Tag Archive for: Targets

Dangerous New ICS Malware Targets Orgs in Russia and Ukraine

/in


Two dangerous malware tools targeted at industrial control systems (ICS) and operating technology (OT) environments in Europe are the latest manifestations of the cyber fallout from the war in Ukraine.

One of the tools, dubbed “Kapeka,” appears linked to Sandworm, a prolific Russian state-backed threat actor that Google’s Mandiant security group this week described as the country’s primary cyberattack unit in Ukraine. Security researchers from Finland-based WithSecure spotted the backdoor featured in 2023 attacks against an Estonian logistics company and other targets in Eastern Europe and perceive it as an active and ongoing threat.

Destructive Malware

The other malware — somewhat colorfully dubbed Fuxnet — is a tool that Ukraine government-backed threat group Blackjack likely used in a recent, destructive attack against Moskollector, a company that maintains a large network of sensors for monitoring Moscow’s sewage system. The attackers used Fuxnet to successfully brick what they claimed was a total of 1,700 sensor-gateways on Moskollector’s network and in the process disabled some 87,000 sensors connected to these gateways.

“The main functionality of the Fuxnet ICS malware was corrupting and blocking access to sensor gateways, and trying to corrupt the physical sensors as well,” says Sharon Brizinov, director of vulnerability research at ICS security firm Claroty, which recently investigated Blackjack’s attack. As a result of the attack, Moskollector will likely have to physically reach each of the thousands of affected devices and replace them individually, Brizinov says. “To restore [Moskollector’s] ability of monitoring and operating the sewage system all around Moscow, they will need to procure and reset the entire system.”

Kapeka and Fuxnet are examples of the broader cyber fallout from the conflict between Russia and Ukraine. Since the war between the two countries started in February 2022 — and even well before that — hacker groups from both sides developed and used a range of malware tools against each other. Many of the tools, including wipers and ransomware, have been destructive or disruptive in nature and mainly targeted critical infrastructure, ICS, and OT…

Source…

Medicaid, SNAP Could Become Key Cyber Attack Targets

/in


In the future, cyber warfare is increasingly likely to target federal services that help everyday residents meet their basic needs, per a new report.

The report, which is authored by researchers from the Center for Strategic and International Studies, points out that traditionally, cyber defense has focused on sensitive military and intelligence infrastructure. But that may be changing, according to their research, which involved tabletop exercises with cyber and foreign policy experts, as well as a public survey.

Adversary nations and non-state actors — such as cyber criminals, political extremists and “lone wolf” actors — may all seek to use cyber attacks to “destabilize” the federal government. Disrupting essential food and medical assistance services like SNAP and Medicaid could spark chaos and distrust in the federal government’s abilities. This could exacerbate polarization and make residents more open to believing misinformation and disinformation, cyber and foreign policy experts told the researchers.


Such attacks would be extra impactful if timed to strike during sensitive political moments, such as elections or foreign policy crises.

Attackers might also try to cause panic and economic disruption by hitting federal economic supports, like the Small Business Administration’s small and medium-sized business grant programs. They could also try to hack and manipulate federal economic data to create confusion in financial markets.

“Experts saw federal agencies that support economic activity as being most susceptible to cascading effects, with even small intrusions creating fear and panic likely to undermine trust and confidence in the federal government,” the report reads.

Experts also predicted that non-state actors would want to enhance polarization by hacking into public health research. Based on that research, attackers could then spread public health misinformation and disinformation. The resulting confusion would likely cause the public to doubt government health decisions and question the administration itself. Attackers could also try to deliberately deepen existing social divisions on…

Source…

Shifting Targets of Cyberattacks from Governments to Big Tech

/in


  • In recent months, bad actors seem to be modifying their modus operandi. State-sponsored cyber attackers were expected to target governments primarily, particularly owing to growing global tensions; cyberattacks have increasingly shifted their focus toward big tech companies.
  • This shift highlights changes in the global geopolitical landscape and emphasizes the vital role of technology in modern society. Understanding the change and its implications is critical to devising and implementing effective strategies to minimize cyber threats.

The evolving threat landscape

Historically, cyber warfare has largely targeted government assets, with threat actors sabotaging sensitive data, critical infrastructure, and strategic assets. Cyber espionage and sabotage have often been conducted by state-sponsored actors whose objectives were primarily aligned with military, political, or economic gains. The Stuxnet worm, which is believed to be developed jointly by the United States and Israel, targeting Iran’s nuclear program, is one such example.

However, as technology has become increasingly intertwined with all aspects of modern life, the landscape of cyber threats has also experienced an evolution. Tech companies possess massive repositories of valuable information, including financial records, personal information, trade secrets and other intellectual property.

These businesses have become critical to the global economy and have a substantial influence on multiple areas of specialization. This makes them attractive targets for cybercriminals seeking geopolitical advantage, pushing ideological motives, or financial gain.

See More: 5 Serious Repercussions of Targeted Cyberattacks on Business Leaders

Factors that make tech companies a target

One of the key reasons behind the shift in targets is the value of the data held by big tech companies. With the rapid spread of cloud computing and digital services, companies like Facebook, Google, Microsoft and Amazon have collected massive volumes of data ranging from behavioral patterns and user preferences to proprietary algorithms and sensitive corporate data that have become a very lucrative target for cybercriminals.

In the last year…

Source…

UK, Czech ministers among China’s hacking targets – POLITICO

/in


Among the targets of the attacks: British Minister for Europe Nusrat Ghani, an IPAC member at the time of the attacks who was appointed in her role as minister on Tuesday, and Czech Foreign Minister Jan Lipavský, also a member of the group.

“This just proves the assessment in our Security Strategy, which states that the rising assertiveness of China is a systemic challenge that needs to be dealt with in coordination with our trans-Atlantic allies,” Lipavský told POLITICO in a comment. The cyberattacks took place about a year before Lipavský became a minister.

Ghani, while a parliament backbencher in 2021, told the U.K. parliament in July 2021 that China hacked IPAC accounts and called on the government to act swiftly. The U.S. indictment says China targeted 43 U.K. parliamentary accounts, most of whom were members of IPAC.

Invited to respond, Ghani did not dismiss she was among the group of politicians that was targeted by the campaign. The Foreign, Commonwealth and Development Office did not provide a comment in time for publication.

U.S. prosecutors said in their indictment that the Chinese hacking group had conducted cyberattacks on American political and state officials since at least 2015, including by posing as prominent American journalists to trick victims into clicking links that extract information on their whereabouts and digital devices.

The hackers used more harmful software tools in other campaigns targeted at the U.S.; the indictment did not say these tools were used against European targets in the 2021 email campaign targeted at IPAC members.

Source…