FlagThis - #Quantum

A newly identified Russian cyber-espionage group, known as Laundry Bear by Dutch intelligence and Void Blizzard by Microsoft, has been actively targeting Western organizations since at least April 2024. This group is believed to be backed by the Russian government and is primarily focused on gathering intelligence to support Russian strategic interests. Laundry Bear's targets include government entities, defense contractors, aerospace firms, and high-tech businesses in Europe and North America, particularly those supporting Ukraine. The group's activities suggest an interest in sensitive information related to military goods, weapons deliveries, and advanced technologies that are difficult for Russia to acquire due to Western sanctions.

The primary objective of Laundry Bear is to steal sensitive emails and files from compromised systems. They achieve this by targeting cloud-based email environments, specifically Microsoft Exchange. The group employs a range of techniques, including pass-the-cookie attacks, password spraying, and spear phishing aimed at credential theft. Notably, the Dutch intelligence services identified Laundry Bear during an investigation into a credential-stealing attack against the Dutch National Police in September 2024. During this attack, Laundry Bear gained access to an account belonging to a Dutch police employee by using a stolen session cookie to obtain work-related contact information of other police employees.

Microsoft has also observed Laundry Bear targeting critical sectors such as government, defense, transportation, media, NGOs, and healthcare, with a focus on organizations in Europe, North America, NATO member states, and Ukraine. The group frequently gains access by using stolen credentials, likely purchased from online marketplaces. Despite employing relatively simple attack methods and readily available tools, Laundry Bear has achieved a high success rate due to quick-paced cyber operations and efficient automation. Microsoft recommends organizations implement robust security measures to defend against such threats.


References :

• The Hacker News: Microsoft has shed light on a previously undocumented cluster of malicious activity originating from a Russia-affiliated threat actor dubbed Void Blizzard (aka Laundry Bear) that it said is attributed to worldwide cloud abuse.
• www.helpnetsecurity.com: Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group
• Threats | CyberScoop: New Russian state-sponsored APT quickly gains global reach, hitting expansive targets
• therecord.media: Recent attacks on institutions in the Netherlands were the work of a previously unknown Russian hacking group that Dutch intelligence agencies are labeling Laundry Bear. Microsoft also reported on the group, naming it Void Blizzard.
• www.microsoft.com: Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzard’s cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America. The post appeared first on Microsoft Security Blog.
• www.defensie.nl: Onbekende Russische groep achter hacks Nederlandse doelen - Unknown Russian group behind hacks of Dutch targets - "is behind the hacks on several Dutch organizations, including the police in September 2024.
• Help Net Security: Microsoft, Dutch security agencies lift veil on Laundry Bear cyber espionage group
• thecyberexpress.com: New Russian Cyber Threat ‘Laundry Bear’ Hits Western Targets
• www.csoonline.com: New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police
• The Register - Security: New Russian cyber-spy crew Laundry Bear joins the email-stealing pack
• securityonline.info: Void Blizzard: New Russian Cyberespionage Group Targets NATO and Ukraine
• securityonline.info: Void Blizzard: New Russian Cyberespionage Group Targets NATO and Ukraine
• securityaffairs.com: Russia-linked APT Laundry Bear linked to 2024 Dutch Police attack
• industrialcyber.co: Microsoft details Void Blizzard as Russian cyber threat targeting global critical infrastructure
• Virus Bulletin: Microsoft Threat Intelligence, in colaboration with Dutch security organizations AIVD & MIVD, observed Void Blizzard (a.k.a. LAUNDRY BEAR) conducting espionage operations primarily targeting organizations that are important to Russian government objectives.
• Industrial Cyber: Microsoft details Void Blizzard as Russian cyber threat targeting global critical infrastructure
• www.cybersecuritydive.com: Microsoft, Dutch government spot new Russian hacking group targeting critical infrastructure
• Metacurity: Russian group Laundry Bear hacked Dutch police, targets Ukraine-allied nations
• www.metacurity.com: Russian group Laundry Bear hacked Dutch police, targets Ukraine-allied nations
• Vulnerable U: Void Blizzard hackers raid NATO cloud tenants with Evilginx phishing
• Danny Palmer: A new Russian APT (LAUNDRY BEAR) is tearing through defence and government entities in NATO member states using stripped back and heavily automated threat techniques that nonetheless went widely undetected until they were spotted by the Dutch police, the Netherlands’s security services revealed.
• The Record: Recent attacks on institutions in the Netherlands were the work of a previously unknown Russian hacking group that Dutch intelligence agencies are labeling Laundry Bear. Microsoft also reported on the group, naming it Void Blizzard.
• www.scworld.com: Russian hackers Void Blizzard step up espionage campaign
• The Hacker News: Russia-Linked Hackers Target Tajikistan Government with Weaponized Word Documents

Classification:

• HashTags: #RussianHackers #CyberEspionage #APT
• Company: Dutch Intelligence
• Target: Dutch Police, NATO member states
• Attacker: Laundry Bear (Void Blizzard)
• Product: Microsoft Exchange
• Feature: pass-the-cookie
• Malware: Evilginx
• Type: Espionage
• Severity: Major

Quantum computing is rapidly advancing, presenting both opportunities and challenges. Researchers at Toshiba Europe have achieved a significant milestone by transmitting quantum-encrypted messages over a record distance of 254km using standard fiber optic cables. This breakthrough, facilitated by quantum key distribution (QKD) cryptography, marks the first instance of coherent quantum communication via existing telecom infrastructure. QKD leverages the principles of quantum mechanics to securely share encryption keys, making eavesdropping virtually impossible, as any attempt to intercept the message would immediately alert both parties involved.

This advance addresses growing concerns among European IT professionals, with 67% fearing that quantum computing could compromise current encryption standards. Unlike classical computers, which would take an impractical amount of time to break modern encryption, quantum computers can exploit phenomena like superposition and entanglement to potentially crack even the most secure classical encryptions within minutes. This has prompted global governments and organizations to accelerate the development of robust cryptographic algorithms capable of withstanding quantum attacks.

Efforts are underway to build quantum-secure communication infrastructure. Heriot-Watt University recently inaugurated a £2.5 million Optical Ground Station (HOGS) to promote satellite-based quantum-secure communication. In July 2024, Toshiba Europe, GÉANT, PSNC, and Anglia Ruskin University demonstrated cryogenics-free QKD over a 254 km fiber link, using standard telecom racks and room temperature detectors. Initiatives such as Europe’s EuroQCI and ESA’s Eagle-1 satellite further underscore the commitment to developing and deploying quantum-resistant technologies, mitigating the silent threat that quantum computing poses to cybersecurity.


References :

• The Next Web: Researchers at Toshiba Europe have used quantum key distribution (QKD) cryptography to send messages a record 254km using a traditional fiber optic cable network.
• medium.com: Rethinking Cybersecurity in the Face of Emerging Threats
• medium.com: Quantum Security: The Silent Threat Coming for Your Business

Classification:

• HashTags: #quantumcomputing #encryption #cybersecurity
• Target: encryption
• Product: quantum
• Feature: encryption
• Type: Research
• Severity: Major