InfoSecBulletin Cybersecurity for mankind
Pro-Russian hacker group NoName057(16), popularly known as simply NoName – has listed Japanese organizations including railway services as its targets, in retaliation to Japanese sanctions against 48 Russian individuals and 73 organizations.
The targeted organizations include Petroleum Association of Japan and East Japan Railway Company. The Petroleum Association of Japan website was inaccessible at the time of publishing this report.
Hackers Earn $500,000 on First Day of Pwn2Own Ireland 2024
Fortinet + Crowdstrike team on protection from endpoint to firewall
Sophos to Acquire Secureworks in $859M
2nd time hacker breached Internet Archive
Vulnhuntr: A Tool for Finding Exploitable Vulnerabilities with LLMs
Critical Vulnerabilities in Bitdefender Total Security Expose Users to MITM
Microsoft’s Alarming Report: 600 Million Cyberattacks perday
CVE-2024-38814
VMware fixes high-severity SQL injection flaw in HCX
Over 90 Zero-Days, 40+ N-Days Exploited In The Wild
Oracle Security Update, 334 Vulnerabilities Patched
The Japanese government announced on February 28 that it will impose sanctions on a select list of organizations and individuals based in Russia, “following Russia’s aggression against Ukraine as of January 27, 2023”.
“We expect that this first tranche of sanctions will likely be extended in the near future and so it would be prudent for anyone engaged in trade in close proximity to Russia and Ukraine to continue monitoring this evolving situation, and verifying the legality of their existing sales operations, as the subject matter and territorial scope of Japanese (and global) sanctions continue to expand,” wrote Hogan Lovells, American-British law firm co-headquartered in London and Washington, DC.
Japan, Ukraine, and sanctions on Russia
The latest move follows sanctions imposed on Russia a month ago in response to its missile attacks in Ukraine.
These latest measures measures, based on the Japanese Cabinet resolution of “Asset Freeze for individuals and entities of the Russian Federation and other measures as of February 28, 2023,” include asset freeze measures, a prohibition on exports to specific entities of the Russian Federation, and a prohibition on exports of items that could enhance Russian industrial capacities.
The asset freeze measures will apply to 39 individuals and 73 entities of the Russian Federation, as well as 9 individuals of eastern and southern regions of Ukraine directly involved in the Russian occupation of Ukraine.
The latest sanction consist of two parts: restriction on payment and restriction on capital transactions. A permission system will be applied to payments and capital transactions with the designated individuals and entities.
Additionally, there will be a prohibition on exports to 21 entities designated as specific entities of the Russian Federation and a prohibition on exports of items that could enhance Russian industrial capacities.
The measures will come into effect immediately, except for the asset freeze measures for the specific bank of the Russian Federation, which will be implemented from March 30, 2023.
Before this, a cabinet meeting on 27 January decided to freeze the assets of 36 individuals and 52 organizations with links to Russia, with effect on February 3.
NoName and pro-Russian attacks
The pro-Russian hacker group emerged in March 2022, at the onset of the Russian invasion of Ukraine.
Since then, NoName has claimed responsibility for various cyber-attacks on government agencies, media, and private company websites in countries including Ukraine, the United States, and several European nations.
The group publishes information about their attacks on their Telegram messenger channel and has been accused of sending threatening letters to Ukrainian journalists.
NoName has carried out numerous DDOS attacks on Ukrainian, Baltic, American, Danish, Norwegian, Polish, Finnish, and Czech websites.
“Although the group’s reported number of successful attacks seems large, statistical information indicates the contrary,” wrote Avast malware researcher Martin Chlumecky.
“The group’s success rate is 40%. We compared the list of targets the C&C server sends to the Bobik bots to what the group posts to their Telegram channel. Websites hosted on well-secured servers can withstand the attacks. Around 20% of the attacks the group claims to be responsible for did not match the targets listed in their configuration files.”
NoName057(16) is currently under investigation by the Finnish criminal police for their attack on the Finnish Parliament’s website.
The group targeted the sites of financial sector businesses and the Ministry of Finance in Denmark and carried out attacks on Norwegian sites as a protest against the Norwegian authorities’ ban on delivering goods to Russian citizens in the Svalbard archipelago.
During the 2023 Czech presidential elections, the website of presidential candidate General Petr Pavel faced a strong hacker attack, which his election team attributed to NoName057(16).
