Cyber Security

Stats widget hacked in attempt to breach Russian government agency websites

Russian authorities claim they quickly thwarted a cyber-attack that sought to compromise government websites via a hacked statistics widget.

The software, developed by the Russian Ministry of Economic Development and built into the websites of several state-run agencies, was hacked on Tuesday (March 8) and this allowed unidentified hackers to “publish incorrect content on the pages of the websites”, a representative of Russia’s communications agency told official news agency Interfax.

Although the incident was “promptly localized”, it nonetheless resulted in a disruption of the operation of the affected websites for a short time before services were restored to normal “within an hour”, according to Interfax.

The widget used to collect visitor statistics was reportedly hacked by unidentified parties as part of a software supply chain attack.

Popular plugin

Interfax reports that the compromised websites included those maintained by the “Russian Federal Penitentiary Service, the Federal Bailiff Service, the Federal Antimonopoly Service, the Culture Ministry, the Energy Ministry, the Federal State Statistics Service, and a number of other agencies”.

Russian authorities are downplaying the incident.

Although an independent assessment of the seriousness of the apparent defacement campaign is hard to come by, the incident can nonetheless be seen as an example of conflict that has accompanied Russia’s invasion of Ukraine spilling over into cyberspace.

Similarly, earlier this month at least 30 Ukrainian university websites were hacked as part of a larger operation by pro-Russian attackers against WordPress-hosted sites.

Days after Russia invaded Ukraine, a destructive wiper malware strain – dubbed ‘HermeticWiper’ – was unleashed. That subsequently infected “hundreds of systems in at least five Ukrainian organizations”, according to security software vendor ESET.

Counter-attacks

In an attack against Russian targets, meanwhile, attackers launched the so-called ‘RURansom’ malware.

Despite its name, RURansom is better thought of as a data wiper than ransomware in the purest sense because it discards the separate and individual encryption key used to encrypt each file as it spreads, as explained in a write- up of the threat by Trend Micro.

“This is a wiper, so encrypted files are lost, and recovery is possible only from a backup, if [they] exists,” Trend Micro told The Daily Swig.

The malware – first spotted by independent security researchers MalwareHunterTeam at the start of March, is written in the .NET programming language and spreads as a worm by copying itself under the file name ‘Россия-Украина_Война-Обновление.doc[dot]exe’ (‘Russia-Ukraine_War-Update.doc[dot]exe’).

Several versions of the malware attempt to check if the target machine is located in Russia before commencing its infection and file destruction routine, indicating a degree of targeting.

A note left on compromised machines is explicit in stating that the malware is designed to harm Russia.

Advertisement. Scroll to continue reading.

The note was originally written in Bengalese. These and other factors have allowed Trend Micro to speculate that the author is a native of western India who has developed other strains of malware previously linked to cryptocurrency mining.

“We think it was created by an individual, likely based in India, as stated in the ‘note’,” according to Trend Micro.

It’s unclear how many machines the Windows-specific RURansom malware has infected. “Based on our telemetry, we have not seen any targets in our user base,” Trend Micro told The Daily Swig.

Source: https://portswigger.net/daily-swig/stats-widget-hacked-in-attempt-to-breach-russian-government-agency-websites

Click to comment

You May Also Like

Business News

Tyligulska Wind Power Plant, located to the west of Kherson, is the world’s only windfarm to be built in a major conflict zone. Lucy...

Cyber Security

The Spanish National Police has apprehended a Ukrainian national wanted internationally for his involvement in a scareware operation spanning from 2006 to 2011. This...

Business News

After Russia’s most serious political crisis in decades, uncertainty swirled Monday about the fate of the former Putin ally who led a brief armed rebellion, his...

Business News

FILE – Wagner Group head Yevgeny Prigozhin attends the funeral of Dmitry Menshikov, a fighter of the Wagner group who died during a special...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version