Review of security incidents for the period from March 3 to March 9, 2022


Like last week, the current week is characterized by an increase in cyber warfare, previously announced by Anonymous. In addition, the LAPSUS$ cybercrime group made itself known again, and Chinese hackers broke into government computer networks in several US states through a vulnerability in software for monitoring and accounting of agricultural animals. Read about these and other events for the period from March 3 to March 9, 2022 in our review.

According to Igor Lyapunov, Rostelecom’s vice president for Information Security, the number of hacker attacks on the portals of state authorities has increased hundreds of times recently. Such large-scale attacks on Russian services and resources have not yet been conducted, Lyapunov concluded. It is not known exactly who is involved in the attacks on these sites.

Hackers posted images with silhouettes of military, tanks and Ukrainian and Russian flags on the main pages of the websites of Russian state authorities. As explained in the Ministry of Finance of the Russian Federation, hackers attacked the websites of authorities through a widget, but they were quickly restored.

Anonymous hacktivists, who declared war on Russia at the beginning of the military conflict, hacked the online broadcast of several state TV channels and posted an anti-war appeal. Hackers claimed to have hacked Russian streaming services Wink and Ivi and online broadcast of such channels as “First”, “Russia 24” and “Moscow 24”. Instead of the news of these channels, they have launched videos with anti-war propaganda appeals to subscribers. The hacking didn’t last long at all, and the usual broadcast was restored.

Last week, there was a leak of data from users of Pikabu– one of the most popular information and entertainment sites on the Runet. The database contains 1,091,670 lines. A random check of the database showed that all the data posted was reliable. The information was leaked by a Ukrainian hacker who claims to have published only the data of users who have a nickname, phone and mail. According to him, he has access to 4 million lines in total.

The same hacker also posted logins, email addresses and hashed (MD5 with salt) passwords of registered users of the Kwork freelance services exchange ( ). There are 166 135 lines in the text file. However, according to the hacker, in total he leaked about 5 million user records.

The Romanian subsidiary of the international “gas giant” KMG called Rompetrol was subjected to a cyber attack, as a result of which it was forced to suspend some services at stations and close websites. The Hive cybercriminal group claimed responsibility for the hack, threatening to leak data encrypted during the attack if a $2 million ransom was not paid.

Factories of a major tire manufacturer Bridgestone-Firestone in North and Latin America were shut down due to a cyber attack. Local news outlets from across the U.S. reported power outages at Bridgestone-Firestone plants in Iowa, Illinois, North Carolina, South Carolina, Tennessee and Canada.

The South American hacker group Lapsus$, which recently attacked NVIDIA, hacked Samsung’s networks and stole, according to her, 190 GB of data, including the source code of trusted applets installed in TrustZone, algorithms for biometric authentication, loaders of the latest models of devices and even confidential data of the chip supplier Qualcomm. Samsung has confirmed the leak of internal data, including the source code associated with Galaxy smartphones.

The APT41 hacker group working for the Chinese government (aka Double Dragon) hacked government computer networks in six American states, including by exploiting a vulnerability in the farm animal accounting system, Mandiant experts said. At the same time, researchers from Proofpoint told about the increasing cyberattacks of Chinese hackers on European governments. Both information security companies confirmed this week that Beijing has stepped up its cyber operations against Western countries.