The reporting this week highlights continued activity by Russian hacktivists related to the conflict in Ukraine. The latest incident saw pro-Russia hacktivist group XakNet Team allegedly compromise and exfiltrate data from Ukraine’s largest private energy conglomerate DTEK Group. This operation coincided with a Russian strike against a DTEK-owned thermal power plant in central Ukraine, suggesting potential coordination between kinetic and cyber operations. This assessment is further supported by the claims that XakNet Team is instructed by the Russian military, as revealed by one of their members in a recent interview.

This event is one of several examples that demonstrate Russian hacktivist activity targeting countries that are actively supporting Ukraine or opposing Russia. We recently reported on Russian hacktivist groups targeting Lithuanian and Norwegian entities with distributed denial of service operations. These attacks were in response to those governments imposing bans on the transport of goods to Russian settlements. We predict that hacktivists are likely to continue operations that align with Russian military objectives.

Key Vulnerabilities

  1. CVE-2022-20812
    The Cisco Expressway Series and Cisco TelePresence Video Communication Server has multiple vulnerabilities (CVSS: 9| OVSS: 24) that could enable a remote user to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device.
  2. CVE-2020-13300
    GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorisation scope change (CVSS: 10| OVSS: 30) without user consent in the middle of the authorisation flow. This could lead to a considerable impact on confidentiality.
  3. CVE-2021-26334
    The AMDPowerProfiler.sys driver of AMD ?Prof tool ( CVSS: 9.9| OVSS: 38) may allow lower privileged users to access model-specific registers in kernel, potentially leading to privilege escalation and ring-0 code execution.

Key Intelligence Reports

  1. Multiple Windows networks infected with Raspberry Robin worm
    Microsoft has identified several Windows networks that have been infected with the Raspberry Robin worm. The worm, first identified in September of 2021, spreads via infected USB devices, and affected several organisations and industry sectors, including technology and manufacturing. Read full report >>
  2. Pro-Russian hacktivist group XakNet Team targets Ukraine largest energy company, DTEK Group
    Pro-Russia hacktivist group XakNet Team claims to have compromised DTEK Group, Ukraine’s largest private energy conglomerate. On its Telegram channel, the group shared screenshots of files it allegedly stole from DTEK’s network. Read full report >>
  3. Cybercriminals compromise British Army social media accounts to promote cryptocurrency scam
    An unknown threat actor has compromised the British Army’s social media accounts to promote online cryptocurrency scams. On 03 July 2022, the army’s verified Twitter account displayed fake NFTs and illegitimate crypto giveaway schemes, while its YouTube account aired “Ark Invest” live streams featuring Elon Musk footage that served to encourage viewers to visit fraudulent cryptocurrency sites. Read full report >>

What is OVSS?

The Orpheus Vulnerability Severity Score (OVSS) helps companies understand the risk associated with particular vulnerabilities. Orpheus does this by adding additional context on the likely threat to and impact of CVEs, building upon the vulnerability information that is provided as part of the CVSS (Common Vulnerabilities Scoring System) score.

The Orpheus Vulnerability Severity Score (OVSS)