Thursday, Mar 27, 2025 // (IG): BB // GITHUB // SN R&D
Ukrainian Hacktivists Disrupt Russian ISP Lovit in Major DDoS Attack
Bottom Line Up Front (BLUF): Ukrainian hacktivist group IT Army claimed responsibility for a large-scale distributed denial-of-service (DDoS) attack on Russian ISP Lovit, disrupting internet access in Moscow and St. Petersburg. The attack is part of a broader pattern of escalating cyber offensives targeting Russia’s critical infrastructure since the 2022 invasion of Ukraine.
Analyst Comments: This DDoS campaign against Lovit demonstrates a continued evolution in Ukraine's cyber doctrine, utilizing global botnets to overwhelm Russia's digital infrastructure. The targeting of ISPs that service civilian housing highlights the blurring of lines between military, civilian, and digital battlegrounds. Given that Lovit operates under a near-monopoly in PIK-developed apartments, the impact on Russian citizens is significant and symbolic. The increasing frequency of hacktivist-led cyber incidents may prompt Russia to bolster its defensive cyber posture and retaliate with offensive cyber operations.
FROM THE MEDIA: Russian cities Moscow and St. Petersburg experienced widespread internet outages beginning Friday, following a massive DDoS attack on the internet service provider Lovit. The attack was attributed to Ukraine's IT Army, a volunteer hacktivist group aligned with Ukrainian interests. According to Russia's internet regulator Roskomnadzor, the DDoS traffic originated from botnets distributed across the U.S., Europe, and even Russia itself. Lovit, which services PIK-built apartment complexes, is working to restore operations. This marks the latest in a string of cyberattacks against Russian ISPs, including Nodex, Rostelecom, Beeline, and MegaFon, some of which have also been hit by Ukrainian groups like the Cyber Alliance and Silent Crow earlier this year.
READ THE STORY: SCWORLD
Signal Leak Raises Alarms Over Classified Info-Sharing by U.S. Intel Chiefs
Bottom Line Up Front (BLUF): During a U.S. House Intelligence Committee hearing, intelligence leaders including DNI Tulsi Gabbard and CIA Director John Ratcliffe denied sharing classified information in a leaked Signal chat about a U.S. military strike. The incident involved an unintended inclusion of a reporter and has sparked bipartisan concern, with calls for further investigation and a potential inspector general probe.
Analyst Comments: The use of Signal—a secure but civilian app—for discussing time-sensitive operational details, reveals blurred boundaries between personal and official communication tools. Although end-to-end encryption offers protection from external interception, internal errors like misdirected access pose significant insider risk. Expect renewed scrutiny on mobile communication policy and auditing of secure channels, especially during active operations.
FROM THE MEDIA: U.S. intelligence officials defended their actions before the House Intelligence Committee amid fallout from a leaked Signal chat about strikes on Iran-backed Houthis. The transcript—published hours before the hearing—revealed military details including timing and aircraft involved. DNI Gabbard confirmed a reporter was mistakenly added to the group by National Security Advisor Mike Waltz, who has taken responsibility. Despite denials of classified data sharing, Rep. Joaquin Castro and others pushed back, asserting the information would be deemed classified if obtained from foreign adversaries. The NSA acknowledged internal cybersecurity advisories on Signal’s risks, while Senate leaders hinted at a pending inspector general review.
READ THE STORY: The Register // The Record
CISA Flags Sitecore RCE Flaws; Active Exploits Target Next.js and DrayTek Devices
Bottom Line Up Front (BLUF): CISA has added two critical deserialization vulnerabilities in Sitecore (CVE-2019-9874, CVE-2019-9875) to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed active exploitation. Simultaneously, researchers are tracking exploit attempts targeting a newly disclosed Next.js flaw (CVE-2025-29927) and DrayTek router vulnerabilities dating back to 2020 and 2021.
