BadRabbit: NotPetya Hackers Likely Behind Ransomware Attack, Say Researchers

BadRabbit: NotPetya Hackers Likely Behind Ransomware Attack, Say Researchers

Technical indicators suggest a cyber-attack which hit Russia and other countries this week was carried out by hackers behind a similar but bigger assault on Ukraine in June, security researchers who analysed the two campaigns said on Wednesday.

Russia-based cyber firm Group-IB said the BadRabbitvirus used in this week’s attack shared a key piece of code with the NotPetya malware that crippled businesses in Ukraine and worldwide earlier this year, suggesting the same group was responsible.

The BadRabbit attack hit Russia, Ukraine and other countries on Tuesday, taking down Russia’s Interfax news agency and delaying flights at Ukraine’s Odessa airport.

Multiple cyber-security investigators have linked the two attacks, citing similarities in the malware coding and hacking methods, but stopped short of direct attribution.

Still, experts caution that attributing cyber-attacks is notoriously difficult, as hackers regularly use techniques to cover their tracks and sometimes deliberately mislead investigators about their identity.

Security researchers at Cisco’s Talos unit said BadRabbit bore some similarities with NotPetya as they were both based on the same malware, but large parts of code had been rewritten and the new virus distribution method was less sophisticated.

They confirmed BadRabbit used a hacking tool called Eternal Romance, believed to have been developed by the US National Security Agency (NSA) before being stolen and leaked online in April.

NotPetya also employed Eternal Romance, as well as another NSA tool called Eternal Blue. But Talos said they were used in a different way and there was no evidence Bad Rabbit contained Eternal Blue.

“It is highly likely that the same group of hackers was behind (the) BadRabbit ransomware attack on Oct. 25, 2017 and the epidemic of the NotPetya virus, which attacked the energy, telecommunications and financial sectors in Ukraine in June 2017,” Group-IB said in a technical report.

Matthieu Suiche, a French hacker and founder of the United Arab Emirates-based cyber security firm Comae Technologies, said he agreed with the Group-IB assessment that there was “serious reason to consider” that BadRabbit and NotPetya were created by the same people.

But some experts have said the conclusion is surprising as the NotPetya attack is widely thought to have been carried out by Russia, an allegation Moscow denies.

Ukrainian officials have said the NotPetya attack directly targeted Ukraine and was carried about by a hacking group widely known as Black Energy, which some cyber experts say works in favour of Russian government interests. Moscow has repeatedly denied carrying out cyber attacks against Ukraine.

The majority of BadRabbit’s victims were in Russia, with only a few in other countries such Ukraine, Bulgaria, Turkey and Japan.

Group-IB said some parts of the BadRabbit virus dated from mid-2014, however, suggesting the hackers used old tools from previous attacks. “This corresponds with BlackEnergy timeframes, as the group started its notable activity in 2014,” it said.

[“Source-gadgets.ndtv”]

Former Uber CEO Says Investor Lawsuit a ‘Public and Personal Attack’

Former Uber CEO Says Investor Lawsuit a 'Public and Personal Attack'

The ousted chief executive of Uber Technologies called a lawsuit filed against him by one of the company’s top investors a “public and personal attack” without merit, according to court documents filed late on Thursday.

Venture capital firm Benchmark Capital, which says it owns 13 percent of Uber and controls 20 percent of the voting power, sued former Uber CEO Travis Kalanick last week to force him off the board, where he still has a seat, and rescind his remaining power there, citing fraud and deception.

Kalanick, in the first court filing in response to the lawsuit, said Benchmark’s legal action is part of a larger scheme to oust him from the company he helped found and take away his power. He also argued that the legal quarrel should take place in arbitration.

ALSO SEEUber Investor Benchmark Capital Says Gave Former CEO Kalanick a Month Before Suing

Benchmark’s lawsuit marks a rare instance of a well-regarded Silicon Valley investor suing the central figure at one of its own, highly successful startups. The case has stunned Silicon Valley’s venture capital community and created a divided Uber board and infighting among shareholders, many of whom have criticised Benchmark for suing.

At issue is a change to the board structure in 2016 to expand the number of voting directors by three, with Kalanick having the sole right to fill those seats.

In its lawsuit, Benchmark argues that Kalanick hid from the board a number of misdeeds, including allegations of trade-secret theft involving autonomous car technology and misconduct by Kalanick and other executives in handling a rape committed by an Uber driver in India, when he asked Uber’s board to give him those extra seats.

Benchmark says it was “fraudulently induced” to agree to the change and wants Kalanick to give up control of those seats.

Kalanick’s court filing rejects that allegation, saying that at the time of the board change “Benchmark was fully aware of all of the allegations involving Kalanick”, yet the firm “made no mention of having been ‘fraudulently induced’ to enter” into the agreement. Through May, the venture firm continued to support him. Then in June, Benchmark was part of a group of five investors who demanded Kalanick’s resignation as Uber’s CEO.

“The Benchmark principals also handed Kalanick a draft resignation letter, and told him he had hours to sign it, or else Benchmark would start a public campaign against him,” the court filing said.

Benchmark first backed Uber in 2011 with an investment of $12 million, according to court filings. With 13 percent ownership at the $68 billion valuation that Uber achieved last year, Benchmark’s stake would be worth almost $9 billion.

