Carbon Chemist

Tag: russia

  • Ukraine Is Decentralizing Energy Production to Protect Itself From Russia

    Ukraine Is Decentralizing Energy Production to Protect Itself From Russia

    [ad_1]

    As soon as the Russian invasion of Ukraine started, Yuliana Onishchuk knew she had to help her country. News coverage of the initial occupation of the Kyiv region showed that Irpin City and Bucha, just outside the capital, had sustained huge damage, and it was clear to Onishchuk that critical infrastructure would need to be repaired. “I saw the schools, and I was sure that we would have to rebuild them,” Onishchuk says. She saw an opportunity. “I realized: We have to rebuild them in a new way.”

    Putting her expertise as an energy lawyer and solar power project manager to good use, Onishchuk set up an NGO, the Energy Act for Ukraine Foundation. “I was already in renewables, and I love renewables.” The foundation would help rebuild schools and hospitals and equip them with solar panels, offering them energy independence while at the same time helping Ukrainians understand the importance of clean energy.

    Then, in October 2022, Russia started attacking Ukraine’s energy system. Very quickly half of the country’s grid was damaged. In 2023, attacks moved from hitting just the grid to targeting energy production. Millions of Ukrainians faced widespread blackouts across the freezing winter months of 2023.

    With the country plunged into energy poverty, designing schools and hospitals with energy independence wasn’t just a smart step on the road to the green transition—it was a vital solution for keeping them functioning during the invasion. And so now, the foundation’s mission is two-fold: to rebuild Ukraine with both sustainability and energy security in mind.

    Ahead of speaking at the WIRED & Octopus Energy Tech Summit in Berlin on October 10, Yuliana sat down with WIRED to discuss the foundation’s work. This interview has been edited for length and clarity.

    WIRED: How badly has Russia’s invasion impacted the energy supply in Ukraine?

    Yuliana Onishchuk: Before the war, 55 percent of Ukraine’s generation was nuclear, and one of the biggest nuclear power plants, which supplied more than half of this nuclear power, was Zaporizhzhia. Now it is occupied.

    Again, before the invasion, 35 percent of energy generation was from thermal power plants, which became a particular focus of Russia this year. They realized that this supply was exactly what they should attack, because you can hardly protect that 35 percent, and it is not as dangerous to target as nuclear.

    We lost 80 percent of the wind power because almost all wind turbines are located in the south. Mostly, the south is occupied. Solar farms that are situated on the east and south were either attacked or stolen—they dismantled solar panels and stole them.

    So, we lost a lot. Russia has destroyed 50 percent of our electricity-generation capacity.

    This must make life incredibly difficult for people.

    With the Zaporizhzhia plant occupied, for the past two years we have repaired extra generation units at other nuclear plants, as not all units were on when the war started. We could not be without the 55 percent of our energy generation that comes from nuclear—it’s a huge amount. Now, as far as I know, all units in all plants are on in Ukraine.

    Image may contain Accessories Jewelry Necklace Person Teen Outdoors and Electrical Device

    Yuliana Onishchuk.Photograph courtesy of the Energy Act for Ukraine Foundation

    That has helped us to get out of blackouts that were happening in May, June, and July of this year. For almost three months, we experienced very long-lasting blackouts for up to 12 hours. Right now, we don’t have lots of large blackouts; only the settlements, villages, and cities that are at the frontline areas are in blackouts all the time.

    But we still have a percentage of the rest of the population that is experiencing blackouts because the generation units—whether it’s renewables or thermal power plants—are being attacked, together with the distribution grids. For the past three months, absolutely every city in the country experienced a blackout.

    [ad_2]

    Source link

  • Russia-Backed Media Outlets Are Under Fire in the US—but Still Trusted Worldwide

    Russia-Backed Media Outlets Are Under Fire in the US—but Still Trusted Worldwide

    [ad_1]

    In Latin America alone, RT’s channels run 24/7, and reported 18 million viewers in 2018. African Stream, which was also named by the State Department as part of Russian state media’s influence architecture and later removed by YouTube and Meta, garnered 460,000 followers on YouTube in the two years it was up and running. And Woolley notes that in these markets, there is likely less competition for viewership than there is in the saturated US media landscape.

