trying not to out myself as veteran tumblrina with mental health issues in normal people conversations

The FBI, working closely with an international team including the Czech and Baltic intelligence services, has helped link a series of international cyberattacks to a shadowy unit associated with the Russian secret service, the GRU.

According to a joint cybersecurity advisory report issued on Friday, the cyberattacks were undertaken by a group tied to Unit 29155 of the GRU.

Previously, the same unit has been blamed for an explosion at an ammunition site in 2014 in Vrbětice, deep in the Czech Republic’s southeast, as well as “attempted coups, sabotage and influence operations, and assassination attempts throughout Europe.”

However, in 2020, Unit 29155 expanded its portfolio “to include offensive cyber operations.”

Among other objectives, this offshoot group was used to collect information for espionage, cause reputational harm by stealing and leaking sensitive information, and destroying data.

“Unit 29155 cyber actors [are assessed] to be junior active-duty GRU officers under the direction of experienced Unit 29155 leadership,” said the report.

“These individuals appear to be gaining cyber experience and enhancing their technical skills through conducting cyber operations and intrusions,” it continued. Additionally, the report assessed that non-GRU officers had also been recruited, including known cybercriminals.

The unit is believed to be responsible for unleashing WhisperGate, a multi-stage wiper that has been deployed against the Ukrainian government, non-profit and tech organizations since January 2022. In addition to launching WhisperGate against Ukraine, the group has also targeted NATO states as well as countries in Latin America and Central Asia with its activity, including website defacements, infrastructure scanning, data exfiltration, and data leak operations. “Since early 2022, the primary focus of the cyber actors appears to be targeting and disrupting efforts to provide aid to Ukraine,” the report revealed. Furthermore, over 14,000 cases of domain scanning had also been recorded, with these impacting 26 NATO members and several other EU nations. “Whether through offensive operations or scanning activity, Unit 29155 cyber actors are known to target critical infrastructure and key resource sectors, including government services, financial services, transportation systems, energy, and healthcare sectors of NATO members, the EU, Central American, and Asian countries,” said the report. Led by the FBI, the investigative operation also involved teams from Britain, Australia, Canada, Germany, the Netherlands, Estonia, Latvia, and the Czech Republic. Together, their joint findings have enabled the Cybersecurity Advisory to develop tactics, techniques, and procedures to thwart further actions by Unit 29155.

