InfoSecBulletin Cybersecurity for mankind
Pro-Russian hacker group NoName057(16), popularly known as simply NoName – has listed Japanese organizations including railway services as its targets, in retaliation to Japanese sanctions against 48 Russian individuals and 73 organizations.
The targeted organizations include Petroleum Association of Japan and East Japan Railway Company. The Petroleum Association of Japan website was inaccessible at the time of publishing this report.
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
The Japanese government announced on February 28 that it will impose sanctions on a select list of organizations and individuals based in Russia, “following Russia’s aggression against Ukraine as of January 27, 2023”.
“We expect that this first tranche of sanctions will likely be extended in the near future and so it would be prudent for anyone engaged in trade in close proximity to Russia and Ukraine to continue monitoring this evolving situation, and verifying the legality of their existing sales operations, as the subject matter and territorial scope of Japanese (and global) sanctions continue to expand,” wrote Hogan Lovells, American-British law firm co-headquartered in London and Washington, DC.
Japan, Ukraine, and sanctions on Russia
The latest move follows sanctions imposed on Russia a month ago in response to its missile attacks in Ukraine.
These latest measures measures, based on the Japanese Cabinet resolution of “Asset Freeze for individuals and entities of the Russian Federation and other measures as of February 28, 2023,” include asset freeze measures, a prohibition on exports to specific entities of the Russian Federation, and a prohibition on exports of items that could enhance Russian industrial capacities.
The asset freeze measures will apply to 39 individuals and 73 entities of the Russian Federation, as well as 9 individuals of eastern and southern regions of Ukraine directly involved in the Russian occupation of Ukraine.
The latest sanction consist of two parts: restriction on payment and restriction on capital transactions. A permission system will be applied to payments and capital transactions with the designated individuals and entities.
Additionally, there will be a prohibition on exports to 21 entities designated as specific entities of the Russian Federation and a prohibition on exports of items that could enhance Russian industrial capacities.
The measures will come into effect immediately, except for the asset freeze measures for the specific bank of the Russian Federation, which will be implemented from March 30, 2023.
Before this, a cabinet meeting on 27 January decided to freeze the assets of 36 individuals and 52 organizations with links to Russia, with effect on February 3.
NoName and pro-Russian attacks
The pro-Russian hacker group emerged in March 2022, at the onset of the Russian invasion of Ukraine.
Since then, NoName has claimed responsibility for various cyber-attacks on government agencies, media, and private company websites in countries including Ukraine, the United States, and several European nations.
The group publishes information about their attacks on their Telegram messenger channel and has been accused of sending threatening letters to Ukrainian journalists.
NoName has carried out numerous DDOS attacks on Ukrainian, Baltic, American, Danish, Norwegian, Polish, Finnish, and Czech websites.
“Although the group’s reported number of successful attacks seems large, statistical information indicates the contrary,” wrote Avast malware researcher Martin Chlumecky.
“The group’s success rate is 40%. We compared the list of targets the C&C server sends to the Bobik bots to what the group posts to their Telegram channel. Websites hosted on well-secured servers can withstand the attacks. Around 20% of the attacks the group claims to be responsible for did not match the targets listed in their configuration files.”
NoName057(16) is currently under investigation by the Finnish criminal police for their attack on the Finnish Parliament’s website.
The group targeted the sites of financial sector businesses and the Ministry of Finance in Denmark and carried out attacks on Norwegian sites as a protest against the Norwegian authorities’ ban on delivering goods to Russian citizens in the Svalbard archipelago.
During the 2023 Czech presidential elections, the website of presidential candidate General Petr Pavel faced a strong hacker attack, which his election team attributed to NoName057(16).
