Cyberconflict and warfare Archives | Page 33 of 38

UN ITU condemns Russia for alleged satellite system interference in European countries

The UN’s International Telecommunication Union (ITU) condemned Russia for allegedly interfering with the satellite systems of several European countries, including Ukraine, France, Sweden, the Netherlands, and Luxembourg. These incidents, reported over recent months, have disrupted GPS signals and jeopardised air traffic control.

ITU’s review indicated that the interference originated from earth stations near Moscow, Kaliningrad, and Pavlovka. The organisation called the interference ‘extremely worrisome and unacceptable’ and urged Russia to cease these actions immediately and investigate the incidents. It also proposed a meeting between the affected countries and Russia to resolve the issue.

Swedish authorities blamed Russia for harmful interference shortly after Sweden joined NATO, while France reported significant disruptions to its Eutelsat satellites. Additionally, Lithuania and Estonia raised alarms about navigation signal interference impacting flights. Earlier in the year, a jet carrying UK Defence Secretary Grant Shapps experienced GPS jamming over Kaliningrad.

Russia denied any wrongdoing and complained about alleged interference by NATO countries, which ITU did not address. Russia’s presidential press secretary, Dmitry Peskov, expressed unawareness of the UN agency attributing interference to Russia and questioned the UN’s authority to discuss the matter.

Japan unveils AI defence strategy

The Japanese Defence Ministry has unveiled its inaugural policy to promote AI use, aiming to adapt to technological advancements in defence operations. Focusing on seven key areas, including detection and identification of military targets, command and control, and logistic support, the policy aims to streamline the ministry’s work and respond to changes in technology-driven defence operations.

The new policy highlights that AI can enhance combat operation speed, reduce human error, and improve efficiency through automation. AI is also expected to aid in information gathering and analysis, unmanned defence assets, cybersecurity, and work efficiency. However, the policy acknowledges the limitations of AI, particularly in unprecedented situations, and concerns regarding its credibility and potential misuse.

The Defence Ministry plans to secure human resources with cyber expertise to address these issues, starting a specialised recruitment category in fiscal 2025. Defence Minister Minoru Kihara emphasised the importance of adapting to new forms of battle using AI and cyber technologies and stressed the need for cooperation with the private sector and international agencies.

Recognising the risks associated with AI use, Kihara highlighted the importance of accurately identifying and addressing these shortcomings. He stated that Japan’s ability to adapt to new forms of battle with AI and cyber technologies is a significant challenge in building up its defence capabilities. The ministry aims to deepen cooperation with the private sector and relevant foreign agencies by proactively sharing its views and strategies.

Report reveals cyber insurance premiums decline despite rising ransomware attacks

A report by Howden has stated that cyber insurance premiums are on a downward trend worldwide despite the rise in ransomware attacks as businesses are upping their capacity to mitigate losses from cybercrime. The surge in insurance premiums first arose during 2021 and 2022 because of COVID-19 pandemic and an increase in cyber incidents but has since declined in the following years. The cyber insurance market witnessed significant price reductions in 2023/24, attributed to advancements such as multifactor authentication that significantly enhanced data protection, decreasing insurance claims.

Sarah Neild, the head of UK cyber retail at Howden, highlighted the fundamental role of multifactor authentication in securing data, comparing it to a basic security measure akin to locking the door when leaving the house. Neild stressed the multifaceted nature of cybersecurity, underscoring the importance of increased investments in IT security, including employee training.

Following Russia’s invasion of Ukraine in February 2022, global ransomware attacks saw a decline as hackers from these regions shifted their focus to military activities. However, recorded ransomware incidents surged by 18% in the first five months of 2024 compared to the previous year—ransomware functions by encrypting data where hackers typically offer victims a decryption key in exchange for cryptocurrency payments. While business interruption remains the primary cost after a cyberattack, businesses can mitigate these expenses by instituting improved backup systems such as cloud backup systems.

Although most of the cyber insurance business is concentrated in the United States, the report anticipates that the fastest-growing market will be Europe in the coming years due to lower current penetration levels. Finally, the report finds that smaller firms exhibit lower rates of cyber insurance adoption, which can partly be attributed to a need for more awareness regarding cyber risks.

Chinese state-linked hackers target Taiwanese entities amid rising cross-strait tensions

A suspected Chinese state-linked hacking group is increasingly targeting Taiwanese entities, particularly those within government, education, technology, and diplomacy sectors, as reported by cybersecurity intelligence firm Recorded Future. In recent times, the relationship between China and Taiwan has faced escalating tensions. The cyber assaults attributed to the group dubbed RedJuliett occurred between November 2023 and April 2024, coinciding with Taiwan’s presidential elections in January and the subsequent change in leadership.

While RedJuliett has previously targeted Taiwanese organisations, the recent wave of attacks marked a significant escalation in scope. The hacking attempts by RedJuliett targeted over 70 Taiwanese entities, including universities, an optoelectronics firm, and a facial recognition company with government contracts. While the success of these infiltration attempts remains unclear, Recorded Future only confirmed the observed efforts to identify network vulnerabilities.