Analyst Comments: The exploitation of years-old Sitecore vulnerabilities underscores persistent weaknesses in legacy web applications that remain unpatched in production environments. CVE-2025-29927's impact on Next.js, a widely used web framework, raises significant concerns about authorization bypass in modern apps. The active scanning of DrayTek routers further illustrates the long tail of IoT vulnerability exploitation, especially in countries with weaker patching practices. With attacks originating globally, organizations should audit their exposed services and prioritize patching and segmentation.
FROM THE MEDIA: Sitecore’s AntiCSRF module is being actively exploited. These flaws allow remote code execution via crafted POST requests, with CVE-2019-9874 being exploitable without authentication. Sitecore had previously acknowledged exploitation in a 2020 update. Separately, Akamai and Checkmarx have reported exploit attempts for Next.js CVE‑2025‑29927, an authorization bypass involving abuse of internal request headers. In parallel, GreyNoise detected exploitation of DrayTek router vulnerabilities (CVE-2020-8515, CVE-2021-20123, CVE-2021-20124), with attack traffic traced to the U.S., Indonesia, Hong Kong, and Lithuania.
READ THE STORY: THN
Austria Uncovers Russian Disinformation Network Targeting Ukraine
Bottom Line Up Front (BLUF): Austrian intelligence has exposed a Russian disinformation campaign aimed at spreading false narratives about Ukraine in German-speaking countries. The discovery was made during a probe into a Bulgarian woman accused of espionage. Authorities say she admitted to working for Russian intelligence and played a key role in the operation.
Analyst Comments: Austria, long viewed as a permissive environment for espionage, is increasingly under pressure to counteract state-backed threats. The use of local operatives and grassroots tactics, such as graffiti, further illustrates the layered, low-tech, and decentralized nature of Russian information warfare. Expect to see enhanced counter-disinformation measures and digital policy reform across the EU as governments confront the growing influence of operations in civil society and digital platforms.
FROM THE MEDIA: Officials discovered that the woman, whose name remains undisclosed, had worked as a liaison for Russian intelligence and admitted her role. The network allegedly promoted anti-Ukraine propaganda online and falsely associated far-right imagery with pro-Ukrainian groups. Though prosecutors sought to detain the suspect, she was released by a regional court. The incident adds to mounting evidence that Vienna is a central hub for Russian intelligence activity in Europe, echoing prior revelations tying espionage operations to Jan Marsalek, a fugitive Austrian financier and suspected Russian intermediary.
READ THE STORY: The Record
Notorious Hacker Behind 90+ Data Breaches Arrested After Years of Evasion
Bottom Line Up Front (BLUF): A single cybercriminal, operating under multiple aliases including ALTDOS, DESORDEN, and GHOSTR, has been arrested for orchestrating over 90 data breaches worldwide. The arrest took place on February 26, 2025, in a joint operation by Thai and Singaporean authorities. The attacker primarily exploited vulnerable internet-facing Windows servers and used dark web forums to extort and sell stolen data.
Analyst Comments: This individual’s ability to rebrand and maintain operations under different identities for over four years reflects the agility of modern cybercriminals and the limitations of platform-based deterrents. The use of SQL injection and unsecured web server vulnerabilities emphasizes the importance of continuous patch management and perimeter security. The arrest also demonstrates the growing efficiency of international law enforcement collaboration in tracking cyber threats.
FROM THE MEDIA: Group-IB revealed that the arrested cybercriminal, known by aliases ALTDOS, DESORDEN, GHOSTR, and 0mid16B, was responsible for a series of high-profile data breaches, predominantly targeting Asian companies. The attacker initially surfaced in 2020, demanding a $3 million ransom from a Thai financial institution, and later rebranded multiple times to continue illicit activities. Each alias used similar tactics: compromising web servers, exfiltrating data, and leveraging extortion through threats of public exposure or dark web sales. The hacker utilized platforms such as RaidForums and BreachForums for operations and communication via Tox and Matrix. His arrest in late February ended a multi-year cybercrime spree enabled by evasive tactics and communication opsec.
