14/03/22

Critical Infrastructure Daily Brief

Statewide Terrorism & Intelligence Center

Critical Infrastructure Daily Brief 

**UNCLASSIFIED **

(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.

Situational Awareness

• Chicago Shootings: 26 Shot, 2 Fatally, in Weekend Violence, CPD Says

At least 26 people were shot, two fatally, in Chicago weekend violence.

• 2 Dead, 25 Wounded in Weekend Shootings Across the City
• 7 People Shot at Strip Mall in Chicago, Authorities Say

• Suspect in Custody for 2 Fires at New Britain Places of Worship

The New Britain Police Department (NBPD) arrested Kimorah Parker for two fires at places of worship. Parker has been charged with Arson 3rd Degree and Burglary 3rd Degree. According to officials the New Britain Fire Department received a call of a fire at the Congregation Tephereth Israel Synagogue on Winter Street, and just 45 minutes later another fire was reported at St. Matthews Lutheran Church at 99 Franklin Square. As crews were in the process of putting these fires out, a burglar alarm went off at St. Joseph off of main street, which is two minutes away. The New Britain Mayor’s office stated that the fires are currently under investigation by the fire marshall’s office. “In my opinion I think there is no doubt that these incidents are connected this is just too coincidental to not believe that but obviously the professionals are going to do the investigation to see what they can find but this is definitely alarming and we never here of situations like this where churches are targeted,” said Mayor Erin Stewart. The FBI has been coordinating with the Connecticut State Police (CSP) and NBPD. Stewart posted on Facebook “The FBI will continue to coordinate with local law enforcement and, pending further evidence collection, will determine whether federal charges are appropriate. The FBI is unaware of any specific, credible threat to the religious community stemming from these incidents.”

• Person Faces Charges After Fires at New Britain Houses of Worship

• Shootings Targeting Homeless Men in New York and Washington, DC are Linked, Police Say

A series of shootings targeting homeless men in New York City and Washington, DC, were carried out by the same suspect, officials said Sunday. The five shootings left two men dead and took place over a nine-day period this month, police said. The New York Police Department (NYPD) and Washington's Metropolitan Police Department (MPD) are working with the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) on the investigation, the agencies said in a joint statement. The agencies described the victims in each incident as "experiencing homelessness" and cited similar circumstances and characteristics in each shooting and recovered evidence as the basis for the joint investigation.

• Police Search for Shooting Suspect Targeting Homeless in DC, NYC

• Russia Invades Ukraine Updates

As of Monday, more than 2.8 million people have fled Ukraine for neighboring countries, including 127,000 third-country nationals, the International Organization for Migration (IOM), a UN agency, said. "People continue to flee the war in Ukraine every minute," the IOM tweeted Monday, adding that they need "continued support." According to UNICEF, the war in Ukraine is having a "devastating impact" on more than 7.5 million children… Ukrainian negotiator, Mykhailo Podoliak, said in an update on Twitter that a "technical pause" has been taken in the Ukraine-Russia talks until Tuesday. "For additional work in the working subgroups and clarification of individual definitions. Negotiations continue,” Podoliak said. Earlier today, Ukrainian President Volodymyr Zelensky described them as “difficult talks.” Podoliak said the fourth session was being held virtually, not in person, with the Ukrainian negotiating team in Kyiv.

• Russian Prosecutors Warn Western Firms of Arrests, Asset Seizures

Cybersecurity

• Android Malware Escobar Steals Your Google Authenticator MFA Codes

The Aberebot Android banking trojan has returned under the name 'Escobar' with new features, including stealing Google Authenticator multi-factor authentication codes. The new features in the latest Aberebot version also include taking control of the infected Android devices using VNC, recording audio, and taking photos, while also expanding the set of targeted apps for credential theft. The main goal of the trojan is to steal enough information to allow the threat actors to take over victims' bank accounts, siphon available balances, and perform unauthorized transactions.

• Political Fallout in Cybercrime Circles Upping the Threat to Western Targets

The Russian war on Ukraine’s impact on the cybercrime underground is starting to become clearer, with the fallout having significant implications for cyberattack targeting and an increased threat to Western nations’ critical infrastructure, according to new research. The findings, published Monday by Accenture’s Cyber Threat Intelligence team, document how “previously coexisting, financially motivated threat actors [are dividing] along ideological factions.” Some of those splits have resulted in high-profile developments, such as a Ukrainian cybersecurity researcher with access to the Conti ransomware group’s inner workings publishing years of the group’s internal chats, code, and other materials. “This divide has led to pro-Russian actors galvanizing against Western targets, especially in the resources, government, media, financial and insurance industries.” But Accenture notes that other, more subtle reflections of the fallout from Russian President Vladimir Putin’s decision to attack Ukraine are just as serious and, in some ways, more worrying for the threat landscape. The mostly financial motives of the past are, in some cases, giving way to political motivations, with prolific cybercrime actors pushing for more access to critical infrastructure targets by offering up to $500,000 for network access, and up to $10 million for zero-day exploits. “This divide has led to pro-Russian actors galvanizing against Western targets, especially in the resources, government, media, financial and insurance industries,” the Accenture researchers note.

• Bridgestone Americas Confirms Ransomware Attack, LockBit Leaks Data

A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer, which is currently at less than three hours.

Related Links