Russland setzt gezielt destruktive Schadsoftware ein und bedroht mit seiner digitalen Kriegsführung kritische Infrastrukturen in Deutschland. Durch die zunehmende Aggressivität, insbesondere verdeutlicht durch die Einheit 29155 des GRU, wird klar, wie sehr physische und digitale Kriegsführung mittlerweile zusammenhängen. Die Einheit 29155 des GRU, die bereits für Anschläge, Sabotageakte und Attentate in Europa bekannt ist, hat sich nun auch auf den Cyberraum spezialisiert. Die russische Einheit hat ihre Taktiken mindestens seit 2020 erheblich erweitert. Informationen einer Gemeinschaft von staatlichen Organisationen wie dem Bundesverfassungsschutz BfV, des FBI, der CISA und vielen anderen zur Folge, hat sie gezielte Cyberangriffe auf kritische Infrastrukturen und Regierungseinrichtungen in der Ukraine und weiteren NATO-Staaten, darunter Deutschland, durchgeführt. Russland betreibt hybride Kriegsführung Die Berichte, dass die GRU über die Einheit 29155 gezielte Angriffe mit destruktiver Schadsoftware wie Whispergate und Datendiebstahl unternimmt, zeigen auf, dass Russland zunehmend hybride Kriegsführung betreibt. Besonders alarmierend ist die wachsende Verknüpfung zwischen physischen und digitalen Operationen. Berichte über die Kompromittierung von Überwachungskameras in der Ukraine durch russische Hacker unterstreichen diesen Trend. Diese hybride Bedrohung wird in Zukunft eine immer größere Herausforderung werden. Auch in Deutschland nehmen Cyberangriffe durch staatlich unterstützte Akteure wie Russland zu. Obwohl nach den Ergebnissen eines Reports von Armis 100 Prozent der IT-Leiter in Deutschland überzeugt sind, dass ihre Organisation auf Cyberwarfare und damit verbundene Bedrohungen vorbereitet ist, zeigt eine andere beunruhigende Zahl: Nur 46 Prozent der deutschen Unternehmen haben einen Notfallplan, falls Taktiken, Techniken und Methoden des Cyberwarfares auf ihrem Netzwerk festgestellt werden. Diese Diskrepanz zwischen Selbstwahrnehmung und tatsächlicher Vorbereitung ist alarmierend, zumal die Bedrohung durch Russland weiterhin stark zunimmt. Tatsächlich betrachten 48 Prozent der deutschen Organisationen Russland als eine größere Gefahr für die globale Sicherheit als China. Cyberwarfare führt zur Einstellung digitaler Transformationsprojekte Darüber hinaus beeinflusst die Bedrohung durch möglichen Cyberwarfare bereits die Geschäftsentwicklung: 50 Prozent der IT-Entscheider in Deutschland geben an, dass digitale Transformationsprojekte aufgrund dieser Bedrohung entweder pausiert oder ganz eingestellt wurden. Dies zeigt, dass Cyberwarfare nicht nur ein Sicherheitsrisiko darstellt, sondern auch direkte wirtschaftliche Folgen hat, die das Wachstum und die Modernisierung von Unternehmen bremsen. Für Deutschland und den gesamten DACH-Raum bedeutet dies, dass dringend in den Ausbau der Verteidigung der kritischen Infrastruktur investiert werden muss. Compliance wie die NIS2 für KRITIS und andere branchenspezifische Richtlinien wie TISAX, DORA und Co. helfen zwar als Wegweiser, können aber nur Leitplanken sein. Die Umsetzung der organisatorischen und technischen Maßnahmen braucht mehr Aufmerksamkeit und Unterstützung, ohne Vorbehalte und ohne Schablone. Es ist unerlässlich, dass Betreiber kritischer Infrastrukturen eng mit Sicherheitsbehörden und Anbietern von Cybersicherheitslösungen zusammenarbeiten, um die Verteidigungsmaßnahmen zu stärken. Dies beinhaltet sowohl technische Lösungen als auch Sensibilisierungs- und Schulungsprogramme für Mitarbeiter, um auf die zunehmend komplexen und hybriden Bedrohungen angemessen reagieren zu können. Russlands Cyberangriffe bedrohen nicht nur staatliche Organisationen Es ist unerlässlich, dass die Betreiber kritischer Infrastrukturen eng mit den Sicherheitsbehörden und Anbietern von Cybersicherheitslösungen zusammenarbeiten, um ihre Abwehrmaßnahmen zu verstärken. Dies sollte eine umfassende Identifizierung und Echtzeit-Überwachung aller angeschlossenen Geräte beinhalten, zusammen mit der Fähigkeit, Schwachstellen über die gesamte Angriffsfläche hinweg zu identifizieren und schnell zu entschärfen. Diese Strategie sollte auch den Einsatz von KI für die proaktive Erfassung von Bedrohungsdaten umfassen, um Angriffe zu antizipieren und nicht nur auf sie zu reagieren, um den Kampf direkt mit den Angreifern aufzunehmen. Darüber hinaus muss die Sensibilisierung der Mitarbeiter durch Sensibilisierungs- und Schulungsprogramme für den Umgang mit den zunehmend komplexen und hybriden Bedrohungen eine Priorität sein. Die Mitarbeiter müssen das sich ständig verändernde Bedrohungsumfeld verstehen, wissen, was riskantes Verhalten ist und wie es zu einer potenziellen Bedrohung führt, die sich auf das gesamte Unternehmen auswirken kann, unabhängig davon, ob sie von zu Hause, im Ausland oder im Büro arbeiten. Die Aktivitäten der Einheit 29155 und die damit verbundenen Cyberangriffe zeigen, dass Cyberwarfare nicht nur staatliche Organisationen betrifft. Durch eine proaktive Haltung und ein gründliches Verständnis aller Assets und Schwachstellen können Betreiber kritische Infrastrukturen absichern, nationale Interessen wahren und besser auf zukünftige Cyberangriffe vorbereitet sein. Von Peter Machat, Country Manager DACH bei Armis.   Über Armis Armis, das Asset-Intelligence-Unternehmen für Cybersicherheit, schützt die gesamte Angriffsfläche und verwaltet das Cyber-Risiko des Unternehmens in Echtzeit. In einer sich schnell entwickelnden, grenzenlosen Welt stellt Armis sicher, dass Unternehmen alle kritischen Assets kontinuierlich sehen, schützen und verwalten. Passende Artikel zum Thema ff7f00 Einbau einer aufklappbaren box Read the full article