    “[Russian media] made headway in limited media ecosystems, where its attempts to control public opinion are arguably much more effective,” he says. Russian media particularly hones in on anti-colonial, anti-Western narratives that can feel particularly salient in markets that have been deeply impacted by Western imperialism. The US also has state-funded media that operates in foreign countries, like Voice of America, though according to the organization’s website, the 1994 U.S. International Broadcasting Act “prohibits interference by any US government official in the objective, independent reporting of news.”

    Rubi Bledsoe, a research associate at Center for Strategic and International Studies, says that even with Russian state media removed from some social platforms, its messages are still likely to spread in more covert ways, through influencers and smaller publications with which it has cultivated relationships.

    “Not only was Russian media good at hiding that they were a Russian government entity, on the side they would seed some of their stories to local newspapers and local media throughout the region,” she says, noting that the large South American broadcasting corporation TeleSur would sometimes partner with RT. (Other times, Russia will back local outlets like Cameroon’s Afrique Média). “All of these secondary and tertiary news outlets are a lot smaller, but can talk to parts of the local population,” she says.

    Russian media has also helped cultivate local influencers who often align with its messaging. Bledsoe points to Inna Afinogenova, a Russian Spanish-language broadcaster who previously worked for RT but now has her own independent YouTube channel where she has more than 480,000 followers. (Afinogenova left RT after saying she disagreed with the war in Ukraine).

    And Bledsoe says that the ban from the US might actually be a boon for Russian media in the parts of the world where it’s actively trying to cultivate its image as a trusted media brand. “The narratives that were shared through RT and other Russian media and in Iranian media as well, it’s a kind of anti-imperialist dig at the West, and the US,” she says. “Saying the US is the driving force behind this international system and they’re plotting, and they’re out to get you, to impose on other countries’ sovereignty.”

    Though Meta was a key avenue for the spread of Russian state media content, it still has a home on other platforms. RT does not appear to have a verified TikTok account, but accounts that exclusively post RT content, like @russian_news_ and @russiatodayfrance have tens of thousands of followers on the app. African Stream’s TikTok is still live with nearly 1 million followers. TikTok spokesperson Jamie Favazza referred WIRED to the company’s policies on election-related mis- and disinformation.

    A post on X on from RT’s account on September 18, the day after the ban linked to its accounts on platforms like right-wing video sharing platform Rumble, X, and Russian YouTube alternative VK. (RT has 3.2 million followers on X and 125,000 on Rumble). “Meta can ban us all it wants,” the post read. “But you can always find us here.” X did not respond to a request for comment.



    [ad_2]

    Source link

  • US Senate Warns Big Tech to Act Fast Against Election Meddling

    US Senate Warns Big Tech to Act Fast Against Election Meddling

    [ad_1]

    Andy Carvin, the managing editor and research director of the Digital Forensic Research Lab (DFRLab), tells WIRED that his organization, which conducts a vast amount of research into disinformation and other online harms, has been tracking Doppelganger for more than two years. The scope of the operation should surprise few, he says, given the fake news sites follow an obvious template, and that populating them with AI-generated text is simple.

    “Russian operations like Doppelganger are like throwing spaghetti at a wall,” he says. “They toss out as much as they can and see what sticks.”

    Meta, in a written statement on Tuesday, said it had banned RT’s parent company, Rossiya Segodnya, and “other related entities” globally across Instagram, Facebook, and Threads for engaging in what it called “foreign interference activity.” (“Meta is discrediting itself,” the Kremlin replied Tuesday, claiming the ban has endangered the company’s “prospects” for “normalizing” relations with Russia.)

    Testifying on Wednesday, Meta president of global affairs Nick Clegg stressed the industry-wide nature of the problem facing voters online. “People trying to interfere with elections rarely target a single platform,” he said, adding that Meta is, nevertheless, “confident” in its ability to protect the integrity of “not only this year’s elections in the United States, but elections everywhere.”

    Warner appeared less than fully convinced, noting the use of paid advertisements in recent malign influence campaigns. “I would have thought,” he said, “eight years later, we would be better at at least screening the advertisers.”

    He added that, seven months ago, over two dozen tech companies had signed the AI Elections Accord in Munich—an agreement to invest in research and the development of countermeasures against harmful AI. While some of the firms have been responsive, he said, others have ignored repeated inquiries by US lawmakers, many eager to hear how those investments played out.

