A new Russian threat actor, Void Blizzard, also known as Laundry Bear, is gathering intelligence from Western states on an industrial scale unseen since the end of the Cold War. According to Microsoft Threat Intelligence, Void Blizzard primarily targets NATO member states, particularly those supporting Ukraine, and Ukraine.
CERT-UA warns of attackers impersonating the agency via fake AnyDesk requests for “security audits.” Remote access should only occur with prior approval through official channels to mitigate these risks.
Amid ongoing cyberattacks linked to the Russo-Ukrainian war, over 1,042 incidents were detected in 2024, including espionage and malware campaigns by groups like Gamaredon and Sticky Werewolf. Pro-Russian and pro-Ukrainian actors continue targeting each other with phishing and credential theft efforts.
The European Union (EU) Council has made a last-minute withdrawal of the EU’s highly controversial planned “Chat Control” legislation, which was due to vote yesterday. This would have effectively introduced mass digital surveillance by means of fully automated real-time monitoring of all messaging and chats.
The EU would appear to finally have heeded the harsh warnings that have been coming from the cybersecurity and communication sectors since the controversial ruling was first proposed in 2022. For the six months prior to Thursday’s decision, the EU Belgian Council presidency has been sitting on a deadlock between EU countries. Germany and Poland have heeded privacy experts’ warnings of a potential police state. But Ireland and Spain are pressing for draconian new online laws to fight a rise in online child sexual abuse material that has grown since the start of Europe’s widespread lockdowns two and a half years ago.
Russia is believed to be planning widespread cyber-attacks on the West in part retaliation for Ukraine’s cyber-attack, which recently crippled Russia’s financial services.
“In retaliation to NATO support for Ukraine, cyberwarfare coinciding with the ongoing Russia-Ukraine conflict will likely include focused state-level attacks against Western critical and military sectors launched by Moscow’s hacker groups,” says Craig Watt, a consultant specializing in strategic and geopolitical intelligence at cybersecurity firm Quorum Cyber.
Hackers from Ukraine’s Main Intelligence Directorate claim to have effected one of the largest Distributed Denial-of-Service (DDoS) attacks in history, derailing Russia’s financial services.
According to the Kyiv Post, the attack compromised the online services of all major Russian banks, including the Central Bank, telecommunications service providers, national payment systems, social networks and messengers, government resources, and dozens of other services.
The affected Russian financial institutions are reported to include VTB Bank, Alfa Bank, SberBank, Raiffeisen Bank, RSHB Bank, Ak Bars Bank, Rosbank, Gazprombank, Tinkoff Bank, iBank, Dom.RF Bank, and the Bank of Russia. On the last day of the attack, the resources of the Russian Ministry of Defense, the Ministry of Internal Affairs. The Federal Tax Service was also reported to have been affected.
An international operation coordinated by Europol has resulted in several arrests and the takedown of numerous cybercriminal networks. The operation focused on tackling the growing problem of the weaponization of botnets, which are strings of connected computers. Cybercriminal gangs use botnets to install droppers, a type of malicious software designed to install other malware, such as ransomware, onto a targeted system.
Between 27 and 29 May of this year, Europol’s “Operation Endgame” targeted droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. The actions focused on disrupting criminal services, making arrests, taking down criminal infrastructures, and freezing illegal proceeds.
The US Federal Bureau of Investigation (FBI) is investigating the criminal hacking forum BreachForums after taking down its website last week. This follows the announcement in February of the seizure of the LockBit ransomware gang’s extortion website.
“From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services,” says an FBI advisory.
Cisco Talos revealed its findings, showing that select Ukranian government agencies have been infected with the ‘OfflRouter’ malware since 2015.
Cisco Talos researcher, Vanja Svajcer said. “The virus is still active in Ukraine and is causing potentially confidential documents to be uploaded to publicly accessible document repositories.”
US Federal Bureau of Investigation (FBI) director Christopher Wray used his keynote speech at the weekend’s Munich Cyber Security Conference, which many regard as the security version of Davos, to effectively declare cyber-war on the People’s Republic of China (PRC).
“Our adversaries have been improving exponentially,” warns Wray. “Chief among those adversaries is the Chinese government…the cyber threat posed by the Chinese government is massive.”
Wray added that China’s hacking program is larger than that of all the other major world nations combined and that the PRC is using AI technology stolen from the Western powers to vastly increase the present threat. The FBI director told the major world powers assembled in Munich at the weekend that a new enhanced level of cooperation between government agencies such as his and the private sector is the only way to counter this new Red Menace.
Last year, ransomware payments topped US$1 billion for the first time. According to a report from blockchain analyst firm Chainalysis, in 2023 ransomware gangs reached “an unprecedented milestone” in extorted cryptocurrency payments.
“This number does not capture the economic impact of productivity loss and repair costs associated with attacks. This is evident in cases like the ALPHV-BlackCat and Scattered Spider’s bold targeting of MGM resorts. While MGM did not pay the ransom, it estimates damages cost the business over US$100 million,” warns the report.
Kyivstar, Ukraine’s largest telecom provider announced it was hit by a devastating cyberattack, disrupting internet access for over 26 million users.
Kyivstar’s parent company, VEON Ltd confirmed the devastating cyberattack, claiming it to be “one of the largest cyberattacks in the history of the global telecom market.”
According to Truecaller, US consumers were faced with two billion spam calls per month.
Truecaller’s Monthly US Spam and Scam Report also unveiled that around 195 million hours were wasted by answering these scam calls. The goal of these scam calls is to carry out credit card fraud, identity theft, and sensitive data collection.
The European Union Agency for Cybersecurity (ENISA) signed a Working Agreement with Ukraine’s Administration of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) to boost cybersecurity efforts.
The Working Agreement signed by ENISA and SSSCIP will focus on the EU supporting Ukraine in its efforts to protect itself from geopolitically-fueled cyber attacks from Russian threat actors through improving critical infrastructure, cybersecurity skills, and capacity building.
Reports show that phishing and malware attacks have spiked by 173% and 110% respectively in the third quarter of this year, compared with the second quarter of the year.
A staggering 493.2 million phishing attacks and 125.7 million malware attacks were logged during this period.
A cyber-espionage campaign in the Pacific, directed principally at Taiwan, which took place in the Spring, has now come to light. According to cybersecurity company, Symantec, a large-scale program of cyber-enabled international espionage began in February 2023 and continued until at least May 2023.
Singaporean police have warned Android phone users of a new malware variant that is capable of resetting Android phones to factory settings. Reports say that more than $7.3 million has been lost through threat actors using the malware variant. The malicious code is hidden in social media posts, advertising the sale of different items. It is then downloaded when the applicant clicks on the link to make a payment.
Editorial Team
