X-Industry

Broadcom researchers recently reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups. “Tools that are usually associated with China-based espionage actors were recently deployed in an attack involving the RA World ransomware against an Asian software and services company,” reads the report published by Broadcom.

During the late 2024 attack, the attacker d

Enterprise cybersecurity tools, such as routers, firewalls, and VPNs, exist to protect corporate networks from intruders and malicious hackers, something that is particularly important in today’s age of widespread remote and hybrid working. But while pitched as tools that help organizations stay safe from outside threats, many of these products have time and again been found to contain software bugs that allow malicious hackers to compromise the very networks these products were designed to prot

Our friends from German media is reporting that the new US administration has dismissed all members of various advisory bodies not appointed by the government, bringing an investigation into the devastating cyber-attack on US providers to an abrupt halt.  This was reported by the news agency Reuters. According to trusted sources, the investigation into the attack by the Cyber Safety Review Board has been “killed,” as reported by Reuters.  US Senator Ron Wyden-D speaks of a “massive gift to the C

The US Commerce Department on 14 January 2025 announced a new rule that will ban certain Chinese and Russian connected car technology from being imported to the United States.  Software and hardware built into Vehicle Connectivity Systems (VCS), such as telematics control units and cellular, satellite and Wi-fi functions, which are manufactured in China and Russia will be banned, along with any connected cars containing them.

Separately Russian and Chinese Automated Driving System (ADS) software

The National Computer Network Emergency Response Technical Team/Coordination Centre of China (CNCERT/CC) says it has identified two major cyber espionage campaigns undertaken by the US cyber spies that hacked Chinese technology companies with the aim to steal trade secrets.  In a statement, CNCERT/CC said that advanced materials design and research unit and a large-scale high-tech company focused on intelligent energy and digital information were "suspected of being attacked by a US intelligence

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has taken decisive action against Integrity Technology Group, Incorporated (Integrity Tech), a Beijing-based cybersecurity company, for its alleged involvement in malicious cyber activities targeting U.S. critical infrastructure. Announced on January 3, 2025, this move represents a significant escalation in the U.S. government's efforts to combat state-sponsored cyber threats.

Integrity Tech is accused of providing inf

A federal appeals court has upheld a law that could see TikTok banned across the US unless its Chinese parent company, ByteDance, divests its ownership.  The decision was issued by a three-judge panel from the US Court of Appeals for the District of Columbia Circuit on 06 December 2024, marking a significant setback for the video-sharing platform as it battles to remain operational in the United States.  The court ruled that the law, signed by President Joe Biden in April 2024, does not violate

The US Treasury Department has sanctioned a Chinese cybersecurity vendor for allegedly trying to spread malware to approximately 81,000 firewall devices from Sophos.  The sanctions target Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, “for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide,” the Treasury Department said in last Tuesday’s announcement.  “More than 23,000 of the compromised firewalls were in the United States,” the

Two Internet cables between Germany and Finland, as well as between Lithuania and Sweden, have experienced sudden outages. Located in northern Europe, the Baltic Sea is an active commercial shipping route ringed by nine countries, including Russia. The affected countries, all members of NATO, say that it is unlikely to be accidental. This happened in the same waterway in which a significant gas pipeline and other underground cables were previously damaged in mysterious circumstances in 2022. No,

The US Coast Guard has issued a second security directive warning that Chinese ship-to-shore cranes used widely in the United States pose a cybersecurity risk. Maritime Security Directive 105-5 calls on port operators to take “risk management” measures to mitigate the threats.

Built-in vulnerabilities for remote access and control of the cranes “combined with intelligence regarding China’s interest in disrupting US critical infrastructure, necessitate immediate action,” according to a portion of

For those of you old enough to remember party lines when using your telephones, you could not just pick up the phone and start talking, as there were likely two others on the same ‘line,’ until those talking would hang up their phones. So, you didn’t want to begin sharing any personal information with these two strangers. A party line (multiparty line, shared service line, party wire) is a local loop telephone circuit shared by multiple telephone service subscribers. Fast forward to 2024. The US

Known for targeting iOS devices, it has been expanded to include capabilities for compromising device security and stability. ThreatFabric, who discovered the malware, initially published a report on LightSpy for macOS in May 2024. During that investigation, the analysts found that the same server managed both macOS and iOS versions of LightSpy. This discovery allowed ThreatFabric to conduct a new, detailed analysis of the spyware targeting iOS published today, finding notable updates compared t

Kroger’s plans to roll out facial recognition tools at its grocery stores is attracting increased criticism from lawmakers, who warn that it could be exploited to increase the prices certain individuals pay for food and put customers’ personal data at risk.  In a letter this week to Kroger CEO Rodney McMullen, Congresswoman Rashida Tlaib (D-MI) said the plans, which involve using facial recognition tools in digital displays to target advertising to customers and collect information on them, pote

Threat Type: Foreign Adversarial Technological, Physical, and Cyber Influence

Geographic Area: Worldwide

This advisory supersedes and cancels US Maritime Advisory 2024-002

1. Issue: This Advisory seeks to alert maritime stakeholders of potential vulnerabilities to maritime port equipment, networks, operating systems, software, and infrastructure. Foreign companies manufacture, install, and maintain port equipment that creates vulnerabilities to global maritime infrastructure information technology

Despite current of law enforcement action to take down ransomware gangs, Secureworks has observed a 30% year-on-year rise in active ransomware groups.   In the eighth edition of the Secureworks annual State of The Threat Report[1], the firm identified 31 new groups that had entered the ransomware ecosystem in the last 12 months.  The report noted that while a few big players had previously dominated the threat landscape, it is now home to a broader set of emerging entities.[2]

The top four most

China-linked APT group Salt Typhoon (FamousSparrow and GhostEmperor) breached US broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data.

See:  https://redskyalliance.org/xindustry/hotels-under-attack

According to the Wall Street Journal, which reported the news exclusively, the security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on na

A Chinese national has been accused of conducting a years-long spear-phishing campaign that aimed to steal source code from the US Army and NASA, plus other highly sensitive software used in aerospace engineering and military applications.  At least some of the spears hit their targets, and some of this restricted software made its way to China, according to a US Department of Justice (DOJ) announcement and an indictment.  The accused, Song Wu, 39, remains at large and has been charged with 14 c

So maybe China and Russia are not such good friends after all.  Cyber security researchers have uncovered an apparently new Advanced Persistent Threat (APT) group targeting Russian government entities, known as CloudSorcerer.  They use a sophisticated cyber espionage tool, discovered by investigators and reported in an advisory they published in June, and is designed for covert data collection and exfiltration, using Microsoft Graph, Yandex Cloud, and Dropbox for its command and control (C2) inf

Cyber-spies suspected of connections with China have infected "dozens" of computers belonging to Russian government agencies and IT providers with backdoors and trojans since late July, according to Kaspersky.  The Russia-based security biz claimed the malware used in the ongoing, targeted attacks, called EastWind, has links to two China-nexus groups tracked as APT27 and APT31. 

After gaining initial access to their victims' devices via phishing emails, the attackers used various cloud services

Cyber threat researchers recently uncovered a Chinese cyber espionage campaign targeting a newly discovered command injection vulnerability in Cisco’s Cisco NX-OS software.  They found the vulnerability and its exploitation as part of an ongoing forensic investigation of a Velvet Ant threat group.   The vulnerability tracked as CVE-2024-20399 concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system