WIRTE Leverages AshenLoader Sideloading to Install the AshTag Espionage Backdoor

An advanced persistent threat APT known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ash...

Cyber Warfare during Operation Sindoor: Malware Campaign Analysis and Detection Framework

Rapid digitization of critical infrastructure has made cyberwarfare one of the important dimensions of modern conflicts. Attacking the critical infrastructure is an attractive pre-emptive proposition for adversaries as it can be done remotely without crossing borders. Such attacks disturb the...

Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities

Cyber Army of Russia Reborn, a group with ties to the Kremlin’s Sandworm unit, is crossing lines even that notorious cyberwarfare unit wouldn’t dare to...

How Cyberattacks Are Transforming Warfare

There is a new battlefield. It is global and challenging to defend. What began with a high-profile incident back in 2007, when Estonia was hit by hackers targeting its government and commercial sector, has evolved into cyber warfare that is being waged constantly worldwide. Today, cyberattacks ha...

Russian Cyberwarfare Documents Leaked

Now this is interesting: Thousands of pages of secret documents reveal how Vulkans engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the...

Reassessing cyberwarfare. Lessons learned in 2022

At this point, it has become cliché to say that nothing in 2022 turned out the way we expected. We left the COVID-19 crisis behind hoping for a long-awaited return to normality and were immediately plunged into the chaos and uncertainty of a twentieth-century-style military conflict that posed...

As State-Backed Cyber Threats Grow, Here's How the World Is Reacting

With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state...

Microsoft Accounts Targeted by Russian-Themed Credential Harvesting

While legitimate concerns abound about the Russian-Ukrainian conflict sparking a far-reaching cyberwarfare conflagration around the globe, small-time crooks are also ramping up their efforts amid the crisis. Phishing emails to Microsoft users warning of Moscow-led account hacking have started to...

Logic Flaw Vulnerability in Mingguo APT Attack (Cyber Warfare) Warning Platform

Hangzhou ACE Information Technology Co., Ltd. is a company that has been focusing on the research, development, production and sales of products in the field of network information security, such as Fortress, Remote Monitoring, Cloud Saas Service, Cloud WAF, Industrial Control, Online Remote Offi...

Unauthorized Access Vulnerability in Mingguo APT Attack (Cyber Warfare) Warning Platform (CNVD-2021-47700)

Hangzhou ACE Information Technology Co., Ltd. is a company that has been focusing on the research, development, production and sales of products in the field of network information security, such as Fortress, Remote Monitoring, Cloud Saas Service, Cloud WAF, Industrial Control, Online Remote Offi...

Unauthorized Access Vulnerability in Mingguo APT Attack (Cyber Warfare) Warning Platform

Hangzhou ACE Information Technology Co., Ltd. is a company that has been focusing on the research, development, production and sales of products in the field of network information security, such as Fortress, Remote Monitoring, Cloud Saas Service, Cloud WAF, Industrial Control, Online Remote Offi...

Vulnerabilities in Weapons Systems

"If you think any of these systems are going to work as expected in wartime, youre fooling yourself." That was Bruces response at a conference hosted by US Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the Internet. That...

Defending Against State and State-Sponsored Threat Actors

Security threats from states and state-sponsored actors have been around since before the field of cybersecurity was defined. They have now evolved to cyberspace, and present unique challenges for defenders. While there are fundamental differences between activist and criminal activity, and those...

Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe

More than 100 smart-irrigation systems deployed across the globe were installed without changing the factory’s default, passwordless setting, leaving them vulnerable to malicious attacks, according to recent findings from Israeli security research firm Security Joes. The researchers immediately...

What Now? Facing Cyber Threats to Infrastructure in the Aftermath of Global Political Conflicts

In January 2020, the US Department of Homeland Security issued a National Terrorism Advisory Alert warning American targets that the Iranian government may carry out physical or cyber attacks in retaliation for the US strike that killed Iranian IRGC-Quds Force commander Qassem Soleimani in Iraq...

Fake News and Influence: Information Warfare in the Digital Age

It’s 2019 and we live in a world where understanding what is real and what is fake can be challenging. For the security community, we increasingly deal with information warfare adversaries that rely on that fact; and, operating at internet scale, are capable of causing plenty of havoc...

Where's the Equifax Data? Does It Matter?

It’s been 17 months since the infamous 2017 Equifax data breach was revealed to have compromised the data of about 147.9 million people i.e., almost every adult in the U.S., with more than 45 percent of the population directly affected by the incident. But an investigative report from CNBC found...

Understanding TRITON and the Missing Final Stage of the Attack

In December 2017 it was reported that a Middle Eastern oil and gas petrochemical facility had undergone a safety system shutdown as the result of a malware attack. The malware, named TRITON also TRISIS or HatMan exceeded other industrial cyberattacks because it directly interacted with and...

June 30, 2017 – Morning Cyber Coffee Headlines – “Victor Hugo” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! June 30, 2017 - Headlines Carbon Black in the News: Carbon Black Seizes The...

Setting Expectations Between States on Cyberwar

A a panel of security experts at the RSA Conference on Wednesday said there is a lack of agreement on a definition of cyberwarfare and of the tools used to fight them. “Words matter and it’s important to have definitions. But one of the challenges is the pace of innovation gets in front of doctri...