In the midst of Israel’s ongoing war with Hamas, US and Israeli government agencies on Friday warned that hackers calling themselves “Cyberav3ngers” but working for Iran’s Revolutionary Guard Corps had breached the networks of multiple US water and wastewater utilities. The breaches, which affected “less than 10” utilities, according to a CNN source, aimed to deface computer screens in the facilities with an anti-Israel message. In each case, the hackers took advantage of vulnerabilities in equipment sold by Unitronics, an Israeli company. “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is Cyberav3ngers legal target,” some of the defaced screens read. While the intrusions appear to have been opportunistic and aimed at sending a message, the ability of a foreign government to gain broad access to US critical infrastructure led the Cybersecurity and Infrastructure Security agency to brief members of Congress on the hacking campaign on Thursday.
In a sprawling bust that spanned multiple Ukrainian cities, at least five key members of a ransomware gang were arrested this week in raids coordinated by Europol along with law enforcement agents from Ukraine, the US, Canada, the Netherlands, and other European countries. The group’s members are accused of deploying multiple ransomware variants including LockerGoga, Hive, MegaCortex, and Dharma. According to Ukrainian police, the gang allegedly did at least $82 million in damage in attacks that encrypted more than a thousand servers on victim networks over the past five years.
In a very different sort of Ukrainian criminal case, Ukrainian law enforcement this week detained Viktor Zhora, the deputy director of the State Special Communications Service of Ukraine, its agency focused on cybersecurity. Zhora, along with the agency’s director, is accused of taking part in a multimillion-dollar corruption scheme. While corruption has long plagued the Ukrainian government and military, the charges against Zhora—and his detainment this week—have sent shock waves through the global cybersecurity community, in which Zhora was a high-profile figure and often the public face of Ukraine’s cybersecurity defense. In November, for instance, Zhora keynoted the popular Cyberwarcon conference of security researchers in Arlington, Virginia. Zhora was released on bail later in the week. When his charges were announced, he told TechCrunch that he would “defend [his] name and reputation in a court.”
In keeping with this week’s theme of (alleged) crime and punishment, David Vincenzetti, the founder of hacker-for-hire firm Hacking Team, was arrested last weekend for the alleged stabbing and attempted murder of a family member, TechCrunch reported based on news articles in multiple Italian-language media outlets. According to one of those newspapers, Il Giorno, the victim was visiting Vincenzetti to take care of him due to his psychological issues. When Vincenzetti appeared before a judge, he reportedly gave a rambling statement that caused a judge to ask prosecutors to investigate his mental health, according to La Stampa. The reported charge could suggest a dark ending to the story of a man with a dark career, who helped launch an industry of cyber-mercenaries like NSO Group, Appin, CyberRoot, and BellTroX.
Updated at 12 pm ET, December 2, 2023, with an item about Iranian hackers breaching US critical infrastructure.