Researchers have discovered a new malware variant likely used in an attack this January against an energy company in western Ukraine that left 600 households without heat amid freezing temperatures. The tool, called FrostyGoop, is one of only a few malware strains ever discovered in the wild that can interact directly with industrial control systems and have a physical effect on the hardware used by targeted enterprises, according to researchers at industrial cybersecurity firm Dragos, which di
russia (133)
In 2019, the Space Force became the nation’s first new military branch in nearly 80 years. Now, the US Congress is already thinking about starting another one, a cyber force. For years, there's been talk of creating a military branch that concentrates on the cyber domain, driven by the increasing threat posed by geopolitical rivals like China and by organizational and staffing problems with the existing US military cyber operations. Now, members of the House of Representatives and Senate hav
The United Nations' telecommunication agency condemned Russian interference in the satellite systems of several European countries. Earlier this month, the UN’s International Telecommunication Union (ITU) received a series of complaints from Ukraine, France, Sweden, the Netherlands and Luxembourg about the Kremlin’s alleged satellite interference that has affected GPS signals and television channels. The ITU reviewed these complaints and published a document Monday calling the practice “extrem
More than 1,000 planned operations and over 3,000 outpatient appointments have been postponed amid ongoing disruption caused by a cyber-attack that impacted London hospitals. Synnovis, an agency which manages labs for NHS trusts and GPs in south-east London, was the victim of a data hack on 3 June.[1]
New figures from NHS England show that since then, 3,396 appointments and 1,255 elective procedures have been postponed. In a statement, the chief executives of two affected trusts said they were
The notorious Russia-based ransomware gang Lockbit 3.0 has claimed responsibility for a cyber-attack on the US Federal Reserve. The attack, which was announced on 23 June via a post on a site associated with the ransomware gang, allegedly saw the gang infiltrate the systems of the US Federal Reserve and exfiltrate 33 TB of sensitive banking information.
In the post, which was entitled 'federalreserve.gov', the gang explained how the Federal Reserve is structured, and its role in distributing mo
As the 2024 Paris Summer Olympics approach, a sophisticated Russian disinformation campaign is in high gear to sow confusion, undermine the Games, and dissuade spectators from attending. This is according to a new report from the Microsoft Threat Analysis Center (MTAC) that outlines extensive malign influence efforts emanating from Russia-aligned actors. "In just under three months, after traversing more than 3,000 miles across 450 French towns, the Olympic flame will be lit at the Opening Cer
LockbitSupp, the pseudonymous leader of the LockBit ransomware group, was identified as a Russian national called Dmitry Khoroshev on 7 May as the United States, United Kingdom and Australia imposed financial sanctions against him.
A 26-count indictment has been unsealed in the US charging Khoroshev, with developing and operating the LockBit ransomware service. He is accused of growing LockBit “into a massive criminal organization that has, at times, ranked as the most prolific and destructive
Russia, on 24 April 2024, vetoed a UN resolution sponsored by the United States and Japan calling on all nations to prevent a dangerous nuclear arms race in outer space, calling it “a dirty spectacle” that cherry-picks weapons of mass destruction from all other weapons that should also be banned. The vote in the 15-member Security Council was 13 in favor, Russia opposed it, and China abstained. The resolution would have called on all countries not to develop or deploy nuclear arms or other wea
A hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a US public utility becoming a target of foreign cyberattacks. The attack was one of three on small towns in the rural Texas Panhandle. Local officials said the public was not put in any danger and the attempts were reported to federal authorities. “There were 37,000 attempts in four days to log into our firewall,” said Mike Cypert, City Manager
On 16 March 2024, Sentinel Labs identified a suspicious Linux binary uploaded from Ukraine. Initial analysis showed surface similarities with the infamous AcidRain wiper used to disable KA-SAT modems across Europe at the start of the Russian invasion of Ukraine (commonly identified by the ‘Viasat hack’ misnomer). Since our initial finding, no similar samples or variants have been detected or publicly reported until now. This new sample is a confirmed variant called ‘AcidPour’, a wiper with si
The US Department of Justice claims that it has disrupted a botnet controlled by the Russian state-sponsored hacking group Forest Blizzard, also known as Fancy Bear. The Russian hackers' targets include US and foreign governments, military entities, and security and corporate organizations. The FBI operation copied and deleted stolen files and other data from the compromised routers and, working with local Internet service providers, the FBI then informed the owners and operators of the routers.
