The GRU is the Main Directorate of the General Staff of the Armed Forces of the Russian Federation and is Russia’s largest foreign intelligence agency. It was found that the 7 officers were part of a retaliation and delegitimizing campaign against anti-doping organizations who exposed the Russian state sponsored athlete doping program.

Russia has a long history of doping in sport, including the Olympics, they have had 51 medals stripped for doping violations, the most of any country.

The officers are alleged to have hacked into the accounts of anti-doping officials from several agencies in order to steal information and launch an attack to discredit them. There was also evidence of campaigns to tarnish the reputation of other athletes by suggesting they were also doping.

Once the information was stolen, it was distributed on social media under the “Fancy Bears’ Hack Team” alias. Twitter was one of the main social media platforms used. The 7 would contact reporters to leak information to in order to generate media attention.

The United Kingdom National Cyber Security Centre (NCSC) has identified other hacking groups associated with the GRU.  The other hacking groups are; APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Voodoo Bear, Cyber Berkut, BlackEnergy Actors, STRONTIUM, Tsar Team and Sandworm.

APT have hit the headlines before after they were found to compromise LoJack, a legitmate piece of software, in order to infiltrate organizations and install malware. Sednit also hit the headlines after it was found that they were responsible for creating the first UEFI Rootkit seen in the wild.

The post US charges 7 Russian GRU Officers with International Hacking appeared first on Hack Ware News.

It goes without saying that if they ever decrypt those packets, they could stumble upon important transactions, email addresses, credit card numbers, etc.

Your Mikrotik router could be one of over 7500 units with maliciously enabled Socks4 proxies and injected crypto-mining scripts. This number could grow as the attackers continuously scan for other vulnerable routers using yours. There are about 370,000 more routers out there that are potentially vulnerable to this attack.

That number may seem small but one router can service one to several hundred users connected to the internet. Most of the affected routers are from Brazil, the United States, India and Russia, with Russia as being the most affected; which makes sense given that Mikrotik is a Latvian communications company and distributions in Russia would be more prevalent.

The attackers use a previously disclosed vulnerability used by the CIA known as the Winbox Any Directory File Read (CVE-2018-14847). This vulnerability found in Mikrotik routers can allow attackers to maliciously enable the Socks4 proxy through malware, bypass the network’s firewall and eavesdrop on network traffic by transmitting data packets to the attackers. Aside from network eavesdropping, the attackers could inject crypto-mining scripts (Coinhive) into your network’s HTTP 403 page, meaning every time a user is denied access to a web page, someone gets richer.

…By doing this, the attacker hopes to perform web mining for all the proxy traffic on the users’ devices… What is disappointing for the attacker though, the mining code does not work in this way, because all the external web resources, including those from coinhive.com necessary for web mining, are blocked by the proxy ACLs set by attackers themselves.

–Netlab

The attackers also check on barely used ports namely SNMP 161 and 162 for some unknown purpose. Something administrators need to check into.

We also noticed the SNMP port 161 and 162 are also top on the list. This deserve some questions, why the attacker is paying attention to the network management protocol regular users barely use? Are they trying to monitor and capture some special users’ network SNMP community strings?

–Netlab

The solution is for network administrators to patch the known vulnerability through security updates rolled out by Mikrotik. But as per the Chinese researchers, there are over a million more routers out there that are vulnerable despite the patch. Reboots won’t help either as the infected machines will transmit updated IP addresses of the routers.

Though given time, if the problem is not patched, the hackers could find a way to circumvent the Coinhive problem. Administrators are also urged to continue checking their HTTP and Socks4 proxy traffic for signs of attacks. Netlab also recommends that Mikrotik come up with a patch to add an internet-inbound denial function to their Webfig and Winbox ports.

The post Your Router from Mikrotik Could Be Spying on You appeared first on Hack Ware News.

They’re also busy sowing chaos on Instagram as well resulting in thousands of users being forced to say goodbye to their Instagram accounts and their hundreds of respective followers. For some unknown reason, these Instagram accounts are being hijacked by Russian hackers rendering them inaccessible.

This problem has apparently been going on for weeks.

Because regaining access to accounts is largely automatic, albeit a torturous one, the issue has gone unreported for some time. That is until it trended on Twitter where Instagram users have voiced their frustrations. Instagram mainly sends automatic messages to users on how to regain access to their accounts as well as some tips to help the users secure their accounts.

Though Instagram, which has more than 1 billion users, says it hasn’t seen an uptick in hacks, a search of Twitter data suggests otherwise. Twitters users have directed approximately 798 tweets to Instagram’s official account with the word ‘hack’ since the beginning of the month, compared with about 40 tweets during the same period in July… There are numerous reports of hacks on Reddit, and a Google Trends search shows a spike in searches for “Instagram hacked” on Aug. 8, and again on Aug. 11.

–Mashable

We are aware that some people are having difficulty accessing their Instagram accounts. If you think you have been impacted, please follow our guidance to regain access: https://t.co/DfHpQuk9SJ

— Instagram (@instagram) August 15, 2018

–Instagram, Twitter

Thousands of users report that they suddenly found themselves unable to access their accounts. When they try to access, they find that their registered emails have been changed to something with a .ru domain. Users profile pictures have also been replaced with stills from popular Disney/Pixar films as well as their phone numbers and short bios. The .ru domain mostly points to Russian involvement though given the benefit of a doubt, people can easily register to a Russian email service.

What’s common about the hack is that the accounts involved may not have had enough security, weak passwords and the lack of two-factor authentication. But two-factor authentication is also not a guarantee that accounts will not be hacked as there were victims that also use the security feature which is quite unnerving, as the feature though tedious, guarantees a high level of security.