READ THE STORY: GBhackers
RedCurl Transitions from Espionage to Ransomware with QWCrypt Malware
Bottom Line Up Front (BLUF): RedCurl, a Russian-speaking cyber espionage group active since 2018, has been linked to its first-known ransomware campaign. Romanian firm Bitdefender uncovered the deployment of a new ransomware strain named QWCrypt, marking a strategic shift from RedCurl’s previous intelligence-gathering operations to financially motivated attacks.
Analyst Comments: The group’s use of familiar malware delivery techniques—such as ISO image files and DLL side-loading—combined with new ransomware functionality, suggests a calculated evolution in its toolset. The lack of a dedicated leak site (DLS) and the use of ransom notes mimicking those of LockBit and others suggest either an experimental phase or deliberate misdirection. Organizations should prepare for hybrid threats that combine espionage and extortion tactics.
FROM THE MEDIA: RedCurl (aka Earth Kapre or Red Wolf) was observed using a previously unknown ransomware, QWCrypt, in recent attacks. The group historically relied on spear-phishing campaigns with HR-themed lures to deliver backdoors like RedLoader. The new campaign continued that tradition, using spoofed CVs in ISO files to sideload malicious DLLs through ADNotificationManager.exe. The attack then deployed a second-stage payload using pcalua.exe, establishing persistence and lateral movement before encrypting virtual machines. The ransomware uses Bring Your Own Vulnerable Driver (BYOVD) techniques and drops a ransom note inspired by LockBit and HardBit actors. Bitdefender noted the attack's emphasis on disabling entire virtualized infrastructures but questioned whether the ransom demands were genuine or a smokescreen for deeper infiltration.
READ THE STORY: THN
New York’s Cyber Chief Details State Strategy Against Ransomware and Critical Infrastructure Threats
Bottom Line Up Front (BLUF): Colin Ahern, New York State’s first Chief Cyber Officer, outlines the state's multifaceted approach to countering cyber threats—from proactive regulatory frameworks to shared cybersecurity services for local governments. In a wide-ranging interview, Ahern emphasized the importance of collaboration, resilience, and innovation as ransomware and critical infrastructure threats continue to evolve.
Analyst Comments: New York's cybersecurity model reflects a growing trend toward state-level leadership in digital defense, especially in the face of rising attacks on public services. Ahern’s dual focus on regulation and funding exemplifies a balanced approach—mandating security while financially enabling it. His advocacy for real-time threat visibility, attack surface management, and cloud migration aligns with national best practices. As states increasingly become frontline actors in the cyber landscape, New York’s initiatives could serve as a blueprint for others navigating ransomware risks, healthcare vulnerabilities, and energy grid protection.
FROM THE MEDIA: Colin Ahern, who leads New York’s cybersecurity strategy, shared insights with Recorded Future News on March 26, 2025. His background spans military cyber operations, financial cybersecurity, and roles with NYC Cyber Command. Under Governor Kathy Hochul’s administration, Ahern has expanded statewide efforts including a $500 million tech and cybersecurity grant program and new regulations on energy distributors and general hospitals. He emphasized the need for proactive shared services like attack surface management and endpoint detection across counties. Ahern also warned about the increasing sophistication of cybercriminals and nation-state actors, while expressing optimism about cyber education initiatives in New York schools.
READ THE STORY: The Record
OpenAI Increases Bug Bounty Rewards to $100,000 for Critical Infrastructure Reports
Bottom Line Up Front (BLUF): OpenAI has expanded its Security Bug Bounty Program, now offering up to $100,000 for reports of critical vulnerabilities. This move aligns with its mission to ensure secure AI systems as it progresses toward artificial general intelligence (AGI). In parallel, the company has evolved its Cybersecurity Grant Program, emphasizing areas such as model privacy, AI-driven threat detection, and secure code generation.
Analyst Comments: By significantly increasing the bug bounty ceiling and expanding grant funding areas, the company is signaling its intent to crowdsource innovation and vigilance. This may also set a precedent for other AI firms to follow as AGI development intensifies. The inclusion of agentic security and software patching points to future scenarios where AI models themselves may be targeted as infrastructure.
FROM THE MEDIA: OpenAI's new initiative raises its top bug bounty reward from $20,000 to $100,000 to incentivize the discovery of high-impact vulnerabilities, particularly those affecting critical infrastructure. In addition to monetary rewards, OpenAI’s Cybersecurity Grant Program—already supporting 28 projects—is now open to wider proposal categories like AI-based patching, APT detection, and privacy-resilient AI models. The program also includes microgrants and API credits to help researchers rapidly prototype solutions. To stress-test their systems, OpenAI partnered with SpecterOps for simulated red team exercises. These updates reinforce the company’s long-term commitment to building secure and resilient AI systems.
READ THE STORY: GBhackers
Critical NetApp SnapCenter Flaw Allows Remote Admin Privilege Escalation
Bottom Line Up Front (BLUF): A critical vulnerability in NetApp SnapCenter, tracked as CVE-2025-26512 (CVSS 9.9), allows authenticated users to escalate privileges and gain admin access on remote systems where SnapCenter plug-ins are installed. The issue affects versions prior to 6.0.1P1 and 6.1P1, and no workarounds are available. Organizations are urged to patch immediately.
Analyst Comments: This flaw poses a serious insider threat risk. While the vulnerability requires authentication, many enterprise environments grant broad user access to backup and recovery systems, which could now be leveraged for lateral movement or full system takeover. SnapCenter’s widespread deployment in virtualized and database-heavy environments makes this a high-value target. Although no in-the-wild exploitation has been observed, the lack of mitigations and ease of lateral privilege escalation raises the risk of rapid exploitation once proof-of-concept code emerges.
FROM THE MEDIA: NetApp disclosed CVE-2025-26512, a privilege escalation flaw in its SnapCenter software. If exploited, a legitimate SnapCenter Server user could become an admin on another system where a SnapCenter plug-in is deployed. This issue impacts all SnapCenter versions prior to 6.0.1P1 and 6.1P1, which include the necessary security patches. There is no workaround available. NetApp has not yet observed real-world attacks but urges users to update immediately to prevent potential exploitation.
READ THE STORY: THN
FamousSparrow Deploys New SparrowDoor Backdoor Variants in U.S. and Mexican Cyber Attacks
Bottom Line Up Front (BLUF): Chinese state-linked threat group FamousSparrow has been observed deploying two new versions of its SparrowDoor backdoor, including a modular variant, in targeted cyberattacks against organizations in the U.S. and Mexico. The campaigns also mark the group’s first recorded use of ShadowPad, a malware toolkit commonly shared among Chinese APTs.
Analyst Comments: FamousSparrow’s adoption of ShadowPad signals increased collaboration or convergence with broader Chinese APT infrastructure, such as Earth Estries and Salt Typhoon. The upgraded versions of SparrowDoor, particularly the plugin-based modular variant, show a significant leap in sophistication, enabling asynchronous command execution, keystroke logging, screenshot capture, and RDP hijacking. These developments suggest the group is moving beyond espionage toward broader system control and long-term persistence. Unpatched Windows Server and Exchange systems continue to be high-value entry points for these actors.
FROM THE MEDIA: ESET uncovered a targeted campaign by the FamousSparrow APT group in July 2024. The group compromised a U.S.-based trade group and a Mexican research institute by exploiting vulnerable instances of Windows Server and Exchange Server to drop web shells and execute malicious batch scripts. These led to the installation of two new variants of the SparrowDoor backdoor—one modular and one enhanced for concurrent command handling. The campaign also included ShadowPad, indicating possible collaboration with other Chinese cyber units. The modular backdoor contains nine plugins supporting file transfers, TCP proxying, keylogging, shell sessions, and real-time monitoring. Researchers noted that the attack chain leveraged IIS servers and Base64-encoded .NET web shells to maintain stealth.
