Menu Close

Cyber Monitoring #6 (November 2022)

Pro-Russian hacktivists take down EU Parliament site in DDoS attack 

The website of the European Parliament suffered a DDOS attack on November 23. The attack was claimed by Anonymous Russia, a group that is part of the pro-Russian hacktivist group Killnet. The incident was confirmed by the Parliament which communicated about it on Twitter. The attack took place just after the Parliament passed a resolution recognizing Russia as a state sponsor of terrorism and called for stronger international isolation of Russia in response to recent events related to the conflicts in Ukraine.

Guadeloupe shuts down computer network due to a major cyberattack

The French overseas region declared that it had to shut down its computer network on 21st November 2022. The purpose of this decision is to prevent the propagation of the cyberattack to any other public and vital services, notably the education and transport systems. The “Conseil region” is severely affected by the cyberattack. It requested the assistance of several specialized agency such as the French cybersecurity agency (ANSSI) and the Nationale Data Protection Commission to put an end to the attack and evaluate the prejudice.

A complex cyberattack affected Iran’s state media Fars

On Friday 25 November, a large-scale cyberattack disrupted the state-sponsored news agency. The hacking operation interrupted its website for a few hours. It hampered the capacity of the Iranian regime to communicate on the ongoing protests. According to Fars news agency, it is regularly hit by cyberattacks that are launched from different countries, notably Israel. 

France announces a 30 billion euro investment to create a “cyber shield”

On November 16, Jean Noel Barrot, Minister Delegate for Digital Transition announced the creation of a fund to protect SMEs and local authorities from cyber risks. In response to the increasing number of attacks, the French government has decided to invest in the creation of a “cyber shield” to protect the most vulnerable information systems. This shield includes several measures such as the creation of an anti-scam filter available to all citizens by 2024, the launch of a cyberscore evaluating the security level of websites, the creation of a free diagnostic tool and investments intended to secure the information systems of local authorities and administrations.

China cyberattacks on Taiwan

China has intensified disinformation campaigns in Taiwan, which is predominantly composed of disseminating information in favor of the Chinese Communist Party on social media platforms. A Japanese Defense Military think tank has classified this as “public opinion warfare”, which is a non-military measure to advance China’s interests in decreasing U.S influence in the region. This is aligned with recent trends of high degrees of cyber attacks from China to Taiwan.

NATO starts cyber defense exercises in Estonia

Cyber Coalition 22 has started cyber defense exercises on November 28th, 2022. This is in line with NATO’s affirmation that cyber defense is one of its core collective defense strategies. The exercises consist of multiple stakeholders such as academics and industry field workers, where they engage in various cyber attack challenges and compose strategies. 

Australia tightens up its anti-ransomware policies

Following two large security breaches against major telco Optus and health insurance provider Medibank, Australia released important announcements in a bid to undermine the cybercriminal business. First of all, the country is planning on setting up a permanent operation comprising around 100 police and defense personnel to “hack the hackers” in a new model of offensive policing. Secondly, the country is also planning on strengthening its online privacy laws, increasing fines for repeated or serious privacy breaches from the current $1.4 million to up to $32 million. For information, Australia’s proposed fines are higher than Europe’s penalty of $20 million. Finally, Australian minister for home affairs and cybersecurity suggested banning ransomware payments. However, this proposal is far from reaching consensus. Indeed, similar proposals to ban ransomware payments have been floated internationally, but some believe doing so could be counterproductive. Criminalizing extortion payments could according to them limit visibility on attacks further by “forcing” companies to keep quiet about incidents to avoid regulatory scrutiny.

Spanish police takes down malicious cyber organization

As crypto currencies investments have become more and more mainstream, the number of scams has also risen in the recent years. Most recently, the Spanish police has taken down a malicious cyber organization which used fake investment sites to defraud over 12.3 million of euros from hundreds of victims all over Europe (but mostly targeted towards France by impersonating French financial institutions). The scam was set in a very specific manner: by clicking on links found in phishing emails, the victims would be led to fake bank websites. As a matter of fact, the organization used a very basic technique which is typosquatting, through which by changing the spelling by a letter or two, the domain still looks legit to the careless eye. Instead of investing money into the products sold by the banks, the money would instead go to the scammers’ bank accounts set in several different countries.

Tiktok or how filters can be used by cyber attackers

With the rise of Tiktok and the fury over recent trends, it is no wonder that some attackers have found interest in the social media application and its many uses. Riding the “invisible body” trend with a filter that blurs the naked body of users, malicious actors have been able to push the “WASP Stealer (Discord Token Grabber)” malware by advertising videos for a filter supposedly removing the blur on videos. Through this procedure, they were able to steal Discord accounts as well as passwords or credit cards information among many other elements. Some of those Discord servers have over 30 000 members, with a seemingly very easy operation: by clicking on a link to a GitHub repository hosting the malware, and then installing the project files such as a Windows batch as well as a malicious Python package. To appear legitimate, the project files were affiliated to a popular existing GitHub project. This type of attack shows a rising trend among cyber attackers as they focus more on open-source ecosystems.

Moldavia hack-and-leak interference operation

A hack-and-leak influence operation is currently unfolding in the Eastern European state of Moldova, where a new website named Moldova Leaks leaked private correspondence from at least two political figures. The leaked messages unsurprisingly caused a political scandal locally, promoted by the pro-Russian political opposition parties as clear-cut evidence that the actual government was corrupt. The Moldovan authorities called the leak a part of Russia’s hybrid war to destabilize their pro-European government. There are currently no strong evidence regarding the perpetrator behind this operation nor if this is directly connected with the Ukraine war. Several analysts on Twitter believe this could be the work of Russia’s GRU intelligence agency, which has done this kind of operation several times in the past