Kremlin-Backed Hackers Targeted a 'Large' Petroleum Refinery In a NATO Nation (arstechnica.com) 68
An anonymous reader quotes a report from Ars Technica: One of the Kremlin's most active hacking groups targeting Ukraine recently tried to hack a large petroleum refining company located in a NATO country. The attack is a sign that the group is expanding its intelligence gathering as Russia's invasion of its neighboring country continues. The attempted hacking occurred on August 30 and was unsuccessful, researchers with Palo Alto Networks' Unit 42 said on Tuesday. The hacking group -- tracked under various names including Trident Ursa, Gamaredon, UAC-0010, Primitive Bear, and Shuckworm -- has been attributed by Ukraine's Security Service to Russia's Federal Security Service.
In the past 10 months, Unit 42 has mapped more than 500 new domains and 200 samples and other bread crumbs Trident Ursa has left behind in spear phishing campaigns attempting to infect targets with information-stealing malware. The group mostly uses emails with Ukrainian-language lures. More recently, however, some samples show that the group has also begun using English-language lures. "We assess that these samples indicate that Trident Ursa is attempting to boost their intelligence collection and network access against Ukrainian and NATO allies," company researchers wrote. Among the filenames used in the unsuccessful attack were: MilitaryassistanceofUkraine.htm, Necessary_military_assistance.rar, and List of necessary things for the provision of military humanitarian assistance to Ukraine.lnk. Tuesday's report didn't name the targeted petroleum company or the country where the facility was located. In recent months, Western-aligned officials have issued warnings that the Kremlin has set its sights on energy companies in countries opposing Russia's war on Ukraine.
Trident Ursa's hacking techniques are simple but effective. The group uses multiple ways to conceal the IP addresses and other signatures of its infrastructure, phishing documents with low detection rates among anti-phishing services, and malicious HTML and Word documents. Unit 42 researchers wrote: "Trident Ursa remains an agile and adaptive APT that does not use overly sophisticated or complex techniques in its operations. In most cases, they rely on publicly available tools and scripts -- along with a significant amount of obfuscation -- as well as routine phishing attempts to successfully execute their operations..." Tuesday's report provides a list of cryptographic hashes and other indicators organizations can use to determine if Trident Ursa has targeted them. It also provides suggestions for ways to protect organizations against the group.
In the past 10 months, Unit 42 has mapped more than 500 new domains and 200 samples and other bread crumbs Trident Ursa has left behind in spear phishing campaigns attempting to infect targets with information-stealing malware. The group mostly uses emails with Ukrainian-language lures. More recently, however, some samples show that the group has also begun using English-language lures. "We assess that these samples indicate that Trident Ursa is attempting to boost their intelligence collection and network access against Ukrainian and NATO allies," company researchers wrote. Among the filenames used in the unsuccessful attack were: MilitaryassistanceofUkraine.htm, Necessary_military_assistance.rar, and List of necessary things for the provision of military humanitarian assistance to Ukraine.lnk. Tuesday's report didn't name the targeted petroleum company or the country where the facility was located. In recent months, Western-aligned officials have issued warnings that the Kremlin has set its sights on energy companies in countries opposing Russia's war on Ukraine.
Trident Ursa's hacking techniques are simple but effective. The group uses multiple ways to conceal the IP addresses and other signatures of its infrastructure, phishing documents with low detection rates among anti-phishing services, and malicious HTML and Word documents. Unit 42 researchers wrote: "Trident Ursa remains an agile and adaptive APT that does not use overly sophisticated or complex techniques in its operations. In most cases, they rely on publicly available tools and scripts -- along with a significant amount of obfuscation -- as well as routine phishing attempts to successfully execute their operations..." Tuesday's report provides a list of cryptographic hashes and other indicators organizations can use to determine if Trident Ursa has targeted them. It also provides suggestions for ways to protect organizations against the group.