Recorded Future revealed that RedJuliett exploited a vulnerability in the SoftEther enterprise virtual private network (VPN) software to breach the servers of these organisations. The open-source VPN facilitates remote connections to an organisation’s networks. The modus operandi of RedJuliett aligns with tactics commonly associated with Chinese state-sponsored groups, as per Recorded Future’s analysis. The geolocations of IP addresses suggest that RedJuliett likely operates from Fuzhou, a city in China’s Fujian province facing Taiwan’s coast.

The report speculated that Chinese intelligence services in Fuzhou are likely engaged in intelligence gathering against Taiwanese targets to support Beijing’s policymaking on cross-strait relations through RedJuliett’s activities. While Taiwan’s Ministry of Foreign Affairs refrained from immediate comments, a spokesperson from the Chinese Foreign Ministry dismissed the allegations, citing a lack of credibility in Recorded Future’s claims.

Why does it matter?

China’s increased military exercises around Taiwan and diplomatic pressures have exacerbated tensions, particularly following the election of Taiwan’s President Lai Ching-te, labeled a ‘separatist’ by China. Amidst escalating cyberespionage activities globally, Recorded Future anticipates continued targeting of Taiwanese government agencies, universities, and critical technology firms by Chinese state-sponsored groups. The firm recommends organisations prioritise patching vulnerabilities promptly to enhance their cybersecurity.

Indonesia orders audit after ransomware compromises government data

President of Indonesia Joko Widodo has ordered an audit of government data centres following a significant ransomware cyberattack that exposed the country’s vulnerability to such incidents.

The attack, which disrupted multiple government services, including immigration and airport operations, affected over 230 public agencies. Despite an $8 million ransom demand, the government of Indonesia has refused to pay to retrieve the encrypted data.

In response, state auditor Muhammad Yusuf Ateh announced that the audit would examine both the governance and financial aspects of the data centres. The head of Indonesia’s cybersecurity agency, Hinsa Siburian, revealed that 98% of the compromised data had not been backed up, highlighting a major governance issue.

Communications Minister Budi Arie Setiadi acknowledged that while backup capacity was available, budget constraints had prevented its use, which will now be made mandatory.

The cyberattack has led to widespread criticism of Minister Setiadi, with digital advocacy group SAFEnet calling for his resignation due to repeated cyberattacks.

Setiadi countered with a petition to stay on as minister and informed parliament that a ‘non-state actor’ seeking money was likely behind the attack. The government aims to fully restore services by August, using backup data centres and improved cybersecurity measures.

Why does it matter?

The IATSE’s tentative agreement represents a significant step forward in securing fair wages and job protections for Hollywood’s behind-the-scenes workers, ensuring that the rapid technological advancements do not come at the expense of human employment.

TeamViewer blames Russia-linked hackers for cyberattack

German software company TeamViewer announced on Friday that it was the target of a cyberattack earlier this week. The company accused the hacker group APT29 from Russia, known as ‘Cozy Bear’ or Midnight Blizzard, of being behind the breach. Western intelligence agencies allege that APT29 operates on behalf of Russia’s foreign spy agency.

The attack occurred on Wednesday, with the hackers gaining access to TeamViewer’s corporate IT environment. However, the company confirmed that neither its product environment nor customer data were compromised. The news follow a similar incident in March, where Alphabet’s Mandiant cyber unit caught the same group attempting to trick key German political figures with a phishing email.

The cyberattack has had immediate financial repercussions for TeamViewer. As of 1152 GMT, shares in the company had dropped by 10%, marking their worst trading day since November 2023. The incident underscores the persistent threat of cyberespionage faced by companies worldwide.

Russian hackers steal Microsoft and customer emails

Russian hackers breached Microsoft systems earlier this year, stealing emails from Microsoft staff and its customers, according to the tech giant. The disclosure highlights the extensive scope of the breach, adding to the regulatory scrutiny Microsoft faces over the security of its software and systems. The hackers, identified as the Midnight Blizzard threat actor, targeted cybersecurity researchers investigating Russian hacking activities.

Microsoft has been notifying affected customers, although the company has not disclosed the number of customers or emails impacted. Initially revealed in January as affecting a small percentage of corporate email accounts, the breach continued to pose threats for months, raising concerns among the security industry and prompting a Congressional hearing. In response, Microsoft President Brad Smith stated the company is working on overhauling its security practices.

New report unveils cyberespionage groups using ransomware for evasion and profit

A recent report from SentinelLabs and Recorded Future analysts contends that cyberespionage groups have increasingly turned to ransomware as a strategic tool to complicate attribution, divert attention from defenders, or as a secondary objective for financial gain alongside data theft.