WhisperGate

http://i.securitythinkingcap.com/TCvW4Q

US charges Russian military officers for unleashing wiper malware on Ukraine

WhisperGate campaign targeted Ukrainian critical infrastructure and allies worldwide. Continue reading US charges Russian military officers for unleashing wiper malware on Ukraine

Un funcionario federal dijo que el ataque de malware “WhisperGate” lanzado en enero de 2022 podría considerarse como el primer disparo en la guerra de...

Wiper Malware Nedir? Fidye Yazılım Saldırısından Daha mı Kötü?

Wiper Malware Nedir? Fidye Yazılım Saldırısından Daha mı Kötü? #wiper #wipermalware #fidyeyazılımı #fidyevirüs #Shamoon #Meteor #NotPetya #ZeroCleare #WhisperGate #virus #virüs #virushka #vírus #virusvideo #virusintl #viruscoronavirus #virushkawedding #tr

Bir fidye yazılımı saldırısından daha tehlikeli olan Wiper Malware’n��n tek amacı itibar kaybına ve hasara neden olmaktır. Fidye yazılımı saldırılarının siber saldırıların en ölümcülü olduğunu düşünüyorsanız, tekrar düşünün. Son derece yıkıcı olsa da, çoğu durumda fidye yazılımı görüşmelerinden sonra en azından şifrelenmiş dosyalarınızı geri alabilirsiniz. Ne yazık ki, tek amacı para çalmak…

View On WordPress

I dub this whispergate lol

Nice. Dream’s had a few “whispergate”’s on this blog lol

Russian ‘WhisperGate’ hackers are using new data-stealing malware to target Ukraine

http://dlvr.it/Sj6BQZ t.ly/m_Jb

nobody asked me, but I can't stop thinking about my children, so I'm gonna share anyway. top left to bottom right

Irche, the redeemed half-elf Durge Fighter, who's recently having a very bad day being eviscerated by Lorroakan's Elemental Retort (actually it was Gale, but it doesn't matter in the grand scheme, bc they fell into a chasm fighting the Hag literally the previous day resulting in TPK for the rest of the party in the very next turn)

Ishenareh, the drow Gloom Stalker in the making. She's a little naive. This is also the first character with whom I didn't feel a smidge of compulsion to even try finding Astarion for recruitment. It was very fresh and liberating lol

Moran, the half-drow Paladin of Devotion who will stay good and positive in the face of everything that's about to transpire whether you like it or not godsdammit (I'm still tweaking his appearance)

Lycear, the cool and murderous elf Durge Storm Sorcerer who will unleash unspeakable evil upon this realm (help me I'm scared playing her)

Arcille, the elf Bard. RIP Arcille you were accidentally created on the honour mode, but at least your guardian (bonus last pic) is hot and maybe you'll make it through act 1

Russia's military intelligence agency, the GRU, has long had a reputation as one of the world's most aggressive practitioners of sabotage, assassination, and cyber warfare, with hackers who take pride in working under the same banner as violent special forces operators. But one new group within that agency shows how the GRU may be intertwining physical and digital tactics more tightly than ever before: a hacking team, which has emerged from the same unit responsible for Russia's most notorious physical tactics, including poisonings, attempted coups, and bombings inside Western countries.

A broad group of Western government agencies from countries including the US, the UK, Ukraine, Australia, Canada, and five European countries on Thursday revealed that a hacker group known as Cadet Blizzard, Bleeding Bear, or Greyscale—one that has launched multiple hacking operations targeting Ukraine, the US, and other countries in Europe, Asia, and Latin America—is in fact part of the GRU's Unit 29155, the division of the spy agency known for its brazen acts of physical sabotage and politically motivated murder. That unit has been tied in the past, for instance, to the attempted poisoning of GRU defector Sergei Skripal with the Novichok nerve agent in the UK, which led to the death of two bystanders, as well as another assassination plot in Bulgaria, the explosion of an arms depot in the Czech Republic, and a failed coup attempt in Montenegro.

