The Computer Emergency Response Team of Ukraine (CERT-UA) argues that a damaging malware attack on the national news agency Ukrinform on 17 January 2023 was carried out by the Sandworm hacking group (said to be associated with Russian armed forces).
The State Service of Special Communications and Information Protection (SSSCIP) of Ukraine announced that ‘according to preliminary data, provided by CERT-UA specialists, the attack has caused certain destructive effects on the agency’s information infrastructure, but the threat has been swiftly localized nonetheless. This enabled Ukrinform to continue its operation.’
NoName057(16), a hacktivist group described as pro-Russian, is reportedly targeting websites of candidates in the 2023 Czech presidential elections. According to SentinelLabs, the action is part of a distributed-denial-of-service (DDoS) attacks campaign that the group has been conducting against government organisations and critical infrastructures in Ukraine and NATO member states since the start of the war in Ukraine. Some of the most recent targets are said to include Denmark’s financial sector and organisations and businesses in Poland and Lithuania.
The organisation allegedly carried out these attacks utilising open Telegram channels, a DDoS payment program run by volunteers, a multi-OS supported toolkit, and GitHub.
The European Parliament’s civil liberties committee (LIBE) has voted for the parliament to move ahead with ratifying the Second Additional Protocol to the Budapest Convention on Cybercrime. More specifically, LIBE voted in favour of a draft European Parliament resolution that will give the parliament’s consent to a draft Council decision that allows EU member states to ratify the Additional Protocol.
Among other provisions, the Protocol introduces the possibility of emergency mutual assistance between signatories in addressing cybercrime, creates a legal framework for joint investigations, and makes it possible to collect evidence via videoconference where necessary.
The Protocol was criticised by civil society organisations citing incompatibilities with the EU’s Charter of Fundamental Rights. At the same time, a January 2022 opinion from the European Data Protection Supervisor (EDPS) underscored the “many safeguards” contained in the text despite the fact that some data transfers between the EU and the US would be facilitated under the agreement.
Following an unspecified ‘cyber-incident’, the UK’s Royal Mail has warned customers of ‘severe service disruption’ for items sent abroad. The National Cyber Security Centre in the UK acknowledged this, stating that they are aware of an incident affecting Royal Mail Group and are working with the company, as well as the National Crime Agency, to fully understand the impact.
Attacks using distributed denial of service (DDoS) techniques have affected the central bank and seven private banks in Denmark and disrupted their business activities. The attack also affected IT financial industry solutions developer Bankdata, which led to temporary access restrictions in the case of the websites of private banks.
According to data released by Check Point Research, the number of cyber-attacks recorded globally in 2022 was nearly two-fifths (38%) higher than the total volume observed in 2021. Attacks peaked in the fourth quarter of 2022, with an average of 1168 weekly attacks per organisation. The sectors most affected by cyber-attacks were education/research (2314 average weekly cyber-attacks), government/military (1661), and healthcare (1463). The highest volume of attacks was recorded in Africa (1875 weekly attacks per organisation), followed by Asia-Pacific, Latin America, Europe, and North America.
Check Point Research also indicated several trends observed during 2022: (a) the ransomware ecosystem continuously evolving, with smaller and more agile criminal groups; (b) hackers widening their aim to target business collaboration tools such as Slack and Teams with phishing exploits; (c) academic institutions becoming a popular target for cybercriminals.
US-based cyber threat intelligence research team Check Point Research (CPR) found that cybercriminals have been using the artificial intelligence-based tool ChatGPT for malicious purposes. The team described three examples of such misuses of ChatGPT:
- Recreating malicious strains and techniques described in research publications and write-ups about common malware.
- Creating encryption tools
- The second thread is found to perform cryptographic combinations of different signing, encryption, and decryption functions.
- Creating dark web marketplaces.
As CPR notes, although the examples given in the report are relatively basic, ‘it is only a matter of time until more sophisticated actors enhance the way they use AI-based tools for bad’.
Iran’s Infrastructure Communications Company announced on 6 January 2023 that it had prevented a cyberattack on the country’s central bank. Amir Mohammadzadeh Lajevardi, head of the company, was quoted by local media as saying that the bank was targeted by a distributed denial of service (DDoS) attack. In October, Anonymous and other global hacking groups threatened to launch cyberattacks against Iranian institutions and officials in support of anti-government protests and to thwart internet censorship in Iran.
A report by Reuters indicates that Russian hackers affiliated with the Callisto (Cold River) group targeted three US nuclear research laboratories during the summer of 2022.
The hacking team targeted the Brookhaven, Argonne, and Lawrence Livermore National Laboratories, created fake login pages for each lab, and then emailed scientists with the intent of stealing their passwords.
Reuters did not determine why the three labs were targeted or if the attempted intrusions were successful. Neither of the three labs responded to requests for comments.
US-based cyber threat intelligence research team Check Point Research (CPR) identified cybercrime campaigns orchestrated by the threat group APT-C-36 (also known as Blind Eagle) in recent months. According to CPR, Blind Eagle is a financially motivated group that has been coordinating attacks against citizens across South America since 2018.
In one example of a recent campaign, Blind Eagle has been sending phishing emails to citizens pretending to be from the Colombian government. Essentially, these emails threatened citizens with facing problems when leaving the country if certain bureaucratic matters were not settled. In another campaign targeting Ecuador-based organisations, the group used an advanced toolset to coordinate a new infection chain.
CPR characterised Blind Eagle as a ‘strange bird among APT groups’: ‘Judging by its toolset and usual operations, it is clearly more interested in cybercrime and monetary gain than in espionage; however, unlike most such groups that just attack the entire world indiscriminately, Blind Eagle has a very narrow geographical focus, most of the time limited to a single country.’
