InfoSecBulletin Cybersecurity for mankind
Pro-Russian hacker group NoName057(16), popularly known as simply NoName – has listed Japanese organizations including railway services as its targets, in retaliation to Japanese sanctions against 48 Russian individuals and 73 organizations.
The targeted organizations include Petroleum Association of Japan and East Japan Railway Company. The Petroleum Association of Japan website was inaccessible at the time of publishing this report.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
The Japanese government announced on February 28 that it will impose sanctions on a select list of organizations and individuals based in Russia, “following Russia’s aggression against Ukraine as of January 27, 2023”.
“We expect that this first tranche of sanctions will likely be extended in the near future and so it would be prudent for anyone engaged in trade in close proximity to Russia and Ukraine to continue monitoring this evolving situation, and verifying the legality of their existing sales operations, as the subject matter and territorial scope of Japanese (and global) sanctions continue to expand,” wrote Hogan Lovells, American-British law firm co-headquartered in London and Washington, DC.
Japan, Ukraine, and sanctions on Russia
The latest move follows sanctions imposed on Russia a month ago in response to its missile attacks in Ukraine.
These latest measures measures, based on the Japanese Cabinet resolution of “Asset Freeze for individuals and entities of the Russian Federation and other measures as of February 28, 2023,” include asset freeze measures, a prohibition on exports to specific entities of the Russian Federation, and a prohibition on exports of items that could enhance Russian industrial capacities.
The asset freeze measures will apply to 39 individuals and 73 entities of the Russian Federation, as well as 9 individuals of eastern and southern regions of Ukraine directly involved in the Russian occupation of Ukraine.
The latest sanction consist of two parts: restriction on payment and restriction on capital transactions. A permission system will be applied to payments and capital transactions with the designated individuals and entities.
Additionally, there will be a prohibition on exports to 21 entities designated as specific entities of the Russian Federation and a prohibition on exports of items that could enhance Russian industrial capacities.
The measures will come into effect immediately, except for the asset freeze measures for the specific bank of the Russian Federation, which will be implemented from March 30, 2023.
Before this, a cabinet meeting on 27 January decided to freeze the assets of 36 individuals and 52 organizations with links to Russia, with effect on February 3.
NoName and pro-Russian attacks
The pro-Russian hacker group emerged in March 2022, at the onset of the Russian invasion of Ukraine.
Since then, NoName has claimed responsibility for various cyber-attacks on government agencies, media, and private company websites in countries including Ukraine, the United States, and several European nations.
The group publishes information about their attacks on their Telegram messenger channel and has been accused of sending threatening letters to Ukrainian journalists.
NoName has carried out numerous DDOS attacks on Ukrainian, Baltic, American, Danish, Norwegian, Polish, Finnish, and Czech websites.
“Although the group’s reported number of successful attacks seems large, statistical information indicates the contrary,” wrote Avast malware researcher Martin Chlumecky.
“The group’s success rate is 40%. We compared the list of targets the C&C server sends to the Bobik bots to what the group posts to their Telegram channel. Websites hosted on well-secured servers can withstand the attacks. Around 20% of the attacks the group claims to be responsible for did not match the targets listed in their configuration files.”
NoName057(16) is currently under investigation by the Finnish criminal police for their attack on the Finnish Parliament’s website.
The group targeted the sites of financial sector businesses and the Ministry of Finance in Denmark and carried out attacks on Norwegian sites as a protest against the Norwegian authorities’ ban on delivering goods to Russian citizens in the Svalbard archipelago.
During the 2023 Czech presidential elections, the website of presidential candidate General Petr Pavel faced a strong hacker attack, which his election team attributed to NoName057(16).