Now that infamous section of the GRU appears to have developed its own active team of cyber warfare operators—distinct from those within other GRU units such as Unit 26165, broadly known as Fancy Bear or APT28, and Unit 74455, the cyberattack-focused team known as Sandworm. Since 2022, GRU Unit 29155's more recently recruited hackers have taken the lead on cyber operations, including with the data-destroying wiper malware known as Whispergate, which hit at least two dozen Ukrainian organizations on the eve of Russia's February 2022 invasion, as well as the defacement of Ukrainian government websites and the theft and leak of information from them under a fake “hacktivist” persona known as Free Civilian.

Cadet Blizzard's identification as a part of GRU Unit 29155 shows how the agency is further blurring the line between physical and cyber tactics in its approach to hybrid warfare, according to one of multiple Western intelligence agency officials whom WIRED interviewed on condition of anonymity because they weren't authorized to speak using their names. “Special forces don’t normally set up a cyber unit that mirrors their physical activities,” one official says. “This is a heavily physical operating unit, tasked with the more gruesome acts that the GRU is involved in. I find it very surprising that this unit that does very hands-on stuff is now doing cyber things from behind a keyboard.”

In addition to the joint public statement revealing Cadet Blizzard's link to the GRU's unit 29155, the US Cybersecurity and Infrastructure Security Agency published an advisory detailing the group's hacking methods and ways to spot and mitigate them. The US Department of Justice indicted five members of the group by name, all in absentia, in addition to a sixth who had been previously charged earlier in the summer without any public mention of Unit 29155.

“The GRU’s WhisperGate campaign, including targeting Ukrainian critical infrastructure and government systems of no military value, is emblematic of Russia’s abhorrent disregard for innocent civilians as it wages its unjust invasion,” the US Justice Department's assistant attorney general Matthew G. Olsen wrote in a statement. “Today’s indictment underscores that the Justice Department will use every available tool to disrupt this kind of malicious cyber activity and hold perpetrators accountable for indiscriminate and destructive targeting of the United States and our allies.”

The US State Department also posted a $10 million reward for information leading to the identification or location of members of the group, along with their photos, to its Rewards for Justice website.

Beyonds its previously known operations against Ukraine, Western intelligence agency officials tell WIRED that the group has also targeted a wide variety of organizations in North America, Eastern and Central Europe, Central Asia, and Latin America, such as transportation and health care sectors, government agencies, and “critical infrastructure” including “energy” infrastructure, though the officials declined to offer more specific information. The officials told WIRED that in some cases, the 29155 hackers appeared to be preparing for more disruptive cyberattacks akin to Whispergate, but didn't have confirmation that any such attacks had actually taken place.

The US Department of State in June separately revealed that the same GRU hackers who carried out Whispergate also sought to find hackable vulnerabilities in US critical infrastructure targets, “particularly the energy, government, and aerospace sectors.” The DOJ's newly unsealed indictment against the 29155 hackers alleges they probed the network of a US government agency in Maryland 63 times—though without revealing whether any such probes were success—as well as searching for vulnerabilities in the networks of targets in no fewer than 26 NATO countries.

In many cases, the 29155 hackers' intention appeared to be military espionage, according to Western intelligence agency officials. In a Central European country, for instance, they say the group breached a railway agency to spy on train shipments of supplies to Ukraine. In Ukraine itself, they say, the hackers compromised consumer surveillance cameras, perhaps to gain visibility on movement of Ukrainian troops or weapons. Ukrainian officials have previously warned that Russia has used that tactic to target missile strikes, though the intelligence officials who spoke to WIRED didn't have evidence that 29155's operations specifically had been used for that missile targeting.