    While talking up Google’s efforts to “identify problematic accounts, particularly around election ads,” Alphabet’s chief legal officer, Kent Walker, was halted mid-sentence. Citing conversations with the Treasury Department, Warner interrupted to say that he’d confirmed as recently as February that both Google and Meta have “repeatedly allowed Russian influence actors, including sanctioned entities, to use your ad tools.”

    The Virginia senator stressed that Congress needed to know specifically “how much content” relevant bad actors had paid to promote to US audiences this year. “And we’re going to need that [information] extraordinarily fast,” he added, referring as well to details of how many Americans specifically had seen the content. Walker replied to say that Google had taken down “something like 11,000 efforts by Russian-associated entities to post content on YouTube and the like.”

    Warner additionally urged the officials against viewing Election Day as if it were an end-zone. Of equal and great importance is the integrity of the news that reaches voters, he stressed, in the days and weeks that follow.

    [ad_2]

    Source link

  • Meet the radio-obsessed civilian shaping Ukraine’s drone defense

    Meet the radio-obsessed civilian shaping Ukraine’s drone defense

    [ad_1]

    For this reason, jamming is a frequent focus of Flash’s work. In a January post on his Telegram channel, for instance, which people viewed 48,000 times, Flash explained how jammers used by some Ukrainian tanks were actually disrupting their own communications. “The cause of the problems is not direct interference with the reception range of the radio station, but very powerful signals from several [electronic warfare] antennae,” he wrote, suggesting that other tank crews experiencing the same problem might try spreading their antennas across the body of the tank. 

    It is all part of an existential race in which Russia and Ukraine are constantly hunting for new methods of drone operation, drone jamming, and counter-jamming—and there’s no end in sight. In March, for example, Flash says, a frontline contact sent him photos of a Russian drone with what looks like a 10-kilometer-long spool of fiber-optic cable attached to its rear—one particularly novel method to bypass Ukrainian jammers. “It’s really crazy,” Flash says. “It looks really strange, but Russia showed us that this was possible.”

    Flash’s trips to the front line make it easier for him to track developments like this. Not only does he monitor Russian drone activity from his souped-up VW, but he can study the problems that soldiers face in situ and nurture relationships with people who may later send him useful intel—or even enemy equipment they’ve seized. “The main problem is that our generals are located in Kyiv,” Flash says. “They send some messages to the military but do not understand how these military people are fighting on the front.”

    Besides the advice he provides to Ukrainian troops, Flash also publishes online his own manuals for building and operating equipment that can offer protection from drones. Building their own tools can be soldiers’ best option, since Western military technology is typically expensive and domestic production is insufficient. Flash recommends buying most of the parts on AliExpress, the Chinese e-commerce platform, to reduce costs.

    While all his activity suggests a close or at least cooperative relationship between Flash and Ukraine’s military, he sometimes finds himself on the outside looking in. In a post on Telegram in May, as well as during one of our meetings, Flash shared one of his greatest disappointments of the war: the military’s refusal of his proposal to create a database of all the radio frequencies used by Ukrainian forces. But when I mentioned this to an employee of a major electronic warfare company, who requested anonymity to speak about the sensitive subject, he suggested that the only reason Flash still complains about this is that the military hasn’t told him it already exists. (Given its sensitivity, MIT Technology Review was unable to independently confirm the existence of this database.) 

    Flash believes that generals in Kyiv “do not understand how these military people are fighting on the front.” So even though he doesn’t like the risks they involve, he takes trips to the frontline about once a month.

    EMRE ÇAYLAK

    This anecdote is emblematic of Flash’s frustration with a military complex that may not always want his involvement. Ukraine’s armed forces, he has told me on several occasions, make no attempt to collaborate with him in an official manner. He claims not to receive any financial support, either. “I’m trying to help,” he says. “But nobody wants to help me.”

    Both Flash and Yurii Pylypenko, another radio enthusiast who helps Flash manage his Telegram channel, say military officials have accused Flash of sharing too much information about Ukraine’s operations. Flash claims to verify every member of his closed Signal groups, which he says only discuss “technical issues” in any case. But he also admits the system is not perfect and that Russians could have gained access in the past. Several of the soldiers I interviewed for this story also claimed to have entered the groups without Flash’s verification process. 

