al3x@wannaCYbeR(security)~$ echo "Issue \x0C"

Greetings, fellow cyber people, and welcome to the twelfth issue of wannaCYbeR, a weekly newsletter dedicated to those who are just starting in cybersecurity. After a break of a couple of weeks for my big move across the country, I’m back with some news and useful content.

Ransomware Hits Agricultural Machinery Producer AGCO

After the FBI issued an alert on ransomware attacks likely targeting the agricultural sector timed during “critical seasons,” the agricultural machinery maker AGCO has been hit by a cyberattack that affected multiple production facilities. While investigations are still underway, BleepingComputer reports that the company would have shut down part of its system to avoid the spread of the ransomware.

"AGCO is still investigating the extent of the attack, but it is anticipated that its business operations will be adversely affected for several days and potentially longer to fully resume all services depending upon how quickly the Company is able to repair its systems. The Company will provide updates as the situation progresses."?

Hacks in Russia

On Sunday, the online Russian TV schedule was hacked during the regime’s “Victory Day” parade – a celebration that occurs every year on a national holiday. Instead of the usual schedule, every program on the page was displaying: "On your hands is the blood of thousands of Ukrainians and their hundreds of murdered children. TV and the authorities are lying. No to war," as BBC reporter Francis Scarr posted on Twitter.

At the same time, the video platform RuTube, a Russian equivalent of YouTube, was also hit by a cyberattack and, according to BleepingComputer, “Visitors are shown a message stating that the "site is undergoing technical work" due to an attack when accessing the site. However, the service says that all user content and data remain untouched by the attackers.”

So far, none of the hacktivist groups has claimed the attack.

Read more on BleepingComputer.

REvil is Back for Real

After GOLD SOUTHFIELD, the threat group that operates REvil, resumed operations in April, researchers from Secureworks Counter Threat Unit (CTU) analyzed new malware samples and established that the group who coded them must have access to REvil’s source code. “The identification of multiple samples containing different modifications and the lack of an official new version indicate that REvil is under active development,” Secureworks reports.

Read details of the new samples.

Malware Hidden in Windows Event Logs

In a first-of-its-kind campaign, researchers at Kaspersky found threat actors hiding malicious payloads in Windows Event Logs. According to The Hacker News: “The method enabled the threat actor behind the attack to plant fileless malware in the file system in an attack filled with techniques and modules designed to keep the activity as stealthy as possible.”

The malware dropper injects “shellcode payloads into Windows event logs for the Key Management Services (KMS)” and “copies the legitimate OS error handling file WerFault.exe to ‘C:\Windows\Tasks’ and then drops an encrypted binary resource to the ‘wer.dll’ (Windows Error Reporting) in the same location, for DLL search order hijacking to load malicious code.”?

Read more on BleepingComputer.

Meme of the Week: Password Attempts

Special of the Week #1: Daily OSINT

If you love OSINT as much as I do and are always eager to hunt for new tools, you should follow Daily OSINT on LinkedIn. Every day, they post tools, advice, and fun quizzes, ranging from domain to phone number investigation, to OSINT frameworks, to username search. Personally, I have a whole collection of their posts saved to explore tools and training!

Check out Daily OSINT.

Special of the Week #2: Powershell Quick Reference

Are you also banging your head against the wall to learn Powershell? Here’s a useful cheat sheet to help you remember cmdlets, options, and operators developed by practicalpowershell.com. Enjoy!

Download the quick reference.

That's all for this week. If you enjoyed the newsletter, please feel free to share it with your connections. Do you know of a great piece of content I should include? Don’t be shy, reach out!

P.S. In case you were wondering, I don't receive any compensation or sponsorship for the content I share. I do it just because I love to nerd out with other people on topics of common interest.