Spyware galore!
Apologies for the delay, but here are our updates: Russia-linked APTs like PathWiper have intensified destructive attacks on Ukraine’s critical infrastructure, while groups such as Librarian Ghouls conduct data theft and cryptomining operations within Russia. Globally, cyber policies are shifting: the US refocuses on AI, secure software, and supply chain security, while Europe advances a digital strategy to boost technological sovereignty. Cyber incidents impact North Korea, Google accounts, and European defense firms. Research highlights risks from reliance on Western technology during conflicts. Meanwhile, interest grows in smart care robots, and retro tech enthusiasts celebrate a postage stamp-sized Atari 800.
Cyber Conflict
A Russia-linked APT named PathWiper has targeted Ukraine’s critical infrastructure, erasing data and disabling essential systems (link). In reverse, a group, called Librarian Ghouls, has been targeting organizations in Russia with nighttime attacks. The group leverages tools to steal data and install cryptominers (link)
German defense company, Rheinmetall, has reportedly experienced a cyberattack with the leak of internal data. The group named Babuk2 claimed to have obtained 750GB of data (link)
Deep dive into APT 41: The Chinese state-sponsored threat actor known for conducting both espionage and financially motivated cyberattacks. The notable thing: they use Google Calendar for command and control (link). Meanwhile, the U.S. government warns of Chinese hacking campaigns targeting Americans’ texts and phone conversations (link). But there is more: SentinelOne revealed that Chinese threat actors conducted a year-long reconnaissance campaign against its network and those of over 70 organizations (link)
Let's talk spyware: Security firm iVerify reported that high-value individuals in the EU and US experienced iMessage crashes on their iPhones, which they believe were caused by sophisticated zero-click attacks targeting an iOS vulnerability (link). Cellebrite buys Corellium for 170 million dollars to aid authorities in unlocking encrypted phones. Corellium provides virtual instances of iOS and Android systems for researchers to find bugs and vulnerabilities (link).
Cyber Policy around the world
Semiconductors: Huawei’s founder Ren Zhengfei has acknowledged that Huawei’s semiconductor design capabilities are at least a generation behind leading U.S. chipmakers. China’s main challenge in developing advanced semiconductors is cultivating talent (link). But, the situation is different with drone technology: China’s advancements in drone technology is experiencing an innovation and manufacturing boom in drone weaponry (link)
The White House issued a cybersecurity executive order that reverses some priorities set by the Biden and Obama administrations. The order limits cyber sanctions, terminates a digital ID program, and refocuses government cyber activities towards enabling AI, promoting secure software design, and shoring up the software supply chain and IoT cybersecurity (link)
European leaders have announced the international Digital Strategy to boost the EU’s tech competitiveness. The strategy focuses on areas like AI, quantum computing and cybersecurity and also addressing concerns over dependency on US cloud providers and geopolitical instability. Good sign, but words are cheap. Let's see the funds (link). Meanwhile. SAP-CEO Christian Klein expressed skepticism about Europe’s effort to build cloud datacenters to compete with US hyperscalers. He believes Europe should focus on applying AI and intelligent software to produce better products and run more efficient supply chains instead (link)
News from the UK: The Strategic Defence Review outlines a new approach to military warfare, integrating cyber, AI, and electromagnetic capabilities across domains (link)
That’s hard to digest: the FAA (Federal Aviation Administration) uses outdated technology in its air traffic control system, including floppy disks and paper strips (link)
IT-Security News
A cyberattack in North Korea? Nordkorea’s internet infrastructure experienced a significant outage, but the cause was likely internal, rather than an external cyberattack. This affects all connections that enter the country via China and Russia (link)
Google accounts at risk: a vulnerability in Google’s account recovery could have allowed attackers to brute-force phone numbers linked to the accounts (link)
Your IoT camera can be used for espionage, mapping blind sports and gleaning trade secrets. Researchers found 40,000 vulnerable internet-connected cameras worldwide (link)
OpenAI banned several ChatGPT accounts used by Russian, and Chinese hacking groups for malware development, social media automation, and research about U.S.satellite communications technologies (link)
A cybercriminal group called, Arkana Security, recently listed Ticketmaster data for sale and claiming it was new data taken from the recent Snowflake attacks (link)
Panda Typhoon? Microsoft and CrowdStrike have collaborated to align threat actor taxonomies and create a joint threat actor mapping system. Finally!!! (link)
Kaspersky study looks at how cybercriminals use games, TV shows, and anime to target Gen Z (link)
Research
A commentary on how Russian military apps are exploiting the open infrastructure of Western technology. This reliance on Western infrastructure exposes a gap in how open tech infrastructure is governed during wartime. This article raises the moral and strategic dilemma of whether cloud providers should be considered neutral infrastructure during war (link)
The odd Bit
Never believed that this would happen: an engineer created a post stamp-sized version of the Atari 800 from the 1980s (link)
Have a nice Weekend!