The Record notes that all resources have been deleted and their contents replaced with a statement published in Russian, Ukrainian and Polish.

The fact of the attack was officially confirmed by the country’s authorities by posting relevant messages on official websites, as well as on Facebook and Twitter. All affected resources have been temporarily down and some sites are still down, reporting that they are under maintenance.

Officials say they are investigating the attack and so far everything points to Russian hackers.

According to security researcher Gary Warner, the distortions appear to have been aimed at creating divisions between various ethnic groups, especially between native Ukrainians and the Polish minority.

Information security journalist Kim Zetter writes that sources in the Ukrainian government told her that a vulnerability in CMS October was used for the attack, which was used by all affected resources.

Later, this information was confirmed in the Ukrainian CERT.

Let me remind you that we recently wrote that Russian-speaking hackers attacked the government infrastructure of Poland, and also that the FBI and NSA release a statement about attacks by Russian hackers.

The post Most likely russian hackers defaced Ukrainian government websites appeared first on Gridinsoft Blog.

Law enforcers say that this is an illegal mining farm they discovered on the territory of the country: as a result, almost 5,000 pieces of equipment were seized. So, during searches at farm and at the address of residence of its organizers, 3,800 game consoles were seized (as you can see in the photo, this is a PlayStation 4), more than 500 video cards, 50 processors, as well as documentation on electricity consumption accounting, phones, flash drives and so on.

According to preliminary data, the sum of losses from the operation of such a farm could be from 5 to 7 million UAH ($183-256 thousand) per month. At the same time, the “leakage” of such an amount of electricity could lead to poor consequences, for example, some quarters of Vinnitsa could remain without electricity.

Representatives of Vinnitsaoblenergo JSC have already stated that the company had nothing to do with an illegal farm, and “equipment designed for cryptocurrency mining has never worked in the premises belonging to the company”.

Interestingly, the local media writes that law enforcement officers most likely found not a mining farm, but a farm of game bots (hence the abundance of PlayStation 4 Slim, which are not very good for mining), which, for example, could grind the in-game currency and upgrade accounts for the football simulator FIFA.

The SBU representatives confirmed that the attackers bred bots to sell accounts in FIFA 21. The bots actually earned in-game currency during the time spent in the game, then to spend it on cards with football players in Ultimate Team mode, and then they sold accounts with decent sets of rare cards at various trading platforms. And such a product is in great demand, because the legal receipt of the strongest cards requires tenfold, even hundredfold higher sums compared to a quick purchase of an already pumped account.

It is still unknown whether the owners of the bot farm managed to recoup their investments – more than 30,000,000 hryvnia (more than $1 million) were spent on the consoles only, not forgetting about half a thousand video cards.

Criminal proceedings under Part 2 of Art. 188-1 (theft of water, electrical or thermal energy through its unauthorized use) has already been opened. Attackers face up to three years in prison.

Let me remind you that I also talked about the fact that the Ukrainian cyber police in cooperation with Binance detained operators of 20 cryptocurrency exchangers.

The post Ukrainian law enforcement discovered a mining farm consisting of thousands of PlayStation 4 consoles appeared first on Gridinsoft Blog.

Sources close to the investigation told The Record that South Korean police launched an investigation on the hackers last year after the group attacked the South Korean e-commerce giant e-Land in November 2020. Due to this attack, the Korean company has closed almost all of its stores.

Ukrainian police say they have conducted 21 searches in the capital of the country and the Kiev region, in the homes of the defendants and in their cars. As a result, were seized: computer equipment, cars (Tesla, Mercedes and Lexus) and about 5 million hryvnia in cash (about $183 thousand), which, according to the authorities, were received from the victims as ransoms. The property of the suspects has been seized.

After the operation, authorities said they had successfully shut down the hackers’ server infrastructure that had been used to carry out past attacks.

Interestingly, according to information from the information security company Intel 471, the Ukrainian authorities arrested people who are only involved in money laundering for Clop operators, while the main members of the hack group are most likely in Russia.

The first Clop attacks were recorded back in February 2019. Researchers consider this group a “big game hunter”, that is, hackers attack only large networks and companies, not home users.

For two and a half years of activity, Clop operators hacked many large corporations and demanded ransom of tens of millions of US dollars for each victim. If the victims refused to pay, the attackers resorted to double extortion tactics, threatening to publish the data of the victims on their website on the darknet (it should be noted that, despite the arrests, the site is still working).

According to Fox-IT’s November 2020 report, Clop operators are closely associated with hack group TA505, which allows attackers to deploy Clop on computers previously infected with SDBbot malware.

Also, according to FireEye, Clop operators made a deal with the FIN11 criminal group, allowing FIN11 members to use data that hackers had previously stolen from compromised Accellion FTA devices.

Let me remind you that I also wrote that France are looking for LockerGoga ransomware developers in Ukraine.

The post Cyber police of Ukraine arrested persons linked with the Clop ransomware appeared first on Gridinsoft Blog.