No casualties were reported as Western-supplied weapons helped fend off the assault. Loud explosions boomed over Kyiv as the nighttime attack combined Russian missiles launched from the air, sea and land in an apparent attempt to overwhelm Ukraine’s air defenses. The assault early Tuesday came as European leaders sought new ways to punish Russia for the war and a Chinese envoy sought traction for Beijing’s peace proposal. Russia launches 'exceptional' air attack on Kyiv as Europe, China look to exert influence (AP NEWS) Ukrainian air defenses have thwarted an intense Russian air attack on Kyiv, shooting down all 18 missiles aimed at the capital. Ukraine war: Kyiv hit by 'exceptional' number of missiles (BBC News) It is the eighth time Ukraine's capital has been targeted by Russia so far this month. Russia-Ukraine war at a glance: what we know on day 447 of the invasion (the Guardian) Ukraine claims it shot down 18 of 18 missiles in overnight attack on Kyiv Russia claims a hypersonic Kinzhal missile destroyed a Patriot surface-to-air missile defence system Russia-Ukraine war: List of key events, day 447 (Al Jazeera) As the war enters its 447th day, we take a look at the main developments. (CyberWire) Heavy drone and cruise missile strikes against Ukraine, and Ukraine answers with British-supplied Storm Shadows. Ukraine at D+446: Drone strikes and false flags. ĭateline Russia's War against Ukraine: Exchanging drone strikes. The CyberWire's continuing coverage of Russia's war against Ukraine, with special attention to the cyber phases of that war, may be found here. Presently, Netscout reports, Finland, Hungary, and Turkey are receiving most of this malign attention. ![]() To return to trends in distributed denial-of-service attacks, DDoS actions against selected targets in NATO-member nations have risen since Russia's invasion of Ukraine. Cuba behaves like a well-resourced combat support operation, its activities closely coordinated with Russian operations across the spectrum of conflict. The attribution, which TechCrunch credits to BlackBerry, is based principally on Cuba's target selection and the timing of its attacks. TechCrunch reports that the Cuba ransomware gang, most closely associated with RomCom remote access Trojan (RAT), is not actually a criminal organization, but rather a false flag being flown by a Russian intelligence service. ![]() Report: Russian espionage service masquerades as a criminal gang. Tools with this capability are expected to increase in popularity in the future. There is also, researchers report, an increased need for tools to aid in parsing logs once the data is received. Telegram has also benefited from this change, as more logs are being traded over the messaging platform. Legal action against the Genesis Market and RaidForums has slowed underground market activity. Raccoon, Vidar and Redline remain the most pervasive infostealing threats. The overall growth rate for the Russian Market forum was also rather notable, with a growth rate of 670% in logs for sale in two years (between June 2021 and May of 2023). On the Russian Market underground forum, the total amount of logs for sale increased by 150%, from two million in a day in June of last year, to five million in February of this year. ![]() Logs from infostealers that have taken user data continue to see an increase as time draws on. Secureworks released a threat report this morning discussing “ The Growing Threat from Infostealers,” which details the impact of infostealing malware on the cyber threat ecosystem. The researchers write, “We saw some indications of what the initial infection vector may have been in two victims, though this was not conclusive.” Lancefly’s reuse of tools associated with Chinese APTs suggests some connection with those groups, but Symantec regards the evidence as inconclusive for precise attribution: many of those tools have been widely shared. In its more recent activity, however, the initial infection vector was unclear. Merdoor is “injected into the legitimate processes perfhost.exe or svchost.exe.” Symantec assesses that Lancefly may have used phishing emails as an attack vector in a campaign in 2020. Lancefly’s custom back door, “Merdoor,” seems to have been around since 2018 and facilitates keylogging, multiple C2C communication methods, and the ability to listen in to local port commands. The attackers in this campaign also have access to an updated version of the ZXShell rootkit,” the researchers say. “The backdoor is used very selectively, appearing on just a handful of networks and a small number of machines over the years, with its use appearing to be highly targeted. Symantec (a Broadcom company) reported yesterday that the advanced persistent threat (APT) Lancefly is using a custom backdoor to target government, aviation, education, and telecommunication sectors in South and Southeast Asia. Lancefly, a new APT with a custom backdoor.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |