Kübersõda ja häkkimine

Sõjaväelised erialad. Elutsükkel väljaõppest kuni reservist kustutamiseni. Nii nippidest kui ka relvadest/vahenditest.
Vasta
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

Küberrünnak võttis sisuliselt Rumeenia haiglasüsteemi pikali. 25-e haigla süsteemid krüpteeriti lunavara rünnakus ära ja teised 75 võtsid oma süsteemid maha, et nende süsteemid pihta ei saaks. Nüüd käib kõik paberil.
100 haiglat üle Rumeenia on oma süsteemid võrgust välja lülitanud pärast seda, kui nende tervishoiuhaldussüsteemi tabas lunavararünnak.

Hipocrate'i infosüsteem (HIS), mida haiglad kasutavad meditsiinitegevuse ja patsientide andmete haldamiseks, võeti nädalavahetusel sihikule ja on nüüd pärast andmebaasi krüptimist võrguühenduseta.

Kui 25 haiglas on juba kinnitatud, et ründajad on oma andmed krüpteerinud, on 75 muud HIS-i kasutavat tervishoiuasutust ettevaatusabinõuna intsidendi uurimise ajaks oma süsteemid võrguühenduseta lülitanud.

"Ööl vastu 11.-12. veebruari 2024 oli massiivne lunavaraküberrünnak suunatud HIS-i infosüsteemi töötavatele tootmisserveritele. Rünnaku tagajärjel on süsteem maas, failid ja andmebaasid on krüpteeritud," teatas Rumeenia ministeerium. Tervis ütles.

Lunavararünnak mõjutas erinevaid haiglaid üle Rumeenia, sealhulgas piirkondlikke ja vähiravikeskusi, kusjuures DNSC küberturvalisuse ekspertide meeskond uurib praegu rünnaku mõju.

DNSC ütleb, et ründajad kasutasid haiglate andmete krüptimiseks Backmydata lunavara, mis on Phobose perekonna lunavara variant.

"Enamikul mõjutatud haiglatest on mõjutatud serverites andmete varukoopiad, kusjuures andmed on salvestatud suhteliselt hiljuti (1-2-3 päeva tagasi), välja arvatud üks, mille andmed salvestati 12 päeva tagasi," teatas DNSC.

Ründajad on saatnud lunarahaks 3,5 BTC (umbes 157 000 eurot). Rünnakule pretendeeriva rühmituse nime aga lunaraha kirjas ei mainita, vaid ainult meiliaadress.

Pärast seda, kui süsteemid võrguühenduseta võeti või suleti, on arstid olnud sunnitud naasma retseptide kirjutamise ja paberil arvestuse pidamise juurde.

"Pärast 400 arvutisüsteemi ja serveri sulgemist töötasime peamiselt paberil," ütles Iasi piirkondliku onkoloogiainstituudi (IRO Iasi) juht Mirela Grosu Agerpresile.

"Ma mõtlen, et me tegime pidevad vastuvõtuprotokollid paberil, päevased vastuvõtuprotokollid paberil, kirjutasime paberile tervisekontrolli soovitused. Kõik tehakse paberil, nagu aastaid tagasi."
https://www.bleepingcomputer.com/news/s ... o-offline/
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

Kanadas torujuhtmetes gaasi ja naftatooteid transportiva firma sisevõrgus olevad andmed kopeeriti(väidetavalt lekkis 183 GB andmeid)
Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang.

TNPI operates 850 kilometers (528 miles) of pipeline in Ontario-Quebec and 320 kilometers (198 miles) in Alberta, transporting 221,300 barrels (35.200m3) of refined petroleum products daily.

Both pipeline systems are underground and transport gasoline, diesel fuel, aviation fuel, and heating fuel from refineries to distribution terminals.

"Trans-Northern Pipelines Inc. experienced a cybersecurity incident in November 2023 impacting a limited number of internal computer systems," TNPI Communications Team Lead Lisa Dornan told BleepingComputer.

"We have worked with third-party, cybersecurity experts and the incident was quickly contained. We continue to safely operate our pipeline systems.

"We are aware of posts on the dark web claiming to contain company information, and we are investigating those claims."

