Salisbury Poisoning – 3:34 PM 10/11/2018

Spread the Knowledge
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

INSIGHTS

Add note
 

New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya malware outbreak – to the same set of hackers that Western governments say are sponsored by the Russian government.

Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence of that link, citing a pattern of “backdoors” —  or tools for remote access  — used by the hackers.

In April, ESET researchers found that the group, which they dub TeleBots, was trying to set up a new backdoor. ESET says this backdoor, known as Win32/Exaramel, is an “improved version” of the “Industroyer” backdoor used in the 2016 attack on the Ukrainian power sector, which knocked out at electrical substation outside of Kiev. The 2015 attack on Ukrainian grid, using the group’s custom BlackEnergy malware, cut power for some 225,000 people.

The group is also referred to as “Sandworm” by other cybersecurity firms.

The Win32/ Exaramel backdoors were spotted at “an organization that is not an industrial facility,” ESET’s Anton Cherepanov wrote in a blog post Thursday. The company shared its findings with Ukrainian authorities and “thanks to this cooperation the attack was successfully localized and prevented,” he added.

“The main difference between the backdoor from the Industroyer toolset and this new TeleBots backdoor is that the latter uses XML format for communication and configuration instead of a custom binary format,” Cherepanov wrote. The two backdoors have strong similarities in their code, according to ESET.

“The discovery of Exaramel shows that the TeleBots group is still active in 2018 and the attackers keep improving their tools and tactics,”Cherepanov added.

Another TeleBots backdoor was integral to NotPetya, according to ESET. In June 2017, the NotPetya wiper malware infected accounting software in Ukraine and spread to dozens of countries while disrupting pharmaceutical and shipping companies. NotPetya, for which the U.S. and British governments blamed the Russian military, cost shipping giant Maersk an estimated $300 million.

The ESET research comes a week after the Department of Justice announced charges against seven Russian military officers for hacking operations that targeted anti-doping agencies and a chemical testing lab, among other organizations. Western government officials and security analysts have linked those military officers to the same broad set of Russian hackers covered by the ESET research.

John Hultquist, director of threat intelligence at FireEye, on Thursday said the Sandworm hackers had split their operations into two broad categories in recent years.

“After they cut off the power [in Ukraine] they went two directions: more complex attack on [industrial control systems] and simpler but highly effective ransomware attacks against larger pools of targets,” Hultquist tweeted.

Salisbury Poisoning

LATEST

chemical weapons

Breitbart News

UK Security Services Braces for Terrorist Chemical and Biological Weapon Attacks

His comments come months after the chaotic government response to a state-sponsored chemical weapons attack in Salisbury, England, in March…. Responding to Ben Wallace’s comments on potential chemical weapon attacks, Britain’s most senior counter-terrorism officer Neil Basu said:

8min

chemical weapons in Syria

Newsweek

US Finally Reveals What It Really Wants Now in Syria

About a week after the Trump administration suggested it would officially abandon prioritizing Assad’s removal , allegations emerged that the Syrian military had used chemical weapons in a deadly attack in the rebel-held province of Idlib.

11min

руслан боширов

Курьер.Среда.Бердск

СМИ: Боширов и Петров следили за Скрипалем в Чехии‍

Обвиняемые властями Великобритании в отравлении бывшего полковника ГРУ Сергея Скрипаля и его дочери Юрии россияне Александр Петров и Руслан Боширов в октябре 2014 года тайно посетили Чехию, куда в это же время должен был прибыть и сам Скрипаль для встреч с представителями чешских спецслужб, сообщает в среду пражский Радиожурнал со ссылкой на свои источники в спецслужбах. Запрошенные в этой связи

13min

sajid javid

WRAL.com

Britain to Allow Prescriptions for Medicinal Cannabis

The change was announced Thursday by Home Secretary Sajid Javid, after he called for an urgent review of cannabis-based medicinal products over the summer.

29min

shoigu

TASS

Russian defense chief arrives in Uzbekistan to attend CIS defense ministers’ council

Russian Defense Minister Sergei Shoigu has arrived in Tashkent, where he will take part in the session of the Council of CIS Defense Ministers, Shoigu’s Press Secretary Rossiyana Markovskaya told reporters on Thursday.

33min

chemical weapons in Syria

Business Insider

F-22 stealth jets backed down 587 enemy aircraft in their first ‘combat surge’ over Syria

The stealth fighter pilots defended US forces against enemy bomber aircraft and also backed up US, UK, and French forces when they struck Syrian President Bashar Assad’s regime in the country’s west in response to chemical weapons attacks.

