At a glance.
- Sandworm was in Kyivstar's networks for months.
- GRU cyber campaign incorporates novel malware.
- GXC Team's latest offerings in the C2C underground market.
- Data breach blamed on password reuse.
- UAC-0050 deploys RemcosRAT against Ukrainian targets.
- NPM dependency campaign.
- Cyber-kidnapping in Utah.
- Cameras hacked by Russian intelligence services to provide targeting information.
- NoName057(16) as a model for future hacktivist auxiliaries.
- US Department of Homeland Security assesses cyber threats to the US.
- Zero-click exploit affects iPhones belonging to Kaspersky employees.
- Amnesty International reports Pegasus use in India.
- Cyber Toufan claims attacks against Israeli targets.
- The impact of the European Data Act.
Sandworm was in Kyivstar's networks for months.
Illia Vitiuk, who leads Ukraine's SBU cybersecurity department, has told Reuters that the Sandworm element of Russia's GRU had gained access to telecom provider Kyivstar's networks at least as long ago as May of 2023. Sandworm probably began its attempts against Kyivstar as early as March of that year. Its goal was collection, mostly of data on individual users of Kyivstar's services, followed in the last stages of the operation by destruction of data and disruption of services. A nominally hacktivist group, Solntsepyok, had claimed credit for the attack, but Solntsepyok is almost surely a GRU front.
The effects of the attack on Kyivstar were severe and widespread, but mostly affected civilian users as opposed to military operations--the Ukrainian military doesn't make much tactical use of civilian telecoms. Vitiuk sees the attack as a warning. "This attack is a big message, a big warning," he said, "not only to Ukraine, but for the whole Western world to understand that no one is actually untouchable." Kyivstar is a large, wealthy, private company, a subsidiary of the Netherlands multinational VEON, and it was by no means a soft target. Kyivstar was known for its extensive investment in cybersecurity, but it was successfully attacked nonetheless.
GRU cyber campaign incorporates novel malware.