Risky Bulletin: EU Sanctions Three GRU Hackers

Hosted by Risky Business Team (read by Claire Aird)
Release Date: January 28, 2025

Introduction

In the latest episode of Risky Bulletin, host Claire Aird delivers a comprehensive update on significant cybersecurity events shaping the landscape. From international sanctions against Russian hackers to critical vulnerabilities patched by Apple, the episode delves into the intricate web of cyber threats and responses.

1. EU Sanctions on Russian GRU Hackers

Timestamp: [00:04]

The European Union has imposed sanctions on three officers from Russia's GRU Military Intelligence agency—Yuri Denisov, Nikolai Khorjukin, and Vitaly Shevchenko. These individuals are part of Unit 29155, a division historically involved in clandestine operations such as assassinations and sabotage since 2008. In 2020, the unit expanded its repertoire to include cyber operations, orchestrating significant attacks against Estonian government agencies.

Claire Aird highlights, “The EU sanctions three GRU hackers for their roles in the 2020 cyber attacks against Estonia, signaling a firm stance against state-sponsored cyber aggression.”

Key Incidents Linked to Unit 29155:

• Explosions at Czech military depots
• An attempted coup in Montenegro
• The poisoning of former GRU officer Sergei Skripal
• A bounty program providing the Taliban with funds for each US and NATO soldier killed in Afghanistan

Additionally, Unit 29155’s cyber activities are associated with various operations code-named Ember, Bear Cadet, Blizzard, Frozen Vista, UNC 2589, and UAC 0056.

2. Disinformation Campaign Targeting Polish Elections

Timestamp: [00:04]

Russia's intelligence services are reportedly recruiting Polish citizens via the dark web to disseminate disinformation ahead of Poland's presidential election in May. According to the Polish government, participants are being offered up to €4,000 to spread anti-EU propaganda on social media platforms.

Claire Aird notes, “The Russian FSB and GRU are allegedly behind this campaign, which kicked off early last year, aiming to influence the electoral landscape through coordinated misinformation.”

3. US Legislative Response to Foreign-Manufactured Networking Devices

Timestamp: [00:04]

In the United States, a bipartisan effort is underway to address national security concerns related to networking hardware. Senators Marsha Blackburn (R-Tennessee) and Ben Ray Luján (D-New Mexico) have introduced the Routers Act—officially titled the Removing Our Unsecure Technologies to Ensure Reliability and Security bill. This legislation tasks the Department of Commerce with assessing the security risks of routers and modems manufactured abroad, with the potential to ban devices deemed under the control of foreign adversaries.

4. Conviction of Cybercriminals Operating OTP Agency

Timestamp: [00:04]

A significant legal victory in the UK saw three administrators of the OTP Agency—a service enabling cybercriminals to intercept one-time passcodes—sentenced to prison. One individual received two years and eight months, while the other two received one-year sentences each. The arrests followed the site’s exposure in a Brian Krebs article and are indicative of the UK’s strengthened efforts against such cyber threats.

Quote: “The OTP agency allowed threat actors to enter a victim's phone number, initiate a call posing as a bank, and request a token from their banking app,” explains Aird.

5. Extradition of Nigerian Sextortion Suspect

Timestamp: [00:04]

US authorities have extradited Hassan Bussain Abalor Law, a 24-year-old Nigerian man, for his involvement in a sextortion scheme that tragically led to the suicide of Gavin Guffey, a 17-year-old from Rock Hill. Lawal manipulated victims by posing as a woman online, soliciting explicit images, and extorting money. He now faces life imprisonment on multiple charges, including child exploitation.

6. Apple Addresses Critical Zero-Day Vulnerability

Timestamp: [00:04]

Apple has patched a zero-day vulnerability in its Core Media Processing framework affecting iOS and iPadOS. The flaw allowed attackers to use malicious media files to escalate privileges on targeted systems. While Apple has not disclosed the specifics of the exploitation, the prompt patch underscores the company's commitment to safeguarding its ecosystem.

Quote: “Apple has patched an actively exploited zero day in its iOS and iPadOS operating systems, addressing a critical vulnerability that could have been leveraged for privilege escalation,” states Aird.

7. New Side-Channel Attacks Targeting Apple CPUs

Timestamp: [00:04]

Researchers have unveiled two new side-channel attacks, dubbed SLAP and FLOP, targeting Apple’s A and M series CPUs. These vulnerabilities can leak sensitive data through web browsers, posing significant risks to users. Apple plans to mitigate these threats in an upcoming security update. The academic team responsible has identified nearly a dozen such attacks in modern CPUs, including Meltdown and Spectre variants.

8. Cyberattacks on Chinese AI Firm Deepseek

Timestamp: [00:04]

Deepseek, a Chinese AI company, has restricted new user registrations following large-scale cyberattacks on its recently launched AI services. The attacks coincided with Deepseek's app surpassing ChatGPT on app stores and a notable decline in US AI stock prices. The assaults are believed to involve a combination of Distributed Denial of Service (DOS) attacks and API abuse, impacting the company’s operational stability.

9. Microsoft’s Enhanced Security Features in Edge Browser

Timestamp: [00:04]

Microsoft is testing a new security feature in its Edge browser aimed at blocking scareware pop-ups. Utilizing machine learning, the feature detects and prevents pop-ups and text commonly associated with scareware and tech support scams. Initially announced at the Microsoft Ignite developer conference last year, this enhancement represents Microsoft's ongoing efforts to bolster user safety online.

10. Kucoin Settles with US Department of Justice

Timestamp: [00:04]

Cryptocurrency exchange Kucoin has reached a settlement with the U.S. Department of Justice, agreeing to pay a $297 million fine. The company will also exit the U.S. market for two years due to operating an unlicensed money transmitting business without adequate anti-money laundering (AML) and know-your-customer (KYC) protocols. Kucoin may re-enter the U.S. market post-compliance and registration with U.S. authorities.

Conclusion

Today's episode of Risky Bulletin underscores the dynamic and often volatile nature of the cybersecurity domain. From international sanctions and legislative measures to critical vulnerabilities and cybercriminal prosecutions, the landscape is continually evolving. Claire Aird effectively navigates these complex topics, providing listeners with a nuanced understanding of the current threats and the responses they elicit.

“And that is all for this podcast edition,” concludes Aird, wrapping up a detailed session of cybersecurity insights.

Notable Quotes:

• “The EU sanctions three GRU hackers for their roles in the 2020 cyber attacks against Estonia, signaling a firm stance against state-sponsored cyber aggression.” – Claire Aird [00:04]

• “Apple has patched an actively exploited zero day in its iOS and iPadOS operating systems, addressing a critical vulnerability that could have been leveraged for privilege escalation.” – Claire Aird [00:04]

Additional Information

For more updates and detailed analyses, visit the Risky Business team’s website and follow their regular cybersecurity news bulletins.

This summary was prepared by Catalyn Kimpanu and read by Claire Aird for the Risky Bulletin podcast.