Cyber security is undergoing a massive transformation, with Artificial intelligence (AI) at the forefront of this change, posing both a threat and an opportunity. AI can potentially empower organizations to defeat cyberattacks at machine speed and drive innovation and efficiency in threat detection, hunting, and incident response. Adversaries can use AI as part of their exploits. It is never been more critical for us to design, deploy, and use AI securely.
The top US intelligence agency has revamped its election security team ahead of the 2024 presidential election, a contest multiple national security leaders have warned could be targeted by foreign adversaries using fast-moving attacks. Jessica Brandt, who previously held a variety of prominent research roles at Washington think tanks, was appointed the first full-fledged director of the Foreign Malign Influence Center in late 2023.
The hub, part of the Office of the Director of National Intell
A Microsoft spokesman reported that the Russian government-backed hacking team that broke into its corporate network and spied on senior executives also stole source code and may still be poking around its internal computer systems. In what is being described as an “ongoing attack,” the world’s largest software maker says it has evidence the hacking group “is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access.” This has inc
CISA Report JCSA-20240227-001
Note: This CISA advisory uses the MITRE ATT&CK® for Enterprise framework, version 14. See the MITRE ATT&CK Tactics and Techniques section for a table of the threat actors’ activity mapped to MITRE ATT&CK tactics and techniques. For assistance with mapping malicious cyber activity to the MITRE ATT&CK framework, see CISA and MITRE ATT&CK’s Best Practices for MITRE ATT&CK Mapping and CISA’s Decider Tool.
Overview - This advisory provides observed tactics, techniques,
Russia has been accused of attempting to inflame divisions in Germany by publishing an intercepted conversation in which Bundeswehr officials discuss the country’s support for Ukraine, particularly around the supply of Taurus cruise missiles.
The 38-minute conversation, which took place on 19 February 2024, was first published on social media platform Telegram by Margarita Simonyan, the editor-in-chief of RT and a sanctioned propagandist, who said the recording had been provided to her by “comra
SentinelLabs and ClearSky Cyber Security have been tracking a propaganda and disinformation campaign since late November 2023, highly likely orchestrated by Doppelgänger, a suspected Russia-aligned influence operation network known for its persistent and aggressive tactics. Initially focusing on disseminating anti-Ukraine content following the onset of the Russo-Ukrainian conflict, Doppelgänger has since broadened its scope, targeting audiences in the US, Israel, Germany, and France.
Analysts o
It is no longer theoretical; the world's major powers are working with large language models to enhance offensive cyber operations. Advanced persistent threats (APTs) aligned with China, Iran, North Korea, and Russia use large language models (LLMs) to enhance their operations. New blog posts from OpenAI and Microsoft reveal that five prominent threat actors have used OpenAI software for research, fraud, and other malicious purposes. After identifying them, OpenAI shuttered all their accounts
Cyber threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited Cross-Site Scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations. According to investigators, these entities are primarily located in Georgia, Poland, and Ukraine and attributed the intrusion set to a threat actor known as Winter Vivern, also known as TA473 and UAC0114. The cybersecurity firm tracks the hacki
An international law enforcement operation has led to the seizure of multiple darknet domains operated by LockBit, one of the most prolific ransomware groups, marking the latest in a long list of digital takedowns. While the full extent of the effort, codenamed Operation Cronos, is presently unknown, visiting the group's ‘.onion’ website displays a seizure banner containing the message "The site is now under the control of law enforcement." Authorities from 11 countries, Australia, Canada, Finl
