Kübersõda ja häkkimine

[ruger]

Küberrünnak võttis sisuliselt Rumeenia haiglasüsteemi pikali. 25-e haigla süsteemid krüpteeriti lunavara rünnakus ära ja teised 75 võtsid oma süsteemid maha, et nende süsteemid pihta ei saaks. Nüüd käib kõik paberil.

100 haiglat üle Rumeenia on oma süsteemid võrgust välja lülitanud pärast seda, kui nende tervishoiuhaldussüsteemi tabas lunavararünnak.

Hipocrate'i infosüsteem (HIS), mida haiglad kasutavad meditsiinitegevuse ja patsientide andmete haldamiseks, võeti nädalavahetusel sihikule ja on nüüd pärast andmebaasi krüptimist võrguühenduseta.

Kui 25 haiglas on juba kinnitatud, et ründajad on oma andmed krüpteerinud, on 75 muud HIS-i kasutavat tervishoiuasutust ettevaatusabinõuna intsidendi uurimise ajaks oma süsteemid võrguühenduseta lülitanud.

"Ööl vastu 11.-12. veebruari 2024 oli massiivne lunavaraküberrünnak suunatud HIS-i infosüsteemi töötavatele tootmisserveritele. Rünnaku tagajärjel on süsteem maas, failid ja andmebaasid on krüpteeritud," teatas Rumeenia ministeerium. Tervis ütles.

Lunavararünnak mõjutas erinevaid haiglaid üle Rumeenia, sealhulgas piirkondlikke ja vähiravikeskusi, kusjuures DNSC küberturvalisuse ekspertide meeskond uurib praegu rünnaku mõju.

DNSC ütleb, et ründajad kasutasid haiglate andmete krüptimiseks Backmydata lunavara, mis on Phobose perekonna lunavara variant.

"Enamikul mõjutatud haiglatest on mõjutatud serverites andmete varukoopiad, kusjuures andmed on salvestatud suhteliselt hiljuti (1-2-3 päeva tagasi), välja arvatud üks, mille andmed salvestati 12 päeva tagasi," teatas DNSC.

Ründajad on saatnud lunarahaks 3,5 BTC (umbes 157 000 eurot). Rünnakule pretendeeriva rühmituse nime aga lunaraha kirjas ei mainita, vaid ainult meiliaadress.

Pärast seda, kui süsteemid võrguühenduseta võeti või suleti, on arstid olnud sunnitud naasma retseptide kirjutamise ja paberil arvestuse pidamise juurde.

"Pärast 400 arvutisüsteemi ja serveri sulgemist töötasime peamiselt paberil," ütles Iasi piirkondliku onkoloogiainstituudi (IRO Iasi) juht Mirela Grosu Agerpresile.

"Ma mõtlen, et me tegime pidevad vastuvõtuprotokollid paberil, päevased vastuvõtuprotokollid paberil, kirjutasime paberile tervisekontrolli soovitused. Kõik tehakse paberil, nagu aastaid tagasi."

https://www.bleepingcomputer.com/news/s ... o-offline/

[ruger]

Kanadas torujuhtmetes gaasi ja naftatooteid transportiva firma sisevõrgus olevad andmed kopeeriti(väidetavalt lekkis 183 GB andmeid)

Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang.

TNPI operates 850 kilometers (528 miles) of pipeline in Ontario-Quebec and 320 kilometers (198 miles) in Alberta, transporting 221,300 barrels (35.200m3) of refined petroleum products daily.

Both pipeline systems are underground and transport gasoline, diesel fuel, aviation fuel, and heating fuel from refineries to distribution terminals.

"Trans-Northern Pipelines Inc. experienced a cybersecurity incident in November 2023 impacting a limited number of internal computer systems," TNPI Communications Team Lead Lisa Dornan told BleepingComputer.

"We have worked with third-party, cybersecurity experts and the incident was quickly contained. We continue to safely operate our pipeline systems.

"We are aware of posts on the dark web claiming to contain company information, and we are investigating those claims."

While ALPHV's claims were not directly mentioned by Dornan when asked by BleepingComputer for confirmation, the ransomware gang says its operators stole 183GB of documents from the company's network.

https://www.bleepingcomputer.com/news/s ... ck-claims/

[ruger]

USA suurimad telefonioperaatorid küberrünnaku all???

