This attack’s below the belt, Russia

Feb 14 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily newsletter that’s more action-packed than a Valentine’s Day special of Love Island.

Roses are red, violets are blue, ransomware’s out there to scam you (couldn’t resist)

Today’s hottest cyber security stories:

  • From Russia with Love Hate: Hackers target Turkey earthquake aid
  • F-Bee-I invades Hive hacking group in sting operation
  • Toyota Hack-asaki! ‘Backdoor’ sealed following hacker’s ‘good-faith pwnage’


Russian hackers have been Putin the cyber-screws (“woah, people are dying!” Sorry.) into Nato’s Turkey-Syria earthquake aid operation via a series of DDos (Distributed Denial of service) attacks.

The aptly-named Killnet hacking group successfully – though briefly, and not completely – disrupted communication with a C-17 plane while it was delivering earthquake aid to Turkey and Syria.

Nato, along with the Strategic Airlift Capability (SAC), has been instrumental in the recovery effort, in response to last Monday’s 7.8 magnitude earthquake that devastated southeast Turkey and northwest Syria. The death toll has passed 35,000 and continues to rise.

They’re not DDos-ing about

Killnet: “We are carrying out strikes on Nato. Details in a closed channel.”

The ‘closed channel’ allegedly refers to a private group on the (you guessed it!) Russian encrypted messaging app Telegram.

The hackers aim to disrupt military and government websites of countries that support Ukraine, according to one of its Telegram channels.

Indeed, as well as losing contact with the plane, NATO experienced general network disruption.

NATO-day Russia!

Despite Killnet’s best efforts, NATO appears to have been effective in snuffing out the (it must be said) rather half-arsed (though morally abhorrent) attack.

A Nato official confirmed that it had fallen victim to a cyberattack (which they take “very seriously!”), which led to the Nato Special Operations Headquarters website and other associated websites going down for a couple of hours.

Nato secretary general Jens Stoltenberg said: “The majority of Nato websites are functioning as normal. Some Nato websites are still experiencing availability issues, but our technical teams are working to restore full access.”

The earthquake’s been described as the worst in that area in a hundred years and experts believe the death toll will at least double.

One thing’s for sure: Russia’s going to have to up its hacking game if it wants to be taken Syria-ously (couldn’t resist) by Nato. Joking aside, our thoughts and prayers are of course with those affected and we wish NATO and SAC all the best with the recovery effort.


The U.S. Department of Justice has managed to successfully infiltrate the infamous and elusive Hive hacking group, in a ‘monthslong’ FBI operation dating back to July 2022.

Despite this notable victory, the group remains shrouded in mystery. Indeed, little is known about the forces behind the group, whose weapon of choice is the dreaded ransomware attack.

FACT: Ransomware attacks lock users out of their files and demand cash in return for re-access.

One thing we do know is that this Hive certainly isn’t grumbling. The busy bees have racked up a hair-whitening $100 million (£82m approx.) in ransom loot since June, 2021!

Wanted, dead or a Hive: $10 million reward

The US government is dead-set on unmasking the group and, as such, is offering a $10 million (£8.2m approx.) reward for information leading to the identification of Hive.

Although undoubtedly impressive, ten million is fairly standard for the agency; the same was offered for info on Russian spies, North Korean hacking groups, and other ransomware operators.

The gang’s ransomware has been linked to attacks on the Costa Rican Social Security Fund, European car dealership Emil Frey, US healthcare groups Partnership HealthPlan and Memorial Healthcare System, and others.


Toyota had a lucky escape a week or so back when their systems were hacked by a security researcher who alerted the Japanese car manufacturer to the vulnerabilities.

Since then, they’ve sealed the back door, so to speak, and the man who delivered the ‘good-faith pwnage’ has applauded Toyota’s efficiency in dealing with the problems he exposed.

Started from the bottom now we’re here

In a David and Goliath story truer than the Bible itself, hacker Eaton Zveare was able to storm Toyota’s internal networks, rising from a lowly ‘user’ (with a ‘Mgmt – Purchasing’ role) to the coveted status of SysAdmin. Bravo, Eaton.

Based on the additional tabs that appeared within the application, it was clear that “with a System Admin JWT, I basically had total, global control over the entire system”, said Zveare.

He described the security hole, which Toyota patched quickly, as “one of the most severe vulnerabilities I have ever found”.

Lucky for Toyota, the fire was friendly. This time.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles