Russia Archives

Tech Optimizer

November 8, 2024

New malware SteelFox targets Windows users through fake software activators

A new malware named "SteelFox" is targeting Windows users by using counterfeit software activators to infiltrate systems, leading to cryptocurrency mining and data theft. Since February 2023, it has spread rapidly, primarily through torrent sites and online forums, masquerading as legitimate software cracks for programs like AutoCAD and Foxit PDF Editor. Upon installation, it deploys a risky driver called WinRingO.sys, exploiting vulnerabilities CVE-2021-41285 and CVE-2020-14979, which allows attackers to gain full access to the infected computer. The malware uses XMRig for crypto mining, causing performance issues and increased utility bills, while also stealing sensitive data from over 13 web browsers. Countries with high infection rates include Mexico, Brazil, Russia, China, and India. Kaspersky has blocked over 11,000 attempted attacks, but the actual number of infections may be much higher. To protect against SteelFox, users are advised to download software only from verified sources, maintain updated antivirus software, avoid pirated software, and keep systems current with security patches.

Winsage

October 26, 2024

Russia’s APT29 Mimics AWS to Steal Windows Credentials

APT29, a Russian advanced persistent threat group, has been targeting military, governmental, and corporate organizations through phishing campaigns. This group, associated with the Russian Federation's Foreign Intelligence Service (SVR), is known for significant breaches, including those involving SolarWinds and the Democratic National Committee. Recently, APT29 breached Microsoft's codebase and targeted political entities across Europe and Africa. The Computer Emergency Response Team of Ukraine (CERT-UA) discovered APT29's phishing attempts aimed at extracting Windows credentials from various sectors in Ukraine. The phishing campaign, which began in August, used malicious domain names resembling Amazon Web Services (AWS) to send emails with attachments that contained configuration files for Remote Desktop, enabling attackers to establish connections to compromised systems. Although APT29 did not use legitimate AWS domains, Amazon disrupted the campaign by taking down the malicious imitations. CERT-UA recommends organizations monitor network logs for APT29-related IP addresses and block RDP files at email gateways to mitigate risks.

Winsage

October 25, 2024

Windows Server 2025 Insider Preview build 26311 is now available

Microsoft has released Windows Server build 26311 for the Windows Server Insider Program, branding it as Windows Server 2025. The change log for build 26311 is similar to build 26304 and includes the Windows Defender Application Control for Business (WDAC), which enhances security by enforcing a list of authorized software. The Windows Server 2025 Security Baseline Preview allows users to apply over 350 preconfigured security settings categorized by server roles: Domain Controller, Member Server, and Workgroup Member. Known issues include incorrect labeling for the flight, problems with WinPE PowerShell scripts, intermittent upgrade failures from Windows Server 2019 or 2022, issues with archiving event logs, and installation recommendations related to Secure Launch/DRTM. Downloads are available in various formats, but may not be accessible in certain regions due to Microsoft's sales suspension in Russia. The preview is set to expire on September 15, 2025.

Tech Optimizer

October 23, 2024

New Trojan.AutoIt.1443 Hits 28,000 Users via Game Cheats, Office Tool

Cybersecurity experts from Dr.Web have discovered a cyber attack involving Trojan.AutoIt.1443, targeting approximately 28,000 users primarily in Russia and neighboring countries. The malware disguises itself as legitimate applications and is spread through deceptive links on platforms like GitHub and YouTube, leading to password-protected downloads that evade antivirus detection. Key components of the malware include UnRar.exe and scripts named Iun.bat and Uun.bat, which facilitate its installation while erasing traces of activity. The malware scans for debugging tools, establishes network access via Ncat, and manipulates the system registry to maintain persistence. Its operations include cryptomining using SilentCryptoMiner and cryptostealing through a clipper tool that swaps cryptocurrency wallet addresses. The campaign has affected users drawn to pirated software, highlighting the risks of downloading from unverified sources.

AppWizard

October 20, 2024

How a single dad from Timmins, Ont., built an alternate Minecraft server for the autistic community | CBC News

Stuart Duncan, a father from Timmins, Ontario, created the AutCraft server in 2013 to provide a safe gaming environment for autistic children who faced bullying on public Minecraft servers. Players must receive approval from moderators to join, ensuring respectful treatment and support. Initially expecting around a dozen players, Duncan received 750 requests within two days of announcing the server. AutCraft has since welcomed over 17,600 players, fostering a sense of belonging and creativity. Duncan's work has been recognized in the book "The World of Minecraft" and a special edition of Time Magazine. He has also delivered a TED Talk on the benefits of Minecraft for children with autism and is inspiring others to create similar supportive communities.

