Most pro-Russian hacktivist attacks against Ukraine have been noted by Ukraine Department of Cyber Information Security Chief Illia Vitiuk to be state-backed operations, reports CyberScoop.
"More than 90% of all cyberattacks targeting Ukraine are either conducted by special services or by state-sponsored groups. I do believe that there is no so-called 'hacktivism' in Russia at all," said Vitiuk at the RSA 2023 Conference.
Ukraine had several of its industries impacted by continuous attacks conducted by Russian state-sponsored threat groups, including Gamaredon and Sandworm, which have been using fake hacktivist groups to facilitate the laundering of stolen files to emphasize the success of hacktivism against Ukraine, according to Vitiuk. Such false hacktivism has been noted by Vitiuk to be in contrast with Ukraine's.
"There were some people that were previously involved and even convicted for hacker activity in Ukraine that came to us and said, 'Now we are fighting with you against Russia, what should we do?'" he added.
Golden Chickens malware developer unmasked SecurityWeek reports that Golden Chickens malware, which has been used by the Russian Cobalt Group and FIN6 cybercrime operations, had its second developer identified by eSentire to be a Romanian named Jack, also known as Lucky and badbullzvenom. Password stealers were Jack's main specialty when he began engaging in cybercrime as a teen, releasing the Voyer malware tool for exfiltrating Yahoo instant messages between 2007 and 2008, followed by the FlyCatcher tool for keystroke logging between 2008 and 2009, and the Con password stealer for browser, instant messenger, VPN, and FTP app credential theft in 2010, according to the eSentire report. Jack was noted by researchers to have met with Golden Chickens co-developer 'Chuck from Montreal' in the dark web from late 2012 to October 2013, before proceeding to release Multiplier and VenomKit in 2015 and 2017, respectively, which were later consolidated into Golden Chickens. "Security experts assert that in 2017 the Cobalt Group used badbullzvenoms (aka: Lucky) VenomKit to deploy Cobalt Strike in attacks on banks and then they used it again in 2018," said eSentire, which noted that the malware suite was leveraged by FIN6 in 2019, the same year when the suite included the PureLocker ransomware plugin.
Open source password manager KeePass is being impacted by a security flaw, tracked as CVE-2023-32784, which could be exploited to facilitate master password retrieval from program memory, SecurityWeek reports. "The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system.