Cyber BS .. (Score:2)
Re:Cyber BS .. (Score:4, Insightful)
"For he so loved his Russian bretheren in Ukraine he threatened to nuke them..."
Re: Cyber BS .. (Score:1)
Russia should just annex Canada and get it over with......
Re: (Score:1)
Do you mean the US government's "war and genocide" thing?
I hear plenty of Americans calling to stop war and genocide. That is how the Vietnam war ended.
I'd like to hear more Russians calling to stop war and genocide.
Re: (Score:1)
Modded down by pro-war pro-government pro-military-industrial-complex shill.
Are you even on the government's payroll or did you decide to suck up and spew their propaganda for free like a good little mindless sheep?
Not a single person here or any other site I post on has yet to explain why we're getting so heavily involved in this idiotic Asian land war between two sets of bad people.
The closest anyone has come to even trying to answer is "well maybe Russia would keep going!" Keep going where? Attack a na
Re: (Score:2)
Are you even on the government's payroll or did you decide to suck up and spew their propaganda for free like a good little mindless sheep?
Are you on the Kremlin's payroll, or do you post their propaganda for free?
Re: (Score:2)
Which land war in Asia? The Vietnam war has been over for decades.
Re: (Score:3)
If you don't mind hearsay, they actually cite the Ukrainian Security Service - possibly the least reliable source in the entire history of propaganda, deception, and sheer downright lying.
[citation needed]
Re: (Score:2)
Re: (Score:2, Insightful)
If you don't mind hearsay, they actually cite the Ukrainian Security Service - possibly the least reliable source in the entire history of propaganda, deception, and sheer downright lying.
[citation needed]
I don't think a statement prefaced by "possibly" really needs a citation. Although anyone who has been following the situation in Ukraine (ideally, since before 2104 as I have) understands that the Kiev regime tells lies on a scale that would put even Dr Goebbels to shame.
Here is a recent straw in the wind:
"Zelensky insists missile that hit Poland WAS Russian despite NATO, US and even Polish president saying it was a Ukrainian air-defence misfire – but all agree Putin to blame for nearly sparking WW3"
Re: (Score:3, Insightful)
The Daily Mail is not a news source.
"Piled on" to correct incorrect information (Score:2)
[citation needed]
It's quite a choice example, as the Ukrainian junta, the Poles, Americans, British, and the "rest of the West" all piled on immediately.
"Piled on immediately" means "within 24 hours [reuters.com] saying no, we don't believe this was not fired by the Russians."
Weasels still need citations. (Score:3)
If you don't mind hearsay, they actually cite the Ukrainian Security Service - possibly the least reliable source in the entire history of propaganda, deception, and sheer downright lying.
[citation needed]
I don't think a statement prefaced by "possibly" really needs a citation.
Absolutely it does.
You may think that by weasel-wording [wikipedia.org] you avoid the need to substantiate what you say, but no. You still need to back up what you say.
Re: (Score:2)
If you don't mind hearsay, they actually cite the Ukrainian Security Service - possibly the least reliable source in the entire history of propaganda, deception, and sheer downright lying.
[citation needed]
I don't think a statement prefaced by "possibly" really needs a citation.
Absolutely it does.
You may think that by weasel-wording [wikipedia.org] you avoid the need to substantiate what you say, but no. You still need to back up what you say.
Totally this.
The fact the OP feels a need to rely on weasel words tells us very much that, deep down, he/she is full of it.
Re: (Score:1)
I don't think a statement prefaced by "possibly" really needs a citation.
Think again. You can't preface a statement with "possibly" and then say anything you want. For example, I could say your comment was possibly one of the most misinformed comments ever, but I would still need to back it up with something.
Re: (Score:2)
And I wouldn't believe you anyway. I've seen worse claims even just on Slashdot.
I mean, possibly he's an agent of the Russian government. This is clearly correct, even without citations. Estimating the probability, however would be quite difficult.