Users have been voicing their frustrations over Twitter and other social media avenues on how Instagram has failed to support them. Frustrated users have threatened to say “doh sveedahneeyah” to the platform, while many are anxious to leave as Instagram has become their social media avenue in terms of additional exposure for business. Many of these accounts have hundreds if not thousands of followers these users depend on. Some have put up replacement accounts until Instagram gets their act together.

Security experts speculate that the hacked accounts not recovered will be used as spam bots and that the contents will become a measure of proof that they’re valid. Users mostly see the hacks as a danger to their privacy; or in terms of social media, selective exposure. By now, the best option for Instagram users is to immediately switch to a new, more secure password, enable two-factor authentication and to post pre-emptive warnings and maybe even set up a backup account.

The post Users Say “Doh sveedahneeyah” to Their Instagram Accounts appeared first on Hack Ware News.

For instance, the American soccer fans were advised by U.S. National Counterintelligence and Security Center not to bring any mobile phone, laptop, PDA and other electronic devices for the World Cup event in Russia. As these devices will be targeted for hacking by malicious cyber criminals and even by the Russian government.

Best Practice for American World Cup Travellers

In the world of wireless connectivity, it is hard to imagine leaving these devices at home before travelling to big events like the World Cup. But the US officials did make some leeway and stated that the best practice for World Cup travelers are to use different mobile device from the usual one and remove the battery when not in use.

To the US officials, the World Cup traveler should not think that his/her devices are insignificant as compared to the corporate and government officials and thus being spared from hacking. These drastic precautionary measures and mentality may stem from the alleged Russian hacking of the 2016 US presidential election or simply by the perceptions of the state-sponsored hackings associated with Russia.

The Empire strikes back

England football hooligans may have some bad blood with theRussian hooligans as seen back in the Euro 2016. Probably, similar unpleasant incidents were experienced by the UK’s National Cyber Security Center (NCSC) with their Russian counterparts as well which led the department to “providing expert cyber security advice to the (UK) Football Association ahead of their departure to Russia for the 2018 FIFA World Cup.”

Moreover, England soccer fans bound for Russia were advised to bring “burner” devices or temporary devices that can be discarded when not in use to minimize the personal data breaches from alleged Russian malicious hackers.

Taking it too far or basic precautions?

At the first glance, perhaps both US and UK are too extreme on the cyber-security for their own travelers to Russia for the World Cup 2018. There might be some truth to it, but rather it can be seen as basic precautions to take in an unknown cyber environment.

For instances, the travelers should try not to connect to any untrusted public WiFi, and if there is no password protected WiFi, just don’t connect to it. In addition, individual should not use any untrusted sources of thumb, flash drives and plugged them to their laptops. In hindsight, all these practices are rather basic in protecting personal data and if the worst scenario happened – like the individual mobile device being hacked, then the user should switch off and change passwords at any given opportunities.

The post Beware of World Cup hacking appeared first on Hack Ware News.

Old school-style radio station break-in

During college days, what is the best way to confess your love to your sweetheart in a flamboyant manner?

One of the answers may be sending your “love” through airwave using public address (PA) system to let the whole world know. And that’s’ exactly what the pro-ISIS members were doing to a radio station in Sweden.

Well, we may have already known that the coalition forces have taken the last stronghold of ISIS in Raqqa. However, the extremism ideology still exist in the minds and some of the radicals decided to take their messages to the radio station.

The poor victim was a Malmo-based radio station with its morning show, being “hijacked” and played an ISIS propaganda song for 30 minutes. According to local media, the hack would be hard to trace and authorities are still investigating on this matter.

The Empire gets struck by the Kremlin

United Kingdom (UK)’s National Cyber Security Centre (NCSC) has confirmed Russian-backed cyberattacks on its energy grid, media and telecommunication over the past years.  The details of the attacks were not released in full, but prompted Theresa May, the prime minister of UK to issue this stern warning to Russia on Monday.

“We know what you are doing and you will not succeed.” addressed May regarding the Russian cyber-attacks on its soil.

UK has been on the iron sight of Russian-backed hackers such as the recent attempts to knock out parts of the national grid operating in Northern Ireland. In that incident, the engineers at Ireland’s electricity supply board (ESB) received emails from Russian-backed hackers in June 2017. The hacker’s intention was to trick staff into opening the email and downloading malicious software on to the ESB’s computer systems that could give them control of the network.

Apparently, the cyber-attack did not succeed as there was no power disruption in the power network but security analysts say the hackers could have stolen sensitive information such as passwords.

According to the NCSC’s data, since the formation of the security centre in October 2016, it had identified around 590 attacks or almost 2 cyberattacks per day. Among them, around 30 of the cyber-attacks were deemed as major enough that required a cross-government response.

Nothing is Forever

Los Angeles-headquartered fashion retailer, FOREVER 21 made an announcement on Tuesday, that there may be an unauthorized access to data from payment cards that were used at certain FOREVER 21 stores.

Thus, the retailer urged consumers to monitor their payment card statement closely and check if there any discrepancies. Upon seeing some unauthorized charge, consumers are to notify the bank immediately.

FOREVER 21 has since engaged a “leading security and forensics firm” to investigate on this issue and narrowed down their search to card transactions in FOREVER 21 stores from March 2017 to October 2017. The fashion retailer will schedule another additional notices to inform the public on the investigation outcome.

In conclusion, people hacks for a number of reasons, for fame, for fortune or simply out of boredom. However, the Hackwarenews team has increasingly seen cyber-attacks done for the sake of the country. Going forward, this trend is likely to continue and let hope the nations are prepared for this new kind of warfare.

The post Battlefield: Online appeared first on Hack Ware News.