33min

руслан боширов

inoСМИ.Ru

Forum24 (Чехия): Российские агенты, подозреваемые в покушении на Скрипаля, бывали в Чехии

Forum24 , Чехия © AP Photo, Metropolitan Police via AP | Перейти в фотобанк Президент Чехии Земан и экс-президент Клаус утверждают, что Россия не представляет угрозы для Чехии, чего не скажешь о некоторых СМИ этой страны. Автор заметки в “Форум24” на основании информации о пребывании российских сотрудников ГРУ под видом туристов в Чехии в октябре 2014 года, когда там же находился и Скрипаль, декл

35min

salisbury poisoning – Google News: Police investigate third Russian suspect in Salisbury poisoning case – Telegraph.co.uk

C ounter-terrorism police are investigating a third suspect in the Salisbury nerve agent attack amid suggestions he acted as look out for two Russian military intelligence assassins. Investigators have identified a “third man”  in the poisoning of Colonel Sergei Skripal as a Russian national travelling under the name Sergei Fedotov. Flight details obtained by an independent and respected Russian

36min

salisbury poisoning – Google News: Russian Website Names Third GRU Officer Involved in Salisbury … – The Moscow Times

The Fontanka news website named on Wednesday a third GRU military intelligence operative, Sergey Fedotov, as having been involved in trying to kill ex-spy Sergei Skripal in the English city of Salisbury. The website said records show Fedotov visited Britain in 2016, 2017 and 2018 and left the country on March 4 this year, the same day as two other GRU agents who have already been named. Skripal a

36min

Боширов и Петров

#Буквы

Отравление Скрипалей: расследователи установили, где проживают «Петров» и «Боширов»

Расследование опубликовано на сайте CIT . Так, по наводке расследователей корреспонденты российского телеканала “Дождь” 9 октября наведались по адресу регистрации Александра Евгеньевича Мишкина в Москве. Дверь им открыл мужчина, который представился Александром Дмитриевичем Мишкиным. “Он не опознал Мишкина (Петрова) по фотографии, хотя видел новости про “солсберецких ГРУшников “. Мужчина удивился

42min

salisbury poisoning

Yahoo News UK

Police investigate third Russian suspect in Salisbury poisoning case

Counter-terrorism police are investigating a third suspect in the Salisbury nerve agent attack amid suggestions he acted as look out for two Russian military intelligence assassins.

53min

Salisbury

Telegraph.co.uk

Police build case against third Russian suspect in Salisbury poisoning case

C ounter-terrorism police are investigating a third suspect in the Salisbury nerve agent attack amid suggestions he acted as look out for two Russian military intelligence assassins.

53min

chemical weapons in Syria

Business Insider UK

F-22 stealth jets backed down 587 enemy aircraft in their first ‘combat surge’ over Syria

The stealth fighter pilots defended US forces against enemy bomber aircraft and also backed up US, UK, and French forces when they struck Syrian President Bashar Assad’s regime in the country’s west in response to chemical weapons attacks.

52min

Salisbury Poisoning – Russia News: “Касаясь солсберийской истории…” – 12:01 PM 10/11/2018

Ex-Russian spy Sergei Skripal and daughter Yulia pictured in Salisbury Zizzi restaurant at heart of… A FORMER double agent and his daughter pose in the Zizzi restaurant at the centre of a Russian spy poisoning probe. Sergei Skripal, 66, and Yulia, 33, are pictured in the same Italian where they ha… thesun.co.uk

58min

Salisbury Poisoning – Russia News: GRU prepares for Hurricane Michael | No Comments. – 8:48 AM 10/11/2018 | Bike with Mike!

Есть расследование про «агентов ГРУ», а есть здравый смысл Историк разведки, журналист, долгое время живущий в Лондоне, Александр Васильев, – об очередных разоблачениях тех, кто якобы отравил британского шпиона в Солсбери и занимался кибератаками в Нидерла… kp.ru

58min

boshirov AND petrov

Telegraph.co.uk

Police build case against third Russian suspect in Salisbury poisoning case

Chepiga and Mishkin – under their aliases Ruslan Boshirov and Alexander Petrov – have already been charged in absentia with the attack.

59min

Two Russian spies – Chepiga and Mishkin

Two Russian spies – Chepiga and Mishkin – create new bogus story for the West The story of Russian citizens Russian Boshirov and Alexander Petrov shows how the West uses unmasked intelligence officers to accuse them of homicide in order to give rise to another wave of anti-Russian propaganda.

59min

sandworm hacking group

CyberScoop

Researchers link tools used in NotPetya and Ukraine grid hacks

New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya malware outbreak – to the same set of hackers that Western governments say are sponsored by the Russian government. Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence

1h

Medical cannabis will be available on prescription from 1 November 2018, UK government announces

Shutterstock.com Cannabis-based medical products will soon be “available for prescription in the same way as any other Schedule 2 drug” Medical products derived from cannabis will be available on prescription from 1 November 2018, UK home secretary Sajid Javid has announced.

1h

russian military intelligence

Telegraph.co.uk

Police investigate third Russian suspect in Salisbury poisoning case

C ounter-terrorism police are investigating a third suspect in the Salisbury nerve agent attack amid suggestions he acted as look out for two Russian military intelligence assassins.

1h


Spread the Knowledge
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Leave a Reply

Your email address will not be published. Required fields are marked *