That said, in this instance his claim strikes me a either jingoism in action, paid subterfuge, or something in between that range of claims.
Now consider, "What possible citation could I have to justify the prior statement?". The clear answer is that there is n
Re: (Score:2)
I don't think a statement prefaced by "possibly" really needs a citation. Although anyone who has been following the situation in Ukraine (ideally, since before 2104 as I have) understands that the Kiev regime tells lies on a scale that would put even Dr Goebbels to shame.
Here is a recent straw in the wind:
"Zelensky insists missile that hit Poland WAS Russian despite NATO, US and even Polish president saying it was a Ukrainian air-defence misfire – but all agree Putin to blame for nearly sparking WW3"
https://www.dailymail.co.uk/ne... [dailymail.co.uk]
It's quite a choice example, as the Ukrainian junta, the Poles, Americans, British, and the "rest of the West" all piled on immediately.
Kyiv denied responsibility but western sources immediately hedged and within a couple days everyone seemed to agree it was a misfired SAM for the Ukrainian side.
Meanwhile, Russia is still claiming that Ukrainians somehow massacred Bucha, and if I recall, they even still claim that Ukrainians shot down MH-17 despite overwhelming evidence it was done by the Russians [wikipedia.org].
Your Goebbels's scale needs some serious re-calibration.
Re: (Score:2)
I don't think a statement prefaced by "possibly" really needs a citation.
Tell me you don't know when a citation is needed without telling me you don't know when a citation is needed.
The term "possibly" is an adverb that modifies or qualifies a thing or, in this case, a falsifiable statement or proposition P. The term attaches a "likelihood" or probabilistic modality or quality to it, as in "under this context, it is more likely to be true", or conversely, "under that context, it is possible that it is not true."
Preceding P with this adverb simply creates another falsifiable
Re: (Score:2)
That comment was posted by somebody who thinks that since Kyiv was the capital of a state that Russia sees as its predecessor, that makes Ukraine a "borderland". Why would you doubt his veracity or objectivity?
Re: (Score:2)
Meh. Slashdot ate the hyperlink to Kievan Rus', which is that 1200-year-old state.
Re: (Score:3)
Okay, Ivan. Whatever you say. It's not like they've been right this entire time as your country invaded Ukraine, has raped women and children, tortured and murdered civilians, stolen everything of worth including a raccoon [newsweek.com], have destroyed religious buildings [yahoo.com] being the good "Christians" they are, and deported thousan [newsweek.com]
Reply from the Russian propaganda service sez: (Score:5, Informative)
Wrong. I am not Russian, nor do I live in a state allied to Russia. Your feeble attempt to poison the well fails miserably.
You are quoting Russian propaganda talking points verbatim, even starting with the usual Russian whataboutism ("ignore the invasion of Ukraine and the massive Russian hacking campaigns-- whatabout the US?! They do evil stuff too! That totally justifies Russia invading other countries!").
You are a Russian, or a paid Russian stooge.
Re:Reply from the Russian propaganda service sez: (Score:4, Insightful)
Wrong. I am not Russian, nor do I live in a state allied to Russia. Your feeble attempt to poison the well fails miserably.
You are quoting Russian propaganda talking points verbatim, even starting with the usual Russian whataboutism ("ignore the invasion of Ukraine and the massive Russian hacking campaigns-- whatabout the US?! They do evil stuff too! That totally justifies Russia invading other countries!").
You are a Russian, or a paid Russian stooge.
Or an idiot, don't forget they're probably just an idiot.
The whole point of Russian propaganda is to create a fairly complete set of alternative facts and analysis so that Western contrarians can find a seemingly coherent pro-Russian narrative to latch onto.
