 3,300 SIM cards, each with its own fake identity. This raid was part of ongoing joint operations around Ukraine targeting Russian bot farms – with the most recent takedown just a few weeks ago seizing an additional 150,000 SIM cards. The Russians use these bots to impersonate Ukrainian citizens, spread disinformation, and disseminate propaganda about the war.
UK and allies support Ukraine calling out Russia's GRU for new malware campaign (NCSC) Malware, dubbed Infamous Chisel, enables unauthorised access to compromised Android devices.
U.S. and International Partners Release Report on Russian Cyber Actors Using “Infamous Chisel” Malware (Cybersecurity and Infrastructure Security Agency) Joint report provides technical analysis of malware targeting Android devices used by Ukrainian military
Infamous Chisel Malware Analysis Report (Cybersecurity and Infrastructure Security Agency CISA) Infamous Chisel–A collection of components associated with Sandworm designed to enable remote access and exfiltrate information from Android phones.
NCSC, SBU reveal overt Russian cyber campaign as cyber war continues to evolve (ITPro) Sandworm-linked threat actors gained access to battlefield tablets
Russian APT Intensifies Cyber Espionage Activities Amid Ukrainian Counteroffensive (Infosecurity Magazine) The Gamaredon group has ramped up attacks against Ukrainian military entities, with the aim of hindering Ukraine’s counter-offensive operations
GRU Blamed for Infamous Chisel Malware Targeting Ukraine's Military (Infosecurity Magazine) Infamous Chisel, which enables unauthorized access to compromised Android devices used by the Ukrainian military, has been linked to Sandworm
"Fear of cyber war has played into Russia's hands" (Breaking Latest News) Computers are not made to kill people. That’s why cyber attacks didn’t play a decisive role in…
Hackers Attack Czech Banks, Demanding End of Support For Ukraine (Brno Daily) Experts told CTK that there was no risk to the finances of the banks' clients. Credit: Freepik.
Prague, Aug 31 (CTK) - Hackers from the Russian hacktivist group NoName057 (16) attacked Czech banks and the stock exchange yesterday, demanding that the institutions stop supporting Ukraine.
Exper
More Russian attacks on Czech banks: Hackers call for end of support to Ukraine (Expats.cz) Among the affected institutions were Komerční banka, ČSOB, Air Bank, Fio banka, Raiffeisen, Moneta Money Bank, and the Prague Stock Exchange.
Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink (BBC News) Prolific hackers accused of being a front for Russian cyber-operation shares counter evidence with the BBC.
Ukraine investigates corruption in medical exemptions from military duty (Al Jazeera) Ukraine’s President Zelenskyy says bribes of between $3,000 and $15,000 paid for medical exemptions from military duty.
Attacks, Threats, and Vulnerabilities
Earth Estries Targets Government, Tech for Cyberespionage (Trend Micro) We break down a new cyberespionage campaign deployed by a cybercriminal group we named Earth Estries. Analyzing the tactics, techniques, and procedures (TTPs) employed, we observed overlaps with the advanced persistent threat (APT) group FamousSparrow as Earth Estries targets governments and organizations in the technology sector.
'Earth Estries' Cyberespionage Group Targets Government, Tech Sectors (SecurityWeek) Earth Estries, a cyberspy group possibly linked to China, has targeted governments and tech firms in the US, Germany, South Africa and Asia.
Japan's cybersecurity agency admits it was hacked for months (Bitdefender) Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), the agency responsible for the nation's defences against cyber attacks, has itself been hacked.
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps (We Live Security) ESET research uncovers active campaigns linked to the China-aligned APT group known as GREF that distributing espionage code previously targeting Uyghurs.
Chinese APT Group GREF Use BadBazaar in Android Espionage (Infosecurity Magazine) ESET said BadBazaar was available via the Google Play Store, Samsung Galaxy Store and various app sites
CISA and FBI Publish Joint Advisory on QakBot Infrastructure | CISA (Cybersecurity and Infrastructure Security Agency CISA) Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware.
Identification and Disruption of QakBot Infrastructure | CISA (Cybersecurity and Infrastructure Security Agency CISA) The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to disseminate QakBot infrastructure indicators of compromise (IOCs) identified through FBI investigations as of August 2023.
