Ugh, antivirus on Windows keeps trying to manage the settings for me but I'm perfectly capable of that myself I only want it to scan for viruses and not for it to be my assistant
⚡ Unearthed: CosmicEnergy, malware for causing Kremlin-style power disruptions
➥ @arstechnica
"Researchers have uncovered malware designed to disrupt electric power transmission and may have been used by the Russian government in training exercises for creating or responding to cyberattacks on electric grids."
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #19/2023 is out! It includes, but not only:
‣ New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing #Phishing Pages
‣ #Netgear Routers' Flaws Expose Users to #Malware, Remote Attacks, and Surveillance
‣ 🇮🇹 🏎️ #WordPress Plugin Vulnerability Exposed #Ferrari Website to Hackers
‣ 🇯🇵 🚗 #Toyota Japan exposed data on millions of vehicles for a decade
‣ 📨 #Microsoft patches bypass for recently fixed Outlook zero-click bug
‣ 🇺🇸 🇺🇦 IRS gives #Ukraine tools to expose Russian oligarchs hiding riches in #crypto exchanges
‣ 🇨🇭 Multinational tech firm #ABB hit by Black Basta #ransomware attack
‣ 🐥 #Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
‣ 🇺🇸 Cybersecurity firm #Dragos discloses cybersecurity incident, extortion attempt
‣ 🇰🇵 North Korean hackers breached major hospital in Seoul to steal data
‣ 🇺🇸 #Google Now Lets US Users Search #DarkWeb for Their Gmail ID
‣ 🇺🇸 #IBM Delivers Roadmap for Transition to Quantum-safe #Cryptography
‣ 🇪🇸 Spanish police dismantle phishing operation linked to crime ring
‣ 🇺🇸 Microsoft #PatchTuesday: 40 Vulnerabilities, 2 Zero-Days
‣ 🇺🇸 🇷🇺 Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by #Russia's Federal Security Service
‣ 🇺🇸 Feds seize 13 more DDoS-for-hire platforms in ongoing international crackdown
‣ #MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web
‣ 🇮🇷 Microsoft: Iranian hacking groups join #Papercut attack spree
📚 This week's recommended reading is: "The Pentester BluePrint: Starting a Career as an Ethical Hacker" by @phillipwylie and @crowgirl
It was not an FBI only operation. It was a 5-eyes operation. The FBI did not take down the entire 'Snake Network'. They merely led the US side.
Center 16 of the FSB is claimed to be behind the malware and attacks.
In 2014, after public researchers had identified the malware, Center 16 renamed the string 'Ur0bUr()sGo#' to 'gLASs D1ick' within the malware - probably to give a middle finger to researchers investigating the malware. The malware is said to have the developers monikers included within the malware.
The malware was used to also target journalists and dissents. A US journalist, covering Russian affairs was targeted, as an example.
The malware modified TCP & HTTP packets for communication and exfiltration. The FBI imitated these modifications, with 'Perseus', in order to attribute and disable infected machines.
FBI argued they did not have the resources (man power with expertise) to physically disable the malware, so they requested (and were granted) remote search warrants.
FBI’s operation Medusa cuts off Russian malware called ‘snake’. Their countering application communicates with infected devices and orders it to overwrite itself. A very interesting aspect is that this malware has existed in a useful format for two decades.
Block the entire dot-zip top-level domain https://youtu.be/V82lHNsSPww
[ThioJoe] discovers that Zip filenames in old posts are being converted to links to malware websites retroactively
Cybercrime gang pre-infects millions of #Android devices with #malware
TrendMicro holding details close (as of this post).
These pre-infected Android devices have the "Guerilla" malware installed, which can load additional malware. It pretty much compromises the entire device.