    It’s ultimately difficult to determine if some senior staff in the military hold Flash at arm’s length because of his regular, often strident criticism—or whether Flash’s criticism is the result of being held at arm’s length. But it seems unlikely either side’s grievances will subside soon; Pylypenko claims that senior officers have even tried to blackmail him over his involvement in Flash’s work. “They blame my help,” he wrote to me over Telegram, “because they think Serhii is a Russian agent reposting Russian propaganda.” 

    [ad_2]

    Source link

  • Hackers Threaten to Leak Planned Parenthood Data

    Hackers Threaten to Leak Planned Parenthood Data

    [ad_1]

    Even those of you who do everything you can to secure those secrets can find yourself vulnerable—especially if you’re using a YubiKey 5 authentication token. The multifactor authentication devices can be cloned thanks to a cryptographic flaw that can’t be patched. The company has rolled out some mitigation measures—and the attack itself is relatively difficult to pull off. But it may be time to invest in a new dongle.

    That’s not all, folks. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    At the end of August, cybercriminals from the ransomware group RansomHub appear to have hacked into the systems of Planned Parenthood’s Montana branch. The organization this week confirmed it had suffered from a “cybersecurity incident” on August 28 and said its staff immediately took parts of its network offline, reporting the incident to law enforcement.

    Days after the incident took place, RansomHub claimed to be behind the attack, posting Planned Parenthood on its leak website. The criminal group said it would publish 93 GB of data. It is unclear what, if anything, the ransomware group has obtained, but Planned Parenthood clinics can hold a huge array of highly sensitive data about patients, including information on abortion appointments. (Around 400,000 Planned Parenthood patients in Los Angeles were impacted following a similar ransomware incident in 2021.)

    In recent months, RansomHub has emerged as one of the most active ransomware-as-a-service groups, following the law enforcement disruption of LockBit. According to an FBI and Cybersecurity and Infrastructure Security Agency alert at the end of August, the group is “efficient and successful” and has stolen data from at least 210 victims since it formed in February. “The affiliates leverage a double-extortion model by encrypting systems and exfiltrating data to extort victims,” the alert said.

    The Nigeria-based scammers known as the Yahoo Boys run almost every scam in the playbook—from romance scams to pretending to be FBI agents. Yet there’s little-more devious than the increase in sextortion cases linked to the West African scammers. This week, Nigerian brothers Samuel Ogoshi and Samson Ogoshi were sentenced to more than 17 years in US jail for running sextortion scams, following their extradition earlier this year. It is the first time Nigerian scammers have been prosecuted for sextortion in the US, the BBC reported.

    The Ogoshi brothers, who pleaded guilty in April, have been linked to the death of 17-year-old Jordan DeMay, who took his life six hours after he started talking to the scammers, who posed as a girl, on Instagram. The teenager had been duped into sending the brothers explicit images, and after he had done so, they threatened to post the images online unless he paid them hundreds of dollars. US prosecutors said the brothers sexually exploited and extorted more than 100 victims, with at least 11 of them being minors. There has been a huge spike in sextortion cases in recent years.

    In June, the US Commerce Department banned the sale of Kaspersky’s antivirus tools over national security concerns about its links to the Russian government. (Kaspersky has, for years, denied connections). The firm later fired its workers and said it was closing its US business. This week, cybersecurity company Pango Group announced it is purchasing Kaspersky Lab’s US antivirus customers, according to Axios. This equates to around 1 million customers, who will be transitioned to Pango’s antivirus software Ultra AV. Ahead of the Kaspersky deal, parent company Aura also announced it was spinning out Pango Group into its own business. Pango’s president said customers would not need to take any action and that it would allow subscribers to continue to receive updates after September 29, when Kaspersky updates will stop.

    For years, the EU has been trying to introduce new child protection laws that would require private chats to be scanned for child sexual abuse material—something that would potentially undermine encrypted messaging apps that provide everyday privacy to billions of people. The plans have been highly controversial and were shelved earlier this year. However, the proposed law, which has been dubbed “chat control,” reappeared in legislators’ in-trays this week. The Council of the EU, which is currently chaired by Hungary, wants to pass legislation by October, but reports say strong resistance to the plans still remain.