The Western intelligence agency sources say that GRU Unit 29155's hacking team was formed as early as 2020, though until recent years it primarily focused on espionage rather than more disruptive cyberattacks. The creation of yet another hacking group within the GRU might seem superfluous, given that the GRU's preexisting teams units such as Sandworm and Fancy Bear have long been some of the world's most active and aggressive players in cyber warfare and espionage. But Western intelligence agency officials say that Unit 29155 was likely driven to seek its own specialized hacking team due to internal competition within the GRU, as well as the group's growing clout following the perceived success of its operations—even the botched Skripal assassination attempt. “The Skripal poisoning gave them a lot of attention and a lot of mandate,” one official says. “We assess it’s very likely that’s resulted in them getting a lot of more funds and the resources to attract the capability to start a cyber unit. Success is measured differently in the Western world and Russia.”

According to the Western intelligence officials who spoke to WIRED, the 29155 hacking group is composed of just 10 or so individuals, all of whom are relatively young GRU officers. Several individuals participated in hacking “Capture the Flag” competitions—competitive hacking simulations that are common at hacker conferences—prior to joining the GRU, and may have been recruited from those events. But the small team has also partnered with Russian cybercriminal hackers in some cases, the officials say, expanding their resources and in some instances using commodity cybercriminal malware that has made its operations more difficult to attribute to the Russian state.

One example of those criminal partnerships appears to be with Amin Timovich Stigal, a Russian hacker indicted by the US in absentia in June for allegedly aiding in Cadet Blizzard's Whispergate attacks on the Ukrainian government. The US State Department has also issued a $10 million reward for information leading to Stigal's arrest.

In addition to reliance on criminal hackers, other signs of Cadet Blizzard's level of technical skill appear to fit with intelligence officials' description of a small and relatively young team, according to one security researcher who has closely tracked the group but asked not to be named because they weren't authorized by their employer to speak about their findings. To gain initial access to target networks, the hackers largely exploited a handful of known software vulnerabilities and didn't use any so-called zero-day vulnerabilities—previously unknown hackable flaws—according to the researcher. “There’s probably not a lot of hands-on experience there. They’re following a very common operating procedure,” says the researcher. “They just figured out the exploit du jour that would give them the most mileage in their chosen domains, and they stuck with it.” In another instance of the group's lack of polish, a map of Ukraine that had been included in their defacement images and posted to hacked Ukrainian websites included the Crimean peninsula, which Russia has claimed as its own territory since 2014.

Sophistication aside, the researcher also notes that the 29155 hackers in some cases compromised their targets by breaching IT providers that serve Ukrainian and other Eastern European firms, giving them access to victims' systems and data. “Instead of kicking the front door down, they’re trying to blend in with legitimate trusted channels, trusted pathways into a network,” the researcher says.

The security researcher also notes that unlike hackers in other GRU units, Cadet Blizzard appears to have been housed in its own building, separate from the rest of the GRU, perhaps to make the team harder to link to the Unit 29155 of which they're a part. Combined with the group's command structure and criminal partnerships, it all suggests a new model for the GRU's approach to cyber warfare.

“Everything about this operation was different,” the researcher says. “It’s really going to pave the way for the future of what we see from the Russian Federation.”

EU, US, UK Accuse Russia of Cyberattacks Amid Invasion of Ukraine; Blame It for Deployment of Whispergate

EU, US, UK Accuse Russia of Cyberattacks Amid Invasion of Ukraine; Blame It for Deployment of Whispergate

Russia has been behind a series of cyberattacks linked with its conflict with Ukraine earlier this year with wide-ranging impact across Europe, the European Union (EU), the UK and the US said on Tuesday. The western allies said the most recent attack was on the communications company Viasat in Ukraine, which had a wider impact across the European continent, disrupting wind farms and internet…

View On WordPress

EU, US, UK Accuse Russia of Cyberattacks Amid Invasion of Ukraine; Blame It for Deployment of Whispergate

EU, US, UK Accuse Russia of Cyberattacks Amid Invasion of Ukraine; Blame It for Deployment of Whispergate

Russia has been behind a series of cyberattacks linked with its conflict with Ukraine earlier this year with wide-ranging impact across Europe, the European Union (EU), the UK and the US said on Tuesday. The western allies said the most recent attack was on the communications company Viasat in Ukraine, which had a wider impact across the European continent, disrupting wind farms and internet…

View On WordPress

US charges Russian GRU hackers behind WhisperGate intrusions

http://securitytc.com/TCt2GN