March 17, 2023
2 minute read
A new threat group named, ‘YoroTrooper’ has been identified by cyber security researchers and has been targeting victims including a EU health care and UN agency the World Intellectual Property Organization (WIPO). The main targets are government and energy organisations in Azerbaijan, Belarus, Tajikistan, and other members of the Commonwealth of Independent States (CIS). Victims also include a handful of European embassies in Azerbaijan and Turkmenistan, and at least two accounts from a “critical” EU health care agency and the WIPO. According to researchers, YaroTrooper uses two different tactics to trick its victims. It has been observed to either register malicious domains and then generate subdomains, or register typo-squatted domains that are similar to legitimate domains from CIS entities to host malicious artefacts.
Researchers in the field of cybersecurity have found that hackers backed by the Chinese government have created new methods that can bypass common cybersecurity tools, allowing them to infiltrate government and business networks and conduct surveillance on their targets undetected for long periods of time. In the past year, cybersecurity experts have seen instances of hackers attacking systems behind corporate firewalls, by compromising devices on the periphery of the network, including firewalls themselves, and targeting software developed by companies such as VMware Inc. or Citrix Systems Inc. These software products typically run on computers that lack antivirus or endpoint detection software.
On Thursday, Latitude Group Holdings, a digital payments company, and IPH Ltd, an intellectual property services provider, reported data breaches, joining a growing list of Australian companies that have been targeted by cyber attackers in recent months. Latitude disclosed that personal information of approximately 328,000 customers, including customer records and copies of drivers' licences, was stolen from two service providers. IPH also identified unauthorised access to document management systems that handle administrative documents, as well as some client documents and correspondence at its head office and two member firms.
In the last 24 hours, the Cl0p ransomware gang has claimed numerous new victims, including energy corporation Shell Global, high-end jet manufacturer Bombardier Aviation, and several prestigious universities in the United States, such as Stanford, Colorado, and Miami. The group has added a total of 60 organisations to their official leak site, as per reports. The site lists hundreds or even thousands of stolen files from each victim organisation that can be accessed via the dark web. The victims represent a diverse range of industries and global locations, including banks, technology companies, law firms, trucking firms, and grocery stores. The attacks seem to have been indiscriminate in terms of the type of industry or geographical location of the victims.
According to a research report, Russian hackers seem to be gearing up for a fresh onslaught of cyber attacks against Ukraine, which includes a ransomware-style threat to organisations that cater to Ukraine's supply chains. From January 2023, researchers have noted that Russian cyber threat activity has been adapting to increase its capacity for intelligence gathering and destruction of Ukraine's and its allies' military and civilian assets. One of the hacker groups seems to be preparing for a fresh wave of damaging campaigns. This development coincides with Western security officials' reports of Russia's deployment of new troops to the battlefield in eastern Ukraine.