Daily NCSC-FI news followup 2021-04-15

White House formally blames Russian intelligence service SVR for SolarWinds hack

therecord.media/white-house-formally-blames-russian-intelligence-service-svr-for-solarwinds-hack/ In a press release today announcing a broad set of sanctions against the Russian government, the Biden administration has formally named the Russian Foreign Intelligence Service, also known as the SVR, as the perpetrator of the 2020 SolarWinds Orion supply chain attack.. The White House said that SVRs hacking unit, known as APT 29, Cozy Bear, or The Dukes, exploited the SolarWinds Orion platform and other information technology infrastructures as part of a broad-scope cyber espionage campaign.. see also

www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/. and home.treasury.gov/news/press-releases/jy0127. and

www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise. and www.nato.int/cps/en/natohq/official_texts_183168.htm. and


Russian Foreign Intelligence Service Exploiting Five Publicly Known Vulnerabilities to Compromise U.S. and Allied Networks

www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ This advisory is being released alongside the U.S. Governments formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign. We are publishing this product to highlight additional tactics, techniques, and procedures being used by SVR so that network defenders can take action to mitigate against them. . see also

us-cert.cisa.gov/ncas/current-activity/2021/04/15/nsa-cisa-fbi-joint-advisory-russian-svr-targeting-us-and-allied. and us-cert.cisa.gov/ncas/analysis-reports/ar21-105a

Second Google Chrome zero-day exploit dropped on twitter this week

www.bleepingcomputer.com/news/security/second-google-chrome-zero-day-exploit-dropped-on-twitter-this-week/ A second Chromium zero-day remote code execution exploit has been released on Twitter this week that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.

Huoltovarmuuskeskuksen ja tavarantoimittajan välisessä maksuliikenteessä mahdollinen rikollinen väliintulo. HVK:lle ei ole syntynyt taloudellista vahinkoa ja suuri osa maksusta on jo palautettu HVK:n tilille.

www.huoltovarmuuskeskus.fi/a/huoltovarmuuskeskuksen-ja-tavarantoimittajan-valisessa-maksuliikenteessa-mahdollinen-rikollinen-valiintulo-hvklle-ei-ole-syntynyt-taloudellista-vahinkoa-ja-suuri-osa-ma… Huoltovarmuuskeskus (HVK) on tehnyt poliisille tutkintapyynnön ja pyytänyt keskusrikospoliisin rahanpesuyksikköä selvittämään, liittyykö HVK:n ja erään sen tavarantoimittajan väliseen maksuliikenteeseen rikollinen väliintulo.. Tutkintapyyntö liittyy maksuun, jonka kokonaissumma on noin 1,3 miljoonaa euroa.

University of Hertfordshire pulls the plug on, well, everything after cyber attack

www.theregister.com/2021/04/15/university_hertfordshire_cyber_attack/ The University of Hertfordshire has fallen victim to a cyber attack that has resulted in the establishment pulling all its systems offline to deal with the situation.

The Biden Administration Just Accused A $1 Billion Russian Cybersecurity Company Of Recruiting Spies

www.forbes.com/sites/thomasbrewster/2021/04/15/the-biden-administration-just-accused-a-1-billion-russian-cybersecurity-company-of-recruiting-spies/ Despite being valued at $1 billion and growing to become a major force in the cybersecurity industry, Moscow-based Positive Technologies has just been accused by the U.S. government of helping and recruiting for Russian spy agencies.

Gafgyt Botnet Lifts DDoS Tricks from Mirai

threatpost.com/gafgyt-botnet-ddos-mirai/165424/ The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.

Huge upsurge in DDoS attacks during pandemic


You might be interested in …

Daily NCSC-FI news followup 2020-11-07

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug threatpost.com/wordpress_open_to_attacks_welcart_bug/161037/ A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Lisäksi: www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/ New Pay2Key ransomware encrypts networks within one […]

Read More

[NCSC-FI News] Exposing initial access broker with ties to Conti

In early September 2021, Threat Analysis Group (TAG) observed a financially motivated threat actor we refer to as EXOTIC LILY, exploiting a 0day in Microsoft MSHTML (CVE-2021-40444) Investigating this group’s activity, we determined they are an Initial Access Broker (IAB) who appear to be working with the Russian cyber crime gang known as FIN12 (Mandiant, […]

Read More

[NCSC-FI News] Kiinalaiset hakkerit ottivat supersuositun VLC-mediasoittimen työkalukseen

Tietoturvatutkijat ovat havainneet pitkään jatkuneen vakoiluoperaation, jonka takana ovat Kiinan valtionhallinnolle työskentelevät hakkerit. Hakkerit ovat käyttäneet apunaan erittäin suosittua VLC Media Player -sovellusta Bleeping Computerin mukaan operaatiossa on vakoiltu hallinnollisia, oikeudellisia ja uskonnollisia organisaatioita sekä järjestöjä Pohjois-Amerikassa, Aasiassa ja Euroopassa Vakoiluoperaatiosta on vastannut Cicada-nimellä tunnettu hakkeriryhmä. Yli 15-vuotisen historiansa aikana ryhmä on käyttänyt myös nimiä […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.