Through two Twitter accounts identified as @DepaixPorteur and @B00daMooda, the attackers announced the leak of data belonging to RKP Law: “We have hacked RKPLaw (rkplawru) and leaked 1 TB of files, emails, court files, client files, backups and more. They have a very large and interesting customer list that I will post in the comments,” one of the tweets states.

Twitter accounts @YourAnonNews and @YourAnonTV, recognized as Anonymous’ official communication channels also reported the incident.

On the other hand, the journalist and co-founder of the non-profit initiative Distributed Denial of Secrets (DDoSecrets), Emma Best, confirmed that the information allegedly extracted from this legal firm would be available on DDoSecrets.

DDoSecrets reaffirmed the version of the alleged Anonymous hackers about the incident, stating that the leak of this data could critically impact the company, considering that much of their work has to do with important litigation at the national level and involving powerful industrial and government actors.  

Considering these reports, cybersecurity specialists believe it is right to take this incident as part of #OpRussia, a cyberwarfare campaign against Russia deployed by members of Anonymous in retaliation for the military invasion of Ukrainian territory.

A prestigious firm

RKP Law specializes in handling legal disputes in the real estate, construction, and commercial sectors. This law firm also resolves disputes related to the criminal defense of companies and creates systematic defense strategies for corporate managers and senior management at the various stages of criminal proceedings, in addition to collaborating on anti-corruption issues in Russia.

RKP Law’s main clients include Volkswagen Group Russia, Ikea, Toyota, Jones Lang LaSalle, Mechel PJSC, ChTPZ PJSC, Abbott Laboratories, Baker Hughes, ING Bank, Yamaha Motor, Caterpillar, Panasonic, Mars, Gilette, 2×2 Channel, VimpelCom, Citibank and Sberbank.

Feel free to access the International Institute of Cyber Security (IICS) websites to learn more about information security risks, malware variants, vulnerabilities, and information technologies.

The post <strong>Major Russian law firm is hacked; terabytes of stolen data</strong> appeared first on Information Security Newspaper | Hacking News.

Over the past few weeks, multiple agricultural equipment, construction materials and grains collected by farms in Ukraine have been reported stolen. In this case, the equipment of the manufacturer John Deere would have been stolen and transported by Russian troops in the Ukrainian city, occupied since the end of March.

According to the informant in an interview with CNN, Russian soldiers forcibly seized tractors, trucks and crops worth up to $5 million USD. An informant claimed that military trucks with the letter “Z” painted on the front entered the looted facilities for days.

Some of the stolen machinery was sent to a village on the outskirts of Melitopol, while another part of the loot was shipped overland to Chechnya, on a journey of more than 700 miles. However, the Russian soldiers were unaware that the stolen units were equipped with a GPS locator, which allowed the owners to follow in detail the route traced by the Russians.

The stolen equipment could also be controlled remotely, so during the journey to Chechnya the harvesters, tractors and trucks simply stopped working and it was impossible to move forward. Apparently, Russian soldiers decided to leave these machines on a farm near Grozny, at least until they find a way to evade this remote control mechanism.

Although the manufacturer and owners of the stolen machinery appear to have thwarted this heist at least momentarily, the looting of farms by Russian troops in Ukraine is already a widespread practice. Last week, the mayor of Melitopol posted a video showing a convoy of trucks leaving the city and allegedly loaded with thousands of tons of grain produced by Ukrainian farmers: “The stolen grain is sent to Crimea,” the mayor says.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Tractors and agricultural trucks stolen from Ukraine by Russian troops were remotely blocked by the manufacturer appeared first on Information Security Newspaper | Hacking News.

“For the time being, we will keep the Department of Defense website closed until the harmful traffic on the website is gone”, reads one of Finland government tweets.  

It all started this morning, when the Ministry of Foreign Affairs of Finland posted on Twitter: “There are currently interruptions in the online services of the Ministry of Foreign Affairs sites http://Um.fi and Finlanabroad.fi have been attacked with a denial of service variant. We will investigate and try to get the services up and running as soon as possible. We apologize for the inconvenience.”

At 14:06 (Finland time), the Finnish government’s official Twitter account confirmed that these issues had already been addressed and that the websites of both ministries had resumed operations: “The attack is over. Due to the protections on these platforms, most of the sites continued to operate normally during the incident.”

For now there is no information available about the perpetrators of the attack, although it is most likely that the authorities are linking this incident with activity of Russian hacking groups. Just a few hours ago, Ukrainian President Volodymyr Zelenskyy sent a message to the Finnish government via video regarding the conflict with Russia. Other reports mention that Finland’s government is considering applying to NATO, a move the Russian government opposes.

