Hackers Take Over Twitter Accounts, Attack Power Grid and Set Up Ad-Watching Network

Another busy week in Threatwatch, Nextgov's regularly updated index of cyber incidents.

OurMine Takes Over Netflix, Marvel and NFL Twitter Accounts

“Hey, it’s OurMine, we are just testing your security,” read tweets from several prominent brands Wednesday, including Netflix U.S., Marvel Entertainment and the National Football League.

The hacker group OurMine took over Netflix’s U.S. account Dec. 21, according to Reuters. The group also accessed Marvel and the NFL accounts, though the takeovers seemed short lived and tweets were quickly deleted, CNET reported.

OurMine takes over high-profile Twitter accounts to advertise its security services, previously hitting targets such as Twitter's Jack Dorsey and Facebook’s Mark Zuckerberg and celebrities including actor Channing Tatum and DJ DeadMau5.

Ukraine Investigates Suspected Cyberattack on Power Grid

After a blackout that affected parts of Ukraine capital Kiev, officials are launching an investigation to uncover more information.

Vsevolod Kovalchuk, an official from the national power company Ukrenergo, told Reuters a power distribution station close to Kiev "unexpectedly switched off early on Sunday, leaving the northern part of the capital without electricity."

The outage was the equivalent of 200 megawatts of capacity, which is about one-fifth of Kiev's energy consumption at night, according to Kovalchuk.

As for what caused the incident, Kovalchuk told Reuters there were just two possibilities: either failing hardware or outside meddling. A year ago, regional power company Prykarpattyaoblenergo suffered an outage, which U.S. cyber firm iSight Partners traced back Sandworm, a Russian hacking group.

Hackers Set Up Ad-Watching Network to Make $3M to $5M Daily

Hackers built an elaborate network of robot browsers to view video ads, making the group behind it approximately $3 million to $5 million every 24 hours, according to a report.

Security firm White Ops released a report on a bot farm named Methbot, which it called “the largest and most profitable ad fraud operation to strike digital advertising to date.”  

The report alleges the Russia-based hackers opted to build out infrastructure to support their ad scam instead of using the more traditional route of infecting computers with malware. Their network includes 800 to 1,200 servers in the U.S. and the Netherlands with more than 570,000 forged IPs, 6,100-plus spoofed domains and 250,000-plus URLs.

To view the ads, the hackers created automated web browsers that supply fake clicks, mouse movements and social media logins.

The network spoofed sites like ESPN, Vogue and Fox News, in effect stealing the money those publishers could be making from the ads. Though detected in September 2015, White Ops said activity significantly ramped up in October.