InForce Cyber

Threat Report September 2020


UK investigates cyberattack leaking Syria propaganda operations

The British government is investigating a data breach in the British Foreign Ministry, which resulted in tons of data exposing its propaganda operations in Syria being compromised.

According to the leaked files the Foreign, Commonwealth and Development Office (FCDO) ran the operations by hiring contractors to set up media outlets and platforms throughout Syria during the ongoing military conflict.

Those British contractors utilized a vast network of anonymous Syrian civilian journalists who reported on the development of the war. Many of them started from the beginning of the Syrian revolution in 2011.

The aim of the entire operation was to build up a moderate opposition by promoting secular values amongst the Syrian population.

Many at the FCDO believe that Russia is behind the attack, particularly with the Russian government supporting and militarily backing the Assad regime throughout the conflict.

Norway’s parliament attacked by hackers

„The parliament has recently been targeted in a vast cyber-attack,“ said official statement by the institution. „There have been intrusions in the email accounts of a few MPs and employees. Our analyses show that varying quantities of data have been downloaded,“

Network anomalies have been detected and effective steps have been taken. So far the hacker’s identities remain unknown.

In its annual threat assessment, Norway’s domestic intelligence service PST warned of „computer network operations“ which they said represented a „persistent and long-term threat to Norway“.

In 2018, Norway arrested a Russian citizen suspected of gathering information on the parliament’s internet network, but released him several weeks later due to lack of evidence.


Newcastle University becomes latest ransomware victim as education sector fails to heed warnings

Newcastle University’s systems were infected with malware in the beginning of September.

The DoppelPaymer ransomware gang breached the university’s systems on 4 September, and stole backup files.

The university has apologized for the “ongoing” issues and stated that it would take “a number of weeks” to get back online.

Staff and students can still access limited services.

Meanwhile, the university said it is working with the ICO (Information Commissioner’s Office) and the police to investigate the breach.

Netwalker ransomware hits Argentinian government, demands $4 million

Argentina’s official immigration agency, Dirección Nacional de Migraciones, was hit by a Netwalker ransomware. The attack temporarily halted border crossing into and out of the country. This is the first known attack against a federal agency that has interrupted a country’s operations.

The government first learned of the ransomware attack after receiving numerous tech support calls from checkpoints on August 27th.

All networks used by the immigration offices and control posts were shut down, to prevent the ransomware from infecting further devices. This led to a temporary suspension of border crossings for four hours while the servers were brought back online.

Government sources told that „they will not negotiate with hackers and neither they are too concerned with getting that data back.“

Equinix data center hit by Netwalker Ransomware

A Netwalker ransomware attacked data center giant Equinix over the Labor Day holiday weekend. The message included a link to a screenshot of the stolen data. The ransom is $4.5 million or 455 bitcoin for a decryptor and to prevent the release of stolen data. After a certain time the ransom would double

Equinix is a massive data center and colocation provider with more than 50 locations worldwide.