Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows feature overlaps with Kazuar, a .NET backdoor tentatively linked to the Russian Turla hacking group.
Turla (aka VENOMOUS BEAR and Waterbug) has been coordinating information theft and espionage campaigns as far back as 1996 and is the main suspect behind attacks targeting the Pentagon and NASA, the U.S. Central Command, and the Finnish Foreign Ministry.
Kazuar is one of the tools used during past Turla operations and, according to Kaspersky, it shares several of its features with the malware created by the group behind the SolarWinds hack (tracked as UNC2452 and DarkHalo).
A week ago, the FBI, CISA, and the NSA also said that a Russian-backed Advanced Persistent Threat (APT) group is likely behind the SolarWinds hack.
Read more »
The prosecutors of Rome have launched an investigation after a complaint presented in relation to some hacker attacks suffered in recent weeks by the Irbm of Pomezia.
This is the company that is collaborating with the University of Oxford on the vaccine for Covid and which will be marketed by AstraZeneca.
The proceeding, coordinated by the deputy prosecutor Angelatonio Racanelli, was opened for the crime of abusive access to the computer system. The investigations were delegated to Cnaipic, the National Cybercrime Center for the Protection of Critical Infrastructures, of the Postal Police.
The information contained in this website is for general information purposes only. The information is gathered from ANSA, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
Σύμφωνα με ερευνητές, λογισμικό spyware το οποίο διατίθεται προς πώληση από την Ισραηλινή ιδιωτική εταιρεία NSO Group, φαίνεται να χρησιμοποιήθηκε για την παραβίαση των κινητών τηλεφώνων δεκάδων δημοσιογράφων του Al Jazeera σε μία πρωτοφανή κυβερνοεπίθεση που πιθανόν να εκτελέστηκε κατόπιν οδηγιών της Σαουδικής Αραβίας και των Ηνωμένων Αραβικών Εμιράτων.
Read more »
Μετά από ενημέρωση εξωτερικών συνεργατών μας και σε συνέχεια των ενεργειών του Εθνικού CSIRT-CY για την ενδυνάμωση της προστασίας των Κρίσιμων Υποδομών Πληροφοριών της Κυπριακής Δημοκρατίας, παρακαλούμε όπως ενημερωθείτε σχετικά με επίθεση που πραγματοποιήθηκε πρόσφατα κατά ασφαλιστικής εταιρείας στο εξωτερικό.
Read more »
French IT services giant Sopra Steria said today in an official statement that the October Ryuk ransomware attack will lead to a loss of between €40 million and €50 million.
Sopra Steria is a European information technology firm with 46,000 employees in 25 countries providing a large array of IT services, including consulting, systems integration, and software development.
“The remediation and differing levels of unavailability of the various systems since 21 October is expected to have a gross negative impact on the operating margin of between €40 million and €50 million,” Sopra Steria said. “The Group’s insurance coverage for cyber risks totals €30 million.”
Read more »