Tag Archive for: russia

Dangerous New ICS Malware Targets Orgs in Russia and Ukraine

/in


Two dangerous malware tools targeted at industrial control systems (ICS) and operating technology (OT) environments in Europe are the latest manifestations of the cyber fallout from the war in Ukraine.

One of the tools, dubbed “Kapeka,” appears linked to Sandworm, a prolific Russian state-backed threat actor that Google’s Mandiant security group this week described as the country’s primary cyberattack unit in Ukraine. Security researchers from Finland-based WithSecure spotted the backdoor featured in 2023 attacks against an Estonian logistics company and other targets in Eastern Europe and perceive it as an active and ongoing threat.

Destructive Malware

The other malware — somewhat colorfully dubbed Fuxnet — is a tool that Ukraine government-backed threat group Blackjack likely used in a recent, destructive attack against Moskollector, a company that maintains a large network of sensors for monitoring Moscow’s sewage system. The attackers used Fuxnet to successfully brick what they claimed was a total of 1,700 sensor-gateways on Moskollector’s network and in the process disabled some 87,000 sensors connected to these gateways.

“The main functionality of the Fuxnet ICS malware was corrupting and blocking access to sensor gateways, and trying to corrupt the physical sensors as well,” says Sharon Brizinov, director of vulnerability research at ICS security firm Claroty, which recently investigated Blackjack’s attack. As a result of the attack, Moskollector will likely have to physically reach each of the thousands of affected devices and replace them individually, Brizinov says. “To restore [Moskollector’s] ability of monitoring and operating the sewage system all around Moscow, they will need to procure and reset the entire system.”

Kapeka and Fuxnet are examples of the broader cyber fallout from the conflict between Russia and Ukraine. Since the war between the two countries started in February 2022 — and even well before that — hacker groups from both sides developed and used a range of malware tools against each other. Many of the tools, including wipers and ransomware, have been destructive or disruptive in nature and mainly targeted critical infrastructure, ICS, and OT…

Source…

Microsoft Discovers State-backed Hackers From China, Russia, and Iran Are Using OpenAI Tools for Honing Skills

/in


A new study from Microsoft and OpenAI has revealed that AI tools such as ChatGPT and other Large Language Models (LLM) are being used by several hacking groups from Russia, China, Iran, and North Korea to increase hacking productivity and fraud schemes, prompting the tech giant to ban its AI tools to all state-backed hacking groups.

The study, which was reportedly branded as the first time an AI company had disclosed cybersecurity concerns from threat actors using AI, discovered five threat actors, two of whom were linked to China and one each with Russia, Iran, and North Korea.

According to reports, most hacker groups employed LLMs or OpenAI technologies to create phishing emails, automate computer programming and coding skills, and comprehend various subjects. It has also been discovered that a small group of threat actors with ties to China employ LLMs for translation and improved target communication.

The study found that Charcoal Typhoon, a threat actor associated with China, utilized artificial intelligence (AI) to facilitate communication and translation with targeted individuals or organizations, comprehend particular technologies, optimize program scripting techniques for automation, and simplify operational commands.

OpenAI Holds Its First Developer Conference

(Photo : Justin Sullivan/Getty Images)
SAN FRANCISCO, CALIFORNIA – NOVEMBER 06: Microsoft CEO Satya Nadella speaks during the OpenAI DevDay event on November 06, 2023 in San Francisco, California. OpenAI CEO Sam Altman delivered the keynote address at the first ever Open AI DevDay conference.

Salmon Typhoon, another threat actor with ties to China, is allegedly utilizing AI to translate technical papers and computing jargon, find coding mistakes, write harmful code, and better grasp various subjects related to public domain research. 

It was also discovered that the Russian state-sponsored hacker collective Forest Blizzard employed LLMs to learn more about specific satellite capabilities and scripting methods for complex computer programs. According to reports, the group has claimed victims who are essential to the Russian government, such as groups involved in the conflict between Russia and…

Source…

Microsoft reveals how Iran, North Korea, China, and Russia are using AI for cyber war

/in


Microsoft has revealed that US adversaries — primarily Iran and North Korea, with lesser involvement from Russia and China —- are increasingly employing generative artificial intelligence (AI) for mounting offensive cyber operations. These adversaries have begun leveraging AI technology to orchestrate attacks, and Microsoft, in collaboration with business partner ChatGPT maker OpenAI, has detected and thwarted these threats.

In a blog post, the Redmond-based company emphasized that while these techniques were still in their “early-stage,” they were neither “particularly novel nor unique.” Nevertheless, Microsoft deemed it crucial to publicly expose them. As US rivals harness large-language models to expand their network-breaching capabilities and conduct influence operations, transparency becomes essential.

For years, cybersecurity firms have utilized machine learning for defense, primarily to identify anomalous behavior within networks. However, malicious actors—both criminals and offensive hackers—have also embraced this technology. The introduction of large-language models, exemplified by OpenAI’s ChatGPT, has elevated the game of cat-and-mouse in the cybersecurity landscape.

Microsoft’s substantial investment in OpenAI aligns with its commitment to advancing AI research. The announcement coincided with the release of a report highlighting the potential impact of generative AI on malicious social engineering. As we approach a year with over 50 countries conducting elections, the threat of disinformation looms large, exacerbated by the sophistication of deepfakes and voice cloning.

Here are specific examples that Microsoft provided. The company said that it has disabled generative AI accounts and assets associated with named groups:

North Korea: The North Korean cyberespionage group known as Kimsuky has used the models to research foreign think tanks that study the country, and to generate content likely to be used in spear-phishing hacking campaigns.

Iran: Iran’s Revolutionary Guard has used large-language models to assist in social engineering, in troubleshooting software errors, and even in studying how intruders might evade detection in a compromised network….

Source…

Boeing ‘Sensitive Data’ Reportedly Stolen by Ransomware Group Linked to Russia

/in


A hacking group called LockBit claimed Friday that it had infiltrated Boeing Co. and stolen sensitive information from the aerospace giant.

The group, which has been linked to Russia, set a Nov. 2 deadline for Boeing to contact it, otherwise threatening to publish “all available data,” Cybernews reported, citing a LockBit “dark leak” website.

“We are assessing this claim,” a Boeing spokesman said in an email to The Messenger.

Beyond its commercial aircraft business, Boeing is a major defense contractor, selling everything from weapons to satellites to fighter jets to the U.S. and allied governments. The Pentagon referred questions on the matter to Boeing.

Source…