Loading summary
Claire Aird
The EU sanctions three GRU hackers the administrators of the OTP agency cybercrime service go to prison, Apple fixes its first zero day of the year, and Deepseek limits new user registrations after cyber attacks. This is the Risky Bulletin prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 29th of January and this podcast episode is brought to you by Asset Inventory and Network Visibility company Run zero the European Union has sanctioned three Russian military hackers for cyber attacks against Estonian government agencies in 2020. Sanctions were levied against Yuri Denisov, Nikolai Khorjukin and Vitaly Shevchenko. All three are officers in Unit 29155 in Russia's GRU Military Intelligence agency. The Estonian government publicly attributed the 2020 hack to the GRU in September 2024. GRU unit 29155 has operated in secret since 2008 and mostly conducts assassinations and sabotage on foreign soil. The unit branched out into cyber operations in 2020. It's been linked to explosions at Czech MO depots, an attempted coup in Montenegro, the poisoning of former GRU officer Sergei Skripal, and a bounty program that paid the Taliban tens of thousands of US dollars for each US and NATO soldier killed in Afghan. The unit's cyber operations are tracked as Ember, Bear Cadet, Blizzard, Frozen Vista, UNC 2589 and UAC 0056. Staying with Russia and the country's intelligence services are recruiting Polish citizens on the dark web to spread disinformation ahead of the country's presidential election in May. According to the Polish government, its citizens are being offered up to €4,000 to spread anti EU propaganda on social media. The Russian FSB and GRU allegedly behind the campaign, which kicked off early last year. Two US Senators have introduced a bill that would instruct the US Department of Commerce to study the national security risks associated with routers and modems manufactured overseas. The bill aims to identify devices that may be under the control of foreign adversary governments and block their sale in the us. The new bill is named the Removing Our Unsecure Technologies to Ensure Reliability and Security or the Routers Act. It's sponsored by Senators Marsha Blackburn, a Republican of Tennessee, and Ben Ray Luan, Democrat from New Mexico. Three administrators of a service that allowed cybercriminals to intercept one time passcodes have been sentenced to prison terms by a judge in the UK. One administrator was sentenced to two years and eight months in prison, while the others received one year sentences. The three were arrested in March 2021amonth after the site was featured in a Brian Krebs article. The OTP agency allowed threat actors to enter a victim's phone number, initiate a call posing as a bank and request a token from their banking app. US officials have extradited a 24 year old Nigerian man for a sextortion scheme that led to a young man committing suicide. Officials say Hassan Bussain Abalor Law is responsible for the death of Gavin Guffey, a 17 year old from Rock Hill who took his own life in 2022. Lawal posed as a woman online and solicited sexually explicit images of boys, and the suspect used the images to extort victims for money. Law faces life in prison on multiple charges, including child exploitation. Apple has patched an actively exploited zero day in its iOS and iOS operating systems. The vulnerability resides in Apple's Core Media Processing framework. Apple says attackers can abuse malicious media files to elevate their privileges on targeted systems. The company has not shared any other details about the ongoing exploitation. Staying with Apple and Researchers have disclosed two new side channel attacks against Apple CPUs that can leak sensitive data. Named slap and flop, the attacks impact Apple's line of A and M series CPUs. Both attacks can be performed via a web browser. Apple plans to address both attacks in an upcoming security update. The academic team behind the attacks has found almost a dozen side channel attacks in modern CPUs such as Meltdown, Smart Inspector, SGXfail and Rambleed. Chinese AI company Deepseek has limited new user registrations after what it described as large scale malicious attacks on its newly launched AI services. The attack took place as the company's app overtook ChatGPT on app stores and as US AI stock prices fell by up to 20%. The attack is believed to be a combination of DOS attacks and API abuse. Microsoft is testing a new Edge security feature designed to block scareware pop ups. The feature uses machine learning to detect pop ups and text typically found in scareware and tech support scams. The feature was initially announced during last year's Microsoft Ignite developer Conference. Cryptocurrency exchange Kucoin has reached a settlement with the U.S. department of justice and will leave the U.S. market for two years after it was caught operating an unlicensed money transmitting business. The company has agreed agreed to pay $297 million representing a regulatory fine and forfeiture for its failure to implement anti money laundering and know your customer protocols. Kucoin will be allowed to re enter the US market after fixing all issues and registering with US Authorities. Kucoin was one of the world's largest crypto exchanges when the Justice Department started an investigation into its operations. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Run Zero find them@runz0.com thanks for your company.
Risky Bulletin: EU Sanctions Three GRU Hackers
Hosted by Risky Business Team (read by Claire Aird)
Release Date: January 28, 2025
Introduction
In the latest episode of Risky Bulletin, host Claire Aird delivers a comprehensive update on significant cybersecurity events shaping the landscape. From international sanctions against Russian hackers to critical vulnerabilities patched by Apple, the episode delves into the intricate web of cyber threats and responses.
1. EU Sanctions on Russian GRU Hackers
Timestamp: [00:04]
The European Union has imposed sanctions on three officers from Russia's GRU Military Intelligence agency—Yuri Denisov, Nikolai Khorjukin, and Vitaly Shevchenko. These individuals are part of Unit 29155, a division historically involved in clandestine operations such as assassinations and sabotage since 2008. In 2020, the unit expanded its repertoire to include cyber operations, orchestrating significant attacks against Estonian government agencies.
Claire Aird highlights, “The EU sanctions three GRU hackers for their roles in the 2020 cyber attacks against Estonia, signaling a firm stance against state-sponsored cyber aggression.”