    [ad_2]

    Source link

  • Here’s What Right-Wing Influencers Actually Talked About in Tenet Media Videos Allegedly Financed by Russia

    Here’s What Right-Wing Influencers Actually Talked About in Tenet Media Videos Allegedly Financed by Russia

    [ad_1]

    In hundreds of videos since taken down by YouTube, right-wing influencers working for Tenet Media—a company the US Department of Justice alleges was financed and guided by a state-backed Russian news network—showed interest in a highly specific set of topics, according to a WIRED analysis.

    Using closed captioning of the videos we downloaded before the videos were removed, we’ve compiled lists of terms frequently mentioned in them, along with a searchable database:

    The content of these videos was described by prosecutors as “consistent” with Russia’s aims to sow political discord in the US. Among the areas covered: free speech, illegal immigrants, diversity in video games, supposed racism toward white people, and Elon Musk.

    While an indictment unsealed earlier this week does not name Tenet, WIRED and other outlets were able to identify it because prosecutors gave its motto as that of a business identified as “U.S. Company-1.” Prosecutors allege that two employees of the state-backed Russian network RT, Kostiantyn Kalashnikov and Elena Afanasyeva, who are charged with conspiracy to commit money laundering and to violate the Foreign Agents Registration Act, paid Tenet and its parent company $9.7 million to produce and distribute videos supporting Russian aims. The vast majority of that money allegedly went to Tenet’s network of popular influencers, which included Benny Johnson, Tim Pool, Dave Rubin, and Lauren Southern.

    The influencers—who have not responded to requests for comment (Johnson, Pool, Rubin, and fellow talents Tayler Hansen and Matt Christiansen issued statements denying awareness of the alleged Russian influence scheme and portraying themselves as its victims)—are not accused by the government of wrongdoing. Prosecutors say that right-wing personality Lauren Chen and her husband Liam Donovan, Canadian nationals who founded Tenet—the two, who have not been charged with any crime, go unnamed in the indictment, but are tied to the business through corporate records—were aware they were working with Russians and failed to register “as an agent of a foreign principal, as required by law.” The indictment alleges that the pair, who were not indicted, did not inform the influencers or other Tenet employees about the source of their funding.

    Nonetheless, Afanasyeva, using fake personae, “edited, posted, and directed the posting by [Tenet] of hundreds of videos,” the indictment says. The indictment does not identify specific videos as allegedly influenced by the RT employees, but prosecutors say they were intimately involved in Tenet’s editorial process: “While the views expressed in the videos are not uniform, the subject matter and content of the videos are often consistent with the Government of Russia’s interest in amplifying US domestic divisions in order to weaken US opposition to core Government of Russia interests, such as its ongoing war in Ukraine.”

    To determine what specifically the Russian government is alleged to have funded, WIRED downloaded the closed captioning transcripts from 405 longform videos posted on Tenet’s YouTube channel—you can access the file here—and used natural language processing to identify common themes. These 405 video transcripts represent nearly every longform video available on the channel. We were not able to analyze approximately 1600 YouTube shorts before the channel was removed from the site. We analyzed the data looking for the most frequently occurring two-, three-, and four-word phrases in each video, excluding words like “um” that don’t carry much meaning. (“Um” appears in the dataset 2,340 times.)

    This analysis does not show that in these videos the influencers were particularly fixated on the Ukraine war—the word “Ukraine” appears in the transcripts 67 times, about as often as “misinformation,” “Christianity,” and “Clinton.” It does show the influencers stressing highly divisive culture war topics in the videos, which carried titles like “Trans Widows Are A Thing And It’s Getting OUT OF HAND” and “Race Is Biological But Gender Isn’t???” The word “trans” appears 152 times, and “transgender” 98.

    [ad_2]

    Source link

  • DOJ: Russia Aimed Propaganda at Gamers, Minorities to Swing 2024 Election

    DOJ: Russia Aimed Propaganda at Gamers, Minorities to Swing 2024 Election

    [ad_1]

    The documents show that the orchestrators of the campaign targeted existing divisions within US society, using racist stereotypes and far-right conspiracies to target supporters of former President Donald Trump.

