Hackers Release Samsung Data | Russia Blocks Facebook and Twitter | Phishing Attacks Target Officials Helping Refugees

March 7th

Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group

Hackers Release Samsung Data

First, let’s check in with the Lapsus$ data extortion group who last week leaked an enormous collection of confidential data that they claim is from Samsung Electronics. The group posted a note to their followers teasing them about releasing data belonging to Samsung, before publishing a description of their upcoming leak saying that it contains “confidential source code” originating from a breach. The leak is said to include:

  • Source code for every Trusted Applet (TA) installed in Samsung’s TrustZone environment used for sensitive operations (e.g. hardware cryptography, binary encryption, access control).
  • Algorithms for all biometric unlock operations.
  • Bootloader source code for all recent Samsung devices.
  • Confidential source code from Qualcomm.
  • Source code for Samsung’s activation servers.
  • Full source code for technology used for authorising and authenticating Samsung accounts, including APIs and services.

The total size of the leak is said to be almost 190GB of confidential data. It is unknown if Lapsus$ contacted Samsung about a ransom payment like they did with Nvidia. This is a developing story, and Samsung is yet to comment.

Source - Samsung Hack - Bleeping Computer

Source - Samsung Hack - EuroGamer

Source - Samsung Hack - PC Gamer

Russia Blocks Facebook and Twitter

Next, to the world of social media and the evolving situation in Russia and Ukraine. Russia’s communications regulator last week said they have blocked access to Facebook and Twitter because of apparent “discrimination against Russian media and information resources”.

According to Roskomnadzor, Russia’s communications regulator, they have measured at least 26 cases of discrimination against Russia since October 2020. The agency highlighted the social media platforms recent restrictions of media sources tied to the Kremlin, such as RT and Sputnik, as reasons for blocking access to the platforms.

Nick Clegg, who is now President of Global Affairs for Meta said:

“Soon millions of ordinary Russians will find themselves cut off from reliable information, deprived of their everyday ways of connecting with family and friends and silenced from speaking out”

While Russia continues their invasion of Ukraine, they have also blocked most news organisations based outside of the country and restricted internet access for the population. Most people now need to use a VPN to access the wider internet. For now, Russian’s can still use other apps to communicate, such as Telegram. While restricting access won’t stop political dissent in Russia, this seems like it is just the beginning of Putin’s crackdown.

Source - Russia Blocking Sites - Buzzfeed News

Source - Russia Blocking Sites - CNet

Source - Russia Blocking Sites - Vox

Source - Russia Blocking Sites - Washington Post

Source - Russia Blocking Sites - The Guardian

Millions of ordinary Russians will find themselves cut off from reliable information, deprived of their everyday ways of connecting with family and friends and silenced from speaking out
Nick Clegg, Meta President of Global Affairs

Phishing Attacks Target Officials Helping Refugees

Staff working at organisations involved in the aid efforts to help refugees fleeing from the conflict in Ukraine have been targeted by what security researchers think is likely a state-sponsored phishing campaign which aims to deliver malware.

According to Proofpoint, it's believed the attack exploited a compromised personal email account belonging to a member of the Ukrainian armed forces, which was then used to send targeted phishing attacks to European government workers tasked with managing transportation in Europe, as Ukrainian refugees flee the Russian invasion.

The aim of the attacks is likely to be an attempt to gain intelligence from within NATO member countries. Researchers have tentatively linked the campaign to a hacking group known as TA445, part of a wider operation known as UNC1151, which was previously linked to the government of Belarus.

That said, researchers also note that they've "not yet observed concrete technical overlaps which would allow us to definitively attribute this campaign".

The initial phishing emails were detected on February 24th, originating from a Ukrainian email address, and sent to an undisclosed European government agency. The subject line references the emergency in Ukraine and includes an Excel file named "list of persons", which contains the malicious macros. If the macros are enabled, the document will download and install malware which has been dubbed “SunSeed”.

It's believed that the purpose of these attacks is to track individuals with responsibilities related to transportation, financial and budget allocation, administration, and population movement within Europe, potentially with the aim of gaining intelligence about movements of funds, supplies and people.

Several other phishing campaigns are also attempting to exploit the Russia-Ukraine war in what are likely attempts to steal passwords, financial information, and other sensitive data, as well as potentially delivering malware. Microsoft has detailed several tailored "opportunistic phishing campaigns" related to Ukraine. It’s likely that we will see more of these as the conflict continues.

Source - Ukraine Refugee Phishing Campaign - ZDNet

Source - Ukraine Refugee Phishing Campaign - Proofpoint

If you want to get in touch then give us a shout