Contrast Assess uncovers Spring-Kafka deserialization zero day (Contrast Security) Contrast’s Assess runtime security solution sniffed out CVE-2023-34040, a bug that could lead to DoS, RCE, authentication bypass and other abuse.
CISA Releases IOCs Associated with Malicious Barracuda Activity (Cybersecurity and Infrastructure Security Agency CISA) CISA has released additional indicators of compromise (IOCs) associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006. Malicious threat actors exploited this vulnerability as a zero day as early as October 2022 to gain access to ESG appliances.
Flaw Exposes WP Migration Plugin to Hacks (Infosecurity Magazine) The vulnerable code was identified by the security research team at PatchStack
Attacks on Citrix NetScaler systems linked to ransomware actor (BleepingComputer) A threat actor believed to be tied to the FIN8 hacking group exploits the CVE-2023-3519 remote code execution flaw to compromise unpatched Citrix NetScaler systems in domain-wide attacks.
BGP Flaw Can Be Exploited for Prolonged Internet Outages (SecurityWeek) Serious flaw affecting BGP implementations can be exploited to cause prolonged internet outages, but several vendors have not patched it.
Multiple Threats Target Adobe ColdFusion Vulnerabilities (Fortinet Blog) A detailed analysis of how a threat group continues to exploit the Adobe ColdFusion vulnerability through attacks including probing, establishing reverse shells, and deploying malware for subsequen…
Group-IB detects Classiscam expansion: $64.5 million scam-as-a-service operation targets 251 brands in 79 countries (Group-IB) Group-IB, a global cybersecurity leader headquartered in Singapore, can reveal that the scam-as-a-service operation Classiscam is continuing its worldwide campaign well into 2023. In a new blog, Group-IB analysts detail how the automated scheme uses Telegram bots to assist with the creation of ready-to-use phishing pages impersonating companies in a range of industries, including online marketplaces, classified sites, and logistics operators. These phishing pages are designed to steal money, payment data, and recently in some cases, bank login credentials from unsuspecting internet users.
Cyber crime targeting Meta’s ad ecosystem spreading (News Powered by Cision) Threats targeting Meta Business accounts growing in popularity among cyber criminals based in
Network technology giant Juniper warns users about denial-of-service bugs (Record) Juniper Networks, which makes popular networking equipment and security technology, is warning about flaws in the operating systems for many of those products.
BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps (We Live Security) ESET research uncovers active campaigns linked to the China-aligned APT group known as GREF that distributing espionage code previously targeting Uyghurs.
The Phishing-as-a-Service platform targeting Microsoft 365 customers (Outpost24) A detailed walkthrough of how a phishing kit can be used to bypass MFA on Microsoft 365 accounts.
Chinese sextortion scammers are flooding Twitter (Rest of World) Scammers are targeting Chinese-language users, harassing political dissidents and influential figures.
Voice Deepfakes Are Coming for Your Bank Balance (New York Times) Artificial intelligence tools have given scammers a potent weapon for trying to trick people into sending them money.
How did Clop get its hands on the MOVEit zero day? (Record) Dustin Childs, the head of threat awareness for the Zero Day Initiative, explains to the Click Here podcast team how zero-day vulnerabilities make it into the hands of cybercriminals.
U. Michigan restores campus internet after cyberattack disrupts first week of classes (EdScoop) The University of Michigan announced it's restored internet to its three campuses after a cyberattack over the weekend.
Internet restored on University of Michigan campus, ongoing issues still expected (mlive) The investigation into the security issue is ongoing and no other information will be released, officials said.
University of Michigan isn't disclosing details of internet outage cyberattack (Detroit Free Press) University of Michigan officials offered no motive for what one regent, who said he was briefed on this week’s internet outage, reportedly described as a "targeted attack" on three of its campuses' online systems nor has a suspect been identified.
Expert weighs in on school cyberattacks as University of Michigan makes progress on internet outages (CBS News) For the first time in nearly four days, the University of Michigan says students can now access their campus accounts.
Cybersecurity alert issued for M&T Bank customers after a worldwide software hack by a Russian group (WGRZ) Pins and passwords were not open to hackers. Also, no customer social security numbers, birthdates, or debit or credit card numbers were disclosed.
