Category Archives: Hackers

We will cover current issues about hacker groups around the world who act behind the scenes and commit cybercrimes.

Cyber criminals spare those who have their keyboards in Russian, is this the beginning of a strategy?

Today, officially, everyone knows that Russian hackers tend to spare companies that operate within their state.

Even Russian companies that operate across borders. The aim is, of course, to be able to take advantage of the laissez-faire offered by the Russian state. In this context, some COMPUTER security experts advise companies to convert their devices into Russian language to be spared this surge.

"Try this weird trick that Russian hackers hate," says journalist Brian Krebs. On May 17, he published in his blog post, a trick that consists of turning the content of his Windows keyboard into a Russian language. The aim is to make the device look like a computer tool used by a Russian company or entity. In which case, if the Russian malware detects the language of use, it will then spare the targeted computer device. The journalist assumed in his development that this trick is likely to improve the protection of the system by abusing the system itself, even though it does not guarantee anything in practice.

This article will also interest you: Six Russians linked to Kremlin military intelligence indicted in the United States for major cyberattacks

However, our reporter proposed in a very simple way to deploy his tricks:

– First there is the possibility to download for free the virtual keyboard provided by Windows in several languages of countries that are usually spared by the malware of hackers. However the disadvantages of this manipulation are to push the user has switched totally to a keyboard purely as a result of mishandling. This will make the use of the computer tool very difficult.

– For the second, download simple script. This script has the functionality of applying Russian registry to the computer device without necessarily having to download a Russian virtual keyboard.

When journalist Brian Krebs published his blog post, several experts reacted to the event, namely the technical director of cybersecurity firm Emsisoft, one of the companies most mobilized in the face of the ransomware attack. Experts criticize the trick in some respects: "In the ransomware research team, we often joke about what new 'innovative' way we will be presented as the next big solution against ransomware. One of the recurring running-gags of the last 8 years has just been turned into a real recommendation recently: change the layout of your keyboard to Russian. ».

According to the computer security specialist, it is not the so superficial change that will alter the ability to automatically detect malware. "Unless you really want to use your computer in Russian with a Russian keyboard, you'll still get attacked," he says. 

In addition, Emsisoft specialists point out that what kind of command is easy to disable just 1 click away. It will just be enough for hackers to realize the company is indeed non-Russian.

He adds that in the case of a ransomware computer attack, the trick will serve him no good at all because once the malware is in the system a simple command cannot prevent it from doing what needs to happen.

"The hackers behind the ransomware will know everything about your business. They will know quickly and definitively whether you are a real Russian company or not," concludes Wossar, Emsisoft's technical director.

Beyond all the criticism, the journalist wishes to defend his position in every way: "Is there really a disadvantage in adopting this simple, free, prophylactic approach? (…) The worst that can happen is that the user accidentally passes the options of his menu in Russian."

The latter acknowledges that in the majority of cases it is the trick to not functioning, there is no denying that in a certain minority it may well have a well-defined scope.

The fight against ransomware attacks has intensified a lot in recent days. This is clearly understood when we see how cybercriminals are also intensifying their cyberattack.

Now access an unlimited number of passwords:

Check out our hacking software

U.S. Police Informants Test Data Disclosures by Cyber Criminals

Later this week, the Washington Metropolitan Police District department said it had been hit by a computer attack.

According to the police authorities, this cyberattack was the cause of Russian-speaking hackers. This would follow a statement by a group of cyber criminals also Russian-speaking who claim to have sensitive data from the police department. The information referred to here is believed to be personal data belonging to police informants. Sensitive information indeed. That's not all, these cyber criminals are threatening to expose it to criminal gangs. As if to confirm that they do hold this information, they have published screenshots on a website developed by them. According to the latter they would have nearly 250GB of data.

This article will also interest you: IT security: the European banking authority victim of a computer attack

"Since the beginning of the year, more than 20 U.S. government agencies have been hit by ransomware and cyber criminals have released the stolen data," said Brett Callow, a ransomware analyst at computer security firm Emsisoft. Of course, under certain conditions, victims choose not to pay the ransoms demanded, preferring to rebuild their system from start to finish.

For its part, the D.C. police say they take this threat very seriously.

"We are aware of unauthorized access to our server. As we determine the total impact and continue to review the activity, we have engaged the FBI to conduct a thorough investigation into this matter," the Police Department said.

Today, the example of the Washington D.C. Metropolitan Police is just one example. Indeed, by assisting can it qualify as an epidemic of cyberattacks based on ransom programs. U.S. authorities call the situation a threat to national security. On average, they cause damage of up to ten billion U.S. dollars. Unfortunately, companies are struggling to cope with this flood of cyber malice.

