Category Archives: Ukraine

Upcoming Ukraine elections in the crosshairs of hackers

The Ukrainian authorities are observing a surge in allege state-sponsored attacks aimed at disrupting the upcoming presidential election.

Ukraine reported a surge in cyber attacks aimed at disrupting the upcoming presidential election, the Government believes that Russian nation-state actors could be responsible for them.

The news was reported by Reuters, attackers intensified attacks against the Ukrainian government and political party, according to the experts with the clear intent of disrupting the presidential election scheduled for March.

According to Pro-Western President Petro Poroshenko, likely to stand in the elections, declared that Russia will attempt to interfere in the election and has developed a powerful cyber arsenal to do it.

“This is not just our take. The Russian meddling to influence Ukraine’s elections is well under way,” Petro Poroshenko told foreign diplomats.

President opponent is the former prime minister Yulia Tymoshenko, which is also known to be pro-Western.

Threat actors are carrying out spear-phishing attacks against election officials, in some cases, they are using stolen credentials purchased on the dark web. Techniques used by attackers are similar to ongoing cyberattacks on Ukrainian energy, transport, and banking industries.

“Serhiy Demedyuk told Reuters the attackers were using virus-infected greeting cards, shopping invitations, offers for software updates and other malicious “phishing” material intended to steal passwords and personal information.” reported Reuters.

“Ten weeks before the elections, hackers were also buying personal details of election officials, Demedyuk said, paying in cryptocurrency on the dark web, part of the internet accessible only through certain software and typically used anonymously.”

Authorities confirmed that hackers did not penetrate national election infrastructure

Of course, Russia has denied any involvement in hacking campaigns aimed at Ukraine’s elections.

“Russian state structures have never interfered, and are not interfering, in the internal affairs of other countries.” said Kremlin spokesman Dmitry Peskov.

The cyber police and experts worry that state-sponsored hackers could hit critical infrastructure in energy and banking industries.

In 2017, NotPetya attack hit thousands of computers in Ukraine before spreading worldwide, alleged Russia-linked hackers compromised the supply chain of the Ukrainian tax accounting system called MeDoc.

Pierluigi Paganini

(SecurityAffairs – Ukraine elections, Russia)

The post Upcoming Ukraine elections in the crosshairs of hackers appeared first on Security Affairs.

Two charged with hacking company filings out of SEC’s EDGAR system

They're charged with phishing and inflicting malware to get into the EDGAR filing system, stealing thousands of filings, and selling access.

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week, all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian

SEC brings charges in EDGAR trade hacking case

The US Securities and Exchange Commission (SEC) has charged nine defendants in connection with a scheme to hack into SEC systems and profit from corporate information not yet released to the public.

The defendants, a Ukrainian hacker, six traders in California, Ukraine and Russia, and two entities, allegedly participated in a scheme to hack into the SEC’s EDGAR system and extract non-public information to trade stocks ahead of public announcements that would affect share prices.

The key figure in this case is 27-year-old Ukrainian hacker Oleksandr Ieremenko, who had earlier allegedly hacked newswire services seeking insider information. The SEC says, after the newswire hack, Ieremenko turned his attention to the SEC’s Electronic Data Gathering, Analysis, and Retrieval (EDGAR), an online system used by companies listed on stock exchanges to submit quarterly and annual financial results. The filings also include sensitive corporate information on subjects like mergers and acquisitions, which heavily affect a company’s share price.

“The information was passed to individuals who used it to trade in the narrow window between when the files were extracted from SEC systems and when the companies released the information to the public,” the press release states. “In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits.”

The SEC says Ieremenko circumvented EDGAR controls that require user authentication, then navigated within the EDGAR system to obtain quarterly earnings not yet public. He allegedly passed the information to different groups of traders which paid him either through regular fees or “by kicking back a portion of their trading profits,” according to the indictment (PDF). The document also says that the hacker’s main attack vector was phishing emails.

According to the complaint, the traders on the receiving end of the hacked EDGAR information are:

• Sungjin Cho, Los Angeles, California

• David Kwon, Los Angeles, California

• Igor Sabodakha, Ukraine

• Victoria Vorochek, Ukraine

• Ivan Olefir, Ukraine

• Andrey Sarafanov, Russia

• Capyield Systems, Ltd. (owned by Olefir)

• Spirit Trade Ltd.

Ieremenko has yet to be detained, according to the documents. He is currently charged with 16 counts of hacking and fraud. The SEC’s investigation is ongoing.

Malware spam: "Scanning" pretending to be from tayloredgroup.co.uk

This spam email pretends to be from tayloredgroup.co.uk but it is just a simple forgery leading to Locky ransomware. There is both a malicious attachment and link in the body text. The name of the sender varies. Subject:       ScanningFrom:       "Jeanette Randels" [Jeanette.Randels@tayloredgroup.co.uk]Date:       Thu, May 18, 2017 8:26 pmhttps://dropbox.com/file/9A30AA-- Jeanette Randels