REvil Members Arrested in Russia & Cyberattack Against Ukraine
This weekly cybersecurity news overview provides a brief recap of the most important and interesting stories that dominated headlines in the past seven days.
Thursday, January 20, 2022
Russia's Federal Security Service arrests several members of the Revil ransomware gang
Federal Security Service (FSB), Russia’s intelligence agency, arrested several people linked to the REvil gang known for a series of high-profile ransomware attacks against multiple companies across the world, as well as critical infrastructure entities and healthcare organizations.
As part of the sting operation, the law enforcement agency carried out raids at 25 addresses in several cities in Russia. As a result, it detained more than a dozen of alleged members of the REvil group. According to the FSB, the arrests were made at the request of the US authorities.
The agency also seized numerous assets belonging to the suspects. These include the equivalent of over $6 million in various currencies, luxury cars, computer equipment and cryptowallets involved in REvil’s operations.
Massive cyberattack hits government websites in Ukraine
Websites of multiple government agencies in Ukraine were temporarily disabled following a large-scale website-defacing cyberattack that took place last week. The attack targeted more than 70 government websites, including those of the Cabinet of Ministers, the ministry of foreign affairs, ministries of energy, sports, and others.
At least some of the compromised sites displayed a provocative message, written in Ukrainian, Russian, and Polish, claiming that citizens’ personal data was made public “and to expect the worst.” Following the cyberattacks, the Security Service of Ukraine released a statement saying that no personal data had been compromised and the affected government websites had been fully restored.
Around the same time, Microsoft revealed it found destructive malware in the systems of some Ukrainian government entities, non-profit and IT organizations. The malware, dubbed ‘WhisperGate’ by Microsoft’s MSTIC team, was first discovered on January 13, 2022 on victim systems in Ukraine. While masquerading as ransomware, WhisperGate, however, lacks a ransom recovery mechanism, and appears to be the data-wiping malware.
Microsoft said it did not find any notable overlaps between this malicious activity, which it is tracking as DEV-0586, and other known threat actors.
International law enforcement operation takes down VPN service favored by cybercrooks
A joint effort of law enforcement authorities in 10 countries resulted in the disruption of VPNLab.net, a virtual private network service often used by cybercriminals to support illicit activities, including ransomware attacks and malware deployment.
Led by German police, the law enforcement action resulted in the seizure or disruption of 15 servers that hosted VPNLab.net’s service, rendering the service unavailable.
China’s Olympic app poses a security risk due to privacy issues
Security researchers at Citizen Lab have warned of a serious flaw in China's MY2022 Olympics app, required to be installed by all attendees to the 2022 Winter Olympic Games in Beijing, including athletes and members of press.
The main issue here is that the app does not validate SSL certificates, which makes it possible to perform a man-in-the-middle attack, and fails to encrypt sensitive data. This is a pretty serious problem as MY2022 collects data like health customs information, including passport details, demographic information, as well as medical and travel history.
Citizen Lab reported their findings to the Beijing Organizing Committee, but received no response.
Test your iOS or Android app for vulnerabilities and privacy issues for free.
Red Cross hit by a sophisticated cyberattack
The International Committee of the Red Cross (ICRC) has disclosed a cybersecurity incident that compromised personal data and confidential information of over 500,000 “highly vulnerable people.” According to the ICRC, the hackers targeted a third party that the organization hires to store the information. The affected data came from at least 60 Red Cross and Red Crescent National Societies across the world.
At present, it is not clear who is responsible for the cyberattack. While there is no evidence that the stolen data has been leaked, the ICRC is asking all involved to “not share, sell, leak or otherwise use this data,” so as not to put vulnerable people at further risk.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Subscribe to newsletter to get the next post automatically
- Explore 18 use cases how ImmuniWeb can help
- See the benefits of our partner program
- Request a demo, quote or special price
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