The report specifically sheds light on the activities of ChamelGang, a suspected Chinese advanced persistent threat (APT) group that uses the CatB ransomware strain in attacks targeting prominent organisations globally. Operating under aliases like CamoFei, ChamelGang has targeted mostly governmental bodies and critical infrastructure entities, operating mostly from 2021 to 2023.

Employing sophisticated tactics for initial access, reconnaissance, lateral movement, and data exfiltration, ChamelGang executed a notable attack in November 2022 on the Presidency of Brazil, compromising 192 computers. The group leveraged standard reconnaissance tools to map the network and identify critical systems before deploying CatB ransomware, leaving ransom notes with contact details and payment instructions on encrypted files. While initially attributed to TeslaCrypt, new evidence points to ChamelGang’s involvement.

In a separate incident, ChamelGang targeted the All India Institute Of Medical Sciences (AIIMS), disrupting healthcare services with CatB ransomware. Other suspected attacks on a government entity in East Asia and an aviation organisation in the Indian subcontinent share similarities in tactics, techniques, and procedures (TTPs) and the use of custom malware like BeaconLoader.

These intrusions have impacted 37 organisations, primarily in North America, with additional victims in South America and Europe. Moreover, analysis of past cyber incidents reveals connections to suspected Chinese and North Korean APTs.

Why does it matter?

The integration of ransomware into cyberespionage operations offers strategic advantages, blurring the lines between APT and cybercriminal activities to obfuscate attribution and mask data collection efforts. The emergence of ChamelGang in ransomware incidents stresses adversaries’ evolving tactics to achieve their objectives while evading detection.

US Department of Justice charges Russian hacker in cyberattack plot against Ukraine

The US Department of Justice has charged a Russian individual for allegedly conspiring to sabotage Ukrainian government computer systems as part of a broader hacking scheme orchestrated by Russia in anticipation of its unlawful invasion of Ukraine.

In a statement released by US prosecutors in Maryland, it was disclosed that Amin Stigal, aged 22, stands accused of aiding in the establishment of servers used by Russian state-backed hackers to carry out destructive cyber assaults on Ukrainian government ministries in January 2022, a month preceding the Kremlin’s invasion of Ukraine.

The cyber campaign, dubbed ‘WhisperGate,’ employed wiper malware posing as ransomware to intentionally and irreversibly corrupt data on infected devices. Prosecutors asserted that the cyberattacks were orchestrated to instil fear across Ukrainian civil society regarding the security of their government’s systems.

The indictment notes that the Russian hackers pilfered substantial volumes of data during the cyber intrusions, encompassing citizens’ health records, criminal histories, and motor insurance information from Ukrainian government databases. Subsequently, the hackers purportedly advertised the stolen data for sale on prominent cybercrime platforms.

Stigal is moreover charged with assisting hackers affiliated with Russia’s military intelligence unit, the GRU, in targeting Ukraine’s allies, including the United States. US prosecutors highlighted that the Russian hackers repeatedly targeted an unspecified US government agency situated in Maryland between 2021 and 2022 before the invasion, granting jurisdiction to prosecutors in the district to pursue charges against Stigal.

In a subsequent development in October 2022, the same servers arranged by Stigal were reportedly employed by the Russian hackers to target the transportation sector of an undisclosed central European nation, which allegedly provided civilian and military aid to Ukraine post-invasion. The incident aligns with a cyberattack in Denmark during the same period, resulting in widespread disruptions and delays across the country’s railway network.

The US government has announced a $10 million reward for information leading to the apprehension of Stigal, who is currently evading authorities and believed to be in Russia. If convicted, Stigal could face a maximum sentence of five years in prison.

EU sanctions six Russian-linked hackers

Six individuals were added to the EU’s sanctions list – they all have been involved in cyberattacks targeting critical infrastructure, state functions, classified information, and emergency response systems in EU member states, according to the official press release. These sanctions mark the first instance of measures against cybercriminals employing ransomware in essential services such as health and banking.

Among those sanctioned are Ruslan Peretyatko and Andrey Korinets of the ‘Callisto group,’ known for cyber operations against the EU and third countries through phishing campaigns aimed at stealing sensitive data in defense and external relations.

Also targeted are Oleksandr Sklianko and Mykola Chernykh of the ‘Armageddon hacker group,’ allegedly supported by Russia’s Federal Security Service (FSB), responsible for impactful cyberattacks on EU governments and Ukraine using phishing and malware.

Additionally, Mikhail Tsarev and Maksim Galochkin, involved in deploying ‘Conti‘ and ‘Trickbot‘ malware under the ‘Wizard Spider’ group, face sanctions. These ransomware campaigns have caused significant economic damage across sectors including health and banking in the EU.

The EU’s horizontal cyber sanctions regime now covers 14 individuals and four entities, involving asset freezes and travel bans, and prohibiting EU persons and entities from providing funds to those listed.

With these new measures, the EU and its member states emphasize their commitment to combating persistent malicious cyber activities. Last June, the European Council agreed that new measures were needed to strengthen its Cyber Diplomacy Toolbox.