The US Department of Justice announced that it seized the networks of a major international ransomware variant named Hive. The Hive ransomware was responsible for extorting and attempting to extort millions of dollars from victims in the USA and around the world, Attorney General Merrick B. Garland stated. More than 1,500 victims worldwide were targeted, including hospitals, schools, financial firms, and critical infrastructure, with an estimated loss of more than $150 million.
Cybercrime
Saudi Arabia targeted by the Iranian threat actor’s new identity
Cobalt Sapling, an Iranian threat actor, has been seen developing a new identity known as ‘Abraham’s Ax’ to use Saudi Arabia as political leverage.
The information was discovered by cybersecurity researchers at Secureworks’ Counter Threat Unit (CTU), who released an advisory about the new threat on January 26. Secureworks stated that the development of Abraham’s Ax and its attacks on Saudi government ministries illustrate its political intentions in a report emailed to Infosecurity.
Lazarus group responsible for virtual currency theft
The Federal Bureau of Investigation (FBI) confirmed that the DPRK cybercriminal group, Lazarus, is responsible for stealing $100 million of virtual currency from Harmony’s Horizon Bridge. FBI found that the portion of the stolen Ethereum, laundered during the June 2022 heist, was sent to virtual asset providers and converted to bitcoins.
Russia experienced record numbers of DDoS attacks in 2022
The biggest internet service provider in Russia, Rostelecom, reports that 2022 saw a record number of Distributed Denial of Service (DDoS) attacks against Russian organisations.
According to the Rostelecom report, its experts recorded 21.5 million critical web attacks aimed at approximately 600 organizations from various industries, including critical infrastructure, financial, and the private and public sectors. DDoS assaults accounted for 80% of all cyberattacks directed at Russian entities.
Other findings suggest that 30% of all observed cyberattacks in 2022 targeted the governmental sector, followed by 25% on financial organisations and services and 16% on educational institutions.
With more than 500,000 DDoS attempts found, Moscow was the most often targeted region in 2022. The largest documented attack was 760 GB/sec, while the longest DDoS lasted nearly three months.
New Consolidated Negotiating Document of the Cybercrime Ad Hoc Committee
The fourth session of the Cybercrime Ad Hoc Committee focused on amending the consolidated document prepared by the Chair Committee with the support of the Secretariat on November 7th, 2022. The new version was amended and will be further negotiated in the upcoming sessions. In General Provisions, the protection of human rights was highlighted by the EU and its member states, Canada, and the UK, while also emphasising that state parties shall carry out their obligations under international human rights law treaties.
Greece sings Second Additional Protocol to the Budapest Convention
Within the framework of the international conference in Strasbourg, Greece became the 31st country to sign the Second Additional Protocol on enhanced co-operation and disclosure of electronic evidence to the Convention on Cybercrime (Budapest Convention).
Cybercrime cases in the Netherlands tripled since 2019
A surge in digital crimes that occurred during the COVID-19 pandemic seems to be continuing in the Netherlands, despite a low number of burglaries, robberies, and muggings. These digital crimes include online scams and fraud. Reports on cybercrime cases stood at 4,715 in 2019 and rose to 13,949 in 2022. Conversely, while classic crimes have slightly increased since the end of the pandemic, their number still remains low compared to 2019.
Chinese APT group linked with attacks on Iranian government networks
Vixen Panda, a Chinese advanced persistent threat (APT) group, has been linked to a wave of attacks against the Iranian government between July and December 2022. An analysis conducted by cybersecurity researchers at the Palo Alto Networks’ Unit 42 indicates that Iranian government networks have likely been compromised by two new variants of a backdoor called Turian.
Ukraine accuses Russian hackers of carrying out news agency data-wiping strike
The Computer Emergency Response Team of Ukraine (CERT-UA) argues that a damaging malware attack on the national news agency Ukrinform on 17 January 2023 was carried out by the Sandworm hacking group (said to be associated with Russian armed forces).
The State Service of Special Communications and Information Protection (SSSCIP) of Ukraine announced that ‘according to preliminary data, provided by CERT-UA specialists, the attack has caused certain destructive effects on the agency’s information infrastructure, but the threat has been swiftly localized nonetheless. This enabled Ukrinform to continue its operation.’
NoName057(16) hacktivist group found to target Czech presidential elections
NoName057(16), a hacktivist group described as pro-Russian, is reportedly targeting websites of candidates in the 2023 Czech presidential elections. According to SentinelLabs, the action is part of a distributed-denial-of-service (DDoS) attacks campaign that the group has been conducting against government organisations and critical infrastructures in Ukraine and NATO member states since the start of the war in Ukraine. Some of the most recent targets are said to include Denmark’s financial sector and organisations and businesses in Poland and Lithuania.
The organisation allegedly carried out these attacks utilising open Telegram channels, a DDoS payment program run by volunteers, a multi-OS supported toolkit, and GitHub.