Malicious cyber-attacks: EU sanctions two individuals and one body over 2015 Bundestag hack

Malicious cyber-attacks: EU sanctions two individuals and one body over 2015 Bundestag hack

The Council today imposed restrictive measures on two individuals and one body that were responsible for or took part in the cyber-attack on the German Federal Parliament (Deutscher Bundestag) in April and May 2015. This cyber-attack targeted the parliament’s information system and affected its ability to operate for several days. A significant amount of data was stolen and the email accounts of several members of parliament, including that of Chancellor Angela Merkel, were affected.

Today’s sanctions consist of a travel ban and an asset freeze imposed on the individuals, and an asset freeze imposed on the body. In addition, EU persons and entities are forbidden from making funds available to those listed.

Read more at European Council Council of the European Union

Isentia hit by cyber attack

Isentia hit by cyber attack

Media monitoring provider Isentia has suffered a “cyber security incident” that is affecting its flagship intelligence and insights service.

The company said in a financial filing on Tuesday that it is “urgently investigating” the incident, which is “disrupting services within its SaaS platform Mediaportal”.

Mediaportal is an all-in-one platform used by communications professionals to stay across media coverage and to target journalists for stories.

“Isentia is working closely with leading external cyber security specialists to assess the extent of the incident and the impact on its systems,” it said.

“The company has also notified the Australia Cyber Security Centre.”

Isentia managing director and CEO Ed Harrison said the company is doing all it can to contain the incident and understand how it occured.

“Isentia is taking urgent steps to contain the incident and conduct a full priority investigation into what happened and how to avoid a repeat occurrence in the future,” he said.

“Our priority is to restore full service as soon as possible but until that occurs, we have put processes in place to support our customers.”

The company’s share price fell 2.7 percent following the announcement.

Stelco operations temporarily halted after cyber attack

Stelco operations temporarily halted after cyber attack

Stelco says its systems were targeted in a cyberattack last week. CHCH News has learned the attack happened Thursday night and came in the form of a ransomware virus. Both on-site and off-site employees were affected.

The company says it was able to limit the scope of the attack through “countermeasures.” Certain operations, including steel production, were suspended as a precaution but have since resumed.

“Stelco is implementing its back-up and recovery plans to fully re-establish its systems as quickly as possible and some business functions may be adversely affected during this recovery process,” said a news release from the company.

The company says it is investigating the incident and the extent of the impact.

Cooperation between Norway’s security agencies planned following cyber attack on parliament

Norway Parliament

Government seeks to develop enhanced national IT infrastructure with an embedded early warning system and defense shield to protect the IT systems of public and private organizations.

Norway is to implement a more robust plan to scale up its IT security infrastructure against the backdrop of increasingly malicious attacks from cyber space. This follows a high-profile cyber attack that targeted the email system at the Norwegian parliament (Storting) on 4 August.

The Norwegian government accused Russia of launching the attack, but Moscow has denied any involvement.

In the immediate aftermath of the attack, the Norwegian government called an emergency meeting with the heads of the country’s top security agencies. The meeting resulted in a plan to accelerate the development of an enhanced national IT infrastructure incorporating an embedded early warning system and defense shield to protect the IT systems of public and private organizations.

“The digital domain makes it easier for foreign states to deploy non-military means in an entirely different manner than has been the case,” said Monica Mæland, Norway’s justice minister. “We need to know more about the exact purpose of the attack on the Storting and whether it was part of a specific or broader state-run espionage operation.”

The pivotal agencies at the post-Storting attack emergency meeting included the National Security Authority (Nasjonal Sikkerhets Myndighet), the National Cyber Security Centre (Nasjonalt Cyber Sikkerhets Senter), the Norwegian Police Security Service (Politiets Sikkerhetstjeneste) and the Norwegian Intelligence Service (E-tjenesten).

The Norwegian government’s strengthened cyber protection plan involves fast-tracking collaboration between national security agencies tasked with cyber defense and the private sector. The objective is to create a collaborative platform to develop improved early warning systems, deterrents and defenses against a wide range of common and unconventional cyber threats and attacks on critical IT infrastructure.

A central feature of the new plan is closer cooperation between the Norwegian Intelligence Service¸ the Norwegian Armed Forces’ military intelligence wing and the National Cyber Security Centre to develop a broad range of defensive and offensive options.

“The combined resources of Norway’s security and intelligence services will cooperate in an unprecedented way to deal with cyber threats and attacks at a national level,” said Ine Eriksen Søreide, Norway’s foreign minister.

Naming Russia as the aggressor in the August attack on the Storting, Søreide said the accusation was based on preliminary intelligence provided by Norway’s national security agencies and leading cyber defense experts.

“Based on the intelligence that is available to the government, it is our assessment that Russia was behind the attack on Norway’s most important democratic institution,” said Søreide.

Denying any involvement in the attack on the Storting, Moscow described the accusation as a “serious and deliberate provocation” by Norway that threatened to complicate existing and future bilateral political, trade and security relations.

“Norway has provided no evidence of involvement by Russia,” said Konstantin Kosachev, chairman of the Russian Federation Council’s foreign affairs committee. “This accusation lacks concrete evidence. If evidence exists, it should be examined by experts from our two countries. We received no such invitation from Norway.”

