Tag: cyber espionage
3,500 Cybercriminals Arrested by Law Enforcement – December 21st
Over 3,500 cybercriminals were arrested and $300M worth of assets were seized by Europol, the South Korean government, along with cooperation from law enforcement agencies from 34 countries on a large-scale sting operation labeled "HAECHI IV". The operation spanning from July to December 2023, targeted predominantly email, e-commerce, and investment cyber fraudsters.
US aerospace company hit by cyber-attack
An unknown threat actor has breached an as-yet-unnamed US aerospace company. According to BlackBerry, who first highlighted the attack, the threat actor’s weaponization of a phishing attack became operational around September 2022, with the offensive phase of the attack occurring almost a year later in July of this year. The cybercriminals responsible, whom BlackBerry has christened “AeroBlade,” are believed to have used the intervening nine months to develop the additional resources necessary to ensure access to the aerospace company’s systems to exfiltrate potentially highly valuable information - pointing to a high degree of professionalism and persistence on the part of the attacker.
Nuclear facility reportedly hacked by Russia and China
In what is an urgent and stark warning to nuclear facilities around the world, UK nuclear facility Sellafield, formerly called Windscale, is reported to have been hacked by groups linked to China and Russia. The 70-year-old sprawling six-square-kilometre facility, located on the North-West coast of England, holds the planet's largest store of plutonium as a result of processing nuclear waste from decades of atomic power generation and weapons programs. The UK authorities do not know exactly when the hack originally occurred, according to The Guardian newspaper, although breaches are said to have been detected as long ago as 2015, when sleeper malware, used to attack systems remotely and at will over a long period, was found to have been embedded. In what amounts to a national scandal for the UK, it is still not yet known if the malware has actually been eradicated.
Storm gathers over the cloud
News of the mass exploitation of ownCloud customers as a result of a zero-day vulnerability follows revelations earlier this month of a critical security vulnerability in Microsoft’s Azure cloud platform. Reports of gaping security flaws in cloud services come at a bad time for cloud service providers in general and Microsoft in particular. The Seattle-based computing giant is currently doing its utmost to persuade the US, UK, and Australian governments that its Azure Government Cloud is the best way for the AUKUS trio to securely update cross-border information and enhance mutual collaboration. This might prove problematic for Microsoft, whose Azure platform was recently proven to have a critical vulnerability, and some of whose government clients suffered a series of serious breaches earlier this year.
Behind the Navy’s First Cyber Strategy – December 1st
To improve cybersecurity readiness, the U.S. Navy launched its first cybersecurity strategy. The 14-page Navy cyber strategy outlined cybersecurity as a core competency in modern warfare and highlighted the importance of protecting the information environment.
Pittsburgh-area Water Authority Hit by Cyber Attack – November 28th
The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend. According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as "Cyber Av3ngers". This nation-state cyberattack is not the first to disrupt critical water infrastructure.
Chip war with China heats up
As the Biden administration prepares to impose further limits on China’s access to leading-edge chip technology, news has broken over the weekend that Chinese hackers have been siphoning off some of Europe’s ground-breaking chip technology for years. The infamous Chinese hacker group Chimera, had access to the network of Dutch semiconductor giant NXP, for over two years, from late 2017 to the beginning of 2020. The hackers, believed to be backed by the Chinese Communist Party (CCP), are understood to have consistently stolen intellectual property, including, crucially, the company’s cutting-edge chip designs. According to sources close to the situation, the full extent of the threat has still to be disclosed.
UK and US Develop Global AI Security Guidelines – November 27th
The UK's National Cyber Security Center (NCSC), in partnership with the US's Cybersecurity and Infrastructure Security Agency (CISA) launched the 'Guidelines for Secure AI System Development'. The guidelines are set to secure AI system development, to help developers make informed cybersecurity decisions at every step of the AI development process. These AI guidelines were also co-signed in cooperation with 21 other international agencies and ministries from across the world.
EU Cybersecurity Drill Tests Readiness for 2024 Elections – November 22nd
In preparation for the 2024 elections, the European Parliament's services, the European Commission, and the EU Agency for Cybersecurity conducted a cybersecurity exercise. The drill, held in the European Parliament, involved national and EU partners testing crisis plans and responses to potential cybersecurity incidents. Representatives from electoral and cybersecurity authorities participated, aiming to enhance their capacity to address cybersecurity issues and update protocols for securing election technology. The exercise addressed risks such as information manipulation and cyber-attacks, crucial for safeguarding the integrity of the upcoming European Parliament election scheduled for June 6-9, 2024.
97% of Consumers Predict More Cyberattacks – November 15th
ThreatX revealed in their latest research that 97% of consumers expect more cyberattacks this coming year. The ThreatX research also indicates that 69% of consumers predict these cyberattacks to become more complex, while only 13% believe they will be protected from cyberattacks.
EU and Ukraine Partner to Boost Cybersecurity – November 14th
The European Union Agency for Cybersecurity (ENISA) signed a Working Agreement with Ukraine’s Administration of the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) to boost cybersecurity efforts. The Working Agreement signed by ENISA and SSSCIP will focus on the EU supporting Ukraine in its efforts to protect itself from geopolitically-fueled cyber attacks from Russian threat actors through improving critical infrastructure, cybersecurity skills, and capacity building.
Global AI summit mired in controversy
The UK-hosted Artificial Intelligence (AI) Safety Summit due to take place on Wednesday and Thursday this week, attended by world leaders and AI experts, is set to become the focus of a widening global debate on the dangers of AI. Last Thursday, UK Prime Minister Rishi Sunak set out the agenda for the discussion, coming down heavily on the side of the AI doom-mongers, who once again are warning that AI poses an existential threat to humanity itself.