Breach Roundup: Russians Sanctioned for Election InfluenceAlso: CISA Orders Federal Agencies to Patch Vulnerabilities Before July 13
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, the U.S. sanctioned Russians running influence campaigns, the owner of the Monopoly darknet drug market was charged, CISA ordered federal agencies to patch flaws before July 13, Suncor Energy suffered a cyberattack and Petro-Canada gas stations were affected.
US Sanctions Russians Running Influence Campaigns
The U.S. Department of the Treasury imposed sanctions on two Russian intelligence officers, Yegor Popov and Aleksei Sukhodolov, for their involvement in the Kremlin's election interference efforts both in the United States and globally. The officers were part of a network known as the "co-optees," run by the Russian Federal Security Service to support Kremlin influence operations by manipulating opinions, policies and events in other countries through propaganda, disinformation campaigns and cyberwarfare.
The U.S. Department of Justice previously indicted Popov and Sukhodolov, and the sanctions now freeze any property they may have in the United States and prohibit financial transactions with them.
Popov worked for Alexander Ionov, a Russian operative charged by the Justice Department for recruiting political groups in Florida, Georgia and California to promote pro-Russia propaganda.
Popov was also found collaborating with Natalia Burlinova, who was charged in April with conspiring with Russian intelligence to recruit American academics and researchers to attend programs that advanced Russian interests.
The Treasury Department emphasized that the Kremlin often uses social media as a tool for spreading disinformation to confuse and mislead citizens, furthering Russia's operational and geopolitical objectives. Brian E. Nelson, the department's undersecretary for terrorism and financial intelligence, said the U.S. will not tolerate the Kremlin's targeting of free and fair elections, which are a crucial pillar of democracy worldwide.
Owner of Darknet Drug Site Monopoly Market Charged
Authorities have extradited Milomir Desnica, 33, of Serbia, from Austria to the United States to face charges in connection with running an illicit darknet narcotics marketplace known as Monopoly Market. The Justice Department accused Desnica of facilitating illegal drug transactions amounting to $18 million through his website. Desnica now faces charges of conspiracy to distribute and possess methamphetamine as well as conspiracy to launder monetary instruments.
Monopoly Market, launched in 2019, served as a dark web platform for the sale of various illegal narcotics, including opioids, psychedelics, stimulants and prescription medications. The DOJ revealed that Desnica personally verified each registered vendor on the platform, ensuring they possessed the illegal substances they claimed to sell. He even requested photographic evidence of their inventory.
The FBI's Hi-Tech Opioid Task Force conducted several purchases on Monopoly Market, successfully procuring 100 grams of methamphetamine to validate the legitimacy of the products available on the website.
Desnica allegedly used at least two cryptocurrency exchange services between April 2020 and July 2022 to obfuscate the money trail, launder the proceeds of his illegal activities, and subsequently sell the cryptocurrency to Serbian peer-to-peer traders in exchange for fiat currency.
In December 2021, U.S. investigators, in collaboration with cyber police in Germany and Finland, seized Monopoly Market's hosting server, which held records of drug sales facilitated by the marketplace, financial documentation related to cryptocurrency payments, an associated online forum, communications between the operator and vendors, commission payment invoices, and more, according to the DOJ's announcement.
In May 2023, an international law enforcement operation with the codename SpecTor resulted in the arrest of 288 Monopoly Market vendors and the seizure of $55.9 million in cash and cryptocurrency.
CISA Orders Federal Agencies to Patch Flaws Before July 13
The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added six security flaws to its list of known exploited vulnerabilities and set a deadline of July 13 for government agencies to patch them.
Three of these vulnerabilities are exploited by Russian APT28 threat actors to access Roundcube email servers used by Ukrainian government agencies.
CISA also listed the VMware Aria Operations for Networks vulnerability, tracked as CVE-2023-20887 with a CVSS severity score of 9.8. The command injection flaw exposes unpatched systems to RCE exploits.
CISA also added older bugs in Mozilla Firefox, tracked as CVE-2016-9079, and Microsoft Windows' kernel-mode driver, tracked as CVE-2016-0165. CISA emphasized that these vulnerabilities are commonly exploited by malicious cyber actors and pose significant risks to the federal enterprises. As per Binding Operational Directive22-01, federal agencies must identify and patch the vulnerabilities listed in CISA's must-patch catalog within three weeks of their addition.
Suncor Energy Suffers Cyberattack; Petro-Canada Gas Stations Hit
Petro-Canada gas stations are facing disruptions due to a cyberattack on their parent company - Suncor. The Canadian energy giant experienced a cybersecurity incident that disrupted transactions with suppliers and customers. While there is no evidence of compromised data, some services such as credit card payments, car washes and loyalty program access may be unavailable.
Petro Canada confirmed in a tweet that its systems had developed problems. When the app and websites remained unavailable, the service apologized to the customers for the inconvenience. But it did not report a ransomware attack or data loss.
Hackers Push Malware Through Fake Super Mario Game
A fake version of the Super Mario 3: Mario Forever game for Windows has infected unsuspecting gamers with multiple malware infections through a trojanized installer. The legitimate version of the popular remake of the classic Nintendo game has been downloaded nearly 17 million times, according to CNET.
Researchers at Cyble discovered that threat actors are distributing a modified installer that contains additional malicious executables, such as a Monero miner and SupremeBot mining client. The trojanized game is likely promoted through gaming forums, social media groups and malvertising. Users unknowingly install these malware components when running the installer. It is crucial for users to exercise caution and only download software from trusted sources to avoid falling victim to such attacks.