Monday 6th February 2023
Cyber Threat Intelligence Weekly Update: 6th February 2023
Pro–Russian hacktivists target global healthcare entities with DDoS
This week we reported that the pro–Russian hacktivist group Killnet launched a series of Distributed Denial of Service (DDoS) attacks against healthcare entities around the world.
Killmilk, the founder of Killnet, posted earlier in January 2023 that the group planned to target entities in Portugal, Spain, Germany, Poland, Finland, Norway, the Netherlands, the UK, and the US in retaliation for their “support of the Nazis in Ukraine.” Killnet also announced the attacks on its Telegram channel with a list of targets consisting of websites from fourteen hospitals across the US, many of which were subsequently disrupted.
Other reports of confirmed that the group was also able to successfully compromise the websites of the University of Michigan Hospital, Stanford Health Care Center, and University Medical Center Groningen in the Netherlands. Killnet was joined in this campaign by another pro–Russian group known as Phoenix, who claim to have impacted two other hospitals’ websites as part of the same campaign. This most recent wave of attacks was launched in opposition to President Biden’s recent decision to send tanks to Ukraine and comes a week after 14 Russian civilians were killed in a hospital by US–supplied missiles. These deaths, therefore, likely informed the decision to focus mainly on healthcare entities within the US as retaliatory attacks by Russian hacktivist groups have become increasingly common since the onset of the war.
Security Update: QNAP Systems has warned customers to install new firmware updates that fix a critical security vulnerability CVE–2022–27596, allowing remote adversaries to inject malicious code on network–attached storage devices.
Nation–State: Latvia’s Ministry of Defence has confirmed they were targeted by what appears to be a phishing campaign by the Russian state–sponsored espionage group Gamaredon.
A new intelligence gathering campaign linked to the prolific North Korean state–sponsored Lazarus Group leverage known security flaws in unpatched Zimbra devices to compromise victim systems.
Hacktivism: The pro–Turkish hacktivist group Türk Hack Team has targeted a range of Swedish and Danish entities with DDoS and alleged hack–and–leak operations, in response to Quaran burnings by extreme far–right politician.
PoS Malware: Three new Prilex Point–of–Sale malware variants have been discovered to be capable of blocking contactless transactions on infected devices and steal financial data.
Subscribe below to receive the full version.
Get our latest cyber intelligence insights straight into your inbox every week
Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.