Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’

dutch,-european-hospitals-‘hit-by-pro-russian-hackers’

Dutch cyber authorities said Wednesday that several hospital websites in the Netherlands and Europe were likely targeted by a pro-Kremlin hacking group because of their countries’ support for Ukraine.

The UMCG hospital in the northern Dutch city of Groningen, one of the largest in the country, saw its website crash in a cyberattack on Saturday.

“European hospitals including in the Netherlands have most likely been hit by the pro-Russian hacking group Killnet,” said the Dutch National Cyber Security Centre (NCSC).

“This group announced DDoS attacks on among other things, hospitals (in countries) helping Ukraine in its war against Russia,” it said.

A distributed denial-of-service (DDoS) attack is designed to overwhelm the target with a flood of internet traffic, preventing the system from functioning normally.

Although reports say that Killnet threatened to target some 31 hospitals throughout the Netherlands, so far only the UMCG seems to have been affected.

“Currently the DDoS attacks are successfully mitigated and the impact of the attacks is limited,” the NCSC said.

Hospitals in Britain, Germany, Poland, Scandinavia and the United States were also said to be targeted.

Last week the websites of German airports, public administration bodies and financial sectors were hit in an attack believed to have been launched by Killnet.

The same group was also linked to a DDoS attack on the European Parliament website in November, shortly after lawmakers approved a resolution calling Moscow a “state sponsor of terrorism.”

The post Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’ appeared first on SecurityWeek.

Cyberattacks Target Websites of German Airports, Admin

cyberattacks-target-websites-of-german-airports,-admin

The websites of German airports, public administration bodies and financial sector organizations have been hit by cyberattacks instigated by a Russian “hacker group”, authorities said Thursday.

The Federal Cyber Security Authority (BSI) had “knowledge of DDoS attacks against targets in Germany”, a spokesman told AFP.

A distributed denial-of-service (DDoS) attack is designed to overwhelm the target with a flood of internet traffic, preventing the system from functioning normally.

The attacks were aimed “in particular at the websites of airports”, as well as some “targets in the financial sector” and “the websites of federal and state administrations”, the spokesman said.

The attack had been “announced by the Russian hacker group Killnet”, the 
BSI spokesman said. 

The group’s call to arms was in response to Chancellor Olaf Scholz’s announcement Wednesday that Germany would send Leopard 2 tanks to Ukraine to help repel the Russian invasion, according to financial daily Handelsblatt.

Attributing Thursday’s attacks directly to the hacker group, however, was “particularly hard”, the BSI spokesman said.

“They call for action and then a lot of people take part,” he said. The attacks made “some websites unavailable”, the BSI said, without there being “any indication of direct impacts on (the organisations’) services”.

Attacks on public administrations were “largely repelled with no serious 
impacts”, the BSI said.

The interior ministry for southwestern Baden-Wuerttemberg state acknowledged “nationwide” DDoS attacks since Wednesday evening against websites, including those of public administration and the regional police.

Germany is on high alert for cyberattacks in the wake of Russia’s war in Ukraine.

The Federal Office for Information Security said in October that the threat level for hacking attacks and other cybercrime activities was higher “than ever”.

The post Cyberattacks Target Websites of German Airports, Admin appeared first on SecurityWeek.

UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies

uk-gov-warns-of-phishing-attacks-launched-by-iranian,-russian-cyberspies

The United Kingdom’s National Cyber Security Centre (NCSC) has published an advisory to warn organizations and individuals about separate spearphishing campaigns conducted by Russian and Iranian cyberespionage groups.

The advisory focuses on activities conducted by the Russia-linked Seaborgium group (aka Callisto, Blue Callisto and Coldriver) and the Iran-linked TA453 (aka Charming Kitten, APT35, Magic Hound, NewsBeef, Newscaster and Phosphorus). 

Russian and Iranian phishing

The NCSC noted that the two groups covered by the advisory have similar tactics, techniques and procedures (TTPs) and they target the same types of entities, but there is no evidence that their campaigns are connected or that the two APTs are collaborating. 

The goal of these attacks has been to collect information from government organizations, academia, defense firms, NGOs, think tanks, politicians, activists and journalists.

The general public has not been targeted, but it’s worth pointing out that the Iranian group has also been observed launching what appeared to be financially motivated ransomware attacks.

Seaborgium and TA453’s attacks start with a reconnaissance phase that involves using open source intelligence to research their targets. This phase can involve creating fake social media accounts, email accounts impersonating well-known individuals in the target’s field of interest, fake websites, and event invitations. The goal is to gain the victim’s trust.

The hackers don’t immediately deliver malicious content to the victim and instead take their time to build trust, which increases their chances of success. After trust is established, they deliver a malicious link that leads the victim to a phishing page.

These phishing pages are designed to harvest credentials that the Russian and Iranian hackers can then use to access the victim’s email accounts, which can store valuable information. 

The attackers have also been observed setting up forwarding rules in compromised email accounts in an effort to monitor the victim’s correspondence. In addition, they have used contact lists for further phishing attacks.

“Although spear-phishing is an established technique used by many actors, Seaborgium and TA453 continue to use it successfully and evolve the technique to maintain their success,” the NCSC said in its advisory. 

In August 2022, Microsoft said it had caused significant disruption to Seaborgium’s operations, cutting off the hackers’ access to accounts used for reconnaissance and phishing. 

Related: Iranian Hackers Impersonate British Scholars in Recent Campaign

Related: Russian Espionage APT Callisto Focuses on Ukraine War Support Organizations

The post UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies appeared first on SecurityWeek.