Microsoft trims footprint in Russia, dismantles a major botnet, and other cybersecurity events

We have gathered the most important cybersecurity news of the week.

Microsoft releases report on cyberattacks by Russian hackers since the war began and says it will shrink its operations in Russia

Microsoft CEO Brad Smith told in an interview with Washington Post that the company would continue to shrink its business in Russia, ‘until there is nothing left’.

Earlier, users in Russia began reporting difficulties downloading a number of Microsoft products from the site, including utilities for installing Windows 10 and 11.

In March, the company announced a suspension of new product sales and services in Russia due to the invasion of Ukraine.

This week Microsoft also released a report on cyberattacks by Russian hackers since the start of the war. The main findings:

• Ukraine managed to withstand most of the attacks by Russian hackers. Microsoft recorded ‘numerous waves of cyberattacks’ against 48 Ukrainian organizations and enterprises. The hackers attempted to breach network domains, distributing malware.
• One step that kept Ukrainian authorities’ processes through the tech infrastructure largely unaffected by the attacks was Ukraine swiftly and successfully relocating data out of the country to data centres across Europe.
• Russian hackers are targeting states that support Ukraine. Microsoft researchers detected attempts to breach networks of 128 organizations in 42 countries. They were successful in only 29% of cases. The company also noted that Russian hackers may coordinate their actions with the Russian military.

• Microsoft asserts that a day before the war began, 19 Ukrainian government sites were attacked by the FoxBlade malware. The company believes that it was developed and launched by the same group behind the NotPetya attack in 2017.

Former Amazon employee found guilty of Capital One breach and theft of data of more than 100 million people

A former Amazon employee Paige Thompson used a tool she created to scan Amazon Web Services accounts to identify misconfigured accounts.

She then hacked accounts and stole data from more than 30 organizations, including Capital One Bank. Additionally, Thompson installed cryptocurrency mining software on compromised servers.

The U.S. District Court for the Western District of Washington found her guilty; she faces up to 25 years in prison.

Pavel Durov says Telegram does not share user data with Google

Telegram founder Pavel Durov commented on user concerns regarding Google’s speech recognition technology used to convert voice messages to text under Telegram Premium.

Some have worried that the feature threatens privacy. However, Durov said there is an agreement between the messenger and Google under which the latter “cannot do anything with these de-identified audio data other than generate text versions from them and return them”.

WordPress sites forced to update due to discovered vulnerability

WordPress sites using the Ninja Forms plugin to create forms were forced to update due to the fix for a critical vulnerability. It was discovered by Wordfence specialists.

Hackers could exploit the vulnerability to gain full control over the site.

US authorities report takedown of the RSOCKS botnet

As part of the international operation, law enforcement disrupted the RSOCKS botnet. It is stated that it was run by Russian hackers.

Operators of RSOCKS compromised millions of devices worldwide. They offered clients access to IP addresses assigned to compromised devices. Access prices ranged from $30 per day for 2,000 proxies to $200 per day for 90,000 proxies.

The FBI began tracking RSOCKS as early as 2017. Later, law enforcement from Germany, the Netherlands and the United Kingdom joined the botnet takedown operation.

Also on ForkLog:

• A hacker stole around $100 million in the Harmony cross-chain bridge attack on the Horizon protocol.
• Unknown attackers targeted DNS servers of DeFi projects among Namecheap’s clients.
• The Tether site was subjected to a massive DDoS attack.
• Elliptic spoke of the use of Dogecoin by scammers and criminals.
• The attacker attacked the DNS server of the Convex Finance project.

What to read this weekend?

With questions raised this week about Telegram, we explain what is wrong with the messenger and what privacy-preserving alternatives exist.

Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.