Tag Archives: russia

That home router botnet the Feds took down? Moscow’s probably going to try again

Non-techies told to master firmware upgrades and firewall rules. For the infosec hardheads: have some IOCs Authorities from eleven nations have delivered a sequel to the January takedown of a botnet run by Russia on compromised Ubiquiti Edge OS routers – in the form of a warning that Russia may try again, so owners of the devices should take precautions.…

More:
That home router botnet the Feds took down? Moscow’s probably going to try again

Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

Beijing, now Moscow.… Who else is hiding in broadband gateways? The US government today said it disrupted a botnet that Russia’s GRU military intelligence unit used for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets.…

Read More:
Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

Leader of pro-Russia DDoS crew Killnet ‘unmasked’ by Russian state media

Also: NXP China attack, Australia can’t deliver on ransom payment ban (yet), and Justin Sun’s very bad month Infosec in Brief   Cybercriminals working out of Russia go to great lengths to conceal their real identities, and you won’t ever find the state trying to unmask them either – as long as they keep supplying the attacks on Axis nations. It’s the reason why we found it so amusing that of all the ways the identity of an organized cybercrime gang leader could be revealed, it was Russian state media that may have recently outed someone of note.…

View post:
Leader of pro-Russia DDoS crew Killnet ‘unmasked’ by Russian state media

Global events fuel DDoS attack campaigns

Cybercriminals launched approximately 7.9 million DDoS attacks in 1H 2023, representing a 31% year-over-year increase, according to NETSCOUT. Global events like the Russia-Ukraine war and NATO bids have driven recent DDoS attack growth. Finland was targeted by pro-Russian hacktivists in 2022 during its bid to join NATO. Turkey and Hungary were targeted with DDoS attacks for opposing Finland’s bid. In 2023, Sweden experienced a similar onslaught around its NATO bid, culminating with a 500 Gbps … More ? The post Global events fuel DDoS attack campaigns appeared first on Help Net Security .

Excerpt from:
Global events fuel DDoS attack campaigns

European Parliament Putin things back together after cyber attack

DDoS started not long after Russia was declared a state sponsor of terrorism The European Parliament has experienced a cyber attack that started not long after it declared Russia to be a state sponsor of terrorism.…

Read More:
European Parliament Putin things back together after cyber attack

Criminal multitool LilithBot arrives on malware-as-a-service scene

Bespoke botnet up for grabs from outfit praised for, er, customer service A Russia based threat group that set up a malware distribution shop earlier this year is behind a Swiss Army knife-like botnet that comes with a range of other malicious capabilities, from stealing information to mining cryptocurrency.…

Follow this link:
Criminal multitool LilithBot arrives on malware-as-a-service scene

Mikrotik routers pwned en masse, send network data to mysterious box

Researchers uncover botnet malware pouncing on security holes More than 7,500 Mikrotik routers have been compromised with malware that logs and transmits network traffic data to an unknown control server.…

Read More:
Mikrotik routers pwned en masse, send network data to mysterious box

US senators get digging to find out the truth about FCC DDoS attack

And why serial self-promoter John McAfee is a security expert on Russian hacking Senate Democrats are pressing government officials to explain their claims on election tampering and cyberattacks.…

Original post:
US senators get digging to find out the truth about FCC DDoS attack

US Government Attacks Drudge Report? Conservative Website Down Because Of DDoS Attack, Matt Drudge Tweets

A tweet from conservative media icon Matt Drudge’s verified Twitter account Thursday night appeared to accuse the government of interfering with his website, DrudgeReport.com , just hours after the Barack Obama administration announced new sanctions against Russia over election hacking. “Is the US government attacking DRUDGE REPORT? Biggest DDoS since site’s inception. VERY suspicious routing [and timing],” the tweet to Drudge’s 457,000 followers read. There were no other tweets from the account at the time. A large-scale distributed denial of service attack, or DDoS, can cause major Internet disruptions. In the past, such attacks have shut down major websites such as Twitter, Spotify, Netflix, Amazon, Tumblr, and Reddit. The attack sends a server many illegitimate requests to make it hard for real requests to get through, effectively shutting down the site. Drudge Report was down briefly around 7 p.m. EST, but working hours later. The top headline read: “MOSCOW MOCKS OBAMA ‘LAME DUCK’” Meanwhile, the conservative Washington Times wrote: “Matt Drudge suggests U.S. government cyberattack on Drudge Report website. DDoS attack comes same day Obama announced countermeasures against Russia for hacking of Democrats.” Conservatives on Twitter also accused the government of shutting down the Russian news website, RT. “Numerous reports of Russian state-run Network RT being unavailable. Drudge Report also under ‘Biggest DDoS attack since site’s inception,’” wrote one user. President Barack Obama announced Thursday sanctions against several Russian agencies and individuals after cyberattacks during the 2016 presidential election against Democratic Party institutions that appeared to help Donald Trump win over Hillary Clinton. “All Americans should be alarmed by Russia’s actions. In October, my administration publicized our assessment that Russia took actions intended to interfere with the U.S. election process,” Obama said. “These data theft and disclosure activities could only have been directed by the highest levels of the Russian government. Moreover, our diplomats have experienced an unacceptable level of harassment in Moscow by Russian security services and police over the last year. Such activities have consequences.” Government officials have wrangled with Drudge before over his alleged false claims. With 2 million daily unique visitors and around 700 million monthly page views, DrudgeReport.com was the top site for referral traffic in 2014 to the Daily Mail, CNN, Fox News, Roll Call, Breitbart, The New York Times, USA Today, Associated Press and other news sites. Its readers were loyal, staying on the site for an average of 30 minutes, Politico reported. “People are religious in how they come to Drudge,” Vipul Mistry, Intermarket’s Business Development manager, told Politico’s On Media blog. “When we analyzed all our audience that’s what it is, people are on there not only in morning, they tend to leave it open as it refreshes.” Source: http://www.ibtimes.com/us-government-attacks-drudge-report-conservative-website-down-because-distributed-2467391

Continued here:
US Government Attacks Drudge Report? Conservative Website Down Because Of DDoS Attack, Matt Drudge Tweets

Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Russian telecom giant Rostelecom has thwarted DDoS-attacks on the five largest banks and financial institutions in the country, the company said in a statement. All the attacks were recorded on December 5, 2016, the longest of them lasting for over two hours, Rostelecom said on Friday. “The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users who are usually referred to IoT devices,” Muslim Medzhlumov, director of the Cybersecurity Center for Rostelecom, said in a statement , published on the company’s website. “A distinctive feature of the attacks was that they were organized with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organize DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom was subjected to an attack on users’ home devices, as well as the Irish provider Eircom,” he explained. The Russian Federal Security Service (FSB) reported on December 2 that it had received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from December 5, 2016, aimed at destabilizing Russia’s financial system and the activities of a number of major Russian banks. A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on December 5 on the site of VTB Bank Group. On Tuesday, Russian President Vladimir Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists. The doctrine notes that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance. To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT.” The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks. Source: https://www.rt.com/news/369738-ddos-attacks-russia-banks/

Excerpt from:
Russian telecom giant repels DDoS attacks on country’s 5 largest financial institutions