Breach Roundup: Russians Sanctioned for Election Influence - Source: www.databreachtoday.com

Breach Notification
,
Cybercrime as-a-service
,
Cyberwarfare / Nation-State Attacks

Also, CISA orders Federal Agencies to Patch Vulnerabilities before 13 July

Anviksha More (AnvikshaMore) •
June 29, 2023

Breach Roundup: Russians Sanctioned for Election Influence

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week: US Sanctioned Russians Running Influence Campaigns, “Monopoly” Darknet Drug Market Owner Charged, CISA orders Federal Agencies to Patch Vulns before 13 July, Suncor Energy Suffers Cyberattack and Petro-Canada gas stations impacted.

US Sanctions Russians Running Influence Campaigns

The U.S. Department of the Treasury imposed sanctions on two Russian intelligence officers, Yegor Popov and Aleksei Sukhodolov, for their involvement in the Kremlin’s election interference efforts both in the United States and globally. The officers were part of a network known as the “co-optees,” run by the Russian Federal Security Service to support Kremlin influence operations – manipulating opinions, policies and events in other countries through propaganda, disinformation campaigns and cyberwarfare.

The Department of Justice previously indicted Popov and Sukhodolov, and the sanctions now freeze any property they may have in the United States and prohibit financial transactions with them.

Popov worked for Alexander Ionov, a Russian operative charged by the Justice Department for recruiting political groups in Florida, Georgia and California to promote pro-Russia propaganda.

Popov was also found collaborating with Natalia Burlinova, who was charged in April with conspiring with Russian intelligence to recruit American academics and researchers to attend programs that advanced Russian interests.

The Department of Treasury emphasized that the Kremlin often uses social media as a tool for spreading disinformation to confuse and mislead citizens, furthering Russia’s operational and geopolitical objectives. Brian E. Nelson, the undersecretary of the Treasury for terrorism and financial intelligence, said the U.S. will not tolerate the Kremlin’s targeting of free and fair elections, which are a crucial pillar of democracy worldwide.

Owner of Darknet Drug Site Monopoly Market Charged

Authorities have extradited Milomir Desnica, 33, of Serbia from Austria to the United States to face charges in connections with running an illicit darknet narcotics marketplace known as Monopoly Market. The U.S. Department of Justice accused Desnica of facilitating illegal drug transactions amounting to $18 million through his website. Desnica now faces charges of conspiracy to distribute and possess methamphetamine, as well as conspiracy to launder monetary instruments.

Monopoly Market, launched in 2019, served as a dark web platform for the sale of various illegal narcotics, including opioids, psychedelics, stimulants and prescription medications. The Department of Justice revealed that Desnica personally verified each registered vendor on the platform, ensuring they possessed the illegal substances they claimed to sell. He even requested photographic evidence of their inventory.

The FBI’s Hi-Tech Opioid Task Force conducted several purchases on Monopoly Market, successfully procuring 100 grams of methamphetamine to validate the legitimacy of the products available on the website.

Desnica allegedly utilized at least two cryptocurrency exchange services between April 2020 and July 2022 to obfuscate the money trail, launder the proceeds of his illegal activities, and subsequently sell the cryptocurrency to Serbian peer-to-peer traders in exchange for fiat currency.

In December 2021, U.S. investigators, in collaboration with cyber police in Germany and Finland, seized Monopoly Market’s hosting server. The seized server, law enforcement held records of drug sales facilitated by the marketplace, financial documentation related to cryptocurrency payments, an associated online forum, communications between the operator and vendors, commission payment invoices, and more, according to the Department of Justice announcement.

In May 2023, an international law enforcement operation codenamed “SpecTor” resulted in the arrest of 288 Monopoly Market vendors and the seizure of $55.9 million in cash and cryptocurrency.

CISA orders Federal Agencies to Patch Flaws before 13 July

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added six more security flaws to its known exploited vulnerabilities list, and set a deadline of July 13 for government agencies to patch them.

Three of these vulnerabilities are exploited by Russian APT28 threat actors to access to Roundcube email servers used by Ukrainian government agencies.

CISA also listed the VMware Aria Operations for Networks vulnerability, tracked as CVE-2023-20887 with a CVSS severity score of 9.8. The command injection flaw exposes unpatched systems to RCE exploits.

In addition, CISA added two additional vulnerabilities, including older bugs in Mozilla Firefox, tracked CVE-2016-9079 and Microsoft Windows’ kernel-mode driver, tracked CVE-2016-0165. CISA emphasized that these vulnerabilities are commonly exploited by malicious cyber actors and pose significant risks to the federal enterprise. As per Binding Operational Directive (BOD) 22-01, federal agencies must identify and patch the vulnerabilities listed in CISA’s must-patch catalog within three weeks of their addition.

Suncor Energy Suffers Cyberattack, Petro-Canada Gas Stations Hit

Petro-Canada gas stations are facing disruptions due to a cyberattack on their parent company – Suncor. The Canadian energy giant Suncor experienced a cybersecurity incident, disrupting transactions with suppliers and customers. While there is no evidence of compromised data, some services such as credit card payments, car washes, and loyalty program access may be unavailable.

Petro Canada confirmed in a tweet that its systems had developed problems, the app and websites remained unavailable, the service apologized to the customers for the inconvenience. But it did not report a ransomware attack or data loss.

Hackers Push Malware Through Fake Super Mario Game

A fake version of the Super Mario 3: Mario Forever game for Windows has infected unsuspecting gamers with multiple malware infections through a trojanized installer. The legitimate version of the popular remake of the classic Nintendo game has been downloaded nearly 17 million times, according to CNET.

Researchers at Cyble discovered that threat actors are distributing a modified installer that contains additional malicious executables, such as a Monero miner and SupremeBot mining client. The trojanized game is likely promoted through gaming forums, social media groups or via malvertising. Users unknowingly install these malware components when running the installer. It is crucial for users to exercise caution and only download software from trusted sources to avoid falling victim to such attacks.