READ THE STORY: THN // The Record
CodeQLEAKED: GitHub Supply Chain Vulnerability Exposes Critical CI/CD Weakness
Bottom Line Up Front (BLUF): A vulnerability in GitHub’s CodeQL Actions repository (CVE-2025-24362) could have enabled remote code execution across thousands of dependent repositories. The issue stemmed from an exposed GitHub App token within an artifact, briefly allowing attackers to modify branches and insert malicious code. GitHub confirmed that no exploitation occurred, but the potential for supply chain compromise was severe.
Analyst Comments: Although GitHub acted swiftly, the mere two-second exploitation window underlines how critical even minor lapses can be in automation pipelines. As tools like CodeQL become widely adopted, their security becomes paramount—not just for their integrity but for the ecosystem that relies on them. Developers and DevSecOps teams should prioritize artifact scanning, token expiration controls, and privilege minimization.
FROM THE MEDIA: In January 2025, researchers uncovered a GitHub App installation token hidden within a GitHub Actions artifact for the github/codeql-action
repository. The token, possessing full write permissions, was briefly accessible via a race condition during artifact uploads. Using a Python-based exploit tool (artifact_racer.py
), researchers demonstrated that the token could be harvested and used to push commits within a two-second window. The flaw, now tracked as CVE-2025-24362, posed a significant risk of supply chain attacks, enabling threat actors to inject malicious CodeQL queries or exfiltrate secrets. GitHub acknowledged the vulnerability and patched it following responsible disclosure, reiterating no abuse was detected.
READ THE STORY: GBhackers
Malaysia Rejects $10 Million Ransom After Cyberattack Disrupts Kuala Lumpur Airport
Bottom Line Up Front (BLUF): A cyberattack disrupted systems at Malaysia’s Kuala Lumpur International Airport (KLIA) on March 23, 2025, prompting manual operations for check-in and flight displays. Prime Minister Anwar Ibrahim confirmed that the attackers demanded a $10 million ransom, which the government refused to pay. The responsible group remains unidentified, and no ransomware claim has been publicly made.
Analyst Comments: Malaysia’s firm stance against ransom payments aligns with international best practices but also highlights the critical need for transparent incident reporting and infrastructure resilience. The lack of initial public communication may erode trust, as evidenced by public and political criticism. Moving forward, governments and airport operators must prioritize proactive cybersecurity protocols, including network segmentation, frequent backups, and offline contingency plans.
FROM THE MEDIA: The attackers targeted Malaysia Airports Holdings Berhad (MAHB), which manages most airports in the country, and demanded a $10 million ransom. Prime Minister Anwar Ibrahim publicly rejected the demand, stating the nation would not capitulate to "criminals and traitors." While officials claimed operations at KLIA were unaffected, social media posts and critics noted that manual procedures—like using whiteboards for flight information—were in place for over 10 hours. Malaysia joins a growing list of nations affected by recent ransomware incidents impacting airport systems.
READ THE STORY: The Record
EncryptHub Weaponizes Windows Zero-Day CVE-2025-26633 to Deploy Rhadamanthys and StealC Malware
Bottom Line Up Front (BLUF): A newly patched Windows zero-day vulnerability, CVE-2025-26633, has been exploited in the wild by the threat actor EncryptHub to deliver multiple malware families, including Rhadamanthys, StealC, and custom backdoors. The exploit leverages the Microsoft Management Console (MMC) and a technique dubbed MSC EvilTwin, allowing attackers to silently run malicious .msc
files by abusing the MUIPath feature.
Analyst Comments: The exploitation of MMC’s multilingual file path resolution marks a sophisticated abuse of legacy Windows features, enabling local privilege escalation and stealthy malware execution. EncryptHub’s campaign reflects a multi-pronged strategy, incorporating UAC bypass, custom stealer variants, and the abuse of legitimate software installers. The use of digitally signed MSI files and impersonation of trusted Chinese apps shows the group’s focus on social engineering and evasion. Organizations should urgently patch CVE-2025-26633 and monitor .msc
file behavior across endpoints to detect anomalous execution flows.