"As we determine the full impact and continue to review the activity, we have engaged the FBI to fully investigate this matter," the D.C. police said. Unfortunately it does not give further details about the violation suffered by this system. The U.S. Federal Police has been dispatched to investigate the violation. At this time, there is no evidence that the police services have been affected until their ongoing operation.

"With these types of attacks, the data has probably already been stolen before it is encrypted, and the likelihood of the data being sold or stored by the hacker is high," said James Smith, director of cybersecurity consulting firm Bridewell Consulting.

In short, American organizations are clearly targeted by mass cybercrime. And this is likely to worry both consumers, citizens and authorities. From Tesla, the American electric car giant, to a basketball team, to a water distribution plant in California, hackers are on the rise.

Now access an unlimited number of passwords:

Check out our hacking software

80% of websites were almost hacked by a hacker

By using words properly, one of the worst disasters that could have happened in the digital sector was avoided.

Indeed, during the week, it was discovered that a cybercriminal had managed to break into the source code of what appeared to be a future version of PHP. The idea of the cybercriminal was to insert a backdoor into the code to be able to access the contents of the sites covered by the software. Fortunately, this small feat that could have had great consequences was detected at the right time, which then saves a large part of the websites that could have been vulnerable.

This article will also interest you: The Doctissimo website, in the crosshairs of the CNIL for violating the European data protection regulation

Indeed, it should be remembered that 80% of websites operating on the Web use the programming language PHP.

As for the cybercriminal on his side, as if to taunt his ex-future victims this time, he signed his action with the names of 2 developers well known for the language. "The clerks were discovered as part of a routine review of the code. It was pretty obvious that both changes were malicious, and they were immediately cancelled," said Nikita Popov, one of the developers whose identity was spoofed.

It was last Sunday that the changes to the new version of PHP were discovered by the program's security team. During the day, specialists can update the lines of code that have been added to the source code.

To camouflage his action, the cybercriminal after sold an act of correction of typo in the source code. An action so well executed that one would have thought it was the work of fairly reputable developers of the PHP language.

According to other information provided by the security team, the hacker managed to corrupt the server managed by the organization in charge of the PHP language.

If the server has been corrupted. However, the programmer's account was not affected. The 8.1 version of PHP, which is currently under development, will be available to them by the end of 2021. The cybercriminal would have liked to take advantage of this provision. In the event that the backdoor that had tried to be inserted into the new version had not been discovered in time, many users would still have downloaded it through the update believing that everything was safe. As the hacker could then have taken control of 80% of the websites. With the consequences that could have ensued we can say then that we were able to escape beautiful.

For the time being, investigations are continuing to identify the cyber criminals behind this attempt.

In addition, the company specializing in security breach buybacks, Zerodium is in any way singled off in the face of this attempt. Indeed, in order to be able to use the backdoor if the update had actually been deployed with the cybercriminal's changes, the cybercriminal's password was "Zerodium". Obviously this can be a mere coincidence or a farce. However, the distrust is still real on the company side. Indeed the latter has a bad reputation, especially since it is used to buying security vulnerabilities and then using them as it pleases. On Twitter, Zerodium's boss, Chaouki Bekrar, sought to clear his company by ruling out any misunderstanding and potential involvement in the case: "Obviously, we have nothing to do with it. Presumably, the researchers who found this bug tried to sell it to several organizations, but no one wanted to buy this, so they exposed it voluntarily for fun.

Now access an unlimited number of passwords:

Check out our hacking software

Cybercriminals target covid-19 vaccine

One of the major problems in this time of health crisis and cybercrime even though it seems so strange.

Unfortunately, the supply chain is at risk from the increase in computer attacks.

This article will also interest you: Covid-19 vaccine and computer hacking

During July 2020, the British and U.S. governments openly accused Russia of fraudulently attempting to steal the fruits of their research into a potential vaccine against Covid. According to some investigations, Russia and North Korea did target infrastructure used to produce vaccines. The objective then would have been to steal some information. It was then the first of several series of computer attacks that would take place later. Attacks were publicly denounced by the governments of the United States and Great Britain.

"In October 2020, cybercriminals reportedly shut down manufacturing systems worldwide in a laboratory that had just received permission to manufacture the Russian Sputnik vaccine. The U.S. National Institute of Health was targeted by Solarwinds attacks at the same time as Russian criminal groups continued to launch attacks on U.S. hospitals. The British public health service has also been the target of recent cyberattacks by Chinese hacker group Hafnium against Microsoft Exchange servers. Vincenzo Pinto journalist from. Afp.

This is a disruption to the entire supply chain. Indeed, it cannot be denied, the information around the vaccine is a real treasure whose value is currently priceless. Unfortunately, this information is poorly protected in the face of espionage. As a result, cyberattacks are on the rise. There is even a good chance that many of his cyber espionage attempts have never been published in the open.

