Start your day with intelligence. Get The OODA Daily Pulse.

Home > OODA Analysis and Briefs

Analysis

Briefs

  • Malicious npm packages target Azure developers to steal personal data

    Microsoft has confirmed that a large scale cyberattack is targeting its Azure developers through malicious npm packages. JFrog cybersecurity researchers released a report on Wednesday detailing how hundreds of malicious packages have been identified. The packages were designed to steal personally identifiable information from developers. According to researchers, the campaign was first detected on March…

  • Li Finance protocol loses $600,000 in latest DeFi exploit

    The Li Finance swap aggregator has experienced a smart contract exploit leading to the loss of around $600,000 from 29 users’ wallets. The exploit took place at 2:51 am UTC on Sunday. The attacker was able to extract varying amounts of 10 different tokens from wallets that had given “infinite approval” to the Li Finance protocol.…

  • $1.7M in NFTs Stolen From Crypto VC by Hackers

    On Monday night, Arthur Cheong—the founder of DeFinance Capital, a crypto-centric VC fund—had about $1.7 million worth of NFTs stolen from his wallet in what appears to have been a social engineering attack. “Well not sure what happened, need to take time to figure it out. Didn’t expect this to happen to me as well,” Cheong…

  • A Mysterious Satellite Hack Has Victims Far Beyond Ukraine

    More than 22,000 miles above Earth, the KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet’s rotation, the satellite beams high-speed internet down to people across Europe. Since 2011, it has helped homeowners, businesses, and militaries get online. However, as Russian troops moved into Ukraine during the early…

  • The three Russian cyber-attacks the West most fears

    US President Joe Biden has called on private companies and organisations in the US to “lock their digital doors”, claiming that intelligence suggests Russia is planning a cyber-attack on the US. The UK’s cyber-authorities are also supporting the White House’s calls for “increased cyber-security precautions”, though neither has given any evidence that Russia is planning a…

  • Christine Lagarde Claims Crypto Is Being Used to Evade Russian Sanctions

    European Central Bank President Christine Lagarde said today that cryptocurrency is “certainly being used” as a means of evading international sanctions on the Russian Federation. However, industry experts may not be persuaded of that. Speaking at the Bank for International Settlements’ Innovation Summit on Tuesday, Lagarde, the president of the European Central Bank, stated that cryptocurrencies…

  • Hacktivists, new and veteran, target Russia with one of cyber’s oldest tools

    M, a Ukrainian engineer in his early 20s, is not healthy enough to enlist in the military. So every day, he sits down at his computer to do what he can as part of Ukraine’s IT army, an informal group of volunteer hackers whose job it is to wreak as much havoc on Russian websites…

  • FBI ‘concerned’ about possible Russian cyberattacks on critical infrastructure

    FBI Director Christopher Wray on Tuesday warned the private sector to prepare for potential cyberattacks, saying U.S. agents were “particularly focused on the destructive cyber threat” from Russian agents. The FBI director spoke just a day after The White House warned companies to bolster defenses and prepare for potential cyberattacks with the Russian invasion of…

  • Over 6,000 displaced in Gambia, Senegal after Casamance mission

    Over 6,000 people have fled their homes in Gambia and Senegal due tot clashes between Senegalese soldiers and separatists close to the Gambian border. The numbers of displaced peoples came in from the National Disaster Management Agency in the Gambia on Tuesday.  An operation by the Senegalese military against rebels fighting for independence in the…

  • Nicaragua sentences ex-presidential candidate to 8 years in prison amid wider opposition crackdown

    Christiana Chamorro Barrios, a former Nicaraguan presidential candidate, was sentenced to eight years in prison for financial crimes on Monday. This is the latest crackdown on opposition members by President Daniel Ortega’s government. Ortega won his fifth term as president last November. In June 2021, a vague national security law was passed and has been…

  • Are Russia’s elite really using cryptocurrency to evade sanctions?

