Commit 10_16_2023: Sandworm goes after Ukrainian telcos

James Wainscoat / Unsplash

Welcome to Commit 10_16_2023! README senior editor Nathaniel Mott here with several more tattoos than before… oh, and the leading cybersecurity news of the last few days, too.

BC: Sandworm goes after Ukrainian telcos

Ukraine's Computer Emergency Response Team (CERT-UA) said on Sunday that Russia’s elite hacking group, Sandworm, has successfully compromised at least 11 Ukrainian telecommunications companies since May. BleepingComputer reported that the group’s activity led to “service interruptions and potential data breaches” at the affected telcos, though it’s not clear what information may have been affected.

The report shows that Russia’s hacking teams remain committed to compromising Ukrainian organizations more than a year-and-a-half after the invasion started. Cyber hasn’t played as large a role in the conflict as some expected—at least based on publicly available information—but that doesn’t mean groups like Sandworm have abandoned this aspect of the conflict.

The Record: Six years on, the UK fines Equifax

Remember when Equifax was breached? The compromise was revealed in September 2017, which feels like a lifetime ago, and we haven’t heard much about the hack’s fallout since the Justice Department announced charges against four members of the Chinese military in February 2020. That changed last week when the UK’s Financial Conduct Authority announced that it was fining Equifax over the breach.

The Record reported that some 13.8 million people in the UK were affected by the data breach. (Roughly 148 million Americans were also compromised.) FCA announced on Oct. 13 that it was fining Equifax roughly $13.6 million (£11,164,400) for exposing the “names, dates of birth, phone numbers, Equifax membership login details, partially exposed credit card details and residential addresses” of those people.

KAKE: There aren’t functioning computers in Kansas courts anymore

KAKE reported on Oct. 15 that “court systems throughout Kansas … will likely be operating on paper for the next two weeks, at the minimum,” as a result of what appears to be a ransomware attack on what the outlet called “the brand-new statewide computer system” installed to bring the disparate courts together.

Kansas Judge Phil Journey characterized the issue as some kind of “unauthorized incursion,” according to KAKE, so there’s a possibility the court systems weren’t brought down by a ransomware attack. But the prevalence of attacks on smaller targets throughout the U.S. in recent months—not to mention the opportunity afforded by the rollout of a new system—makes some other kind of intrusion seem unlikely.

TechCrunch: Shadow’s hackers aren’t playing around

The hackers that compromised a cloud gaming company called Shadow have shared some of the stolen information with TechCrunch, which said the dataset includes customer billing addresses, “private API keys that correspond with customer accounts” and “non-personal information related to customer accounts, such as subscription status and whether accounts have been ‘blacklisted’” by the company.

TechCrunch said that Shadow CEO Eric Sèle acknowledged the breach in an email to customers, saying that “full names, email addresses, dates of birth, billing addresses and credit card expiry dates” were compromised. The group responsible for the breach has reportedly claimed it’s selling data on 530,000 of Shadow’s customers because the company refused to negotiate a ransom for keeping the info private.