Menu Close

Cyber Monitoring #5 (October 2022)

Massive cyberattack targeting Latin American armies
Chile, Mexico, El Salvador, Peru and Colombia

In late September, the governments of Chile, Mexico, El Salvador, Peru and Colombia disclosed that they had suffered a massive cyberattack on their armed forces. The threat actors stole 10 terabytes of data including millions of emails, confidential information detailing military operations and contracts.

The attack was claimed by a group of cyber activists, Guacamaya, who leaked the data to journalists who have begun to reveal its contents. They denounce the repressive police and military forces of these countries and condemn a too close link with the United States. Mexico has been particularly affected by this cyber attack, which is the largest in its history: millions of emails and confidential documents of the army have been made public. Classified information concerning the health of President A.M. Lopez Obrador was also published.

A cyber attack paralyzes the Seine Maritime French department 

The department of Seine-Maritime was hit by a cyberattack on October 10. The department had to “completely” shut down its networks, after a hacking affecting a large part of its services which were and are still operating in “highly degraded mode”. Some online applications are still completely inaccessible. Users report delays in the processing of their applications for social assistance and exceptional methods for the payment of social allowances blocked by the attack has also been implemented. The ANSSI and he CNIL are working with the department to protect the data and restore access to the computer system to users and employees. An investigation was opened by the cybercrime section of the Paris prosecutor’s office.

A massive health insurance hack occurs in Australia

Australia’s health insurance company Medibank that has 3.7 million consumers was the victim of a health insurance hack. 200 GB in medial records were stolen and held for ransom. Due to the cyber crime, approximately 223,000 people’s personal health information has been revealed. The information included credit card numbers, medical records, and names. This led to the Australian government imposing stricter regulations regarding personal information data.

The Australian Attorney-General has criticized Australia’s safety measures against cyber attacks as inadequate, as the Medibank hack came after another cyber attack against the telecom company Optus. Investigations are ongoing by the Australian Cyber Security Agency and the Australian Signals Directorate. 

Germany fires its president of the Federal Office for Information Security 

Germany fired its president of the Federal Office for Information Security, Arne Schoenbohm, after controversies regarding personal ties to Russian security services. Criticism rose when there were media reports that the Cyber Security Council of Germany, which Schoenbohm co-founded had members from a German company that is a subsidiary of a Russian cybersecurity firm. Cyber Security Council of Germany has rejected such claims. Schoenbohm himself has denied these allegations as well and said he is no longer active in the Cyber Security Council.

This is in accordance with accusations Germany made against Russia for hacking Germany’s rail infrastructure that caused rail services to be suspended for three hours. It is clear that the tension between the two countries continue to rise. 

China-backed disinformation campaign hits the US midterm elections
United States

A disinformation campaign targeting US mid-term elections has been observed by Mandiant, an American cybersecurity firm. The responsible group, dubbed DRAGONBRIDGE, is believed to be acting in support of Chinese national interest, with links to the Chinese government and the People’s Liberation Army.

The group spread altered news articles and memes targeting the Democratic Party on social media, notably on Facebook and Twitter. Its aim was to sow doubt in the American democratic system and encourage abstention, as well as to turn the US allies against them. For example, one of the narratives points to the responsibility of the US government for the Nord Stream gas pipeline explosions. Despite nuanced tactics to boost credibility, through impersonating Republican voters or even groups known for fighting Chinese intelligence like Intrusion Truth, the efforts have been of limited success.

Ukraine and Poland attacked by new “Prestige” ransomware
Ukraine, Poland

On October 10, Ukraine and Poland were hit by a novel ransomware group. The malware, dubbed “Prestige”, has been used against the two states’ logistics and infrastructure sectors. The attackers first gained administrator access of numerous firms across the industry, to then encrypt their files and demand ransom for decrypting them. The Microsoft Threat Intelligence Center, who first uncovered the attacks, could not attribute responsibility to any of the 94 known threat groups, and is referring to the new actor as DEV-0960. However, they point out that the victim list of Prestige shares some similarities with other Russia-linked ransomware families.