Finland’s Defense Ministry also claimed that Russian state jets have committed various violations of its airspace, which could indicate what the target behind these attacks has been.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Finland government defense sector website shutdown after big DDoS attacks appeared first on Information Security Newspaper | Hacking News.

Investigators collected multiple pieces of evidence that Chinese hackers managed to target seven Indian state centers responsible for carrying out the dispatch of electric power, in addition to taking control of a network located at a border point.

The hackers would have used the Trojan known as ShadowPad during the attack. This malware would have been developed by cybercriminals paid by the Government of China, a common practice of state-sponsored hacking.

In its report, Recorded Future mentions that ShadowPad continues to be used by an increasing number of groups linked to the People’s Liberation Army and the Ministry of State Security, with its origins linked to Chinese government contractors.

Chinese Foreign Ministry spokesman Zhao Lijian said his government is aware of these reports, saying China has always spoken out against cyberattacks: “I would like to advise the company in question that if they are really concerned about global cybersecurity, they should pay more attention to cyberattacks by U.S. government hackers against the rest of the world.”

On the other hand, Indian Ministry of External Affairs spokesman Arindam Bagchi said his country has not discussed the issue with China: “We have seen reports. There is a mechanism in place to safeguard our critical infrastructure to keep it resilient. We have not raised this issue with the government of China.”

Features of this incident such as prolonged targeting of India’s power grid make researchers believe that the main objective of this campaign is to collect information around surrounding critical infrastructure systems, or to have an access point to critical information for future hacking campaigns.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.  

The post How Chinese hackers tried to shutdown Indian electrical grids appeared first on Information Security Newspaper | Hacking News.

According to the report, the first of the firms targeted is Moscow-based MashOil, which designs, manufactures and maintains equipment used in the drilling, mining and fracking industries. Anonymous would have stolen up to 110 GB of information from the company’s systems.

The leaked information would include up to 140,000 emails that can be downloaded via torrent and are available on the official website of Distributed Denial of Secrets (DDoSecrets), a non-profit organization in favor of transparency and disclosure of information of interest.

The Twitter account @YourAnonNews, used by the hacktivism group to publicize its activities, also confirmed the incident.

RostProekt, the second company attacked, is a construction company based in the Russian city of Ivanovo. In this case, the hackers claim to have carried out the attack during the past weekend, stealing 2.4 GB of email records. As in the first attack, the files can be downloaded from the official website of DDoSecrets.

The attack on RostProekt was originally confirmed through the Twitter account @DepaixPorteur, allegedly affiliated with Anonymous and which also played a vital role in the cyberattack against dozens of printers in Russia, a campaign during which hundreds of messages against war and censorship were sent on Russian territory.

From the beginning of the military conflict Anonymous took sides in favor of the Ukrainians, deploying a series of cyberattacks now identified as OpRussia. These attacks involve information theft, hijacking of radio and TV signals, denial of service (DoS) attacks, and other hacking variants.

In an interview with a cybersecurity specialist, the account manager @DepaixPorteur revealed that the group is working on a large-scale data breach belonging to Russian institutions in critical branches. The group says it could leak up to 1.22 TB of sensitive data in the coming weeks if the Russian invasion of Ukraine has not stopped by then.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Two big Russian companies in the oil industry were hacked appeared first on Information Security Newspaper | Hacking News.

Apparently, Miller intentionally changed his code to overwrite the host system data, in addition to modifying the code to display a message calling for world peace, as a protest against the war in Ukraine. GitHub confirmed that this is actually a critical vulnerability tracked as CVE-2022-23812: “Malicious code is capable of overwriting arbitrary files depending on the user’s geographic location,” the platform notes.

At the beginning of March, node-ipc versions 10.1.1 and 10.1.2 were released. When imported as a dependency and executed, these versions of the library check whether the IP address of the host machine is associated with Russia or Belarus; if so, all files are overwritten with a heart symbol.

These versions contained a package created by Miller identified as peacenotwar, capable of creating a file called WITH-LOVE-FROM-AMERICA.txt on users’ desktops and in OneDrive folders. The file allegedly contains a phrase from the developer clamoring for peace, although some users who have seen the file claim that it is simply an empty text file.

Whenever another project uses node-ipc versions 11 or 9.2.2 as a dependency, peacenotwar runs, leaving files on users’ computers. Version 9.2.2 has disappeared from the NPM registry along with the destructive versions 10.1.x. Vue.js, for example, brought node-ipc 9.2.2 while it was available, as 9.x is considered a stable branch, meaning there was a period when some Vue developers may have experienced the sudden appearance of text files.

