Connect with us

Tech

Pro-Russia hack campaigns are running rampant in Ukraine

Published

on

Pro-Russia hack campaigns are running rampant in Ukraine

FROM RUSSIA WITH …. —

Hacks also exploit critical Follina vulnerability and phishing campaigns.


Pro-Russia hack campaigns are running rampant in Ukraine

Getty Images

Pro-Russian threat actors are continuing their unrelenting pursuit of Ukrainian targets, with an array of campaigns that include fake Android apps, hack attacks exploiting critical vulnerabilities, and email phishing attacks that attempt to harvest login credentials, researchers from Google said.

One of the more recent campaigns came from Turla, a Russian-speaking advanced persistent threat actor that’s been active since at least 1997 and is among the most technically sophisticated in the world. According to Google, the group targeted pro-Ukrainian volunteers with Android apps that posed as launchpads for performing denial-of-service attacks against Russian websites.

Google

“All you need to do to launch the process is install the app, open it and press start,” the fake website promoting the app claimed. “The app immediately begins sending requests to the Russian websites to overwhelm their resources and cause the denial of service.”

In fact, a researcher with Google’s threat analysis group said, the app sends a single GET request to a target website. Behind the scenes, a different Google researcher told Vice that the app was designed to map out the user’s Internet infrastructure and “work out where the people that are potentially doing these sorts of attacks are.”

The apps, hosted on a domain spoofing the Ukrainian Azov Regiment, mimicked another Android app Google first saw in March that also claimed to perform DoS attacks against Russian sites. Unlike the Turla apps, stopwar.apk, as the latter app was named, sent a continuous stream of requests until the user stopped them.

Google

“Based on our analysis, we believe that the StopWar app was developed by pro-Ukrainian developers and was the inspiration for what Turla actors based their fake CyberAzov DoS app off of,” Google researcher Billy Leonard wrote.

Other hacking groups sponsored by the Kremlin have also targeted Ukrainian groups. Campaigns included the exploitation of Follina, the name given to a critical vulnerability in all supported versions of Windows that was actively targeted in the wild for more than two months as a zero-day.

Google researchers confirmed a CERT-UA report from June that said a different Kremlin-sponsored hacking group—tracked under a variety of names including Fancy Bear, known as Pawn Storm, Sofacy Group, and APT28—was also exploiting Follina in an attempt to infect targets with malware known as CredoMap. Additionally, Google said that Sandworm—yet another group sponsored by the Russian government—was also exploiting Follina. That campaign used compromised government accounts to send links to Microsoft Office documents hosted on compromised domains, primarily targeting media organizations in Ukraine.

CERT-UA

Security firm Palo Alto Networks, meanwhile, reported on Tuesday that Russia’s Cloaked Ursa hacking group (also known as APT29, Nobelium, and Cozy Bear) had also stepped up malware attacks since the start of Russia’s invasion of Ukraine, in part by making malicious files for download available on Dropbox and Google Drive. US and UK intelligence services have publicly attributed APT29 to Russia’s Foreign Intelligence Service (SVR).

“This aligns with the group’s historic targeting focus, dating back to malware campaigns against Chechnya and other former Soviet bloc countries in 2008,” Palo Alto Networks researchers Mike Harbison and Peter Renals wrote. More recently, APT29 has been linked to a hack of the US Democratic National Committee discovered in 2016 and the SolarWindows supply-chain attacks from 2020.

Not all the threat groups targeting Ukraine are Kremlin-sponsored, Google said. Recently, a financially motivated actor tracked as UAC-0098 impersonated the State Tax Service of Ukraine and delivered malicious documents that attempted to exploit Follina. Google said the actor is a former initial ransomware access broker that previously worked with the Conti ransomware group.

On Wednesday, the US Cyber Command shared technical details related to what the agency said are several types of malware targeting Ukrainian entities in recent months. The malware samples are available on VirusTotal, Pastebin, and GitHub. Security firm Mandiant said two separate espionage groups used the malware, one tracked as UNC1151 and attributed by Mandiant to the Belarusian government and the other tracked as UNC2589, which the firm said is “believed to act in support of Russian government interest and has been conducting extensive espionage collection in Ukraine.”

The European Union also called out the Russian government this week, noting that a recent distributed denial-of-service campaign was only the latest example of cyberattacks it launched since its invasion.

“Russia’s unprovoked and unjustified military aggression against Ukraine has been accompanied by a significant increase of malicious cyber activities, including by a striking and concerning number of hackers and hacker groups indiscriminately targeting essential entities globally,” EU officials wrote. “This increase in malicious cyber activities, in the context of the war against Ukraine, creates unacceptable risks of spillover effects, misinterpretation, and possible escalation.”

Read More

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Tech

Nothing announces official launch date for new Ear (stick) AirPods alternatives

Published

on

By

Nothing announces official launch date for new Ear (stick) AirPods alternatives
Nothing Ear (stick) held by a model on white background



(Image credit: Nothing )

True to form, Nothing has just announced the full reveal date for its upcoming audio product, Ear (stick). 

So, an announcement about an announcement. You’ve got to hand it to Carl Pei’s marketing department, they never miss a trick.

What we’re saying is that although we still have ‘nothing’ conclusive about the features, pricing or release date for the Ear (stick) except an image of another model holding them (and we’ve seen plenty of those traipsing down the catwalk recently), we do have a date – the day when we’ll be granted official access to this information. 