Key Incidents Linked to Unit 29155:
Additionally, Unit 29155’s cyber activities are associated with various operations code-named Ember, Bear Cadet, Blizzard, Frozen Vista, UNC 2589, and UAC 0056.
2. Disinformation Campaign Targeting Polish Elections
Timestamp: [00:04]
Russia's intelligence services are reportedly recruiting Polish citizens via the dark web to disseminate disinformation ahead of Poland's presidential election in May. According to the Polish government, participants are being offered up to €4,000 to spread anti-EU propaganda on social media platforms.
Claire Aird notes, “The Russian FSB and GRU are allegedly behind this campaign, which kicked off early last year, aiming to influence the electoral landscape through coordinated misinformation.”
3. US Legislative Response to Foreign-Manufactured Networking Devices
Timestamp: [00:04]
In the United States, a bipartisan effort is underway to address national security concerns related to networking hardware. Senators Marsha Blackburn (R-Tennessee) and Ben Ray Luján (D-New Mexico) have introduced the Routers Act—officially titled the Removing Our Unsecure Technologies to Ensure Reliability and Security bill. This legislation tasks the Department of Commerce with assessing the security risks of routers and modems manufactured abroad, with the potential to ban devices deemed under the control of foreign adversaries.
4. Conviction of Cybercriminals Operating OTP Agency
Timestamp: [00:04]
A significant legal victory in the UK saw three administrators of the OTP Agency—a service enabling cybercriminals to intercept one-time passcodes—sentenced to prison. One individual received two years and eight months, while the other two received one-year sentences each. The arrests followed the site’s exposure in a Brian Krebs article and are indicative of the UK’s strengthened efforts against such cyber threats.
Quote: “The OTP agency allowed threat actors to enter a victim's phone number, initiate a call posing as a bank, and request a token from their banking app,” explains Aird.
5. Extradition of Nigerian Sextortion Suspect
Timestamp: [00:04]
US authorities have extradited Hassan Bussain Abalor Law, a 24-year-old Nigerian man, for his involvement in a sextortion scheme that tragically led to the suicide of Gavin Guffey, a 17-year-old from Rock Hill. Lawal manipulated victims by posing as a woman online, soliciting explicit images, and extorting money. He now faces life imprisonment on multiple charges, including child exploitation.
6. Apple Addresses Critical Zero-Day Vulnerability
Timestamp: [00:04]
Apple has patched a zero-day vulnerability in its Core Media Processing framework affecting iOS and iPadOS. The flaw allowed attackers to use malicious media files to escalate privileges on targeted systems. While Apple has not disclosed the specifics of the exploitation, the prompt patch underscores the company's commitment to safeguarding its ecosystem.
Quote: “Apple has patched an actively exploited zero day in its iOS and iPadOS operating systems, addressing a critical vulnerability that could have been leveraged for privilege escalation,” states Aird.
7. New Side-Channel Attacks Targeting Apple CPUs
Timestamp: [00:04]
Researchers have unveiled two new side-channel attacks, dubbed SLAP and FLOP, targeting Apple’s A and M series CPUs. These vulnerabilities can leak sensitive data through web browsers, posing significant risks to users. Apple plans to mitigate these threats in an upcoming security update. The academic team responsible has identified nearly a dozen such attacks in modern CPUs, including Meltdown and Spectre variants.
8. Cyberattacks on Chinese AI Firm Deepseek
Timestamp: [00:04]
Deepseek, a Chinese AI company, has restricted new user registrations following large-scale cyberattacks on its recently launched AI services. The attacks coincided with Deepseek's app surpassing ChatGPT on app stores and a notable decline in US AI stock prices. The assaults are believed to involve a combination of Distributed Denial of Service (DOS) attacks and API abuse, impacting the company’s operational stability.
9. Microsoft’s Enhanced Security Features in Edge Browser
Timestamp: [00:04]
Microsoft is testing a new security feature in its Edge browser aimed at blocking scareware pop-ups. Utilizing machine learning, the feature detects and prevents pop-ups and text commonly associated with scareware and tech support scams. Initially announced at the Microsoft Ignite developer conference last year, this enhancement represents Microsoft's ongoing efforts to bolster user safety online.
10. Kucoin Settles with US Department of Justice
Timestamp: [00:04]
Cryptocurrency exchange Kucoin has reached a settlement with the U.S. Department of Justice, agreeing to pay a $297 million fine. The company will also exit the U.S. market for two years due to operating an unlicensed money transmitting business without adequate anti-money laundering (AML) and know-your-customer (KYC) protocols. Kucoin may re-enter the U.S. market post-compliance and registration with U.S. authorities.
Conclusion
Today's episode of Risky Bulletin underscores the dynamic and often volatile nature of the cybersecurity domain. From international sanctions and legislative measures to critical vulnerabilities and cybercriminal prosecutions, the landscape is continually evolving. Claire Aird effectively navigates these complex topics, providing listeners with a nuanced understanding of the current threats and the responses they elicit.
“And that is all for this podcast edition,” concludes Aird, wrapping up a detailed session of cybersecurity insights.
Notable Quotes:
“The EU sanctions three GRU hackers for their roles in the 2020 cyber attacks against Estonia, signaling a firm stance against state-sponsored cyber aggression.” – Claire Aird [00:04]
“Apple has patched an actively exploited zero day in its iOS and iPadOS operating systems, addressing a critical vulnerability that could have been leveraged for privilege escalation.” – Claire Aird [00:04]
Additional Information
For more updates and detailed analyses, visit the Risky Business team’s website and follow their regular cybersecurity news bulletins.
This summary was prepared by Catalyn Kimpanu and read by Claire Aird for the Risky Bulletin podcast.