    ​​”They are afraid of losing the American way of life and the ‘American dream,’” Gambashidze writes in one document outlining his “guerilla media” plan. “It is these sentiments that should be exploited in the course of an information campaign in/for the United States.”

    The same document is full of racist and conspiratorial claims including that Republicans are “victims of discrimination of people of color.” It adds that white middle class people are being discriminated against with high inflation and rising prices, while “unemployed people of color end up being privileged groups of the population.”

    And the goal of the campaign, from the beginning, was crystal clear: “To secure victory for [Donald Trump],” Gambashidze wrote in the Good Old USA Project planning document.

    The ‘Good Old USA’ plan openly admits that “none of the significant American politicians can be considered pro-Russian or pro-Putin,” and so rather than focus its efforts on trying to convince people that Russia is great, the plan called for promoting the idea that the US should be focusing its resources less on Ukraine and more on domestic issues, such as rising inflation and high gas prices.

    “It makes sense for Russia to put a maximum effort to ensure that the Republican Party’s point of view (first and foremost, the opinion of Trump supporters) wins over the US public opinion,” the Good Old USA Project planning document reads. “This includes provisions on peace in Ukraine in exchange for territories, the need to focus on the problems of the US economy, returning troops home from all over the world, etc.”

    As well as getting Trump elected, the campaign’s secondary goals included increasing the percentage of Americans who believe the US is doing too much to aid Ukraine to 51 percent, and reducing the percentage of Americans who have confidence in President Joe Biden down to 29 percent.

    The plan lists a variety of audiences the campaign specifically wants to target, including residents of swing states, American Jews, “US citizens of Hispanic descent,” and the “community of American gamers, users of Reddit and image boards, such as 4chan.”

    The document describes this category of gamers and chat room users as the “backbone of the right-wing trends in the US segment of the Internet.” In recent months, the Trump campaign has embraced many of the most influential figures within these communities, including many who share deeply misogynistic rhetoric on a regular basis.

    To spread their narrative, the plan called for the creation of YouTube channels that shared pro-Trump content as well as other viral videos (“music, humor, beautiful girls etc,” according to the documents) in order to appear at the top of search results for “US elections.”

    Meanwhile, Gambashidze and his colleagues used Facebook, Twitter and Reddit to create community groups of Trump supporters, with one sample name given as “Alabama for America the Great.” The document also reveals that the Russians planned to use Reddit as a vector to disseminate their propaganda as it is a platform “free from democratic censorship.”

    [ad_2]

    Source link

  • Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team

    Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team

    [ad_1]

    Russia’s military intelligence agency, the GRU, has long had a reputation as one of the world’s most aggressive practitioners of sabotage, assassination, and cyber warfare, with hackers who take pride in working under the same banner as violent special forces operators. But one new group within that agency shows how the GRU may be intertwining physical and digital tactics more tightly than ever before: a hacking team, which has emerged from the same unit responsible for Russia’s most notorious physical tactics, including poisonings, attempted coups, and bombings inside Western countries.

    A broad group of Western government agencies from countries including the US, the UK, Ukraine, Australia, Canada, and five European countries on Thursday revealed that a hacker group known as Cadet Blizzard, Bleeding Bear, or Greyscale—one that has launched multiple hacking operations targeting Ukraine, the US, and other countries in Europe, Asia, and Latin America—is in fact part of the GRU’s Unit 29155, the division of the spy agency known for its brazen acts of physical sabotage and politically motivated murder. That unit has been tied in the past, for instance, to the attempted poisoning of GRU defector Sergei Skripal with the Novichok nerve agent in the UK, which led to the death of two bystanders, as well as another assassination plot in Bulgaria, the explosion of an arms depot in the Czech Republic, and a failed coup attempt in Montenegro.

    Now that infamous section of the GRU appears to have developed its own active team of cyber warfare operators—distinct from those within other GRU units such as Unit 26165, broadly known as Fancy Bear or APT28, and Unit 74455, the cyberattack-focused team known as Sandworm. Since 2022, GRU Unit 29155’s more recently recruited hackers have taken the lead on cyber operations, including with the data-destroying wiper malware known as Whispergate, which hit at least two dozen Ukrainian organizations on the eve of Russia’s February 2022 invasion, as well as the defacement of Ukrainian government websites and the theft and leak of information from them under a fake “hacktivist” persona known as Free Civilian.