    Fearing Russia’s elite will evade economic sanctions by converting their wealth to cryptocurrency, high-profile US Democratic senator Elizabeth Warren has introduced a bill into US Congress to stymie Russian crypto transactions. Warren warned a Senate committee hearing: So no one can argue that Russia can evade all sanctions by moving all its assets into crypto. But…

  • Senator Warren’s Bill Will Hurt Crypto, Not Russia

    Democratic Senator Elizabeth Warren is seldom reserved with her distaste for the crypto industry. Name any common criticism of Bitcoin, and she’s probably shared it already: volatility issues, environmental damage, ‘shadowy super coders’, and what have you. I won’t claim that her criticisms are entirely invalid (though I’ll cover those later), but they’ve become predictable to the…

  • Ciaran Martin Discusses Cyber-Threats from the Russia-Ukraine Conflict

    The current cyber dimension of the Russia-Ukraine conflict and how it may escalate were discussed by Ciaran Martin, founding CEO of the UK’s National Cyber Security Centre (NCSC), during the keynote address at the Infosecurity Magazine Online Summit – EMEA 2022. Martin began by noting that so far, “the cyber dimension has been quieter than many…

  • Companies should be required to disclose their ties to Putin’s Russia

    Russia’s aggression in Ukraine, and the condemnation and sanctions that ensued, highlight an economic risk to companies that do business in or with Russia or otherwise are economically tied to Russia or Russian companies. Sanctions on Russia and Russian businesses will affect those who associate with them, including companies outside of Russia. Regulators and shareholders alike…

  • White House tells CEOs that Russian cyber attack on US is ‘coming’

    Joe Biden has warned a Russian cyber attack on the US is coming and told business executives it is their “patriotic obligation” to strengthen their digital defences. “Today my administration issued new warnings that based on evolving intelligence Russia may be planning a cyber attack against us,” the president said at a meeting on Monday…

  • China Eastern: Plane carrying 132 people crashes in Guangxi hills

    A China Eastern Airlines Boeing 737-800 crashed into a forested hillside in southern China carrying 132 people on board. The passenger plane was flying from Kunming to Guangzhou and plunged to the earth in Guangxi province and caught fire. The number of casualties and reason for the crash are still unknown. There has been no…

  • Ukraine conflict: Russian shelling blamed for corrosive gas leak

    An ammonia leak was caused by Russian shells hitting a chemical plant near the north-eastern Ukrainian city of Sumy. Residents of a nearby city, Novoselytsya were told to stay indoors until the leak was contained. A 50-ton tank of ammonia was damaged by the attack and caused an ammonia cloud.  The chemical cloud affected an…

  • Russia Relies Increasingly on Missiles, Artillery to Pressure Ukraine

    Russia’s military offensive against Ukraine has reportedly shifted to compel Ukraine to relinquish claims to just its southern and eastern territories. As Russian attacks strike Kyiv, Odessa, and other locations across the country, Russia issued a demand to surrender the embattled city of Mariupol, a port city, where intense fighting has occurred over the past…

  • Ethiopia pledges action after video shows uniformed men burning civilians alive

    On Saturday, Ethiopia’s government claimed that it would act against the perpetrators featured in a video that appeared on social media. In the video, the perpetrators appear to be burning civilians to death in the country’s western region. The video showed some of the violent aggressors in uniform. According to the Ethiopian Government Communication Service,…

  • Bridgestone Hit as Ransomware Torches Toyota Supply Chain

    A ransomware attack against Bridgestone Americas has occurred just weeks after another Toyota supplier experienced a similar type of attack. In addition, a third location reported some kind of cyber hit against its networks. On Friday, Bridgestone confirmed that a subsidiary experienced a ransomware attack in February that forced the organization to shut down the…

  • AvosLocker Ransomware Striking Critical Infrastructure Targets

    US authorities have issued a new alert regarding the threat to critical infrastructure providers from the AvosLocker ransomware group, which has targeted victims across the globe. In addition to US targets, AvosLocker has launched attacks against organizations in Syria, Saudi Arabia, Germany, Spain, Belgium, Turkey, the UK, Canada, China, Taiwan, and more. The prolific advanced…

  • Biden warns organizations to harden cyber defences against Russian cyber attacks

    This week, US President Joe Biden issued a warning to local organizations regarding cyber defense efforts as they pertain to Russian threats. According to the administration, Russia is likely to consider launching cyberattacks in retaliation to sanctions imposed against the country due to its military invasion of Ukraine almost one month ago. President Biden stated…

  • Russian banks are so broke the biggest lender just got the go-ahead to issue digital assets like crypto

    The impact of sanctions and the collapse of the Russian ruble after the invasion of Ukraine has some Russian banks turning to the crypto market for a boost. Like the biggest one. That is Sberbank, Russia’s largest lender, which just received a license from the central bank to issue digital assets to clients on Thursday. Sberbank said…