“Resorting to litigation was an extremely difficult step for Benchmark,” the firm said in a statement through a spokeswoman. “Failing to act now would mean endorsing behavior that is utterly unacceptable in any company, let alone a company of Uber’s size and importance.”

[“Source-gadgets.ndtv”]

US imposes ‘sweeping’ Syria sanctions over ‘chemical’ attack

A man breathes through an oxygen mask as another one receives treatment after what rescue workers described as a suspected chemical attack in the town of Khan Sheikhoun in rebel-held Idlib province, Syria (4 April 2017)

The US has imposed “sweeping” sanctions on officials in a Syrian government agency in response to a suspected chemical attack earlier this month.

The treasury department ordered a freeze on all assets in the US of 271 employees of the Syrian Scientific Studies and Research Centre (SSRC).

The US believes it made the nerve agent that killed more than 80 people in the rebel-held town of Khan Sheikhoun.

Syria says the incident was a fabrication.

President Bashar al-Assad has accused the West of making up events in Khan Sheikhoun on 4 April so the US had an excuse to carry out missile strikes on the government’s Shayrat airbase, which took place a few days after the alleged attack.

Syria ‘chemical attack’: What we know

In a statement on Monday, the treasury department said the 271 employees had been responsible for developing and producing non-conventional weapons and the means to deliver them”.

The sanctions mean that American citizens will be forbidden from having any dealings with them.

Treasury Secretary Steven Mnuchin said that “these sweeping sanctions target the scientific support centre for Syrian dictator Bashar al-Assad’s horrific chemical weapons attack on innocent civilian men, women, and children.

“The United States is sending a strong message with this action that we will hold the entire Assad regime accountable for these blatant human rights violations in order to deter the spread of these types of barbaric chemical weapons.”

Syria map

Witnesses have said they saw warplanes attack Khan Shiekhoun – but Russia, a key ally of President Assad, says a rebel depot of chemical munitions was hit.

Footage showed victims – many of them children – convulsing and foaming at the mouth. Sufferers were taken to hospitals across the border in Turkey.

The Organisation for the Prohibition of Chemical Weapons (OPCW) has said that allegations of a chemical attack were “credible” based on a preliminary examination of the evidence.

More than 300,000 people have lost their lives and millions of people have been displaced since a peaceful uprising against President Assad six years ago turned into a full-scale civil war.

[“Source-bbc.”]

Syria civil war: UN calls emergency talks after ‘gas attack’

Destruction at a hospital room in Khan Sheikhoun. April 4, 2017The UN Security Council is to hold emergency talks after an alleged chemical attack in Syria left dozens of civilians dead and wounded.

The release of chemicals in a rebel-held town in Idlib province brought furious international reaction.

Officials in Damascus deny opposition and Western claims that they used chemical weapons.

Russia’s defence ministry said a Syrian air strike had hit a rebel ammunition store that included chemical weapons.

In particular, “a workshop for the production of land mines filled with poisonous substances” had been hit, it said.

It seemed to support accounts by Syrian military sources a day earlier who reported an explosion at what they called a rebel chemical weapons factory in Khan Sheikhoun.

Earlier, the US and other powers had blamed the Syrian government.

Footage from the scene showed civilians, many of them children, choking and foaming at the mouth.

Witnesses said clinics treating the injured were then targeted by air strikes.

UK-based monitoring group the Syrian Observatory for Human Rights put the death toll at 72, including 20 children.

It was unable to say which chemical had been involved but pro-opposition groups said it was believed to have been the nerve agent Sarin.

‘War crime’

The attack will overshadow a conference in Brussels at which 70 donor nations will discuss aid efforts in Syria. Delegates want to step up humanitarian access for thousands of civilians trapped by fighting.

Syria’s civil war has raged for more than six years, with no political solution in sight.

Nearly five million Syrians have fled the country and more than six million are internally displaced, the UN says. More than 250,000 people have been killed.

Media captionVictims were treated for injuries, including asphyxiation

Wednesday’s emergency meeting of the UN Security Council was called by France and the UK as international outrage mounted over the attack.

Britain’s ambassador to the UN, Matthew Rycroft, said the incident was “very bad news for peace in Syria”.

“This is clearly a war crime and I call on the Security Council members who have previously used their vetoes to defend the indefensible to change their course,” he told reporters in New York.

  • The spectre of nerve agents in Syria – again
  • US blames Assad over ‘chemical attack’
  • Aftermath of attack in pictures (Warning graphic images)
  • Why is there a war in Syria?

In a statement, US President Donald Trump condemned what he called “these heinous actions” by the government of Syrian President Bashar al-Assad.

US Secretary of State Rex Tillerson accused the Syrian government of “brutal, unabashed barbarism”.

UN Syria envoy Staffan de Mistura said it was a “horrific” attack and that there should be a “clear identification of responsibilities and accountability” for it.


Image copyrightGETTY IMAGES
Image captionWitnesses said clinics treating the wounded were subject to air strikes

The BBC’s Lyse Doucet in Brussels says the attack could prove a stumbling block at Wednesday’s international conference.

The EU hopes to use the prospect of funds for reconstruction as a bargaining chip in the faltering peace talks, our correspondent says, but the latest developments will deepen the opposition of those who say now is not the time to discuss financial support for areas controlled by the Syrian government.

[“Source-bbc”]