WIDESPREAD CELL OUTAGE HITS THE U.S
In what could possibly be a cyber attack on the U.S, outages are being reported across multiple service providers including AT&T, Verizon, T-Mobile, and US Cellular.
Source: Downdetector

https://twitter.com/MarioNawfal/status/ ... 8295074013

There appears to be a widespread national outage of AT&T’s cellular network. My location isn’t showing as red here but my cellular service is out as well. Wifi just came back. This is quite concerning.

https://twitter.com/Top1Rating/status/1 ... 3914103965

BREAKING: 911 EMERGENCY SERVICES CRASH WITH CELL DISRUPTION
911 emergency service lines across America have crashed, with AT&T, Verizon, and T-Mobile customers from New York to LA reporting no service or connection. Numerous phones are showing SOS messages.
Source: Daily Mail

https://twitter.com/MarioNawfal/status/ ... 2685681993

https://www.bleepingcomputer.com/news/m ... bscribers/

[ruger]

orkid häkkisid Microsofti servereid.

Russian state-backed hackers reportedly breached Microsoft's core software systems, accessing source code repositories and internal systems.

https://twitter.com/MarioNawfal/status/ ... 3652358389

[ruger]

Moskva linnavalitsuse serverid krüpteeriti ära. Enne nädalavahetusel tulevaid valimisi hea üllatus. Vene enda häkkerid.

Attention Moscow Government:

Putin is not legitimate president. We have felt it important to speak on this week of stealing of our country in the fraud election

We have encrypted all systems of the Moscow Government. Not the website mosreg. All internal systems of government.

https://twitter.com/Nebula00x/status/17 ... 1587436771

[ruger]

Prantsusmaa valitsus ja riigiasutused said küberrünnakus pihta. Sihtmärk energiasektor.

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office.

“Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.”

The French minister’s office did not provide details about the attacks, however, the French agencies were likely hit with distributed denial-of-service (DDoS) attacks.

The attacks were not complex, government experts said they were conducted using familiar technical means despite the intensity of the offensives.

“Several French state bodies have been hit with cyberattacks of “unprecedented intensity”, Prime Minister Gabriel Attal’s office said Monday, March 11, while insisting the government had been able to contain the impact.” reported the French newspaper Le Monde. “Many ministerial services were targeted” from Sunday “using familiar technical means but of unprecedented intensity,” Attal’s office said, without providing further details of the targets.”

A security source informed Agence France-Presse that government experts cannot attribute the attacks to Russia.

The PM’s staff confirmed that the French government has activated a crisis cell to deploy countermeasures. The staff confirmed that the impact of these attacks has been reduced for most services and access to state websites has been restored.

“Specialist services including information security agency ANSSI were “implementing filtering measures until the attacks are over”” continues Le Monde.

Even if French authorities did not attribute the attack to Russia-linked threat actors, multiple Pro-Russia hacking continue to threaten the French government for its support to Ukraine.

Today Pro-Russia Group NoName announced a series of successful attacks against French authorities.

“As part of a joint attack with our colleagues, we looked into France and put down a number of state sites and subdomains of the French energy company EDF” the group announced on its Telegram channel. “Subdomains of the website of Électricité de France (EDF, “Électricité de France”), France’s state-owned electricity company and the world’s largest operator of nuclear power plants”

https://securityaffairs.com/160374/hack ... ncies.html

[ruger]

Moskva metroopiletid ei tööta-Vene enda häkkerid.

METRO CARDS HACKED

Metro cards for the Moscow metro system do not work following a massive attack executed by a Russian hacker collective opposed to the Putin dictatorship.

The hackers support the overthrow of the Putin Regime.

https://twitter.com/officejjsmart/statu ... 9902686453

Сегодня пытались пополнить счет и взять автобус, но «Тройка» не работала. Упс. Оказывается мы виноваты в этом
В результате нашей недавней работы, система «Тройка» не работала для всех пользователей. Их системы были подключены к порталу гос и муниципальных услуг Московской Области

https://twitter.com/Nebula00x/status/17 ... 7849137303

[ruger]

USA veepuhastusüsteemid häkkerite sihtmärkideks.

U.S. WATER SYSTEMS UNDER MAJOR CYBERATTACK THREAT

White House says the U.S. water utilities face "disabling cyberattacks" from hostile nations.

Recent incidents include Iranian hackers disrupting a Pennsylvania water facility and Chinese hackers infiltrating critical infrastructure networks.

Biden admin has urged State Govs and water facilities to boost cybersecurity and launched a task force to tackle vulnerabilities.