  • The cyber warfare predicted in Ukraine may be yet to come

    In the build-up to Russia’s invasion of Ukraine, the national security community braced for a campaign combining military combat, disinformation, electronic warfare and cyber attacks. Vladimir Putin would deploy devastating cyber operations, the thinking went, to disable government and critical infrastructure, blind Ukrainian surveillance capabilities and limit lines of communications to help invading forces. But…

  • Ukrainian Security Researcher Leaks Newer Conti Ransomware Source Code

    Shortly after Russia launched its invasion of Ukraine, the notorious Conti ransomware group issued a statement warning that it was prepared to hit the critical infrastructure of Russia’s enemies in retaliation for potential attacks on Russia. In response, an anonymous individual set up a Twitter account named “Conti Leaks” and started releasing files allegedly stolen from…

  • Britain, U.S. warn of satellite communications risks after Ukraine hack

    Britain and the United States have warned organisations of the risks associated with using satellite communications following a cyberattack on satellite internet modems as Russia invaded Ukraine. Western intelligence agencies have been investigating the attack which disrupted broadband satellite internet access provided by U.S. telecommunications firm Viasat, Reuters reported last week. “It’s certainly something we’re investigating quite…

  • Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

    Researchers are tracking a number of open-source “protestware” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming…

  • Worshipers at Canadian mosque subdue hatchet-wielding attacker, police say

    A man who discharged bear spray and was brandishing a hatchet was subdued by worshippers at a mosque in Mississauga in Canada. The attacker was arrested at approximately 7 a.m. local time during the dawn prayer of Fajr. The attack was labeled as a possible hate crime by police. The assault appears to be an…

  • U.S. Sends Patriot Missiles to Saudi Arabia, Fulfilling Urgent Request

    This past month, the Biden administration has transferred a significant number of Patriot antimissile interceptors to Saudi Arabia, reportedly fulfilling the country’s urgent request for a resupply amid tensions in the relationship. The transfers ensure that Saudi Arabia is supplied with defensive munitions necessary to fend off drone and missile attacks perpetrated by the Iran-backed…

  • Moscow stock market reopens for some bond trading

    After almost a month-long suspension because of the war in Ukraine, the Moscow stock exchange has partially reopened. Only bonds issued by the Russian government can be traded in the re-opening of the market, which will open in phases. The stock market had closed hours after thousands of Russian troops were sent into Ukraine on…

  • Biden administration formally determines Myanmar’s military committed genocide

    On Sunday, a US official told CNN that the Biden administration has formally determined that Myanmar’s activity constituted genocide and crimes against humanity, namely against the Rohingya population. US Secretary of State Atony Blinken is set to publicly announce the determination, which has been advocated for by human rights groups for years. The statement will…

  • Russian Hackers Allegedly Compromise Ukrainian News Sites, Displaying ‘Z’ Symbol

    Ukrainian news websites were hacked by Russian threat actors over the past week. The Russian hackers allegedly left the ‘Z’ symbol on display at the hacked sites. The State Service of Special Communication and Information Protection ofUkraine, the nation’s technical security and intelligence service confirmed the attacks in a post made last week. In addition,…

  • A Third of Malicious Logins Originate in Nigeria

    Security company Barracuda recently conducted a study into spear-phishing attempts, finding that one third of malicious logins into compromised accounts in 2021 originated in Nigeria. The conclusion was detailed in the company’s latest report, released on Wednesday. To form the report, Barracuda researchers analyzed millions of emails spanning thousands of businesses between January 2021 and…

  • Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers

    InvisiMole is allegedly conducting a series of attacks agains Ukrainian targets, spreading the LoadEdge backdoor. Ukrainian security officials warned of the campaign, which features a threat actor group with ties to Russia. The Computer Emergency Response Team for Ukraine (CERT-UA) stated last week that the department had been advised of the phishing campaign. The phishing…

  • How the War in Ukraine Is Further Disrupting Global Supply Chains

    The invasion of Ukraine by Russia and sanctions imposed on it for doing so and new pandemic-related shutdowns in China are the latest events to rock global supply chains. Combined with the China-U.S. trade war and other pandemics- and climate-related disruptions, it is certain to accelerate the movement by Western companies to reduce their dependency…

  • Crypto an Unlikely Route for Russian Sanctions Evasion, Experts Say

    Cyberattack ransoms and cryptocurrency mining are unlikely to generate enough revenue to replace regular business activity in sanctioned nations, digital money experts and former law-enforcement officials told a U.S. Senate hearing Thursday. The amount of cash needed to operate a major economy far outstrips the ability of crypto markets to handle such volumes, witnesses said in…

