Written by

Chris Duckett, APAC Editor

Chris Duckett
APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio

Ukrainian flag waving over Parliament in Kyiv, Ukraine.
Image: Getty Images
The Five Eyes nations consisting of the United States, United Kingdom, Australia, New Zealand, and Canada, as well as the European Union and Ukraine have pinned Russia for a series of cyber incidents leading up to the invasion of Ukraine. Pulling up short of absolutely attributing the attack, the UK said it was “almost certain” that Russia caused the Viasat outage in February that began an hour before the invasion of Ukraine commenced. “Although the primary target is believed to have been the Ukrainian military, other customers were affected, including personal and commercial internet users. Wind farms in central Europe and internet users were also affected,” the UK said. The UK added tens of thousands of Viasat terminals were rendered inoperable thanks to the attack. The United States said Russia had deployed multiple families of wiper malware including WhisperGate against the Ukrainian government and private sector networks. “In the months leading up to and after Russia’s illegal further invasion began, Ukraine experienced a series of disruptive cyber operations, including website defacements, distributed denial-of-service attacks, and cyber attacks to delete data from computers belonging to government and private entities — all part of the Russian playbook,” the US said. The Canadian attribution further pinned Russia for targeting Ukraine’s banking sector in February, historically exploiting the big SolarWinds vulnerability of 2021, going after Canadian COVID vaccine research, and interfering in Georgia’s parliamentary elections in 2020. “Russian government cyber actors have compromised a number of Ukrainian civilian entities since October 2021 that would be involved in crisis response activities, including networks related to emergency services, energy, transport and also communications,” the Australian government said. New Zealand said it would be sanctioning eight individuals and entities involved in the attacks and “Putin’s campaign of disinformation”. “President Putin’s propaganda machine is in full swing, spreading lies and false information to justify Russia’s illegal invasion,” NZ Foreign Minister Nanaia Mahuta said. “Today’s announcement reflects our complete rejection of Putin’s narrative and his attempts to mislead the international community.” For its part, Ukraine said Russia had been attacking its cyberspace for eight years. “Russia has launched at least several malware families upon Ukraine since the beginning of the year: WhisperGate/WhisperKill, CaddyWiper, Hermetic Wiper, Industroyer2, DoubleZero, etc,” it said. “Russia uses cyberattacks to create a humanitarian disaster in Ukraine, since hackers are trying to disrupt operation of the energy sector, emergency services, communications, logistics. “Russian hackers pose a threat not only to Ukraine, but to the whole world.” Related Coverage More

A Swedish citizen who promised investors huge returns in a gold and cryptocurrency investment scheme has pleaded guilty to securities fraud. 

On Thursday, the US Department of Justice (DoJ) said Roger Nils-Jonas Karlsson pleaded guilty to securities fraud, wire fraud, and money laundering in a case that the agency says defrauded investors out of over $16 million. 
The 47-year-old was the operator of Eastern Metal Securities (EMS), a now-defunct company that used a website to lure investors into participating in a scheme that promised incredible returns for their cryptocurrency. 
According to the US agency, Karlsson offered investors a share of a “plan” that would eventually pay out in gold, a high-value commodity, from 2012 to 2019.
For only $100 per share, each investor was promised an eventual return of 1.15kgs in gold, worth over $45,000 as of January 2019. Each share was purchased through cryptocurrency including Bitcoin (BTC).
Investors were also assured that in the event this return didn’t happen, they would receive 97% of their funds back.
A second website was used to “delay” the moment investors in the “Pre Funded Reversed Pension Plan” (PFRPP) would realize they had been scammed, prosecutors claim, and Karlsson allegedly kept false and frequent dialogues going to this end.

“For example, on one occasion, Karlsson explained that a payout had not occurred because releasing so much money all at once could cause a negative effect on financial systems throughout the world,” the DoJ says. “Karlsson also falsely represented that EMS was working with the US Securities and Exchange Commission (SEC) to prepare the way for a payout.”
Investor cash was sent to Karlsson’s personal bank accounts, the DoJ says, where it was later used to purchase homes and a resort in Thailand. At least 3,575 investors parted with over $16 million. 
The criminal complaint was issued against Karlsson and EMS on March 4, 2019.
Karlsson, who went by at least six aliases, was arrested in Thailand on June 17, 2019, and extradited to the United States. Karlsson has pleaded guilty to all charges and the EMS website has been seized. 

