REPORT BREACH
admin

admin

  • Joined: September 10, 2024
  • Articles: 1672

APT31 Linked to Cyberattacks on Air-Gapped Systems in Eastern Europe

August 01, 2023
Cyber Attack / Data Security

A Chinese-affiliated nation-state actor is under suspicion for a series of cyberattacks targeting industrial organizations in Eastern Europe last year, aimed at extracting information from air-gapped systems. Cybersecurity firm Kaspersky has attributed these intrusions with medium to high confidence to the hacking group known as APT31, which is also recognized by the aliases Bronze Vinewood, Judgement Panda, and Violet Typhoon (previously Zirconium). This conclusion is based on shared tactics observed in the attacks. The intrusions involved over 15 different implants and their variants, categorized into three primary functions: establishing persistent remote access, collecting sensitive data, and transmitting the stolen information to infrastructure controlled by the attackers. Notably, one type of implant appeared to be an advanced modular malware, designed to profile removable drives and infect them with a worm to extract data from isolated air-gapped networks.

China’s APT31 Linked to Data Breaches in Eastern Europe’s Industrial Sector In a developing cybersecurity crisis, it has been reported that a state-sponsored hacking group with ties to China has been implicated in a series of targeted attacks on industrial…

Fundamentals of Sustainability Data Management

We Appreciate Your Registration with ISMG Enhance your profile and keep informed Title LevelAnalytics/Architecture/EngineeringAttorney / General Counsel / CounselAVPBoard of DirectorC – levelC Level – OtherCCOCEO / PresidentCFOChairpersonCIOCISO / CSOCISO/CSO/CIOCOOCROCTODirectorEVP / SVP / FVPHeadHealthcare ProfessionalManagerManager / SupervisorPartnerSpecialist/OtherStaffVP–Other Title Level– Job…

Researchers Uncover Cyber Campaign by Space Pirates Targeting Organizations in Russia and Serbia

August 1, 2023
Cyber Attack / Malware

The cyber threat group known as Space Pirates has been implicated in attacks on at least 16 organizations across Russia and Serbia in the past year, utilizing innovative tactics and expanding their cyber arsenal. According to a detailed report from Positive Technologies released last week, the group’s primary objectives remain espionage and the theft of sensitive information, but they have broadened both their targets and geographical reach. The affected entities include government agencies, educational institutions, private security firms, aerospace manufacturers, agricultural producers, and companies in the defense, energy, and healthcare sectors. Space Pirates was initially identified by Positive Technologies in May 2022, specifically for its attacks on the aerospace industry in Russia. The group is believed to have been active since at least late 2019 and is linked to another cyber adversary tracked by Symantec under the name Webworm. Positive Technologies’ investigation into these attacks reveals further insights into the group’s methods and targets.

Space Pirates’ Cyber Operations Targeting Organizations in Russia and Serbia Unveiled In a troubling revelation, researchers from Positive Technologies have identified a series of cyber attacks conducted by a threat actor known as Space Pirates, targeting at least 16 organizations…

Dependency Confusion Attack Targets Archived Apache Cordova App Harness

Apr 23, 2024
Supply Chain Attack / Application Security

Researchers have uncovered a dependency confusion vulnerability affecting the archived Apache project Cordova App Harness. These types of attacks exploit a flaw in package managers that prioritize public repositories over private registries. This allows malicious actors to publish harmful packages under the same name to public repositories, causing package managers to mistakenly download the fraudulent version instead of the intended private one. If executed successfully, this attack can severely impact downstream customers who install the compromised package. A May 2023 analysis conducted by enterprise security firm Orca found that nearly 49% of organizations are at risk of such an attack, as they rely on npm and PyPI packages stored in cloud environments. Although npm and other package managers have introduced fixes to favor private versions of packages, the threat remains significant, according to application security firm Legit Security.

Apache Cordova App Harness Exposed in Dependency Confusion Attack On April 23, 2024, cybersecurity researchers revealed a vulnerability in an archived Apache project known as Cordova App Harness. This security risk arises from dependency confusion attacks, a technique leveraged by…

U.K. Electoral Commission Cyberattack Compromises Voter Data of 40 Million Citizens On August 9, 2023, the U.K. Electoral Commission revealed a “complex” cyberattack that remained undetected for over a year, resulting in unauthorized access to voter data for 40 million individuals. The breach was identified in October 2022 following the detection of suspicious activity, revealing that attackers had first infiltrated the systems in August 2021. This intrusion allowed access to the Commission’s servers, which housed email systems, control infrastructure, and copies of electoral registers for research purposes. The culprits behind the attack have not yet been identified. The compromised registers include names and addresses of U.K. voters who registered between 2014 and 2022, along with details of registered overseas voters; however, data for those registered anonymously and overseas elector addresses were not included.

U.K. Electoral Commission Data Breach Exposes Personal Information of 40 Million Voters On August 8, 2023, the U.K. Electoral Commission revealed that it had fallen victim to a significant cyber attack, a breach that remained undetected for over a year.…