Skip to main content

Russia Hacks Burisma, Ryuk Ransomware & Patch Tuesday!

Russia Hacks Burisma, Ryuk Ransomware & Patch Tuesday!

Today is Tuesday January 14th, 2020 and here are today’s most pressing cyber stories in under 5 minutes.


Russia Hacks Ukrainian Gas Firm in the midst of impeachment

Russian military hackers have allegedly launched cyberattacks on Burisma, a Ukrainian gas company at the heart of US President Trump's impeachment case.  


According to a report published on Monday by the New York Times, cyberattack salvos were fired during November, at the same time that Ukrainian President Volodymyr Zelensky was being pressured by Trump to investigate former Vice President to Barack Obama, Joseph Biden, alongside his son Hunter -- of which whom served on the board of the utility.


While it is not known what the hackers were searching for, according to the NYT, cybercriminals under the umbrella of the Russian military "could be searching for potentially embarrassing material on the Bidens -- the same kind of information that Trump wanted from Ukraine." 

The style and nature of the attacks on the gas company were similar to those launched against the Democratic National Committee (DNC) in 2016.


It is suspected that the hack was prompted by Russia's desire to interfere with the election. The country has repeatedly denied any involvement. 

Good Samaritans helping Aussies with Forest Fire get hit by credit card skimming

Attackers have compromised a website collecting donations for the victims of the Australia bushfires and injected a malicious script that steals the payment information of the donors.

This type of attack is called Magecart and involves hackers compromising a web site and injecting malicious JavaScript into eCommerce or checkout pages. These scripts will then steal any credit cards or payment information that is submitted and send it off to a remote site under the attacker's control.

The Malwarebytes Threat Intelligence Team has discovered a legitimate web site collecting donations for the tragic bushfires in Australia that has been compromised by a Magecart script.

While the donors were probably not targeted by this attack, they are unfortunately caught in the cross fire.


When a visitor of the site adds an item to their cart, such as a donation, a malicious credit-card skimmer script named ATMZOW will be loaded into the checkout pages. 


When a user submits their payment information as part of the checkout process, the malicious script will steal the submitted information and send it to the vamberlo[.]com domain. 


China’s APT40 Hides behind network of front companies


An online group of cyber-security analysts calling themselves Intrusion Truth have doxed their fourth Chinese state-sponsored hacking operation. "APT groups in China have a common blueprint: contract hackers and specialists, front companies, and an intelligence officer," the Intrusion Truth team said. "We know that multiple areas of China each have their own APT."


While Intrusion Truth has not specifically linked the subjects of its recent blog posts to a particular Chinese hacking group, experts from FireEye and Kaspersky have said that Intrusion Truth's latest revelations refer to a Chinese hacking group they've been previously tracking as APT40.                                                                                                                                                      

Per FireEye, APT40 is a Chinese cyber espionage group that's been active since 2013. The group typically targeted countries strategically important to China's Belt and Road Initiative, especially those with a focus on engineering and defense. These companies use overlapping contact details, share office locations, and don't have any presence online except to recruit cyber-security experts with offensive security skills, using almost identical job ads.                                  


In fact, one of the 13 front companies they identified was headquartered in the University's library. Th