All articles tagged with #cyber attacks
A series of cable-cutting incidents in the Baltic Sea has raised concerns about sabotage amid heightened geopolitical tensions involving the US and Russia, with fears of covert tactics and cyber-attacks in the region.
The EU Council has imposed sanctions on 12 individuals and 2 entities linked to Russia's hybrid activities, including information manipulation and cyber attacks against the EU and its allies, as part of ongoing measures to counter destabilizing actions by Russia. These measures include asset freezes and travel bans, targeting Russian military and cyber groups involved in disinformation and cyber warfare, with the sanctions regime in place until October 2026.
The US Department of Homeland Security has issued a warning of a heightened threat environment in the US following US military strikes on Iran's nuclear sites, citing potential low-level cyber attacks and increased risk of violence, amid rising tensions in the Middle East and recent incidents of antisemitism and anti-Muslim prejudice in the US.
Romania's constitutional court has annulled the first round of the 2024 presidential election, which was narrowly won by far-right candidate Calin Georgescu, due to allegations of Russian interference. The decision, based on ensuring electoral integrity, cancels the planned runoff against centrist Elena Lasconi and requires a restart of the electoral process. This follows reports of Russian cyber attacks and manipulation on social media, raising concerns from the US about Romania's political direction and its implications for Western alliances.
Romania's intelligence service has uncovered a major election interference campaign involving TikTok and cyber-attacks, allegedly coordinated by a state-sponsored actor, possibly Russia. Far-right candidate Calin Georgescu's unexpected rise in the presidential race is attributed to a sophisticated social media campaign, with significant funds spent on promoting him without disclosure. The revelations, released by outgoing President Klaus Iohannis, come just before the second round of voting, raising concerns about election integrity. Russia denies involvement, while investigations continue.
Approximately 2,000 Palo Alto Networks firewalls have been compromised due to two newly discovered vulnerabilities, CVE-2024-0012 and CVE-2024-9474, which allow attackers to gain unauthorized access and root privileges. Despite a decrease in internet-exposed interfaces, the Shadowserver Foundation reports significant exploitation, primarily in the US and India. Palo Alto Networks has released patches and shared indicators of compromise to help mitigate the threat, while emphasizing that most customers follow best practices to secure their systems.
Cybersecurity firm eSentire reports that fake browser updates are being used to distribute BitRAT and Lumma Stealer malware. These attacks involve redirecting users to bogus update pages, downloading malicious files from Discord, and executing PowerShell scripts to install the malware. The use of trusted names and platforms like Discord enhances the reach and impact of these attacks. Lumma Stealer has become one of the most prevalent information stealers, with a significant increase in logs listed for sale. Other campaigns also use similar tactics to distribute various malware.
Hackers are targeting Check Point Remote Access VPN devices to breach enterprise networks by exploiting old local accounts with insecure password-only authentication. Check Point advises customers to enhance security by using certificate authentication or deleting vulnerable accounts. A hotfix has been released to block weak password-only authentication. This follows similar attacks on Cisco VPN devices, highlighting a broader trend of VPN-targeted cyber threats.
Cisco's Talos security team has issued a warning about a widespread credential compromise campaign targeting VPNs, SSH, and web applications, with attacks originating from nearly 4,000 IP addresses. The attacks involve both generic and specific usernames, and the IP addresses appear to come from anonymizing tunnels and proxies. The campaign is indiscriminate and opportunistic, posing risks of unauthorized network access, account lockouts, and denial-of-service conditions. Cisco has provided a list of recommendations for preventing these attacks and has added the IP addresses to a block list for its VPN offerings.
FBI Director Christopher Wray warns that Russia and China are targeting critical infrastructure in the United States through cyber campaigns, with Russia conducting reconnaissance on the U.S. energy sector. The Justice Department has disrupted a long-running Russian cyberespionage campaign, and U.S. officials have warned nearly 100 countries about Russian intelligence efforts to destabilize democracies. Russia is also accused of amplifying doubts about the legitimacy of vote-counting and elections, with concerns about their success in sowing doubts about democracy.
Apple users have been targeted in phishing attacks involving a bug in Apple’s password reset feature, inundating devices with prompts to approve a password change or login. Scammers then call the victim posing as Apple support, aiming to obtain a one-time code to reset the password and lock the user out. The attackers also exploit the knowledge of the target’s phone number on file. Despite attempts to mitigate the issue, including enabling a recovery key, the unbidden system alerts persist. Concerns have been raised about a potential bug in Apple's rate limiting system, allowing for the rapid generation of these password reset requests.
Analysts warn of increasing cyber-attacks linked to Chinese intelligence agencies, with the UK and US accusing hacking group APT 31, backed by China’s government spy agency, of conducting a years-long cyber-attack campaign. The UK and US governments announced sanctions against linked Chinese companies and individuals, while New Zealand raised concerns about Chinese involvement in an attack targeting its parliamentary entities. Western governments are becoming more vocal in naming China as the perpetrator, as cyber-attacks are seen as part of China’s greyzone activity and a shift towards warfare preparation.
APT28, a Russia-linked threat actor, has been conducting widespread phishing campaigns targeting organizations in Europe, the Americas, and Asia by using lure documents imitating government and non-governmental entities. The group, also known as ITG05, has been deploying various malware such as MASEPIE, OCEANMAP, and STEELHOOK to exfiltrate files, run arbitrary commands, and steal browser data. They have been leveraging security flaws in Microsoft Outlook and the "search-ms:" URI protocol handler in Microsoft Windows to trick victims into downloading malware. Additionally, they have been using compromised Ubiquiti routers to host their servers. The phishing attacks impersonate entities from multiple countries and utilize a mix of authentic publicly available government and non-government lure documents to activate the infection chains.
The online site of the criminal gang LockBit, known for organizing ransomware cyber attacks, has been taken over by law enforcement, including the National Crime Agency of the UK, the FBI, and international law enforcement task force 'Operation Cronos'. The UK's National Cyber Security Centre has previously warned about the enduring threat posed by LockBit, which has been involved in high-profile hackings and is known for stealing sensitive data and demanding ransom. LockBit's eponymous software was the most deployed ransomware variant in 2022 and continues to be prolific in 2023.
FBI director Christopher Wray warned at the Munich security conference that China's cyber attacks on US critical infrastructure have reached a scale greater than previously seen, posing a significant threat to national security. The Chinese hacking network, Volt Typhoon, has infiltrated more than 20 major US suppliers, including a water utility in Hawaii and a West Coast port, bypassing cybersecurity systems and leaving strategic vulnerabilities. Analysts believe China has shifted its cyber strategy from intelligence-gathering to infiltration, with a focus on pre-positioning offensive weapons within critical infrastructure for potential disruption or destruction in the event of a conflict.