Some M&T Bank customer information hacked in massive data breach (NBC Connecticut) Some M&T Bank customers’ information may have been stolen in what was a massive cyber-attack, impacting many other companies too. In a statement, the bank says it wasn’t their internal system that was involved, but rather a third-party company that it uses for file transfer software. “M&T was informed about a recent global cybersecurity incident involving MOVEit, a file transfer…
Paramount discloses data breach following security incident (BleepingComputer) American entertainment giant Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII).
Security Patches, Mitigations, and Software Updates
VMware Releases Security Updates for Aria Operations for Networks (Cybersecurity and Infrastructure Security Agency CISA) VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system.
Juniper Networks Releases Security Advisory for Junos OS and Junos OS Evolved | CISA (Cybersecurity and Infrastructure Security Agency CISA) Juniper Networks has released a security advisory to address a vulnerability for Junos OS and Junos OS Evolved. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition.
Trends
Cryptomining attacks outrank ransomware as top threat to cloud environments: Qualys (Edge) Travis Smith, Vice President, Qualys' Threat Research Unit, reveals details of the 2023 Qualys TotalCloud Security Insights report, and shares insights into the risks in today's cloud environments
58% of malicious emails contained spoof content (Security Magazine) According to a VIPRE Security Group report, 85% of phishing emails sent in Q2 2023 utilized malicious links in the content of the email.
Marketplace
Fianu Labs Emerges From Stealth With $2 Million in Seed Funding (SecurityWeek) Fianu Labs has emerged from stealth mode with a software governance automation solution and $2 million in seed funding.
Malwarebytes lays off 100 employees ahead of business split (TechCrunch) The cybersecurity giant's CEO confirmed the layoffs ahead of a major corporate restructuring that will see its business split into two.
Radware and Spark NZ Sign Cybersecurity Partnership Agreement (Yahoo Finance) Provide application and network security for organizations in New Zealand, including those in banking, transport, health, and the public sectorMAHWAH, N.J. and AUCKLAND, New Zealand, Aug. 29, 2023 (GLOBE NEWSWIRE) -- Radware®, a leading provider of cyber security and application delivery solutions, and Spark NZ, one of New Zealand’s largest digital services providers, today announced they have signed a partnership agreement to offer application and network security services in New Zealand. Based
CYBER.ORG Partners with Amazon to Improve Diversity in the Cybersecurity Industry, Build the Talent Pipeline Starting with K-12 (Business Wire) CISA-funded cybersecurity workforce development program leverages $50K Amazon donation for additional Project REACH summer cybersecurity programming for K-12 students
Council Post: Breaking From Tradition To Overcome The Cybersecurity Talent Gap (Forbes) A shortage of qualified employees has hindered the tech industry in recent years, and perhaps no sector has been more affected by this talent gap than cybersecurity.
Cybersecurity Enters Conversation About Executive Pay (Wall Street Journal) Companies are starting to tie bonuses for their chief executives and other top leaders to cybersecurity metrics, a move that governance experts say could make them more secure against hackers.
Workspot Appoints Industry Veteran Brad Tompkins as President and Chief Operating Officer (Business Wire) Tompkins joins the Workspot leadership bench with over two decades of experience to navigate the company toward its long-term business goals
KnowBe4 Appoints Seasoned Sales Executive Hein Hellemons as New Chief Revenue Officer (KnowBe4) KnowBe4 Appoints Seasoned Sales Executive Hein Hellemons as New Chief Revenue Officer
Pax8 Names Mary Gill Chief Compliance Officer (GlobeNewswire News Room) Pax8, the leading cloud commerce marketplace, today announced the appointment of Mary Gill as Chief Compliance...
Cynet adds Douglas Brockett as Executive Chairman (Cynet) Accomplished industry veteran to focus on strategy enhancement and revenue acceleration
Products, Services, and Solutions
Mandiant blends Google Cloud, AI to automate threat hunting (Cybersecurity Dive) Google Cloud is bringing Mandiant’s threat hunting intelligence to customers’ Chronicle environments and infusing Duet AI across its security portfolio.
Keeper Security Announces Seamlessly Integrated Billing with Gradient MSP (PR Newswire) Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, privileged access, secrets...
Radware Provides DDoS Protection for Leading European Financial Group (GlobeNewswire News Room) Delivers advanced behavioral-based DDoS detection and automatic signature creation...