The good news is that few people were exposed to this destructive version of the library, as large applications and frameworks will have used the stable branch. Any user who has accessed the latest generation versions could have lost their files or found the manifest created by the developer.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Node-ipc JavaScript library was modified to include file deletion malware depending on the users’ IP addresses appeared first on Information Security Newspaper | Hacking News.

The leak was confirmed by the non-profit organization Distributed Denial of Secrets (DDoSecrets), which ensures that the compromised information will be stored and archived on its official platforms.

Although the researchers who have analyzed the leak assure that it is impossible to verify folder by folder, the analysis of some samples of this file seem to confirm the legitimacy of this data, with financial records dating back to 1999. The leak includes invoices, internal communication documents, account statements, names of shareholders of various banks, banking licenses, names and addresses of high-profile customers, and other records.

The Central Bank of Russia operates like any of its counterparts in other regions, being responsible for monetary policy and the proper functioning of the payment system in the Russian Federation. This institution is also responsible for protecting the stability of the ruble, so any threat to its integrity could prove disastrous in economic terms.

On Anonymous, specialists mention that the hacktivist group has been on the side of Ukraine since the beginning of the invasion, deploying some attacks against Russian IT infrastructure, affecting some operations in the public and private sectors. In one of its most eye-catching attacks, the group managed to hack Roskomnadzor, Russia’s Federal Service for the Supervision of Communications, Information Technology and Media. This attack resulted in the leak of more than 300,000 sensitive files, now available through DDoSecrets.

In other separate attacks, hackers managed to compromise the computer systems of TV channels, streaming services, government agencies, CCTV systems and enterprise networks, disrupting critical operations and exposing sensitive information.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Central Bank of Russia was hacked; confidential data leaked appeared first on Information Security Newspaper | Hacking News.

“It turns out it’s not that easy to be president… My advice to you is to lay down your arms and return to your families. It’s not worth dying in this war,” can be heard in this video.

The low quality of the video and the notable errors of proportion in the body of the alleged Ukrainian president make it clear that this is a disinformation attempt. Various media and specialists noticed other things, such as pixelation errors in the face of the fake Zelenskyy or variations between the Zelenskyy’s real voice and the voice of the imposter.

Zelenskyy, who posts text or video messages through his social media whenever he is able to, has already spoken out about it. “As for the latest childish provocation with the advice to lay down arms, I only advise that the troops of the Russian Federation lay down their arms and return home,” he said via his Twitter account.

The deepfake message would have been distributed thanks to the hacking of the Ukrainian channel TV24. The video went viral on social media, including Facebook, though soon after the platform realized it was a hoax: “We identified and removed a video showing Ukrainian President Volodymir Zelenskyy sharing a message he never actually said,” said a statement from Nathaniel Gleicher, head of security policy at Meta.

The armed conflict between the two nations seems far from over and has spread to every possible field, including in the form of disinformation and cyberwarfare. A couple of weeks ago, the Stratcom Centre, Ukraine’s center for strategic communications and information security, warned about disinformation campaigns operated by Russia and using deepfake technology.

While it’s easy to debunk these fake photos, audios, or videos, the speed at which information is reproduced and shared makes it difficult to contain the distribution of false or intentionally misleading information, which reaches millions of users around the world in a matter of minutes.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post How Russian created a deepfake video of Ukrainian president Volodymyr Zelenskyy telling its citizens to lay down arms appeared first on Information Security Newspaper | Hacking News.

This announcement comes shortly after Anonymous hackers managed to take down multiple Russian government websites, declaring a cyberwarfare against Putin’s administration and its decision to invade Ukraine. Hackers say Ukraine’s government will provide amnesty to soldiers who decide to put down their arms.

All the Russian government platforms compromised by Anonymous display the same message: “Dear citizens, we urge you to stop this madness, do not send your children and husbands to certain death. Putin is forcing us to lie and putting us in danger.”

Cyberwarfare tactics have also been deployed by the Russian military, so Ukraine has also had to prepare the defense of its computer infrastructure. Ukraine’s Minister of Digital Transformation, Mykhailo Fedorov, announced on Saturday the creation of a Telegram channel for his computer army: “We need digital talents; all operational tasks will need to be covered to fight on the cyber front.”

As some may recall, Anonymous burst onto the international scene more than 10 years ago in the context of the Occupy Wall Street movement, and since then they claim to have grown steadily. Hackers report deploying hundreds of cyberattacks against Russian organizations over the past week in retaliation for the invasion of Ukraine.

Just a few hours ago, Anonymous claimed to have compromised the computer infrastructure of Russia Today (RT), an information channel sponsored by the Russian government that is about to be banned in the European Union, along with other communication channels linked to the Kremlin.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hacking group offers Russian soldiers 5 million rubles for each surrendered tank appeared first on Information Security Newspaper | Hacking News.

