Powergrid attacks, DDoS, and doxing in a hybrid war. Notes on botnets, and a threat actor changes its phish hooks. Patch Tuesday. Sentence passed in a sanctions evasion case.
Indestroyer2 and Ukraine's power grid. More on last week's distributed denial-of-service attack against Finland. Anonymous claims to have doxed Russia's Ministry of Culture. Hafnium gets evasive. Enemybot is under development but worth keeping an eye on. Changing the phish hook. Patch Tuesday notes. Tim Eades from Cyber Mentor Fund on digital & security transformations. Our guest is Aaron Shilts from NetSPI onproactive public-private sector security collaboration. Sanctions evasion is serious business.
Selected reading.
Why Russia’s Cyber Warriors Haven't Crippled Ukraine (The National Interest)
In Ukraine, a ‘Full-Scale Cyberwar’ Emerges (Wall Street Journal)
Russian hackers tried to bring down Ukraine’s power grid to help the invasion (MIT Technology Review)
Russia's Sandworm Hackers Attempted a Third Blackout in Ukraine (Wired)
Ukraine Thwarts Cyberattack on Electric Grid, Officials Say (Wall Street Journal)
Zhadnost strikes again… this time in Finland. (SecurityScorecard)
Anonymous Hits Russian Ministry of Culture- Leaks 446GB of Data (HackRead)
Tarrask malware uses scheduled tasks for defense evasion (Microsoft Security Blog)
Enemybot: A Look into Keksec's Latest DDoS Botnet (Fortinet Blog)
Enemybot: a new Mirai, Gafgyt hybrid botnet joins the scene (ZDNet)
Qbot malware switches to new Windows Installer infection vector (BleepingComputer)
Microsoft Releases April 2022 Security Updates (CISA)
Google Releases Security Updates for Chrome (CISA)
Citrix Releases Security Updates for Multiple Products (CISA)
Apache Releases Security Advisory for Struts 2 (CISA)
Valmet DNA (CISA)
Mitsubishi Electric MELSEC-Q Series C Controller Module (CISA)
Inductive Automation Ignition (CISA)
Mitsubishi Electric GT25-WLAN (CISA)
Aethon TUG Home Base Server (CISA)
U.S. crypto researcher sentenced to five years for helping North Korea evade sanctions (Reuters)