Killnet targets healthcare sector across Europe, USA

Pro-Russia hacking group Killnet has been targeting hospitals in Europe and the USA in retaliation for western support for Ukraine. The Netherlands National Cybersecurity Centre (NCSC) reported that the attacks impacted several hospitals in the country, but their impact was minimal. The Dutch cyber watchdog also said all the threats had been successfully mitigated. 

The US Department of Health and Human Services (HHS) also reported that Killnet had targeted US hospitals and is actively threatening the health and public health sector. The HHS noted that these attacks do not cause significant harm but can create service disruptions that may last several hours or days.

Hospitals in other European countries, including the UK, Germany, and Poland, have also been targeted.

New Somnia ransomware attacks target corporations in Ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) reported the spread of a new ransomware strain called ‘Somnia’, attributing the attacks to the Russian threat actor known as ‘From Russia with Love’ (FRwL), also known as ‘Z-Team’. The ransomware attacks targeted Ukrainian corporations’ employees, using their Telegram accounts to try and gain access to a corporate network.

As explained by CERT-UA, the group used fake sites that mimic the ‘Advanced IP Scanner’ software, which, if downloaded, infects the victim’s computer with the Vidar data-stealing malware that can capture Telegram session data, as well as take over the victim’s account.

Then, the threat actors used victims’ Telegram accounts to gain access to the corporate network. Once access to the target’s network was obtained, the hackers executed reconnaissance operations using tools like Netscan and deployed Cobalt Strike Beacons before exfiltrating data.

According to CERT-UA, the group had previously revealed that they created Somnia ransomware on Telegram and posted evidence of the attacks they made against Ukrainian targets.

Wikimedia Foundation fined over two articles on the war in Ukraine

A Russian court issued a 2 million roubles (US$32,600) fine against Wikimedia Foundation, Wikipedia’s owner, over two articles in Russian about the war in Ukraine. The articles in question were about the evaluations of Russia’s invasion of Ukraine and the Ukrainian civilian population’s non-violent resistance during the Russian invasion. The head of Wikimedia’s Russian chapter anticipates an increase in such cases against the Foundation.

Amazon fined in Russia

A Moscow court fined US giant Amazon.com Inc a total of 4 million roubles (US$16,150) for failing to remove illegal content, Interfax reported. According to the court’s ruling, Amazon had failed to delete banned content related to drug use and suicide.

It is the first such fine imposed on Amazon, while other US-based giants have come under pressure in Russia in recent months, with Meta being labelled as an ‘extremist’. On the other hand, Google and Apple received fines for refusing to localise the Russian users’ database in Russian territory.

US airport websites knocked offline by ‘Killnet’ hackers

More than a dozen airport websites in the USA have been targeted by a series of distributed denial-of-service (DDoS) attacks. The hackers targeted some of the nation’s largest airports, which appeared inaccessible on Monday morning. However, as later confirmed, no actual air travel disruptions were reported. The attacks were attributed to a pro-Russian hacktivist organisation Killnet, as they have previously listed multiple US airports as potential targets.

In the previous week, the same group took responsibility for knocking offline US state government websites in Colorado, Kentucky, and Mississippi, among others.

Russian retail chain ‘DNS’ targeted in a cyberattack

Russia’s second-largest computer and home appliance store – ‘DNS’ (Digital Network System) – suffered a data breach that exposed the sensitive personal information of customers and employees, the company confirmed.

According to reports, attacks are allegedly the work of pro-Ukrainian hackers. On the other hand, the Kyiv Post claims that the attacks are being carried out by hackers tied to the so-called ‘National Republican Army’ (NRA), a group of dissidents aiming to overthrow Putin.

The DNS has not given much information on the subject of what data was compromised, though it was made clear that the hackers did not acquire user passwords or payment card information since these details are not kept on their systems. The stolen data contains full names, usernames, email addresses, and phone numbers of DNS customers and employees, accounting for 16 million people.

SoundCloud blocked in Russia

SoundCloud, a Germany-based online audio distribution platform and music-sharing website, has been blocked in Russia over an accusation of spreading prohibited content.

Russia’s telecoms watchdog, Roskomnadzor, has restricted access to SoundCloud at the request of the Russian Prosecutor General’s Office received on 22 September.

SoundCloud is accused of spreading prohibited information in Russia that contained ‘calls for mass riots and participation in unauthorized actions, extremism, as well as unreliable socially significant information distributed under the guise of reliable messages’.

Ukrainian hackers reportedly targeted the  Russian payment system ‘Mir’

Russian media report that Ukrainian hackers launched a large-scale DDoS attack on the ‘Mir payment system’ and its operator, the National Payment Card System (NSPK).

The cyberattack was confirmed to Kommersant by specialists in the Russian cybersecurity market. As explained, the attackers generated traffic to systems using browsers or primitive DDoS tools to cause interruptions in payments and terminals.

It is also reported that, since the beginning of the military operation in Ukraine, the entire Russian IT infrastructure has been subjected to massive hacker attacks. Still, there has been no information about vulnerabilities in the Mir system.

Russia is developing software for critical industries to replace imports

Russia is developing ‘heavy duty’ software solutions, especially for the oil and gas industry, to replace the software of businesses which have left Russia due to the sanctions, Deputy Prime Minister and Industry and Trade Minister Denis Manturov stated.

According to the minister, Russia has to develop software alternatives in order to ‘meet the critically important needs of Russian companies’. He also noted that ‘the largest companies, leaders in various fields – engineering, electronics, metallurgy, and the oil and gas sector – are involved in this work.’