  • U.S. Democrats introduce bill to curb Russian crypto use amid Ukraine crisis

    Democratic U.S. senators introduced a bill on Thursday that would enable the president to sanction foreign cryptocurrency firms doing business with sanctioned Russian entities and prevent them from transacting with U.S. customers. The Digital Asset Sanctions Compliance Act is led by Senator Elizabeth Warren and co-sponsored by 10 other Democrats, including Senators Mark Warner and…

  • The Silicon Valley fallout from waging economic war against Russia

    As the U.S. corporate world continues its withdrawal from Russia due to the invasion of Ukraine, a growing stigma against anything Russian is reverberating in Silicon Valley as tech start-ups and venture capital firms reassess their exposure and limit risks. DoorDash and GrubHub recently cancelled deals with now-shut U.S. food delivery start-ups launched by Russian founders.…

  • How to prepare for a cyberattack and set a backup plan

    In the very first days that the Russia-Ukraine war started, I warned you about 10 Russia-Ukraine cons to expect. We’re already seeing evidence of those scams in action. Be sure you’re keeping your digital guard up. Smishing – the insider term for scam texts – is a popular route. Most people are less guarded scanning texts…

  • Misconfigured Firebase Databases Exposing Data in Mobile Apps

    Check Point Research has released new analysis finding that 2,113 mobile apps using the Firebase could-base database exposed users’ personal data. This means that 5% of the databases were vulnerable to threat actors, creating a gold mind of exploit opportunity across the thousands of apps. Some of the apps had been downloaded tens of millions…

  • Phishers Using Ukraine Invasion to Solicit Cryptocurrency

    Cybercriminals are reportedly impersonating legitimate aid organizations with the end goal of stealing financial donations intended for the people of Ukraine. Expel recently released new research pertaining to the campaign, in which they detail multiple phishing emails referencing the invasion of Ukraine to target cryptocurrency. Malicious emails detected included headlines asking recipients to help save…

  • Cuba’s anti-government protesters sentenced up to 30 years behind bars

    Over 100 protestors in Havana have been sentenced to prison terms between four and 30 years for violent demonstrations that occurred last year. The accusations include committing and provoking disturbances and acts of violence with the intent of destabilizing public order, collective security and tranquility according to the Supreme Court.  The demonstrations occurred last July…

  • China’s President Xi Jinping vows to ‘minimize’ the economic impact of Covid spike

    The President of China has signaled that his focus is on containing the collateral damage of the resurgence of COVID-19 in China. His focus is on the economic and social development of the country.  The surge in China is the biggest surge since the first outbreak in 2020. Stringent measures have been imposed to control…

  • FBI and CISA warn over threats to satellite communications networks

    The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have released a warning to satellite communications network providers, advising them to increase their security According to the advisory, the two agencies became aware of possible threats to satellite communication networks in the US and abroad. The agencies stated that successful intrusions could…

  • Lawmakers Probe Early Release of Top RU Cybercrook

    Russian cybercriminal Aleksei Burkov, responsible for operating two of Russia’s most exclusive underground hacking forums, was released by American authorities after serving just a fraction of his sentence. Burkov was arrested in 2015 by Israeli authorities, and his subsequent extradition to the US was fought by Russia for four years. Russia went so far as…

  • Russia Uses Deepfake of Zelensky to Spread Disinformation

    Meta has been forced to take down a deepfake created of Ukrainian President Volodymyr Zelensky after it went viral on Russian channels. The deepfake consisted of doctored footage of Zelensky in which he appeared to call on the military to lay down their arms. The deepfake was allegedly used by Russia to spread disinformation among…

  • Irish Watchdog Fines Meta $19m Over Data Breach

    Ireland’s data regulator, the Data Protection Commissioner, has fined Facebook’s parent company Meta $19 million over the results of an inquiry that looked into twelve data breach notifications received by the DPC between June 2018 and December 2018. The probe sought to examine how Meta Platforms had complied with Ireland’s requirements regarding the processing of…

  • Russian Cyclops Blink botnet launches assault against Asus routers

    Cybersecurity professionals have detected a campaign involving Cyclops Blink, a modular botnet. The botnet is suspected of being created by the Russian advanced persistent threat actor Voodoo Bear/Sandword. The UK National Cyber Security Centre (NCSC0 released a warning alongside the Federal Bureau of Investigation and the National Security Agency regarding the botnet. The APT is…

