InfoSecBulletin Cybersecurity for mankind
Pro-Russian hacker group NoName057(16), popularly known as simply NoName – has listed Japanese organizations including railway services as its targets, in retaliation to Japanese sanctions against 48 Russian individuals and 73 organizations.
The targeted organizations include Petroleum Association of Japan and East Japan Railway Company. The Petroleum Association of Japan website was inaccessible at the time of publishing this report.
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
CVE-2023-39780
Botnet hacks thousands of ASUS routers
Bangladesh Bank instructed using AI to prevent online gambling
251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch
Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets
The Japanese government announced on February 28 that it will impose sanctions on a select list of organizations and individuals based in Russia, “following Russia’s aggression against Ukraine as of January 27, 2023”.
“We expect that this first tranche of sanctions will likely be extended in the near future and so it would be prudent for anyone engaged in trade in close proximity to Russia and Ukraine to continue monitoring this evolving situation, and verifying the legality of their existing sales operations, as the subject matter and territorial scope of Japanese (and global) sanctions continue to expand,” wrote Hogan Lovells, American-British law firm co-headquartered in London and Washington, DC.
Japan, Ukraine, and sanctions on Russia
The latest move follows sanctions imposed on Russia a month ago in response to its missile attacks in Ukraine.
These latest measures measures, based on the Japanese Cabinet resolution of “Asset Freeze for individuals and entities of the Russian Federation and other measures as of February 28, 2023,” include asset freeze measures, a prohibition on exports to specific entities of the Russian Federation, and a prohibition on exports of items that could enhance Russian industrial capacities.
The asset freeze measures will apply to 39 individuals and 73 entities of the Russian Federation, as well as 9 individuals of eastern and southern regions of Ukraine directly involved in the Russian occupation of Ukraine.
The latest sanction consist of two parts: restriction on payment and restriction on capital transactions. A permission system will be applied to payments and capital transactions with the designated individuals and entities.
Additionally, there will be a prohibition on exports to 21 entities designated as specific entities of the Russian Federation and a prohibition on exports of items that could enhance Russian industrial capacities.
The measures will come into effect immediately, except for the asset freeze measures for the specific bank of the Russian Federation, which will be implemented from March 30, 2023.
Before this, a cabinet meeting on 27 January decided to freeze the assets of 36 individuals and 52 organizations with links to Russia, with effect on February 3.
NoName and pro-Russian attacks
The pro-Russian hacker group emerged in March 2022, at the onset of the Russian invasion of Ukraine.
Since then, NoName has claimed responsibility for various cyber-attacks on government agencies, media, and private company websites in countries including Ukraine, the United States, and several European nations.
The group publishes information about their attacks on their Telegram messenger channel and has been accused of sending threatening letters to Ukrainian journalists.
NoName has carried out numerous DDOS attacks on Ukrainian, Baltic, American, Danish, Norwegian, Polish, Finnish, and Czech websites.
“Although the group’s reported number of successful attacks seems large, statistical information indicates the contrary,” wrote Avast malware researcher Martin Chlumecky.
“The group’s success rate is 40%. We compared the list of targets the C&C server sends to the Bobik bots to what the group posts to their Telegram channel. Websites hosted on well-secured servers can withstand the attacks. Around 20% of the attacks the group claims to be responsible for did not match the targets listed in their configuration files.”
NoName057(16) is currently under investigation by the Finnish criminal police for their attack on the Finnish Parliament’s website.
The group targeted the sites of financial sector businesses and the Ministry of Finance in Denmark and carried out attacks on Norwegian sites as a protest against the Norwegian authorities’ ban on delivering goods to Russian citizens in the Svalbard archipelago.
During the 2023 Czech presidential elections, the website of presidential candidate General Petr Pavel faced a strong hacker attack, which his election team attributed to NoName057(16).
