30.09.2024

Germany Accuses Russian GRU of Cyberattacks on NATO and the EU
Germany has accused Unit 29155 of Russia’s GRU of orchestrating a series of cyberattacks targeting NATO and EU countries, with objectives ranging from espionage and sabotage to reputation damage. The unit, also known as Cadet Blizzard or Ember Bear, is reported to have been behind the WhisperGate attacks on Ukrainian entities in January 2022, just a month prior to Russia’s invasion of Ukraine.
German intelligence, collaborating with the FBI, U.S. Cybersecurity and Infrastructure Security Agency, National Security Agency, and other international partners, identified these hackers as being linked to Russia’s 161st Specialist Training Center, a subdivision of Unit 29155.
Germany's Federal Office for the Protection of the Constitution emphasized that the goal of these cyberattacks is to undermine critical infrastructure and extend Russia’s influence globally.
Source:https://lb.ua/world/2024/09/09/633793_nimechchina_zvinuvatila_pidrozdil.html

New Android Malware Steals Cryptocurrency Phrases via OCR
McAfee has identified a new type of Android malware, called SpyAgent. This malware exploits optical character recognition (OCR) technology to steal mnemonic phrases from cryptocurrency wallets.
SpyAgent is distributed through 280 APK files circulating outside the official Google Play Store, often disguised as government services, dating apps, or adult websites. While the primary targets of this malware are users in South Korea, there are plans to expand its reach to the United Kingdom. Additionally, signs point to an iOS version currently under development.
Once a device is infected, SpyAgent collects and transmits contact lists, incoming SMS messages containing one-time passwords (OTPs), OCR images, and other sensitive information to command-and-control servers. The malware can also modify sound settings and send phishing SMS to propagate further.
Researchers have also discovered vulnerabilities in SpyAgent’s infrastructure, allowing them to access the administrative panels of malicious servers and identify victims.
Source: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/

Ukraine’s Military Intelligence Executes Successful Cyberattack on Russian Enterprises
On September 7, 2024, Ukraine’s Main Intelligence Directorate (GUR) carried out a cyberattack against several Russian companies involved in military aggression against Ukraine. The attack wiped out system files, databases, and backups on 14 servers, disrupting the operations of these enterprises.
The targeted companies include SMKomplekt EK, KristElKom, KonturNIIRS, Chip-prof, Chelyabinsk Plant of Industrial Modernization, SibInstrument, and Smetka.ru. The attack also impacted the Simferopol Forum.
Link to full article: https://www.epravda.com.ua/news/2024/09/8/719053/

Microsoft Fixes Zero-Day Exploit in Windows
Microsoft has patched a critical zero-day vulnerability (CVE-2024-43461), which had been actively exploited by the Void Banshee group for data theft and ransom demands. The flaw, located in MSHTML, allowed cybercriminals to infiltrate systems, steal sensitive data, and distribute malware.
Void Banshee’s attacks were primarily aimed at organizations in North America, Europe, and Southeast Asia. Along with the patch, Microsoft has warned of other potential vulnerabilities linked to this campaign.
Source: https://winbuzzer.com/2024/09/16/microsoft-addresses-exploited-windows-vulnerability-xcxwbn/

Critical Vulnerability in Microchip ASF Threatens IoT Devices
A severe vulnerability (CVE-2024-7490) has been uncovered in the Microchip Advanced Software Framework (ASF), posing a risk of remote code execution on IoT devices. With a CVSS score of 9.5, this vulnerability is tied to buffer overflow issues and can propagate rapidly due to inadequate software support.
CERT/CC has warned of possible attacks leveraging this flaw, which could present significant threats to IoT devices worldwide.
Source: https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html
Reminder: Don’t forget to subscribe to the CyberNews channel on WhatsApp to receive the latest industry news directly in your preferred messenger.