notpetya

'Sandworm' hacking group linked to Russian GRU's Main Center for Special Technology, says U.S.

U.S. State Department blames Russia for cyberattacks that hit neighboring Georgia in October 2019

By identifying Russia's digital assaults on neighbors, US hopes to raise awareness of ongoing GRU attacks on US Read the rest

Attribution is hard: the incredible skullduggery used to try to blame the 2018 Olympic cyberattack on North Korea

Wired has published another long excerpt from Sandworm, reporter Andy Greenberg's (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to the next level, attacking Ukrainian power infrastructure, literally blowing up key components of the country's power grid by attacking the embedded code in their microcontrollers. Read the rest

Notpetya: the incredible story of an escaped US cyberweapon, Russian state hackers, and Ukraine's cyberwar

Andy Greenberg (previously) is Wired's senior security reporter; he did amazing work covering Russian cyberwarfare in Ukraine, which he has expanded into a forthcoming book: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers (I read it for a blurb and a review; it's excellent). Read the rest

Two Russia-backed hacker groups target Europe ahead of elections, FireEye reports

Security services firm FireEye says two hacker groups known to be sponsored by the Russian government of Vladimir Putin are waging cyber-attacks currently against European government systems. Read the rest

The true story of Notpetya: a Russian cyberweapon that escaped and did $10B in worldwide damage

Andy Greenberg (previously) is a veteran Wired security reporter who has chronicled the frightening and chaotic world of cyberwar since its earliest days; in a forthcoming book called "Sandworm," Greenberg tells the fascinating and terrible tale of Notpetya (previously), a Russian cyberweapon (built on leaked NSA cyberweapons!) that disguised itself as criminal ransomware, but which was designed to identify and destroy key Ukrainian computer systems and networks. Read the rest

A new, virulent ransomware epidemic is fuelled by yet another leaked NSA cyberweapon

The global epidemic of Wannacry ransomware infections was the result of petty criminals fusing an old ransomware strain with a leaked NSA cyberweapon that was released by The Shadow Brokers, and the result was tens of millions of dollars' worth of economic harm. Read the rest

CCleaner, popular computer-cleaning tool, contained malware

CCleaner is a clean-your-computer app beloved of people who own inexplicably slow PCs. If you installed recent editions of it, you were installing malware. But the company behind it hasn't gone rogue, reports Reuters. Hackers compromised their systems.

A version of CCleaner downloaded in August included remote administration tools that tried to connect to several unregistered web pages, presumably to download additional unauthorized programs, security researchers at Cisco’s (CSCO.O) Talos unit said.

Talos researcher Craig Williams said it was a sophisticated attack because it penetrated an established and trusted supplier in a manner similar to June’s “NotPetya” attack on companies that downloaded infected Ukrainian accounting software.

“There is nothing a user could have noticed,” Williams said, noting that the optimization software had a proper digital certificate, which means that other computers automatically trust the program.

The infected version is 5.33, and you likely have it if you installed the Windows version of CCleaner between August 15 and September 13. That's 2.3 million installs, admits Avast.

CCleaner's owner, Avast-owned Piriform, has sought to ease concerns. Paul Yung, vice president of product at Piriform, wrote in a post Monday: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.

"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.

"Users of CCleaner Cloud version 1.07.3191

Read the rest

:)