While ALPHV's claims were not directly mentioned by Dornan when asked by BleepingComputer for confirmation, the ransomware gang says its operators stole 183GB of documents from the company's network.
https://www.bleepingcomputer.com/news/s ... ck-claims/
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

USA suurimad telefonioperaatorid küberrünnaku all???
WIDESPREAD CELL OUTAGE HITS THE U.S
In what could possibly be a cyber attack on the U.S, outages are being reported across multiple service providers including AT&T, Verizon, T-Mobile, and US Cellular.
Source: Downdetector
Pilt
https://twitter.com/MarioNawfal/status/ ... 8295074013
There appears to be a widespread national outage of AT&T’s cellular network. My location isn’t showing as red here but my cellular service is out as well. Wifi just came back. This is quite concerning.
Pilt
https://twitter.com/Top1Rating/status/1 ... 3914103965
BREAKING: 911 EMERGENCY SERVICES CRASH WITH CELL DISRUPTION
911 emergency service lines across America have crashed, with AT&T, Verizon, and T-Mobile customers from New York to LA reporting no service or connection. Numerous phones are showing SOS messages.
Source: Daily Mail
https://twitter.com/MarioNawfal/status/ ... 2685681993

https://www.bleepingcomputer.com/news/m ... bscribers/
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

orkid häkkisid Microsofti servereid.
Russian state-backed hackers reportedly breached Microsoft's core software systems, accessing source code repositories and internal systems.
https://twitter.com/MarioNawfal/status/ ... 3652358389
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

Moskva linnavalitsuse serverid krüpteeriti ära. Enne nädalavahetusel tulevaid valimisi hea üllatus. Vene enda häkkerid.
Attention Moscow Government:

Putin is not legitimate president. We have felt it important to speak on this week of stealing of our country in the fraud election

We have encrypted all systems of the Moscow Government. Not the website mosreg. All internal systems of government.
https://twitter.com/Nebula00x/status/17 ... 1587436771
Viimati muutis ruger, 12 Mär, 2024 20:39, muudetud 1 kord kokku.
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

Prantsusmaa valitsus ja riigiasutused said küberrünnakus pihta. Sihtmärk energiasektor.
A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office.

“Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.”

The French minister’s office did not provide details about the attacks, however, the French agencies were likely hit with distributed denial-of-service (DDoS) attacks.

The attacks were not complex, government experts said they were conducted using familiar technical means despite the intensity of the offensives.

“Several French state bodies have been hit with cyberattacks of “unprecedented intensity”, Prime Minister Gabriel Attal’s office said Monday, March 11, while insisting the government had been able to contain the impact.” reported the French newspaper Le Monde. “Many ministerial services were targeted” from Sunday “using familiar technical means but of unprecedented intensity,” Attal’s office said, without providing further details of the targets.”

A security source informed Agence France-Presse that government experts cannot attribute the attacks to Russia.

The PM’s staff confirmed that the French government has activated a crisis cell to deploy countermeasures. The staff confirmed that the impact of these attacks has been reduced for most services and access to state websites has been restored.

“Specialist services including information security agency ANSSI were “implementing filtering measures until the attacks are over”” continues Le Monde.

Even if French authorities did not attribute the attack to Russia-linked threat actors, multiple Pro-Russia hacking continue to threaten the French government for its support to Ukraine.

Today Pro-Russia Group NoName announced a series of successful attacks against French authorities.

“As part of a joint attack with our colleagues, we looked into France and put down a number of state sites and subdomains of the French energy company EDF” the group announced on its Telegram channel. “Subdomains of the website of Électricité de France (EDF, “Électricité de France”), France’s state-owned electricity company and the world’s largest operator of nuclear power plants”
https://securityaffairs.com/160374/hack ... ncies.html
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

Moskva metroopiletid ei tööta-Vene enda häkkerid.
METRO CARDS HACKED

⚡️⚡️⚡️ Metro cards for the Moscow 🇷🇺 metro system do not work following a massive attack executed by a Russian hacker collective opposed to the Putin dictatorship.

The hackers support the overthrow of the Putin Regime.
https://twitter.com/officejjsmart/statu ... 9902686453
Сегодня пытались пополнить счет и взять автобус, но «Тройка» не работала. Упс. Оказывается мы виноваты в этом
В результате нашей недавней работы, система «Тройка» не работала для всех пользователей. Их системы были подключены к порталу гос и муниципальных услуг Московской Области
https://twitter.com/Nebula00x/status/17 ... 7849137303
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

USA veepuhastusüsteemid häkkerite sihtmärkideks.
U.S. WATER SYSTEMS UNDER MAJOR CYBERATTACK THREAT

White House says the U.S. water utilities face "disabling cyberattacks" from hostile nations.

Recent incidents include Iranian hackers disrupting a Pennsylvania water facility and Chinese hackers infiltrating critical infrastructure networks.

Biden admin has urged State Govs and water facilities to boost cybersecurity and launched a task force to tackle vulnerabilities.