    Cadet Blizzard’s identification as a part of GRU Unit 29155 shows how the agency is further blurring the line between physical and cyber tactics in its approach to hybrid warfare, according to one of multiple Western intelligence agency officials whom WIRED interviewed on condition of anonymity because they weren’t authorized to speak using their names. “Special forces don’t normally set up a cyber unit that mirrors their physical activities,” one official says. “This is a heavily physical operating unit, tasked with the more gruesome acts that the GRU is involved. I find it very surprising that this unit that does very hands-on stuff is now doing cyber things from behind a keyboard.”

    In addition to the joint public statement revealing Cadet Blizzard’s link to the GRU’s unit 29155, the US Cybersecurity and Infrastructure Security Agency published an advisory detailing the group’s hacking methods and ways to spot and mitigate them. The US Department of Justice indicted five members of the group by name, all in absentia, in addition to a sixth who had been previously charged earlier in the summer without any public mention of Unit 29155.

    “The GRU’s WhisperGate campaign, including targeting Ukrainian critical infrastructure and government systems of no military value, is emblematic of Russia’s abhorrent disregard for innocent civilians as it wages its unjust invasion,” the US Justice Department’s assistant attorney general Matthew G. Olsen wrote in a statement. “Today’s indictment underscores that the Justice Department will use every available tool to disrupt this kind of malicious cyber activity and hold perpetrators accountable for indiscriminate and destructive targeting of the United States and our allies.”

    [ad_2]

    Source link

  • Right-Wing Influencer Network Tenet Media Allegedly Spread Russian Disinformation

    Right-Wing Influencer Network Tenet Media Allegedly Spread Russian Disinformation

    [ad_1]

    A Tennessee-based media network that produces shows for high-profile right-wing influencers including Benny Johnson and Tim Pool was largely funded by Russian state-backed news network RT, according to a federal indictment against two RT employees the United States Department of Justice unsealed on Wednesday. The DOJ claims the US company—which WIRED, along with other news outlets, was able to identify as Tenet Media but goes unnamed in the indictment—posted hundreds of videos on social media that pushed Kremlin-approved talking points.

    With the tagline “Fearless voices live here,” Tenet Media’s network includes online creators known for their right-wing politics, including Johnson, Pool, Dave Rubin, and Lauren Southern. In addition to the followings of the network’s individual creators, which collectively number in the millions, Tenet Media itself boasts more than 315,000 followers on YouTube, and thousands more across Facebook, Instagram, X, and TikTok.

    Johnson, Pool, Rubin, and Southern did not immediately respond to requests for comment; none are accused of wrongdoing. “We are disturbed by the allegations in today’s indictment,” Johnson wrote on X, referring to him and his lawyers, “which make clear that myself and other influencers were victims in this alleged scheme.” Pool also released a statement on X, saying in part that “Should these allegations prove true, I as well as the other personalities and commentators were deceived and are victims.” Rubin retweeted Pool’s post.

    Prosecutors say in the indictment that Tenet and its founders—who also go unnamed in the indictment, but are right-wing influencer Lauren Chen and her husband, Liam Donovan, according to corporate records—actively concealed the company’s links to Russia from the individual creators.

    Tenet allegedly received some $9.7 million from RT, according to the DOJ. Of that, $8.7 million went to the production companies of three unnamed commentators, the indictment claims. One, referred to as “Commentator-1”— the description appears to be of either Johnson or Rubin—was allegedly contracted for $400,000 per month for four weekly videos. The nearly $10 million Tenet Media allegedly received from RT “represents nearly 90%” of funds deposited in the company’s accounts, the DOJ claims.

    The Justice Department identifies Tenet Media only as “US Company-1,” but notes in the indictment that the company describes itself as a “network of heterodox commentators that focus on Western political and cultural issues.” That language is identical to the description on Tenet Media’s website.

    Tenet and Chen did not immediately respond to requests for comment.