Tech Optimizer

October 14, 2024

Postgres Professional to invest in Deckhouse Developer

The AK&M Information Agency was established by CJSC Analysis, Consulting and Marketing and has been active since its inception. It holds a mass media registration certificate (El no. FS77-44607) issued on April 15, 2011, by Russia's Roskomnadzor. The agency is headquartered at ul. Gubkina 3, Moscow 119333, and is led by Editor-in-Chief Yulia Efremova. The agency's contact number is 7(499) 132-61-30, and its fax number is +(499) 132-69-18. Inquiries can be made via email at postmail@akm.ru. The website may contain content rated 16+, and reproduction of materials requires prior consent. The agency's latest release number is 10081, dated October 9, 2024.

Winsage

October 12, 2024

Windows Server 2025 Insider Preview build 26304 adds Windows Defender Application Control

Microsoft has released build 26304 of Windows Server for the Windows Server Insider Program, transitioning to the Windows Server 2025 branding. The key feature introduced is Windows Defender Application Control for Business (WDAC), which enforces a strict list of approved software and includes a predefined default policy for implementation via PowerShell cmdlets. The Windows Server 2025 Security Baseline Preview is also available, featuring over 350 preconfigured settings based on Microsoft’s best practices, categorized by server roles such as Domain Controller, Member Server, and Workgroup Member. Users are advised to preview the security baseline only on test systems due to potential irreversible configurations. The new build will be automatically delivered to Server Flighting participants, and the updated Feedback Hub app is available for Server Desktop users. Known issues include mislabeling in flight references, PowerShell script malfunctions in WinPE, intermittent upgrade failures from previous Windows Server versions, potential crashes when archiving event logs, and restrictions for those with Secure Launch/DRTM code path enabled. Downloads are available in limited regions, with previews for Windows Server Long-Term Servicing Channel and Datacenter Azure Edition in various formats. The preview keys are valid only for preview builds, and the preview is set to expire on September 15, 2025.

AppWizard

October 11, 2024

Discord: Why the messaging app is under scrutiny

Russia's telecoms regulator, Roskomnadzor, banned Discord due to its failure to prevent illicit activities such as terrorism and drug trafficking, particularly after not complying with a directive to remove nearly a thousand pieces of inappropriate content. This ban is part of a trend targeting Western social media platforms since the Ukraine invasion in February 2022. Following Russia, Turkey's BTK communications authority also banned Discord, citing the need to protect children from online threats and ongoing investigations into blackmailing minors. In the U.S., Discord is under FBI scrutiny for grooming minors and distributing child sexual abuse material, with 35 prosecutions linked to the platform in the past six years. Additionally, regulators in Germany and France have raised concerns about Discord's data collection methods, leading to an €800,000 fine in France for failing to comply with EU data protection regulations. Launched in May 2015, Discord has over 150 million active users and is popular for its voice and text communication features, but has also faced criticism for facilitating extremist content and political discourse.

AppWizard

October 9, 2024

Russia and Turkey ban Discord messaging app

Russia and Turkey have imposed restrictions on the messaging platform Discord due to its failure to comply with local regulations. In Russia, the internet regulatory body Roskomnadzor cited violations related to terrorism, extremist recruitment, and drug trafficking, while data from NetBlocks confirmed Discord's restriction across multiple internet service providers. A Moscow court recently fined Discord for not removing forbidden content. In Turkey, the telecommunications regulator ICTA linked Discord to serious offenses, including child abuse and online harassment, following a court ruling. Both countries have a history of limiting access to social media under security pretexts.

AppWizard

October 8, 2024

Messenger use in Russia

A recent survey indicates a significant number of users are using mobile applications for voice calls and messaging. The most popular applications include WhatsApp, Telegram, Signal, Facebook Messenger, and Apple's FaceTime. WhatsApp is noted for its user-friendly interface and robust features. Telegram and Signal are favored for their emphasis on privacy and security. Facebook Messenger and FaceTime maintain popularity due to their integration with social media and Apple devices.