But why do these vaccine cybercrimes seem to be so upsetting by the authorities? Are the consequences so dramatic? To this question, Tarah Wheeler, author and researcher in cybersecurity policy and Amy Ertan, researcher and doctoral student in computer security explain: "The problem is that if someone manages to gain access to the vaccine data, they also have access to everything else and they can do whatever they want with it. It's not as if hackers are going to steal vaccine data to build their own manufacturing infrastructure elsewhere—if that were the case, it's not even certain that we'd care. The more vaccines, the better. The problem is that these criminals are not trying to counterfeit vaccines, they are trying to disrupt their production. This leads to fewer vaccines and more deaths. The vaccine supply chain is highly vulnerable and in desperate need of increased security. ».

"The Covid-19 vaccine supply chain is made up of several links: research, production, storage and distribution around the world. Most companies involved in the vaccine supply chain use the same limited set of software and IT solutions from major international vendors such as Google, Microsoft and Amazon. our experts note. In other words, a computer hack that worked on a company that could have the same effects on other companies in the supply chain. When multiple organizations use the same tools, they share common vulnerabilities. The recent computer attack that targeted the servers of Microsoft Exchange one is indeed proof. Yet this is no excuse for amateurism. Indeed, "If a laboratory that makes vaccines is attacked, it is not necessarily its fault. But if another company in the supply chain, even a competitor, is then attacked in the same way, it could be totally the responsibility of the first laboratory. If the information available to him could have prevented this hacking, his inaction deserves to be condemned by the international community. When it comes to vaccines, no laboratory should compromise global health for reasons of pride, profits or brand management. The World Health Organization could use its privileged position as a moral authority and health information coordinating institution to strongly encourage security collaboration and ultimately save lives. concludes our cybersecurity researchers, Amy Ertan and Tarah Wheeler.

Now access an unlimited number of passwords:

Check out our hacking software

Vietnam: Militants Targeted by Hackers

The famous group of hackers known as Ocean Lotus suspected of having some relationship with the Vietnamese government.

This was after several computer attacks allegedly against human rights defenders in Vietnam were observed. This fact was revealed by Amnesty Tech. The latter highlighted a form of identification of the abuses suffered by the defenders in question.

This article will also interest you: Hackers are attacking the water

With the recent computer attack on the part of the cybercriminal group, it is clear that those who decide to invest in human rights defenses in Vietnam are being targeted. This has succeeded in kicking freedom of expression in this country.

Amnesty Tech's computer security research laboratory has discovered several emails allegedly sent to several Vietnamese who are going into the field of human rights, for phishing. The targets were a Vietnamese living in Germany and a non-governmental organization based in the Philippines. According to several reports, the hacker group Ocean Lotus is indeed responsible for its computer attacks that took place between 2018 and 2020.

And this is not the first time that IT security companies have highlighted these types of computer attacks. Most often directed against political opponents or foreigners or companies that are settled in the territory of Vietnam or having an in-house activity.

"The latest attacks by Ocean Lotus demonstrate the repression that Vietnamese activists are targeting at home and abroad, simply because they defend human rights. This illegal surveillance violates the right to privacy and stifles freedom of expression,

"The Vietnamese authorities must conduct an independent investigation. If they refuse to do so, they will appear even more complicit in the attacks carried out by Ocean Lotus. likhita Banerji, a researcher at Amnesty Tech.

With the Amnesty Tech investigation, a blogger and human rights and democracy activist, known as Bui Thanh Hieu, was hit by spyware more than four times between February 2018 and December 2019. It should also be noted that the Vietnamese authorities had repeatedly harassed these militants. Today he has taken refuge in Germany where he has lived since 2013. Like the latter, another blogger has been targeted since July 2020 with no less than 3 computer attacks.

In addition to these individuals, a non-governmental organization is also targeted by these same hackers from Ocean Lotus. The Vietnamese Overseas Initiative for Consciousness Empowerment (VOICE), headquartered in the Philippines, provides support in the area of human rights promotion and refugee assistance. In April 2020, computer attacks were recorded against the NGO. In practice, several members of this organization were threatened several times, their passports allegedly confiscated by the Vietnamese authorities

"All of these attacks were the same: an email inviting you to download a supposedly important document from the link provided. The files in question contained spyware for Mac OS or Windows. Amnesty Tech's analysis of the malicious emails found that Ocean Lotus was the author and that the tools, techniques and network infrastructure used matched those of this group. Likhita Banerji. She later said: "Internet freedoms are under unprecedented attack in Vietnam. Despite these threats, courageous activists continue to defend human rights. The ongoing repression against them must stop, including targeted computer attacks."

Of course this is not typical in Vietnam alone. In the past five years, several states have used computer surveillance systems to harass human rights defenders.

Now access an unlimited number of passwords:

Check out our hacking software