Beachhead Solutions Releases the “MSP Guide to Compliance and Regulation” (GlobeNewswire News Room) MSPs and other industry experts discuss how MSPs can secure and grow their practices by better understanding FTC Safeguards, HIPAA, cybersecurity...
Rubrik Collaborates with Aon to Help Organizations Maintain Cyber Resiliency Against Modern Threats (GlobeNewswire News Room) Joint effort enables organizations to reduce risk and cost, while increasing data security...
AI Support Experience (Cohesity) This AI-powered support allows users to access expert guidance without engaging a support technician, saving time and resources.
NTT DATA to jointly countermeasure data security risks with UTS in Australia, incorporating cutting edge encryption technology and stringent access controls (NTT DATA) NTT DATA, a global digital business and IT services leader, today announced that the University of Technology Sydney (UTS) and NTT DATA, together with NTT Research, Inc., NTT Ltd. and NTT DATA Romania, have agreed to partner and utilise NTT's commercialised cryptography technology, Attribute Based Encryption (ABE) solution to enhance data security at the UTS Vault for research and use case development.
Technologies, Techniques, and Standards
Revisiting Traditional Security Advice for Modern Threats (Mandiant) Modern attacks targeting supply chains, using zero-day exploits, and exploiting vulnerabilities in security appliances have been flooding newsrooms, boardrooms and threat reports in recent months.
How to ensure DNS records don’t become a security hazard (SC Media) DNS records accumulate over time – here are four ways to manage them more effectively so they don’t become a security risk.
Cyberpsychology: Shaping security strategy when you think like a hacker (TechTrendsKE) We undertake a thorough exploration of cyberpsychology, revealing the capacity that arises from adopting a hacker's viewpoint
Legislation, Policy, and Regulation
ARTICLE 19 And Human Rights Watch’s Comments On The Draft Text Of The UN Cybercrime Convention (Public) The UN Ad Hoc Committee on Cybercrime began its sixth negotiating session on August 21, 2023 in New York.
Microsoft: We need to fight cybercrime, not increase state surveillance (OnMSFT.com) Microsoft stresses the importance of collaboration among governments, law enforcement, international partners, and private corporations to address cybercrime.
Microsoft joins opposition to current version of UN cybercrime treaty (Record) The tech giant is the first large company to criticize the proposed cybercrime treaty being debated at the United Nations, saying the current draft leaves too much to interpretation.
Microsoft's pitch for the UN cybercrime treaty (Axios) As the United Nations wraps up the latest negotiation session this week for a highly anticipated cybercrime treaty, Microsoft is worried the final product won't hit the mark.
Microsoft weighs in on Russian-led UN cybercrime treaty (Register) Could be used to put ethical hackers, and citizens, behind bars
MPs warn government: Regulate AI or lose out on 'superpower' vision (Computing) Rishi Sunak's aim to become a science and technology superpower is at risk if the government doesn't introduce a new law to govern AI this year, MPs have warned.
France's CNIL Calls For Cybersecurity Recommendations (Gov Info Security) The French data regulator is calling on operators of large scale databases to shore up defenses against a slew of threats including nation-states and sophisticated
President describes a Costa Rica armed for cyberdefense (Record) Speaking at an event in Washington, D.C., President Rodrigo Chaves said last year's cyberattacks served as a wake-up call after “decades of negligence.”
Costa Rica approves cybersecurity regulation... (BNamericas.com) Costa Rica's CSIRT also signed MOUs with its counterparts in Honduras, Panama and the Dominican Republic.
Space Force in discussions to establish a cyber component to US Cyber Command (DefenseScoop) The Space Force has been in talks to establish a formal cyber component with U.S. Cyber Command.
Cybersecurity as a Legal Problem (Lawfare) Law is the foundation of cybersecurity.
Litigation, Investigation, and Law Enforcement
The removal of Qakbot from infected computers is just the first step (Help Net Security) Infected computers have been untethered from the Qakbot botnet by specially crafted FBI software that effects Qakbot removal.
Ex-British intelligence worker admits attempted murder of U.S. NSA employee (Reuters) A former British intelligence worker has pleaded guilty in a London court to the attempted murder of a U.S. National Security Agency employee, police and the Crown Prosecution Service said on Wednesday.