Breach Roundup: Ukraine Hacks Russian Aviation AgencyAlso, Cyberattack Targets Japan's Space Agency JAXA
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, Ukraine's intelligence service hacked Russian aviation agency, a cyberattack targeted Japan's space agency, Google addressed another zero-day, a French-led operation dismantled a Ukrainian ransomware group, and spyware targeted Serbian civil society.
Ukraine Intelligence Hacks Russian Aviation Agency
Ukraine's intelligence service said it hacked Russian federal air transport agency Rosaviatsia and found documents that show a developing crisis in the nation's aviation industry. Ukraine said it found documents recording 185 accidents in Russian civil aviation from January, and one-third of them were categorized as dangerous incidents - a threefold increase from the previous year. Aircraft malfunctions surged from 50 to 150 in the first nine months of 2023, emphasizing critical issues with engines, landing gear and essential systems.
Moscow's struggles with aircraft maintenance prompted the use of uncertified services in Iran, a country "with an air fatality record even worse than Russia's," Politico reported in October. Western countries choked off the supply of aviation parts from Russia after the Kremlin invaded Ukraine in February 2022. Iran has faced Western sanctions for decades, which have restricted its access to modern avionics.
Cyberattack Targets Japan's Space Agency
Japan's space agency JAXA fell victim to a cyberattack targeting its network server, though no sensitive information was compromised. Hackers gained unauthorized access to the central Active Directory server, which manages employee IDs and passwords. The breach prompted a temporary network shutdown for assessment, and there were no confirmed data leaks. The agency's website remains operational.
Google Addresses Zero-Day Flaw
Google released security updates for its Chrome browser that fix seven issues, including a zero-day vulnerability actively exploited in the wild. Discovered on Friday, the high-severity bug is an integer overflow in the Skia 2D graphics library. While Google confirmed the existence of an exploit in the wild, it has not disclosed details about the attacks and threat actors.
With the latest update, Google has now addressed a total of seven zero-days in Chrome this year, covering issues such as type confusion, integer overflow and heap buffer overflow in components such as V8, Skia, WebP and libvpx.
Police Disrupt Ukrainian Ransomware Group
The alleged ringleader of a Ukrainian ransomware-wielding gang that operated from 2018 to 2022 has been arrested by police in Ukraine, together with four alleged accomplices. Authorities said the group amassed more than 1,800 victims in more than 70 countries, including such large firms as Norwegian aluminum giant Norsk Hydro (see: Police Bust Suspected Ransomware Group Ringleader in Ukraine).
EU law enforcement agency Europol, which coordinated the ongoing investigation with European and U.S. agencies, said the latest arrests built on digital forensic evidence gathered after a first round of arrests last year, when police detained 12 "high-value targets" in both Ukraine and Switzerland. French authorities initiated a joint investigation team in 2019.
Authorities from France, Germany, the Netherlands, Norway, Switzerland, Ukraine and the United States participated in the investigation. The ransomware group targeted organizations in 71 countries, and its attacks resulted in losses of several hundred million euros. The suspects played diverse roles in the criminal network, using methods such as phishing emails and deploying malware including Trickbot. They deployed ransomware variants including LockerGoga, MegaCortex, Hive and Dharma.*
Spyware Targets Serbian Civil Society
Civil society organizations found traces of an attempted spyware attack on two counterparts in Serbia. On Oct. 30, the two Serbs received notification from Apple that they had been potential targets, promoting an investigation by the Share Foundation, Access Now and Amnesty International's Security Lab.
The attempted attack exploited the iOS HomeKit functionality, possibly through the "PwnYourHome" bug, an exploit previously linked to Pegasus spyware developed by NSO Group.
With reporting from Information Security Media Group's Mihir Bagwe in Mumbai.
*Clarification Dec. 1, 203 18:03 UTC: Adds additional information about the police arrest of Ukrainian ransomware gang members and clarifies the role of French authorities.