That day is October 26. Nothing assures us that on this day we’ll be able to find out everything, including pricing and product specifications, during the online Ear (stick) Reveal, at 3PM BST (which is 10AM ET, or 1AM on Wednesday if you’re in Sydney, Australia) on nothing.tech (opens in new tab)

Any further information? A little. Nothing calls the Ear (stick), which is now the product’s official name, “the next generation of Nothing sound technology”, and its “most advanced audio product yet”. 

But that’s not all! Apparently, Ear (stick) are “half in-ear true wireless earbuds that balance supreme comfort with exceptional sound, made not to be felt when in use. They’re feather-light with an ergonomic design that’s moulded to your ears. Delivered in a unique charging case, inspired by classic cosmetic silhouettes, and compactly formed to simply glide into pockets.” 

Opinion: I need more than a lipstick-style case

Nothing Ear (stick) – official leaked renders pic.twitter.com/FrhKmRttmiOctober 1, 2022

See more

It’s no secret that I want Nothing’s earbuds to succeed in world dominated by AirPods; who doesn’t love a plucky, eccentric underdog? 

But in order to become some of the best true wireless earbuds on the market, there is room for improvement over the Nothing Ear 1, the company’s inaugural earbuds. 

Aside from this official ‘news’ from Nothing, leaked images and videos of the Ear (stick) have been springing up all over the internet (thank you, developer Kuba Wojciechowski) and they depict earbuds that look largely unchanged, which is a shame. 

For me, the focus needs to shift from gimmicks such as a cylindrical case with a red section at the end which twists up like a lipstick. Don’t get me wrong, I love a bit of theater, but only if the sound coming from the earbuds themselves is top dog. 

As the natural companions for the Nothing Phone 1, it makes sense for the Ear (stick) to take a place similar to that of Apple’s AirPods 3, where the flagship Ear (1) sit alongside the AirPods Pro 2 as a flagship offering. 

See, that lipstick case shape likely will not support wireless charging. That and the rumored lack of ANC means the Ear (stick) is probably arriving as the more affordable option in Nothing’s ouevre. 

For now, we sit tight until October 26. 

Becky is a senior staff writer at TechRadar (which she has been assured refers to expertise rather than age) focusing on all things audio. Before joining the team, she spent three years at What Hi-Fi? testing and reviewing everything from wallet-friendly wireless earbuds to huge high-end sound systems. Prior to gaining her MA in Journalism in 2018, Becky freelanced as an arts critic alongside a 22-year career as a professional dancer and aerialist – any love of dance starts with a love of music. Becky has previously contributed to Stuff, FourFourTwo and The Stage. When not writing, she can still be found throwing shapes in a dance studio, these days with varying degrees of success.  

Read More

Continue Reading

Tech

YouTube could make 4K videos exclusive to Premium subscribers

Published

on

By

YouTube could make 4K videos exclusive to Premium subscribers
Woman watching YouTube on mobile phone screen



(Image credit: Shutterstock / Kicking Studio)

You might soon have to buy YouTube Premium to watch 4K YouTube videos, a new user test suggests.

According to a Reddit thread (opens in new tab) highlighted on Twitter by leaker Alvin (opens in new tab), several non-Premium YouTube users have reported seeing 4K resolution (and higher) video options limited to YouTube Premium subscribers on their iOS devices. For these individuals, videos are currently only available to stream in up to 1440p (QHD) resolution.

The apparent experiment only seems to be affecting a handful of YouTube users for now, but it suggests owner Google is toying with the idea of implementing a site-wide paywall for access to high-quality video in the future.

So, after testing up to 12 ads on YouTube for non-Premium users, now some users reported that they also have to get a Premium account just to watch videos in 4K. pic.twitter.com/jJodoAxeDpOctober 1, 2022

See more

It’s no secret that Google has been searching for new ways to monetize its YouTube platform in recent months. In September, the company introduced five unskippable ads for some YouTube users as part of a separate test – an unexpected development that, naturally, didn’t go down well with much of the YouTube community. 

A resolution paywall seems a more palatable approach from Google. While annoying, the change isn’t likely to provoke the same level of ire from non-paying YouTube users as excessive ads, given that many smartphones still max out at QHD resolution anyway. 

Of course, if it encourages those who do care about high-resolution viewing to invest in the platform’s Premium subscription package, it may also be more lucrative for Google. After all, YouTube Premium, which offers ad-free viewing, background playback and the ability to download videos for offline use, currently costs $11.99 / £11.99 / AU$14.99 per month.

Suffice to say, the subscription service hasn’t taken off in quite the way Google would’ve hoped since its launch in 2014. Only around 50 million users are currently signed up to YouTube Premium, while something close to 2 billion people actively use YouTube on a monthly basis. 

Might the addition of 4K video into Premium’s perk package bump up that number? Only time will tell. We’ll be keeping an eye on our own YouTube account to see whether this resolution paywall becomes permanent in the coming months.

Axel is a London-based staff writer at TechRadar, reporting on everything from the newest movies to latest Apple developments as part of the site’s daily news output. Having previously written for publications including Esquire and FourFourTwo, Axel is well-versed in the applications of technology beyond the desktop, and his coverage extends from general reporting and analysis to in-depth interviews and opinion. 

Axel studied for a degree in English Literature at the University of Warwick before joining TechRadar in 2020, where he then earned a gold standard NCTJ qualification as part of the company’s inaugural digital training scheme. 

Read More

Continue Reading

Tech

Europe sets deadline for USB-C charging for (almost) all laptops

Published

on

By

Europe sets deadline for USB-C charging for (almost) all laptops

USB-C als Ladestandard in der EU

Mundissima / Shutterstock


Author: Michael Crider
, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Read More

Continue Reading

Trending

Copyright © 2022 Xanatan