Russian Military Satellite Comms Provider Offline After Hack

Infosec in brief A Russian satellite communication provider has been knocked offline by hackers, and more than one party – including hackers who say they're associated with mutinous mercenary outfit Wagner Group – has claimed responsibility.

Multiple news sources have reported that Dozor-Teleport – which counts among its customers Russian energy companies and the country's military – was knocked offline on early Thursday morning, Moscow time. It appeared to still be down as of late Friday night in the Russian capital. 

Amtel Svyaz, Dozor's parent company and itself a satellite service provider, also experienced outages not long before Dozor was hit.

According to Russian technology news website ComNews (machine translated), Dozor general director Alexander Anosov has acknowledged the breach and said the provider believes it was compromised via one of its cloud providers.

"Restoration work is underway now, most of it was restored yesterday, the rest is being restored as equipment becomes available," Anosov said. 

Whether the hack was caused by Wagner mutineers or members of an unnamed hacktivist group is unclear. Regardless of the actor behind it, hackers claim they sent malicious software to Dozor satellite terminals to knock them offline – which makes sense given the "up to two weeks" that ComNews said experts predict it will take to restore service.

The situation is clearly reminiscent of the Viasat satellite broadband outage that occurred on February 24 last year – the day Russia illegally invaded Ukraine. Viasat terminals were knocked offline across Europe, including inside Ukraine, by attackers who managed to break into a poorly-configured VPN that they used to pivot into a trusted management segment of Viasat's network.

From there, the Viasat hackers sent a signal to Viasat subscribers' modems to overwrite their flash memory. That resulted in to a similar situation to the one unfolding inside Russia today. 

Regardless of whether Wagner is behind the virtual hit, it makes for an interesting next step in Putin's power struggle. Either unknown hackers are using Wagner's name to sow discord within Russia's borders by taking its military satellite comms offline, or Wagner isn't done getting revenge.

Critical vulnerabilities: Quiet week edition

There may have been plenty of vulnerabilities disclosed this week – anyone who gets CISA's email blasts will tell you that – but surprisingly few were critical, fortunately. 

Only a single new actively exploited vulnerability that was reported was critical – though with a CVSS score of 9.8 it's very critical indeed. 

The vulnerability, reported as CVE-2023-25717, affects the Ruckus Wireless admin portal through version 10.4 and allows remote code execution via an unauthenticated HTTP get request. Patches are available, so Ruckus users ought to stop reading and get installing. Now. Go.

As for newly discovered vulnerabilities, there's a few of those, too:

  • CVSS 9.8 – CVE-2023-31222: Medtronic's Paceart Optima software used to manage cardiac device data contains a deserialization vulnerability that can be exploited via its messaging service.
  • CVSS 9.1 – Multiple CVEs: Mitsubishi Electric's FA engineering software used in several products contains vulnerabilities that could be used by attackers to gain access to CPU modules and OPC UA server modules, execute programs and view files.
  • CVSS 8.6 – Multiple CVEs: Multiple models of Rockwell Automation's CompactLogix 5370 are vulnerable to uncontrolled resource consumption and stack-based buffer overflow exploits that could render them unusable.
  • CVSS 8.6 – CVE-2023-32274: Solar power provider Enphase's installer toolkit for Android – version 3.27.0, at least – contains hard-coded credentials that can be abused by an attacker.

Ransomware operators find oasis of NHS data in Manchester Uni systems

A ransomware attack on University of Manchester systems has exposed the details of more than one million NHS patients, the University admitted this week. 

"We confirmed on 23 June that our systems have been accessed and student and alumni data has been copied," a University spokesperson told The Register. "Our in-house data experts and external support are working around-the-clock to resolve this incident and respond to its impacts." 

Compromised in the attack was a database of NHS data gathered by the University for research purposes. According to officials, data in the stolen set includes NHS numbers, the first three digits of patient postcodes, and records of major trauma and terror attack treatments from across the country. While the database contains records for 1.1 million patients, it's not clear if all those records were compromised, and UoM said it's not sure if names were stolen as well.

As a result of the breach, UoM closed the dataset and has warned NHS leaders that some of the data could be made public. NHS patients are advised to keep an eye out, as they may not even realize their names were in the database – records in the list go back to 2012, and patient consent wasn't sought for inclusion. 

The NHS has declined to comment. 

Three years worth of US patent applicant info exposed online

The US Patent and Trademark Office (USPTO) has admitted publicly this week to a years-long data exposure that may have allowed bad actors to harvest home addresses belonging to American inventors. 

Individuals who file patent applications in the United States are required to include their home address as a way to combat fraud, but a poorly configured API had apparently been exposing supposedly private domicile data to anyone who knew where to look in the Office's Trademark Status and Document Review system. To make matters worse, the API has been misconfigured since early 2020. 

The USPTO said it discovered the issue in February of this year, and closed the hole in late March. Some 61,000 applicants may have had their data exposed, but the USPTO said it has no reason to believe anyone has misused the data – yet. 

Several law firms that work on intellectual property law said notices were quietly sent to affected parties in mid-June, warning that the stolen information could be used in phishing scams or attempts to infringe on trademarks. ®

RECENT NEWS

From Chip War To Cloud War: The Next Frontier In Global Tech Competition

The global chip war, characterized by intense competition among nations and corporations for supremacy in semiconductor ... Read more

The High Stakes Of Tech Regulation: Security Risks And Market Dynamics

The influence of tech giants in the global economy continues to grow, raising crucial questions about how to balance sec... Read more

The Tyranny Of Instagram Interiors: Why It's Time To Break Free From Algorithm-Driven Aesthetics

Instagram has become a dominant force in shaping interior design trends, offering a seemingly endless stream of inspirat... Read more

The Data Crunch In AI: Strategies For Sustainability

Exploring solutions to the imminent exhaustion of internet data for AI training.As the artificial intelligence (AI) indu... Read more

Google Abandons Four-Year Effort To Remove Cookies From Chrome Browser

After four years of dedicated effort, Google has decided to abandon its plan to remove third-party cookies from its Chro... Read more

LinkedIn Embraces AI And Gamification To Drive User Engagement And Revenue

In an effort to tackle slowing revenue growth and enhance user engagement, LinkedIn is turning to artificial intelligenc... Read more