Robin’s Newsletter #276

1 October 2023. Volume 6, Issue 40
Ukraine says Russia is going after war crimes data. US, Japan says China targeting routers for persistence. UK logistics firm goes under following ransomware attack.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

Ukraine says Russia is targeting systems storing evidence of alleged war crimes

  • Ukraine accuses Russian intelligence of targeting systems holding data on alleged war crimes. “Their primary objectives were to identify which evidence of Russian war crimes,” said the report from the Ukrainian State Service of Special Communications and Information Protection (SSSCIP), which continued “and exercise control over potential ground-deployed spies have our law enforcement teams”.
  • The report (PDF) says that the number of cyber security incidents registered with its national CERT team has doubled from H2 2022 to H1 2023, however, the rate of ‘critical’ incidents has fallen over the same period by 81%.
  • Other lessons learned included in the report are that returning attacks on previously victimised organisations gives the attackers advantages from knowing the network architecture and the ability to anticipate the response actions taken by defenders and that a focus on minimising detection and response time has led to a shift towards smash and grab data exfiltration, rather than prolonged lateral movement.

China is abusing Cisco routers to maintain persistence

UK logistics firm KNP announces insolvency, 730 redundancies, following ransomware attack

  • KNP Logistics, a UK logistics company recognisable for its blue and gold liveried lorries emblazoned with Knights of Old, has declared itself insolvent this week. The company suffered a ransomware attack in June, which has contributed to the decision, and which will result in 730 redundancies. “Against a backdrop of challenging market conditions and without being able to secure urgent investment due to the attack, the business was unable to continue,” said Raj Mittal, a joint administrator.
  • Thankfully this type of conclusion is unusual (though does not diminish the real world impact on those individuals). As a reminder, the widely circulated statistic that 60% of businesses go bust within six months of a cyber attack has been debunked and the National Cyber Security Alliance (NCSA), who is the reported source, has denied any knowledge of the statistic which “was not generated from NCSA research”.

Interesting stats

48 hours between ransomware attacks, according to the FBI, who has been observing the trend of victims being targeted with multiple strains of ransomware in quick succession since July 2023.

60,000 emails were stolen from the US State Department during the Chinese ‘Storm-0558’ compromise of Microsoft’s email platform in May this year (vol. 6, iss. 29).

Other newsy bits / in brief

And finally


  Robin's Newsletter - Volume 6

  Ukraine Russia Crypto-currency North Korea Lazarus Mixin Sony MOVEit Progress Software Cybersecurity and Infrastructure Agency (CISA) National Cyber Security Centre (NCSC) Get Safe Online CyberAware Palo Alto Networks China Storm-0558 Google Bard Microsoft Bing Chat Artificial Intelligence (AI) Chatbot Knights of Old KNP Logistics Ransomware National Cyber Security Alliance (NCSA) Redundancies Exim ShinyHunters