Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.
Sign in

Ruskies use commercial crimeware to mask 'patriotic' Ukraine hacks

BlackEnergy gets a revamp

Darren Pauli Mon 29 Sep 2014 // 06:25 UTC

Political hack-attacks are being made to look like bread-and-butter financial fleecing scams, according to researcher F-Secure, after watching Russian hacker collective Quedagh's use of the popular BlackEnergy exploit kit..

The group customised the off-the-shelf malware to attack Ukrainian agencies located in Dnipropetrovsk, in the southeast of the country, the company says, with targets including Ukrainian Rail.

"The use of BlackEnergy for a politically-oriented attack is an intriguing convergence of criminal activity and espionage," researchers wrote in the paper BlackEnergy & Quedagh : The convergence of crimeware and APT attacks [pdf].

"As the kit is being used by multiple groups, it provides a greater measure of plausible deniability than is afforded by a custom-made piece of code."

Quedagh was also implicated in the 2008 denial of service and hacking attacks by Russia against Georgia through suggestive but not conclusive evidence. Its use of financial malware was dated earliest at December 2010, F-Secure said.

ESET researchers separately detected BlackEnergy targeting more than 100 victims spread equally across the Ukraine and Poland.

"We have observed over a hundred individual victims of these campaigns during our monitoring of the botnets," malware analyst Robert Lipovsky said of research presented at the Virus Bulletin conference in Seattle last week.

"[These] include a number of state organisations, various businesses, as well as targets which we were unable to identify."

The updated BlackEnergy kit dubbed version 3 was built over the last four years and included support for proxy servers, user account control bypass techniques, and driver signing features for 64-bit Windows systems (which was added within a month of the Windows 8.1 release).

BlackEnergy was first detailed by Arbor Networks in 2007 as a denial of service bot which in 2010 was upgraded with rootkit technology, support for plugins, remote code execution, and data exfiltration.

The latest incarnation which ESET dubbed BlackEnergy lite had like other malware reduced functionality and sported a lighter footprint as a result.

Quedagh could have been co-opted into carrying out state-sponsored attacks if it wasn't already on Moscow's books, or it was possibly one of many independent patriotic hackers which carried out attacks ranging from very public but simple web defacements to quiet yet advanced bank fraud.

Such groups have existed for decades. Some deface sites with web banners crying for freedom for Palestine or boasting the skills of their nation's hackers, while other well-resourced groups raid state utilities, defence contractors and top end enterprises in what appeared to be state-sponsored attacks. ®

9 Comments

Similar topics

Other stories you might like

  • Star loses $500,000 NFT after crooks exploit Rarible market
    This isn't the moving-fast-and-breaking-things future we wanted
    Jeff Burt Fri 15 Apr 2022 // 19:50 UTC

    Miscreants exploited a now-fixed design flaw in the Rarible NFT marketplace to steal a non-fungible token from Taiwanese singer and actor Jay Chou and sell it for about $500,000.

    That's according to folks at Check Point, who on Thursday said the vulnerability could have been abused by crooks to gain full control of victims' marketplace accounts and the funds in them. Earlier this month, Chou said his NFT was stolen in what looked like a phishing attack.

    When researchers Roman Zaikin, Dikla Barda and Oded Vanunu investigated the security shortcoming they found that fraudsters could lure users to click on a link to malicious NFT, enabling them to take control of their marks' Rarible accounts using a standard called EIP-721.

    Continue reading
  • Intel’s neurochips could one day end up in PCs or a cloud service
    The brain-like chip technology could aid with low-power AI tasks like speech recognition
    Dylan Martin Fri 15 Apr 2022 // 16:30 UTC

    You may have heard before about Intel's Loihi neuromorphic chips that mimic the way brains work, but what hasn't been clear yet is how the chipmaker will make money from the experimental silicon.

    In a recent roundtable with journalists, Intel Labs lead Rich Uhlig offered two possibilities: integrating Loihi in a CPU for PCs to perform energy-efficient AI tasks and potentially offering the its neuromorphic chips as a cloud service, although Uhlig was clear he wasn't firming actual product plans, just projecting what could theoretically happen in the future.

    "Right now with Loihi, we're at that point where we think we're onto something, but we don't actually have product plans yet. We're sort of earlier on in that work stream," he said last month.

    Continue reading
  • Cybercriminals do their homework for latest banking scam
    What could be safer than sending money to yourself through your own bank?
    Brandon Vigliarolo Fri 15 Apr 2022 // 15:30 UTC

    A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge. 

    The FBI's Internet Crime Complaint Center issued the warning, which it said involves cybercriminals who have definitely done their homework. "In addition to knowing the victim's financial institution, the actors often had further information such as the victim's past addresses, social security number, and the last four digits of their bank accounts," the IC3 said. 

    The con starts off as many that target individuals do nowadays: With a text message. In this case it's not a phishing attempt, it's an attempt to ascertain whether the person receiving the message is susceptible to further manipulation. Posing as the target's bank, the message asks whether a large charge ($5,000 in the example the FBI gives) was legitimate and asks for a reply of YES or NO. Replying no leads to a follow-up text: "Our fraud specialist will be contacting you shortly. 

    Continue reading

Biting the hand that feeds IT © 1998–2022

Your Consent Options Cookies Privacy Ts&Cs