FBI Reform - fbireform.com - The News And Times Information Network | FBI ON A COUCH: THE PSYCHOANALYSIS OF THE SUBVERSION – A STUDY IN PSYCHOHISTORY | The FBI News Review
New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya malware outbreak – to the same set of hackers that Western governments say are sponsored by the Russian government.
Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence of that link, citing a pattern of “backdoors” — or tools for remote access — used by the hackers.
In April, ESET researchers found that the group, which they dub TeleBots, was trying to set up a new backdoor. ESET says this backdoor, known as Win32/Exaramel, is an “improved version” of the “Industroyer” backdoor used in the 2016 attack on the Ukrainian power sector, which knocked out at electrical substation outside of Kiev. The 2015 attack on Ukrainian grid, using the group’s custom BlackEnergy malware, cut power for some 225,000 people.
The group is also referred to as “Sandworm” by other cybersecurity firms.
The Win32/ Exaramel backdoors were spotted at “an organization that is not an industrial facility,” ESET’s Anton Cherepanov wrote in a blog post Thursday. The company shared its findings with Ukrainian authorities and “thanks to this cooperation the attack was successfully localized and prevented,” he added.
“The main difference between the backdoor from the Industroyer toolset and this new TeleBots backdoor is that the latter uses XML format for communication and configuration instead of a custom binary format,” Cherepanov wrote. The two backdoors have strong similarities in their code, according to ESET.
“The discovery of Exaramel shows that the TeleBots group is still active in 2018 and the attackers keep improving their tools and tactics,”Cherepanov added.
Another TeleBots backdoor was integral to NotPetya, according to ESET. In June 2017, the NotPetya wiper malware infected accounting software in Ukraine and spread to dozens of countries while disrupting pharmaceutical and shipping companies. NotPetya, for which the U.S. and British governments blamed the Russian military, cost shipping giant Maersk an estimated $300 million.
The ESET research comes a week after the Department of Justice announced charges against seven Russian military officers for hacking operations that targeted anti-doping agencies and a chemical testing lab, among other organizations. Western government officials and security analysts have linked those military officers to the same broad set of Russian hackers covered by the ESET research.
John Hultquist, director of threat intelligence at FireEye, on Thursday said the Sandworm hackers had split their operations into two broad categories in recent years.
“After they cut off the power [in Ukraine] they went two directions: more complex attack on [industrial control systems] and simpler but highly effective ransomware attacks against larger pools of targets,” Hultquist tweeted.
His comments come months after the chaotic government response to a state-sponsored chemical weapons attack in Salisbury, England, in March…. Responding to Ben Wallace’s comments on potential chemical weapon attacks, Britain’s most senior counter-terrorism officer Neil Basu said:
About a week after the Trump administration suggested it would officially abandon prioritizing Assad’s removal , allegations emerged that the Syrian military had used chemical weapons in a deadly attack in the rebel-held province of Idlib.
Обвиняемые властями Великобритании в отравлении бывшего полковника ГРУ Сергея Скрипаля и его дочери Юрии россияне Александр Петров и Руслан Боширов в октябре 2014 года тайно посетили Чехию, куда в это же время должен был прибыть и сам Скрипаль для встреч с представителями чешских спецслужб, сообщает в среду пражский Радиожурнал со ссылкой на свои источники в спецслужбах. Запрошенные в этой связи
The change was announced Thursday by Home Secretary Sajid Javid, after he called for an urgent review of cannabis-based medicinal products over the summer.
Russian Defense Minister Sergei Shoigu has arrived in Tashkent, where he will take part in the session of the Council of CIS Defense Ministers, Shoigu’s Press Secretary Rossiyana Markovskaya told reporters on Thursday.
The stealth fighter pilots defended US forces against enemy bomber aircraft and also backed up US, UK, and French forces when they struck Syrian President Bashar Assad’s regime in the country’s west in response to chemical weapons attacks.
C ounter-terrorism police are investigating a third suspect in the Salisbury nerve agent attack amid suggestions he acted as look out for two Russian military intelligence assassins. Investigators have identified a “third man” in the poisoning of Colonel Sergei Skripal as a Russian national travelling under the name Sergei Fedotov. Flight details obtained by an independent and respected Russian
The Fontanka news website named on Wednesday a third GRU military intelligence operative, Sergey Fedotov, as having been involved in trying to kill ex-spy Sergei Skripal in the English city of Salisbury. The website said records show Fedotov visited Britain in 2016, 2017 and 2018 and left the country on March 4 this year, the same day as two other GRU agents who have already been named. Skripal a
Расследование опубликовано на сайте CIT . Так, по наводке расследователей корреспонденты российского телеканала “Дождь” 9 октября наведались по адресу регистрации Александра Евгеньевича Мишкина в Москве. Дверь им открыл мужчина, который представился Александром Дмитриевичем Мишкиным. “Он не опознал Мишкина (Петрова) по фотографии, хотя видел новости про “солсберецких ГРУшников “. Мужчина удивился
Counter-terrorism police are investigating a third suspect in the Salisbury nerve agent attack amid suggestions he acted as look out for two Russian military intelligence assassins.
C ounter-terrorism police are investigating a third suspect in the Salisbury nerve agent attack amid suggestions he acted as look out for two Russian military intelligence assassins.
The stealth fighter pilots defended US forces against enemy bomber aircraft and also backed up US, UK, and French forces when they struck Syrian President Bashar Assad’s regime in the country’s west in response to chemical weapons attacks.
Ex-Russian spy Sergei Skripal and daughter Yulia pictured in Salisbury Zizzi restaurant at heart of… A FORMER double agent and his daughter pose in the Zizzi restaurant at the centre of a Russian spy poisoning probe. Sergei Skripal, 66, and Yulia, 33, are pictured in the same Italian where they ha… thesun.co.uk
Есть расследование про «агентов ГРУ», а есть здравый смысл Историк разведки, журналист, долгое время живущий в Лондоне, Александр Васильев, – об очередных разоблачениях тех, кто якобы отравил британского шпиона в Солсбери и занимался кибератаками в Нидерла… kp.ru
Two Russian spies – Chepiga and Mishkin – create new bogus story for the West The story of Russian citizens Russian Boshirov and Alexander Petrov shows how the West uses unmasked intelligence officers to accuse them of homicide in order to give rise to another wave of anti-Russian propaganda.
New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya malware outbreak – to the same set of hackers that Western governments say are sponsored by the Russian government. Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence
Shutterstock.com Cannabis-based medical products will soon be “available for prescription in the same way as any other Schedule 2 drug” Medical products derived from cannabis will be available on prescription from 1 November 2018, UK home secretary Sajid Javid has announced.
C ounter-terrorism police are investigating a third suspect in the Salisbury nerve agent attack amid suggestions he acted as look out for two Russian military intelligence assassins.