Rewritten:
A recent report from Malwarebytes has shed light on an unknown cyberespionage group named RedStinger, which appears to have attacked both Russian and Ukrainian targets. The group has been active since 2020 and may be of Russian origin, but its motivation remains uncertain. The targets of its attacks have included individuals on opposing sides of the Russian-Ukrainian conflict, leading to speculation that the group may be interested in quasi-domestic surveillance of individuals in Ukrainian provinces that have been illegally annexed by Russia. Kaspersky has also linked RedStinger to CloudWizard, which has been responsible for operations in the region dating back to 2008.
Corero has released a report showing that there has been a 300% increase in distributed denial-of-service (DDoS) “carpet-bomb” attacks between 2021 and 2022. These attacks distribute traffic across large IP address spaces, making detection and mitigation more challenging. Botnet attacks similar to the Mirai botnet also saw a significant spike in traffic during this period. The report also noted that Domain Name System (DNS) services have become prime targets for DDoS attackers, with double the number of attacks occurring in 2020.
The Australian Cyber Security Centre (ACSC), the US Federal Bureau of Investigation (FBI), and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning about the BianLian ransomware. The criminal group behind the ransomware has been targeting Australian entities in particular, but the threat is not limited to this region. The group gains access to victim systems through valid Remote Desktop Protocol (RDP) credentials and uses open-source tools and command-line scripting for discovery and credential harvesting. There are also reports of the group printing ransom notes on printers connected to the compromised network, as well as placing threatening telephone calls to employees of victim companies.
A Chinese government-linked threat actor known as “Camaro Dragon” has been targeting European foreign affairs entities using custom malware known as “Horse Shell.” The malware allows the attacker to maintain persistence on the infected machine and can be used to gain remote access, transfer files, and create tunnels. While the target vector has not been determined, Check Point Research has found significant code overlaps between Camaro Dragon’s tools and those used by Mustang Panda, another Chinese APT group.
CISA has published a compendium of its studies of the Russian government’s malicious cyber activities, which includes a discussion of the Snake malware and its disruption by the Five Eyes. While Ukraine is not a member of NATO, it has now become a “Contributing Participant” along with Ireland, Iceland, and Japan in NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). The Center for Strategic and International Studies (CSIS) also released a report examining the use of proxies in cyberspace, concluding that they have had their most significant effect in terms of propaganda.
CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog (KEV), which now includes a critical remote code execution (RCE) vulnerability affecting multiple Ruckus Wireless products. Joseph Garrison, an 18-year-old from Wisconsin, has been charged with hacking into approximately 1,300 accounts across multiple online platforms. Garrison allegedly used phishing emails to trick victims into giving him access to their accounts, which he then used to steal millions of dollars’ worth of cryptocurrencies.