Source: Ars Technica

https://twitter.com/MarioNawfal/status/ ... 3500800198
https://arstechnica.com/security/2024/0 ... use-warns/

[ruger]

Üks hotelliketi (50 hotelli ja puhkepiirkonnaga USA-s, Mehhikos ja Kanadas) IT süsteemid on enamuses mittetoimivad.

Omni Hotels & Resorts has been experiencing a chain-wide outage that brought down its IT systems on Friday, impacting reservation, hotel room door lock, and point-of-sale (POS) systems.

The official website was down on Friday, and an alert was added after it came back online over the weekend, warning customers, "Dear valued guest, we are currently experiencing technical difficulties, please try back at a later time."

According to customer reports shared on social media over the last four days, while all locations remained open and accepting new guests, front desk employees have been hit by issues with new reservations, credit card payments, and modifying already-made reservations.

"It’s pretty bad. They have it so you have to text them to come let you into your room, and it usually takes 30+ minutes for an employee to get there and unlock it for you," one customer said on Monday

While Omni Hotels has yet to provide information on the root cause behind this chain-wide incident, it did announce on Monday that its IT team is working on restoring offline systems.

"Dear valued guests, our technology teams are continuing to work on restoring our systems that are currently down," Omni Hotels shared on Twitte and Facebook. "Your business is very important to us; we appreciate your patience and apologize for the disruption.

Omni Hotels operates 50 hotels and resorts across the United States, Canada, and Mexico, with approximately 23,550 rooms and 28 golf courses.

https://www.bleepingcomputer.com/news/s ... ce-friday/

[ruger]

2022 aastal häkiti Hiina poolt Tšehhi EL-i eesistumise ajal riigi IT süsteemidesse

CHINA HACKED CZECH EU PRESIDENCY:

I-Soon is a Chinese cyber espionage company working as a contractor of Chinese intelligence.

In May 2022, these Chinese hackers attacked Czech Foreign Ministry and clearly stole internal documents related to Czech EU Presidency.

Those were internal documents covering negotiations over EU efforts to cut out Russian gas (the time was three month after Russian launched the full-scale war) or internal EU discussions at COREPER, between national ambassadors to the EU. It also includes emails between Czech and foreign diplomats.

-----Why would China care?

Chinese espionage is extremely interested in understanding internal EU negotiations so China knows how to coerce or blackmail individual EU countries if it can find out about internal EU disputes and diverging national positions. China is also a primary ally of Russia, supporting Russian war crimes in Ukraine, so details about EU efforts to cut out Russian gas are what Russian and Chinese dictatorships need to know.

----- How do we know?

Czech counter-intelligence agency @biscz
confirmed in their 2022 Annual Report that „some of cyber operations against Czech EU Presidency were successful“.

Recently, Czech cyber expert blog @_cybule
found details of the I-Soon hack. (https://cybule.cz/kyberneticke-utoky/un ... ceske-mzv/).

Today, Czech outlet @SeznamZpravy (@lukasvalasek) broke the whole story

https://twitter.com/_JakubJanda/status/ ... 1262843242

[ruger]

Norra kaitsepolitsei PST usub, et 2021 aastal tungis riigi parlamendi IT süsteemidesse 2 erinevat Hiina häkkerigrupeeringut.

PST believes two Chinese groups hacked the Storting in 2021
The Norwegian Police Security Service (PST) believes that there were not just one, but two Chinese hacker groups that broke into the Storting's IT systems in 2021.

The Storting announced on 10 March 2021 that its IT systems were exposed to a computer attack, and the Ministry of Foreign Affairs pointed out that the attack had been carried out by China in an attempt to obtain intelligence information in the same year.

Section leader for counterintelligence, Atle Tangen, said that PST believes the hacker group APT31 was behind it. The group is linked to the Chinese security and intelligence service MSS. But APT31 was not the only actor that was inside the Storting's IT systems.

Before the IT attack in March, Høyre's Michael Tetzschner, who was involved in a number of China-related issues, was informed that someone had stolen 4,000 emails from him.
- PST believes that it is likely that a hacker group called Hafnium is behind it and are linked to China

https://twitter.com/thelostcomms/status ... 9596090878

[ruger]

Viimastel päevadel USA-s toimunud hädaabitelefoni 911 osas on hakanud järjest rohkem tulema infot, et tegu oli(võib olla)küberrünnakutega. Vahepeal ei töötanud 13 osariigi hädaabivõimekus. Mingil hetkel mainiti kaablite lõhkumisi, valesti seadistamisi. 911 oli maas 3 päeva tagasi, et 2 päeva hiljem uuesti maha lennata. Peale seda hakati kahtlustama küberrünnakuid.
https://www.nbcnews.com/news/us-news/ma ... rcna148345
https://www.dailymail.co.uk/news/articl ... raska.html


FBI hoiatab, et Hiina valmistab ette suurt küberrünnakut USA infrastruktuurile.