Source: Ars Technica
https://twitter.com/MarioNawfal/status/ ... 3500800198
https://arstechnica.com/security/2024/0 ... use-warns/
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

Üks hotelliketi (50 hotelli ja puhkepiirkonnaga USA-s, Mehhikos ja Kanadas) IT süsteemid on enamuses mittetoimivad.
Omni Hotels & Resorts has been experiencing a chain-wide outage that brought down its IT systems on Friday, impacting reservation, hotel room door lock, and point-of-sale (POS) systems.

The official website was down on Friday, and an alert was added after it came back online over the weekend, warning customers, "Dear valued guest, we are currently experiencing technical difficulties, please try back at a later time."

According to customer reports shared on social media over the last four days, while all locations remained open and accepting new guests, front desk employees have been hit by issues with new reservations, credit card payments, and modifying already-made reservations.

"It’s pretty bad. They have it so you have to text them to come let you into your room, and it usually takes 30+ minutes for an employee to get there and unlock it for you," one customer said on Monday

While Omni Hotels has yet to provide information on the root cause behind this chain-wide incident, it did announce on Monday that its IT team is working on restoring offline systems.

"Dear valued guests, our technology teams are continuing to work on restoring our systems that are currently down," Omni Hotels shared on Twitte and Facebook. "Your business is very important to us; we appreciate your patience and apologize for the disruption.

Omni Hotels operates 50 hotels and resorts across the United States, Canada, and Mexico, with approximately 23,550 rooms and 28 golf courses.
https://www.bleepingcomputer.com/news/s ... ce-friday/
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

2022 aastal häkiti Hiina poolt Tšehhi EL-i eesistumise ajal riigi IT süsteemidesse
CHINA HACKED CZECH EU PRESIDENCY:

I-Soon is a Chinese cyber espionage company working as a contractor of Chinese intelligence.

In May 2022, these Chinese hackers attacked Czech Foreign Ministry and clearly stole internal documents related to Czech EU Presidency.

Those were internal documents covering negotiations over EU efforts to cut out Russian gas (the time was three month after Russian launched the full-scale war) or internal EU discussions at COREPER, between national ambassadors to the EU. It also includes emails between Czech and foreign diplomats.

-----Why would China care?

Chinese espionage is extremely interested in understanding internal EU negotiations so China knows how to coerce or blackmail individual EU countries if it can find out about internal EU disputes and diverging national positions. China is also a primary ally of Russia, supporting Russian war crimes in Ukraine, so details about EU efforts to cut out Russian gas are what Russian and Chinese dictatorships need to know.

----- How do we know?

Czech counter-intelligence agency @biscz
confirmed in their 2022 Annual Report that „some of cyber operations against Czech EU Presidency were successful“.

Recently, Czech cyber expert blog @_cybule
found details of the I-Soon hack. (https://cybule.cz/kyberneticke-utoky/un ... ceske-mzv/).

Today, Czech outlet @SeznamZpravy (@lukasvalasek) broke the whole story
https://twitter.com/_JakubJanda/status/ ... 1262843242
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Kasutaja avatar
ruger
Liige
Postitusi: 19476
Liitunud: 04 Juul, 2009 12:29
Kontakt:

Re: Kübersõda ja häkkimine

Postitus Postitas ruger »

Norra kaitsepolitsei PST usub, et 2021 aastal tungis riigi parlamendi IT süsteemidesse 2 erinevat Hiina häkkerigrupeeringut.
PST believes two Chinese groups hacked the 🇧🇻 Storting in 2021
The Norwegian Police Security Service (PST) believes that there were not just one, but two Chinese hacker groups that broke into the Storting's IT systems in 2021.

The Storting announced on 10 March 2021 that its IT systems were exposed to a computer attack, and the Ministry of Foreign Affairs pointed out that the attack had been carried out by China in an attempt to obtain intelligence information in the same year.

Section leader for counterintelligence, Atle Tangen, said that PST believes the hacker group APT31 was behind it. The group is linked to the Chinese security and intelligence service MSS. But APT31 was not the only actor that was inside the Storting's IT systems.

Before the IT attack in March, Høyre's Michael Tetzschner, who was involved in a number of China-related issues, was informed that someone had stolen 4,000 emails from him.
- PST believes that it is likely that a hacker group called Hafnium is behind it and are linked to China
https://twitter.com/thelostcomms/status ... 9596090878
Ainus, mida me ajaloost õpime, on see, et keegi ei õpi ajaloost midagi.
Live for nothing or die for something.
Kui esimene kuul kõrvust mõõda lendab, tuleb vastu lasta.
EA, EU, EH
Vasta

Kes on foorumil

Kasutajad foorumit lugemas: Registreeritud kasutajaid pole ja 0 külalist