In the notice filed with the U.S. Securities and Exchange Commission (SEC), the company noted that malicious activity had persisted for a couple of weeks and led to the leaking of confidential information, in addition to its teams attributing these attacks to a state-level threat actor. News Corp is collaborating with a leading cybersecurity firm in the investigation of the incident.

The incident would have affected the company’s main news branches, including the aforementioned Wall Street Journal, New York Post and its divisions in the United Kingdom. Unauthorized access would also have allowed malicious hackers to access newspaper notes and reports that had not yet been published.

Mandiant, the security firm collaborating on the investigation, theorizes that the attack was carried out by agents of the Chinese government: “We believe that these actors are involved in espionage activities for the collection of information for the benefit of China’s interests,” the company’s report states.

On the recovery process, News Corp fears that their insurance policy is not enough to cover the losses arising from the incident: “Cybersecurity risk insurance has become more complicated to obtain, no one can be sure even with the support of a policy like these,” says News Corp’s quarterly report.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Fox News, Wall Street Journal and New York Post employees hacked by Chinese APT group appeared first on Information Security Newspaper | Hacking News.

Of all the investigations active at the FBI, more than 2,000 relate to hacking tactics deployed by Chinese government agents, who are caught trying to spy on people of interest in the U.S., steal sensitive information, and even access software critical to North America.

Wray claims that the Chinese government has been able to steal an unprecedented volume of information, causing severe damage to all kinds of organizations at an alarming rate of 2 new incidents recorded daily.

In their quest to compromise targets in the West, Chinese hackers resort to all sorts of methods and tools. For example, the plan identified as “Made in China 2025”, lists 10 key points for the success of his republic over the next few years, demonstrating that it is vital for China to adopt a preponderant role globally in fields such as robotics, clean energy, aerospace and pharmaceutical research, even at the cost of intellectual property theft.

In addition to the obvious cyberwarfare tactics, the Chinese Communist Party turns to its most skilled intelligence agents in search of access to critical information that may affect its adversaries. As if that were not enough, the Chinese government also maintains significant investments to distribute its ideological influence and infer in key actors abroad.

Faced with this risk scenario, the FBI uses all its intelligence resources for the early identification and dismantling of hacking campaigns orchestrated by the Chinese Communist Party. In a recent operation, American agents managed to interrupt the execution of a backdoor on Microsoft Exchange servers that could have proved disastrous for thousands of public and private organizations.

U.S. agencies also try to share all of their findings with the independent research community and security firms, which will allow them to create an environment that is always up-to-date on the latest threats. In this way, the FBI shows its commitment to law enforcement agencies around the world and works to ensure that cybercrime cannot act freely against critical targets.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post China launches more cyber attacks than any other country: New FBI report appeared first on Information Security Newspaper | Hacking News.

Although early hypotheses suggested that these flaws could have been caused by a state actor in retaliation to military tests conducted by the North Korean military in early 2022, it has been confirmed that the real cause of the incident has little or nothing to do with cyberwarfare between world powers.

Apparently, these massive failures were caused by a single individual who, from the comfort of his home, managed to wreak severe havoc on the technological infrastructure of the entire South Korean territory. The independent hacker, identified simply as P4x, was attacked by spies sent by the North Korean government as part of a cyber spying campaign and theft of confidential software. While the hacker claims that the North Korean agents failed in their mission, he did not want to miss the opportunity to take revenge for the hacking attempt.

In an interview with Wired, the hacker claims to have found multiple uncorrected vulnerabilities in various systems used by North Korea, which allowed him to deploy a variant denial of service (DoS) attack against North Korean servers and routers, with very limited security measures considering the importance of these services.

Although P4x did not want to share technical details about the exploited flaws, it assures that one of the flaws is related to a header management error in the NginX web server software. The hacker shared some screenshots to prove that it is he who was behind these flaws.

P4x also mentions that it maintained its attack campaign in an almost automated way, periodically executing scripts to list the active systems and subsequently executing exploits to cause the failures: “This was like a pentesting campaign in the networks of a medium-sized organization; it’s interesting how easy it was to cause these failures,” he says.

It may sound implausible that a single individual would be able to carry out such attacks, although a determining factor in this campaign is the limited Internet infrastructure in North Korea. Still, P4x was able to prove that spying campaigns don’t go unnoticed by the West, where experts aren’t afraid to prove what they’re capable of thousands of miles away.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post This cyber security researcher took matter in his own hands and shut down North Korea’s Internet for taking a revenge appeared first on Information Security Newspaper | Hacking News.