The cyber attack on the Storting targeted the email accounts of MPs and senior government officials. Email accounts breached included those belonging to MPs both in the ruling Conservative (Høyre) and opposition Labour (Arbeiderpartiet) parties. Email messages and data from several compromised accounts was downloaded in the cyber attack.

Cyber Attack On Dr Reddy’s Laboratories: Data Centers Isolated, Production Across Plants Shut

Cyber Attack On Dr Reddy’s Laboratories: Data Centers Isolated, Production Across Plants Shut

New Delhi: It seems that the Indian health sector is on the radar of cybercriminals. The latest victim of a major data breach is Indian drug major Dr. Reddy’s Laboratories. The company on Thursday said that it has temporarily shutdown production across its key plants.

The company admitted a major cyber attack on their digital infrastructure due to which they have isolated all data center services and are taking required preventive actions.

The attack came days after the pharma company got a green signal from Drug Control General of India (DCGI) to conduct an adaptive phase 2/3 human clinical trial for Sputnik V vaccine in India.

Without disclosing much about the attack and leak, the company said that it is anticipating all services to be up within 24 hours. “We are anticipating all services to be up within 24 hours and we do not foresee any major impact on our operations due to this incident,” said Mukesh Rathi, CIO, Dr. Reddy’s Laboratories.

The company in its statement said, “In the wake of a detected cyber-attack, we have isolated all data center services to take required preventive actions.”

The magnitude and nature of attack is still unknown but sources claim there has been a data breach.

This clearly shows how critical it is to secure sensitive health data. Earlier this month, Dr Lal PathLabs, one of the largest lab testing labs in India reportedly faced a major data leak after it had kept the huge data of its patients on a public server unprotected for months.

The entire health sector is sitting on huge patients, research and scientific data which makes the sector most vulnerable. Cybercriminals are looking for new ways to extract these data or infect the server with ransomware to extort money from these companies.

Russian cyber-attack spree shows what unrestrained internet warfare looks like

Russian cyber-attack spree shows what unrestrained internet warfare looks like

US indictment of operatives, accused of launching several attacks, gives a detailed account of how they went about their business

The Sandworm team of Russian military intelligence, alleged to have unleashed computer chaos against the Kremlin’s enemies around the world, is said to operate out of a blue-tinted glass skyscraper known simply as “the tower”.

From that address, 22 Kirova Street in the Moscow suburb of Khimki, the Sandworm hackers, also known more prosaically as the unit 74455 and “the main centre for special technologies”, launched attacks on the Ukrainian power system, Emmanuel Macron’s presidential bid in France in 2017, the South Korean Olympics in 2018 and the UK investigation into the 2018 Russian nerve agent attack in Salisbury.

According to cyber security experts, the same unit was involved in the hacking of the Democratic National Committee and Hillary Clinton’s election campaign in 2016, disguised as a hacktivist group dubbed Fancy Bear.

On Monday, US and UK authorities accused the unit of planning a cyberattack on the 2020 Olympics and Paralympics in Tokyo.

They did not just cause confusion and inconvenience. Quite apart from their alleged role in the rise of Donald Trump, they are accused of depriving hundreds of thousands of Ukrainians of light and heat in the middle of winter, and closing down the computer systems of a major Pennsylvania hospital. Their exploits are a foretaste of unconstrained cyber warfare might look like in the real world.

The US indictment of six Sandworm operatives, all GRU military intelligence officers, gives a detailed account of how they went about their business.

In preparation for the attack on the Olympics they studied the tactics and style of their North Korean counterparts, the Lazarus group, so they could mimic them and throw suspicion on Pyongyang.

When the UK’s Defence Science and Technology Laboratory and the Organisation for the Prohibition of Chemical Weapons in the Hague started to investigate the Novichok nerve agent attack on a KGB defector Sergei Skripal and his daughter Yulia in March 2018, the Sandworm hackers sent out spearphishing emails to investigators in both organisations purporting to come from known German and British journalists.

To increase the chances that at least some of the recipients would click on the malware-laced links, the “journalist” claimed to have information relevant to the investigation.

The indictment is based on lengthy investigations by FBI analysts in cooperation with Google, Cisco, Facebook and Twitter as well with allied intelligence agencies, most importantly the from the Five Eyes alliance, of the US, UK, Canada, Australia and New Zealand.

According to the indictment, the investigators were able to keep such a close watch on the hackers that it caught one of them, named as Anatoliy Kovalev, doing a bit of moonlighting, spearphishing Russian real estate companies, and car dealers as well as cryptocurrency exchanges abroad, apparently for private profit.

Thomas Rid, the professor of strategic studies at Johns Hopkins University and author of Active Measure – a book published this year on disinformation operations, said the level of detail in the indictment reflects the degree to which the GRU teams own networks were infiltrated.

“Today’s GRU indictment is an incredible document,” Rid wrote on Twitter. “The Five Eyes intelligence communities, I would suspect, must have stunning visibility into Russian military intelligence operations if today’s disclosures are considered dispensable.”

For all the efforts unit 74455 took to cover its tracks, they seem to have been remarkably sloppy in other ways.

According to Aric Toler of the Bellingcat investigative journalism team, three of the six accused registered their cars to the same address, which is also linked to the Sandworm unit.

“If you search for all of the people registering their cars to this address, you get 47 results – all probably GRU hackers,” Toler said.