  • Leftist Gabriel Boric sworn in as Chile’s president in sharp political shift

    Gabriel Boric, a Chilean leftist, was sworn in as president on Friday. This marks the sharpest shift in the country’s politics since it returned to democracy 30 years ago. Boric is a former protest leader and lawmaker and is Chile’s youngest ever elected leader.  Boric’s election has raised hope among progressives in Chile, but has…

  • What we know about the earthquake off Japan’s Fukushima coast

    A 7.4 magnitude earthquake occurred off the coast of Japan’s Fukushima on Wednesday and injured dozens of people. The earthquake struck around 12:30a.m. local time north of the capital of Tokyo and off the coast of Fukushima. The quake was designated a 7.4 magnitude after initially being designated a 7.3. All Tsunami warnings have been…

  • ‘They may already be happening’: Canada at higher risk of cyberattacks from Russian hackers after siding with Ukraine

    For Farshad Abasi, Russian cyberattacks against Canada are inevitable given Prime Minister Justin Trudeau’s decision to be an active participant in sanctioning Russia over its invasion of Ukraine. “They may already be happening and we don’t even know it,” said Abasi, chief security officer at Forward Security, a Vancouver-based cybersecurity company. “If they haven’t already, they…

  • Russian sanctions reveal how much more automation needs to be in the supply chain

    Images of container ships unable to offload goods at ports in Los Angeles and Long Beach late last year were symbolic of the problems plaguing the supply chain in the wake of the pandemic. Not enough longshoreman, along with a shortage of truck drivers, meant products couldn’t get from ports to warehouses and then find…

  • Bitcoin and crypto are helping both sides in the Russia-Ukraine conflict

    In times of crisis, there is no good; there’s only a best course of action, given the circumstances. Is crypto good in the context of Russia’s invasion of Ukraine? Is it bad? Neutral? It’s a hard question to answer.Cryptocurrency is now a more mainstream part of the global financial system, which means that — for…

  • US ranked 3rd largest cyberattack target, following Russia & Ukraine

    Seven percent of global cyberattacks target the United States, making it the most attacked country after Russia and Ukraine as of March 15th, 2022. A survey of users in Australia, Canada, Germany, the U.K. and the U.S. conducted by Surfshark found that one-third of respondents had suffered data breaches in the past. According to the study,…

  • In Light of Russia Sanctions, Consider Your Conditions for Doing Business in Other Countries

    Within one week of the Russian invasion of Ukraine, governments around the world passed some of the toughest and most coordinated sanctions in modern history. At breakneck speed, dealings with the Russian Central Bank and Russian travel to and through 33 countries’ airspace were banned, billion-dollar projects were stopped, many Russian banks were blocked from…

  • Phony Instagram ‘Support Staff’ Emails Hit Insurance Company

    A new phishing campaign targeting insurance companies has been detected by researchers. The phishing messages attempt to steal Instagram login credentials by threatening to shut the account down. The message also claims that the user receiving the notice reportedly shared fake content on the social media platform. The phishing campaign using the guise of Instagram…

  • UK Blocks Assange’s Extradition Appeal

    The highest court in the UK has refused to hear an appeal by Julian Assange, founder of WikiLeaks, against his extradition to the US. In the US, Assange will face espionage charges. He was indicted by the US Department of Justice in 2019 over his alleged involvement in the acquisition and publication of thousands of…

  • Hackers Hit Rosneft

    Moscow-based energy company Rosneft has been hit by a cyberattack, however, the attack was conducted against a German subsidiary. The cyberattack compromised the location’s computer network, according to reports from German Newspaper die Welt on Sunday. Germany’s cybersecurity watchdog BSI was able to confirm the breach and offered its assistance to Rosneft in restoring its…

  • Hackers used these tricks to dodge multi-factor authentication and steal email from NGO

    The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint alert pertaining to a technique leveraged by Russian state-sponsored hackers to disable multi-factor authentication and exploit a Windows 10 printer spooler flaw. The techniques were used by threat actors to compromise networks and high-value domain accounts, with the…

  • Ukraine Crisis Increases Supply Chain Cyber Risk

    The current geopolitical climate and escalating crisis in Ukraine are amplifying concerns about the increased cyber threat to global supply chains that are already strained by the COVID-19 pandemic. This is perhaps the first time in history that the threat of cyber warfare is potentially just as devastating as the physical battle taking place on…