Lower Austrian community targeted

Hacker traces lead to the Kremlin

Nachrichten
20.02.2024 15:45

Huge strike against a worldwide Russian network of blackmailing hackers. Meanwhile, the trail of a cyber attack on the municipality of Korneuburg (Lower Austria) also leads to the Kremlin. Lockbit in particular is regarded as a highly dangerous computer crime group.

As reported, the computers of the municipality on the outskirts of Vienna were recently practically paralyzed. Even funerals were stopped because no applications for official documents were possible. However, the data could be backed up and the system is slowly starting up again.

As cyber specialists were able to determine, traces in the network lead to Moscow. The hacker group Lockbit, based in Russia, is believed to be behind the professional attack, which is also said to repeatedly assert the interests of the Russian state.

The hackers' website was taken over by the authorities. (Bild: HANDOUT)
The hackers' website was taken over by the authorities.
The town hall in Korneuburg is also said to have been targeted by Russian cyber criminals. (Bild: Huber Patrick)
The town hall in Korneuburg is also said to have been targeted by Russian cyber criminals.

Authorities hacked into hacker group
Behind this is a globally active group of internet blackmailers who encrypt data with malware and only release it again after ransom payments or sell it at the click of a mouse. This time, however, the hackers themselves were hacked during "Operation Cronos". The US Federal Bureau of Investigation (FBI), in cooperation with international and European authorities - in Austria, the Federal Criminal Police Office and the Directorate of State Security and Counter-Terrorism (DSN) were also involved - succeeded in taking over the cyber criminals' website.

Zitat Icon

The close cooperation between the municipality of Korneuburg and the Office for the Protection of the Constitution is crucial in the international investigation.

ÖVP-Innenminister Gerhard Karner zum Cyber-Angriff

"Two thirds of our servers have already been decrypted. However, data from January 28 to February 2 is still missing. The work on the network will continue for months", Korneuburg Mayor Christian Gepp announced on Tuesday. The damage is estimated at more than 100,000 euros, including the involvement of external IT specialists and overtime by municipal workers.

Lockbit and the notorious hacker group APT 28 (the abbreviation stands for "Advanced Persistent Threat"), which is also controlled by Moscow, have been highly active in recent years, particularly since the start of the war in Ukraine. In addition to German government agencies and hospitals, for example, the computer networks of large foreign companies have been attacked or infiltrated in large numbers. After all, data is the new gold. In addition to political destabilization, it can be used to make a fortune. In America alone, at least 1700 organizations are said to have become victims since 2020.

Russian cyberattack on foreign ministry too
The domestic Foreign Ministry was also targeted by Putin's hacker army four years ago. Technicians and the criminals in the network fought fierce cyber battles for weeks until the attack could be repelled

The ruthless Lockbit criminals are attacking on the darknet from Tsar Vladimir Putin's Russian empire. (Bild: overrust - stock.adobe.com)
The ruthless Lockbit criminals are attacking on the darknet from Tsar Vladimir Putin's Russian empire.

"With their ransomware, these attackers are encrypting the computers of thousands of companies and organizations worldwide," warns cybersecurity expert Dr Cornelius Granig. The perfidious method: those behind the attacks have built up a strong presence on the darknet and also rent their malware to other criminals, with whom they share the proceeds. All those involved remain anonymous - so that the perpetrators cannot identify each other.

Reputable company on the notorious Darknet
According to Granig, Lockbit acts like a company to the outside world and even has an unnamed press spokesperson. Uninhibited advertising: "No laws apply to us, we work on the darknet. Anyone can do what they want there."

Cybersecurity expert Dr. Cornelius Granig (Bild: klemens groh)
Cybersecurity expert Dr. Cornelius Granig

But how does ransomware work? Phishing emails are used to steal access data from computer systems whenever users carelessly click on links and disclose information. The attackers then gain access to external networks and steal data. They then encrypt the systems they have taken control of and demand a ransom in cryptocurrencies to unlock them.

Loading...
00:00 / 00:00
Abspielen
Schließen
Aufklappen
Loading...
Vorige 10 Sekunden
Zum Vorigen Wechseln
Abspielen
Zum Nächsten Wechseln
Nächste 10 Sekunden
00:00
00:00
1.0x Geschwindigkeit
Loading
Kommentare
Eingeloggt als 
Nicht der richtige User? Logout

Willkommen in unserer Community! Eingehende Beiträge werden geprüft und anschließend veröffentlicht. Bitte achten Sie auf Einhaltung unserer Netiquette und AGB. Für ausführliche Diskussionen steht Ihnen ebenso das krone.at-Forum zur Verfügung. Hier können Sie das Community-Team via unserer Melde- und Abhilfestelle kontaktieren.

User-Beiträge geben nicht notwendigerweise die Meinung des Betreibers/der Redaktion bzw. von Krone Multimedia (KMM) wieder. In diesem Sinne distanziert sich die Redaktion/der Betreiber von den Inhalten in diesem Diskussionsforum. KMM behält sich insbesondere vor, gegen geltendes Recht verstoßende, den guten Sitten oder der Netiquette widersprechende bzw. dem Ansehen von KMM zuwiderlaufende Beiträge zu löschen, diesbezüglichen Schadenersatz gegenüber dem betreffenden User geltend zu machen, die Nutzer-Daten zu Zwecken der Rechtsverfolgung zu verwenden und strafrechtlich relevante Beiträge zur Anzeige zu bringen (siehe auch AGB). Hier können Sie das Community-Team via unserer Melde- und Abhilfestelle kontaktieren.

Kostenlose Spiele
Vorteilswelt