Re: (Score:3)
But whattabout... [Re:Evidence? Sources?...] (Score:3)
In fact, Russians attacking some NATO country's infrastructure through "hacking" (whatever that is supposed to mean) could easily be construed as returning the favour. [zdnet.com]
So, basically your post says "yeah, Russia did this. But whatabout the US? The US did bad things, too. Here's an unsupported allegation that forty years ago, software that the Soviet Union stole from the US had a bug that sabotaged a pipeline in Siberia, resulting in an explosion that killed nobody and was fixed in one day [wikipedia.org]!"
Re: (Score:2)
So, basically your post says "yeah, Russia did this.
The post explicitly does not say "yeah, Russia did this".
When the post in question says "Russians attacking some NATO country's infrastructure through "hacking" [...] could easily be construed as returning the favour.", that's what it actually accomplishes.
Chalk one up for sleeping through highschool in America.
You slept through the comment.
Re: Evidence? Sources? Didn't think so... (Score:2)
Re: Evidence? Sources? Didn't think so... (Score:2)
Re: (Score:1)
Really? You met them? I've worked with some of those companies. Some are professional. Some.
Re: Evidence? Sources? Didn't think so... (Score:2)
Re: (Score:2)
There is indeed a history of allegations. That's not an argument that the allegations were unfounded. Probably some of them were, but that's largely based on "computer intrusions are difficult to trace".
Saying "the Russians" are attacking may wall be phrasing the statement improperly. It should probably be phrased as "some Russians", and I find it quite likely. That they are associated with a group that works with the Russian government is also quite likely. That doesn't mean that the Russian governmen
Re: Evidence? Sources? Didn't think so... (Score:1)
Not the only source for evidence of such or it would not be printed most likely. Be assured that Ukraine is not the only ones watching Europe's infrastructure.
Re: (Score:2)
Putin’s dick tastes that good?
Re: (Score:2)
Hey, maybe it's possible the Russians -and- the Ukrainians are a bunch of scum bags and we shouldn't be involved in their stupid Asian land war? Possible? Maybe?
Who invaded who?
Why the fuck has the US already dumped $68 billion into this mess with another $45 billion on the way on top of whatever Western Europe has sent. All the while the Us and EU economies are rapidly sliding down hill?
You think Russia was going to stop once they invaded and conquered Ukraine?
What the fuck is so god damned import about Ukraine that we're sending money for their government pensions while Americans are having trouble making ends meet with high inflation going on?
Don't ask me, ask all the republicans who voted against higher wages or against medicare for all. https://www.theadvocate.com/ba... [theadvocate.com]
Re: (Score:1)
> Who invaded who?
I don't care. Why should I? There are always lots of wars going on. Why is this one so damned important? Why don't we dump $113 billion into every war on the planet?
Would Russia stop? Maybe, maybe not. If they crossed NATO borders then it's a different discussion. Throughout the entire Cold War when the balance of power between USSR and NATO was much closer they never crossed the line. Why would a much weaker Russia do it?
Republicans voting against higher minimum wage is a red h
Re: (Score:2)
There are always lots of wars going on.
Someone is always in conflict somewhere, but there are not in fact always "lots of" wars going on.
Why is this one so damned important?
The fall of the Soviet Union was an improvement for many people, it took a lot of effort, and there is little taste for seeing it return. Except, of course, in Russia.
Would Russia stop? Maybe, maybe not.
That is an unacceptable level of ambiguity.
Republicans voting against higher minimum wage is a red herring
You said "Americans are having trouble making ends meet" as if it were the fault of the war in Ukraine, and bringing up the minimum wage and universal health care is an absolutely rational response to tha
Re: (Score:2)
The world is so wonderfully black n white.
Very, very, very rarely.
Except in this case.
Russia is totally overwhelmingly in the wrong.
Hey, maybe it's possible the Russians -and- the Ukrainians are a bunch of scum bags and we shouldn't be involved in their stupid Asian land war? Possible? Maybe?
One side tried to toss out their corrupt leaders and embrace democracy.
The other side responded by invading them without provocation with fairly explicit goal to annexing their land and erasing their identity.