Karlsson faces a maximum sentence of 20 years in prison for the wire fraud and securities fraud charges, as well as a further 20 years behind bars for the money laundering charge. A maximum collective fine for the charges could reach $750,000. Forfeiture proceedings are ongoing. 
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

StackCommerce

ZDNet Recommends

It’s amazing how much affordable self-paced training is available online these days. For instance, even if you have no experience whatsoever, you can learn to be a Python programmer in no time and their average salaries are over $80,000 a year. But you could also become an ethical hacker, learn to be a game developer or so many other choices.However, just like when you are doing anything else online, you need to be extremely careful about protecting yourself when accessing educational content. And now, new users need never worry about that again, because a VPNSecure Online Privacy: Lifetime Subscription is currently available for only $39.99 during our pre-Black Friday sale.Obviously, your traffic will be encrypted so that hackers aren’t able to get access to your data. VPNSecure renders your traffic on the service unrecognizable with Stealth VPN. You also have full stack IP support (IPv4 + IPv6) and kill switches that will automatically disconnect you from the internet if your VPN connection is dropped. Your IP address and location will be hidden and VPNSecure has a strict policy of absolutely no logging.Since you have access to servers in more than 45 countries, and new ones are being added all the time, you will be able to watch all of your favorite content no matter where you happen to be. And VPNSecure fully supports torrents, yet you are allowed unlimited bandwidth, so you should be able to stream smoothly with no buffering.You can use the service on five devices simultaneously, on desktop or mobile. There is an ad blocker option that is available at no extra charge and so many other convenient features.Even Security.org was impressed. They said:”VPNSecure provided us with nearly everything we needed to search the web safely and even included some unique features like the Meta Search Engine.”

You really don’t want to pass up this opportunity to protect yourself online for a lifetime. If you are a new user, get VPNSecure Online Privacy: Lifetime Subscription now while it’s available for only $39.99.

More ZDNet Academy Deals More

Security researchers have found a new collection of phishing domains offering up fake Windows 11 installers that actually deliver information-stealing malware. 

Cybersecurity firm Zscaler said that newly registered domains appeared in April 2022 and have been designed to mimic the legitimate Microsoft Windows 11 OS download portal. ‘Warez’ sites containing pirate material, including software and games, are notorious as hotbeds of malicious malware packages, including Trojans, information stealers, adware, and nuisanceware.  SEE: Microsoft warns: This botnet has new tricks to target Linux and Windows systemsCracked forms of software are on offer for free and users who download the software are usually trying to avoid paying for software licenses or gaming content. A brief scan of active warez sites reveals listings for Windows, macOS, and Linux applications, including Adobe Photoshop, various creative applications, enterprise versions of Windows software, and a host of films and games.  However, if you risk the download, you might be opening your machine up to infection – and the same applies if you download software you trust from a suspicious web address.
Image: Zscaler
In the case documented by Zscaler, Vidar is spread by the threat actors through phishing and social media networks, including Mastodon, which are widely abused to facilitate attacks. Mastodon is decentralized, open-source software used to run self-hosted social networks. In two instances, the cyber criminals created new user accounts and stored command-and-control (C2) server addresses in their ‘profile’ sections.  In a new development, the Vidar group is also opening Telegram channels with the same C2 stored in the channel description. By doing so, malware implanted on vulnerable systems can fetch C2 configuration from these channels.  Vidar is a nasty form of malware able to spy on users and steal their data, including OS information, browser history, online account credentials, financial data, and various cryptocurrency wallet credentials. Vidar is also spread through the Fallout exploit kit.  SEE: Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breachesWhile the fake website pretends to be the official download portal, the malicious file on offer is an .ISO hiding the Vidar payload and packed with Themida. A static configuration is used to access the C2, but social media profiles can also be used as backup URLs.  In addition to the .ISO files being distributed as fake Windows 11 installers, Zscaler also uncovered a GitHub repository storing backdoored versions of Adobe Photoshop, another popular option for warez sites.  The best option to mitigate the risk of Vidar is to only download software from trusted, official domains – and to not give in to the lure of free, cracked software.  “The threat actors distributing Vidar malware have demonstrated their ability to social engineer victims into installing Vidar stealer using themes related to the latest popular software applications,” the researchers say. “As always, users should be cautious when downloading software applications from the Internet.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

EarFun Clip Open Ear Earbuds <!–> ZDNET’s key takeaways The EarFun Clip earbuds are on sale now on Amazon for $53 (normally $90). With just the right tweaking in the app, you can elevate the sound of these earbuds well above average. The app is required for these earbuds to sound their best. –> The […] More