    The Russian RT employees indicted by the US, Kostiantyn Kalashnikov and Elena Afanasyeva, allegedly worked with Tenet Media to produce hundreds of videos that support Russia’s aims. They are charged with conspiracy to violate the Foreign Agents Registration Act (FARA) and conspiracy to commit money laundering for their alleged work with Tenet Media and associated activities.

    Posing as outside video editors, the pair were allegedly intimately involved in Tenet Media’s operations. Kalashnikov, for example, “monitored [Tenet Media’s] internal communications and edited content” published by the company, the indictment claims. Afanasyeva, who allegedly used the fake personas “Helena Shudra” and “Victoria Pesti” while working with Tenet Media, is said to have “edited, posted, and directed the posting” by Tenet Media and “provided day-to-day direction” to the company’s staff. Afanasyeva’s work with Tenet Media allegedly included instructing the company to post pro-Russian viewpoints, such as pushing a conspiracy theory that Ukraine and the US were responsible for a March terrorist attack at a music venue in Moscow.

    [ad_2]

    Source link

  • Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks

    Powerful Spyware Exploits Enable a New String of ‘Watering Hole’ Attacks

    [ad_1]

    In recent years, elite commercial spyware vendors like Intellexa and NSO Group have developed an array of powerful hacking tools that exploit rare and unpatched “zero-day” software vulnerabilities to compromise victim devices. And increasingly, governments around the world have emerged as the prime customers for these tools, compromising the smartphones of opposition leaders, journalists, activists, lawyers, and others. On Thursday, though, Google’s Threat Analysis Group is publishing findings about a series of recent hacking campaigns—seemingly carried out by Russia’s notorious APT29 Cozy Bear gang—that incorporate exploits very similar to ones developed by Intellexa and NSO Group into ongoing espionage activity.

    Between November 2023 and July 2024, the attackers compromised Mongolian government websites and used the access to conduct “watering hole” attacks, in which anyone with a vulnerable device who loads a compromised website gets hacked. The attackers set up the malicious infrastructure to use exploits that “were identical or strikingly similar to exploits previously used by commercial surveillance vendors Intellexa and NSO Group,” Google’s TAG wrote on Thursday. The researchers say they “assess with moderate confidence” that the campaigns were carried out by APT29.

    These spyware-esque hacking tools exploited vulnerabilities in Apple’s iOS and Google’s Android that had largely already been patched. Originally, they were deployed by the spyware vendors as unpatched, zero-day exploits, but in this iteration, the suspected Russian hackers were using them to target devices that hadn’t been updated with these fixes.

    “While we are uncertain how suspected APT29 actors acquired these exploits, our research underscores the extent to which exploits first developed by the commercial surveillance industry are proliferated to dangerous threat actors,” the TAG researchers wrote. “Moreover, watering hole attacks remain a threat where sophisticated exploits can be utilized to target those that visit sites regularly, including on mobile devices. Watering holes can still be an effective avenue for … mass targeting a population that might still run unpatched browsers.”

    It is possible that the hackers purchased and adapted the spyware exploits or that they stole them or acquired them through a leak. It is also possible that the hackers were inspired by commercial exploits and reverse engineered them by examining infected victim devices.

    Between November 2023 and February 2024, the hackers used an iOS and Safari exploit that was technically identical to an offering that Intellexa had first debuted a couple of months earlier as an unpatched zero-day in September 2023. In July 2024, the hackers also used a Chrome exploit adapted from an NSO Group tool that first appeared in May 2024. This latter hacking tool was used in combination with an exploit that had strong similarities to one Intellexa debuted back in September 2021.

    When attackers exploit vulnerabilities that have already been patched, the activity is known as “n-day exploitation,” because the vulnerability still exists and can be abused in unpatched devices as time passes. The suspected Russian hackers incorporated the commercial spyware adjacent tools, but constructed their overall campaigns—including malware delivery and activity on compromised devices—differently than the typical commercial spyware customer would. This indicates a level of fluency and technical proficiency characteristic of an established and well-resourced state-backed hacking group.

    “In each iteration of the watering hole campaigns, the attackers used exploits that were identical or strikingly similar to exploits from [commercial surveillance vendors], Intellexa and NSO Group,” TAG wrote. “We do not know how the attackers acquired these exploits. What is clear is that APT actors are using n-day exploits that were originally used as 0-days by CSVs.”

    [ad_2]

    Source link