I think one side qualifies as "scum bags" quite a bit more than the other.
Why the fuck has the US already dumped $68 billion into this mess with another $45 billion on the way on top of whatever Western Europe has sent. All the while the Us and EU economies are rapidly sliding down hill?
What the fuck is so god damned import about Ukraine that we're sending money for their government pensions while Americans are having trouble making ends meet with high inflation going on?
Hmm.
Because your country's great wealth is largely dependent on a stable world order so it makes sense to deter wars of aggression?
Because
Re: (Score:1)
Yes Russia attacked. So what? Why should anyone not in that area care? There are always lots of wars going on. Should we get involved in all of,them? Why? Or why not? Why don't we dump $113 billion into every random war that has nothing to do with us?
Ukraine's current government was established as the result of a USA sponsored coup after an election there put pro-Russian candidates in office. Don't talk about democracy. That's the exact same banana republic shit the CIA has pulled all over the worl
Re: (Score:2)
Yes Russia attacked. So what? Why should anyone not in that area care? There are always lots of wars going on. Should we get involved in all of,them? Why? Or why not? Why don't we dump $113 billion into every random war that has nothing to do with us?
Because the invasion of Ukraine is an unusually one-sided offence.
Because Ukraine and Russia both border NATO members, and Russia is very clearly looking for ways to break NATO to stop rebuilding its empire.
Because it's a war in Europe, and a successful invasion means a massive refugee crisis in Europe which is destabilizing on many levels.
Ukraine's current government was established as the result of a USA sponsored coup after an election there put pro-Russian candidates in office. Don't talk about democracy. That's the exact same banana republic shit the CIA has pulled all over the world since the mid 20th century.
It's a crock of shit to say the current power structure represent democracy.
My country is not dependent on getting involved in an Asian land war. Not at all. There is no rational explanation for getting so heavily involved and essentially paying the Ukrainians to be a proxy US/EU army to fight the Cold War NATO/USSR fight that never happened. This is pure graft and Cold War warriors getting the fight they were so desperate for during the Soviet era.
Ahh, there's that unbelievably obnoxious American exceptionalism that makes people all over the world hate Americans.
Yes, Americans meddle the world over, sometimes for g
Re: (Score:2)
That's a nice summary of Russian propaganda regarding Ukraine, although I do think you missed a few items. For example: the Moskva wasn't hit by Ukrainian missiles, it sank by itself.
Re: (Score:2)
If you don't mind hearsay, they actually cite the Ukrainian Security Service - possibly the least reliable source in the entire history of propaganda, deception, and sheer downright lying.
Evidence? Sources?
Seriously, can you smell the stench from your own unsubstantiated bullshit?
This is just so idiotic its worse then rediculas. (Score:1)
If you want security and privacy, don't connect to the internet.
It's a really old unwritten rule.
But hey, let's just go for it, it'll be ok, and connect all the nuclear warheads in the world to the internet.
Matthew Broderick is still alive so we are good to go.
Re: (Score:1)
The only way to win is not to play has never been more true.
We get involved in someone else's mess we have no business in and then go all shocked face when there's consequences to that and they hit back. Jfc
Re: (Score:1)
So you think it's our job to continue fucking around to make up for our previous fucking around?
Two wrongs makes a right?
How about we just stop fucking around entirely? Limit trade as much as possible to non-evil countries, stop being the world's largest arms suppliers, and stop letting the morons at the CIA overthrow random governments because the locals "voted wrong"?
We can start this amazing new policy of not being international shit bags today. What's so bad about that?
Re: (Score:2)
That's addressing the correct problem, but it's not an answer that gets people excited (except for some managers, and a few accountants).
What are we doing about it? (Score:2)
1) We are afraid to do so (seems unlikely)
2) We are too nice and don't behave like them
SUUUURE (Score:1)
now, if we could believe a damn thing we're told...