France links Russian Sandworm hackers to hosting provider attacks

Posted by & filed under Security Alerts.

The French national cyber-security agency has linked a series of attacks that resulted in the breach of multiple French IT providers over a span of four years to the Russian-backed Sandworm hacking group. ANSSI (short for Agence Nationale de la Sécurité des Systèmes d’Information) has not been able to determine how the servers were compromised…. Read more »

Sunburst backdoor shares features with Russian APT malware

Posted by & filed under Security News.

Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows feature overlaps with Kazuar, a .NET backdoor tentatively linked to the Russian Turla hacking group. Turla (aka VENOMOUS BEAR and Waterbug) has been coordinating information theft and espionage campaigns as far back as 1996 and is the main suspect behind attacks targeting the Pentagon and NASA, the U.S…. Read more »

US shares info on Russian malware used to target parliaments, embassies

Posted by & filed under Security Alerts.

US Cyber Command today shared information on malware implants used by Russian hacking groups in attacks targeting multiple ministries of foreign affairs, national parliaments, and embassies. The malware samples were identified by US Cyber Command’s Cyber National Mission Force (CNMF) unit and the Cybersecurity and Infrastructure Security Agency (CISA) and uploaded today to the Virus… Read more »

Norway says Russian hackers were behind August Parliament attack

Posted by & filed under Security News.

Norway’s Minister of Foreign Affairs Ine Eriksen Søreide today said that Russia is behind the August 2020 cyber-attack on the Norwegian Parliament (Stortinget). “On 24 August, the Storting announced a data breach in their e-mail systems,” Søreide said in a press release published earlier today after a briefing that also included Minister of Defense Frank… Read more »

Gamaredon hackers use Outlook macros to spread malware to contacts

Posted by & filed under Security Alerts.

New tools attributed to the Russia-linked Gamaredon hacker group include a module for Microsoft Outlook that creates custom emails with malicious documents and sends them to a victim’s contacts. The threat actor disables protections for running macro scripts in Outlook and to plant the source file for the spearphishing attacks that spread malware to other… Read more »