The FBI says that Chinese hackers are preparing to attack US infrastructure

#Nashville | #Tennessee

FBI Director Christopher Wray has announced that Chinese government-linked hackers have infiltrated U.S. critical infrastructure. China is developing the capability to cause significant damage to our critical infrastructure at a time of their choosing, waiting for the opportune moment to deal a devastating blow. An ongoing Chinese hacking campaign, known as Volt Typhoon, has successfully accessed numerous American companies in telecommunications, energy, water, and other critical sectors, with 23 pipeline operators being targeted.

https://twitter.com/rawsalerts/status/1 ... 9160977525

911 Lines Down in Several States Including Nevada, South Dakota, Nebraska; Police Urge Use of Alternate Contact Number NOT LINKED to a call center...

DEVELOPING..

A number of police forces across multiple states have reported their 911 emergency phone lines are down.

Cities as big as Las Vegas, as well as the entire state of South Dakota and locales in Nebraska have announced the outages and have posted administrative numbers as alternates.

The emergency number to get a hold of police, ambulance, and fire services is currently NOT CONNECTING to call centers, according to reports.

https://twitter.com/ChuckCallesto/statu ... 2176803057

[ruger]

Norra on küberrünnakute all??? Nii palju kriitilise infra vastaseid sündmuseid muuna ei kvalifitseeriks.

Flight chaos in southern Norway:

Several flights cancelled

Almost not a single plane is to be seen in the air over Southern Norway on Thursday morning, but the traffic is opened up for some long-distance and ambulance flights.

https://twitter.com/thelostcomms/status ... 3500231134

-Technical failure at Oslo Control Center causes air traffic disruptions throughout Norway.

The cause of the problem stems from two systems not interacting, not a computer attack.
(I find answer this peculiar)

https://twitter.com/thelostcomms/status ... 4901120095

Just days ago:
Power outages knocked out train traffic and caused delays
Train traffic in large parts of the country was at a standstill on Tuesday afternoon. Vy warns of cancellations and delayed trains, especially in the Oslo area.

https://twitter.com/thelostcomms/status ... 2618627256

Power problems on the Bergen Railway - train is stuck in the tunnel - There is a local train from Bergen in the direction of Voss that is standing still in the Arnanipa Tunnel due to power problems.

https://twitter.com/thelostcomms/status ... 6435419253

Problem with the police's system throughout the country

There is a technical problem in the police's system on Thursday.

Møre og Romsdal police district confirms that it must be a national problem.

https://twitter.com/thelostcomms/status ... 9926828468

[ruger]

Helsinki linna IT süsteemid, mis puudutasid haridust ja koolitusi, said orkistanist pärit küberrünnakus pihta. Võimalik, et pihta sai rohkemgi.

The city of Helsinki has reported that their IT system regarding schools and day care and possibly other system have been breached by a cyber attack coming from Russia.

https://twitter.com/1stFinFreecorps/sta ... 1751747643

The city of Helsinki suspects that its information network has been hacked.

- We are investigating whether the information network has possibly been hacked into the education and training industry, says Hannu Heikkinen, the city's digitization director .

Heikkinen says that unusual activity was observed in the data network on Tuesday, i.e. May Day Eve.

According to him, at the moment it seems that the user ID information could have been accessed during the break-in.

- We know that we have received traffic from abroad, possibly from Russia. The investigation is ongoing. At such an early stage, it is impossible to guess who and what motive could be behind this.

Heikkinen says that it is also not yet known how large a set of data is affected by a possible data breach.

Heikkinen says that a criminal complaint was filed on Wednesday about the incident. The matter has also been reported to the data protection commissioner's office.

- The announcement was made about an observation related to data protection, because user data is personal data.

According to Heikkinen, the technical investigation of what happened is underway. He estimates that the people of Helsinki should have no reason to worry.

- At the moment, in my opinion, there is no reason to worry, but when a situation like this is on, it is always possible that something more serious will be found.

Heikkinen says that the city of Helsinki will provide more information on the matter on Thursday.

https://www.iltalehti.fi/kotimaa/a/8d3e ... f51eb70fac

[Puurija]

Õppurite ja haridusasutuste töötajate kasutajatunnused ning meiliaadressid sattusid valedesse kätesse