FROM THE MEDIA: EncryptHub, a suspected Russian-speaking APT group (also known as Water Gamayun and LARVA-208), has exploited the CVE-2025-26633 zero-day to drop multiple payloads. The flaw, patched earlier this month by Microsoft, involves improper neutralization in MMC, allowing attackers to bypass security controls and execute rogue .msc
files through the MUIPath mechanism. The attack technique, MSC EvilTwin, creates a deceptive file hierarchy to trick MMC into loading the attacker’s version of a configuration file. Researchers also documented secondary evasion strategies, including dropping payloads in mock system paths to bypass User Account Control (UAC). Custom malware variants used in the campaign include EncryptHub Stealer, DarkWisp, and SilentPrism, all of which are components of the broader EncryptRAT toolkit. Initial infection vectors included fake MSI installers that mimicked legitimate Chinese apps, such as DingTalk and QQTalk.
READ THE STORY: THN
Leaked Black Basta Chats Reveal Alleged Ties to Russian Officials, Malware Innovation
Bottom Line Up Front (BLUF): Leaked internal communications from the Black Basta ransomware gang suggest connections to Russian government officials and reveal significant details about the group’s operations, including the use of AI tools and development of new malware. The leaks, covering a full year of activity, provide an unprecedented glimpse into the gang's infrastructure, tactics, and affiliations.
Analyst Comments: If verified, the claims of Russian state facilitation — such as the rapid release of the group’s leader following arrest — bolster suspicions of tacit state approval or protection for certain cybercriminals. Black Basta’s use of ChatGPT for malware development and its investment in custom frameworks like BRUTED and Breaker reflect the increasing operational sophistication of ransomware groups. These revelations also hint at consolidation or collaboration with other groups like Rhysida and CACTUS, possibly signaling ecosystem realignment or rebranding.
FROM THE MEDIA: Cybersecurity firm Trellix has analyzed a trove of over 200,000 chat logs leaked from Black Basta, a prolific ransomware operation active between September 2023 and September 2024. The data, posted on Telegram, claims that group leader Oleg Nefedov was arrested in Armenia but released within days via a “green corridor” allegedly arranged with help from high-level Russian officials. The chats also reveal that Black Basta maintains two offices in Moscow and actively uses AI tools like ChatGPT for coding, debugging, and fraud. The gang has created new custom malware tools, including BRUTED for brute-forcing firewalls and VPNs, and Breaker, a C2 framework for persistence. The logs also suggest collaborative projects with Rhysida and CACTUS, including a new ransomware prototype built on leaked Conti source code — potentially signaling a rebrand or evolution of Black Basta’s threat portfolio.
READ THE STORY: SCWORLD
Jeff Bezos' Honeybee Robotics Tapped to Build Moon Rover for 2028 NASA Mission
Bottom Line Up Front (BLUF): Firefly Aerospace has selected Honeybee Robotics, a subsidiary of Jeff Bezos’ Blue Origin, to supply a lunar rover for a NASA mission targeting the Moon’s mysterious Gruithuisen Domes in 2028. The rover will explore volcanic formations that could hold clues to the Moon’s geological past and potential future human habitation.
Analyst Comments: This collaboration highlights a continued shift in lunar exploration efforts from purely government-driven missions to partnerships with commercial space players. Honeybee Robotics' growing influence, backed by Bezos’ Blue Origin, strengthens Amazon’s stake in lunar logistics and competition with Elon Musk’s SpaceX. The rover’s mission to explore silica-rich domes could have implications for identifying future lunar colony sites, particularly those shielded from radiation. Strategically, the move also positions Bezos’ space ventures more prominently in NASA’s Artemis ecosystem.
FROM THE MEDIA: The domes, located on the Moon’s near side, are of high geological interest due to suspected granite-like compositions—rare on the Moon—indicating past volcanic activity. The rover will navigate the southern edge of the Gruithuisen Gamma Dome, pass through boulder fields, and conduct surface analysis before returning to its lander. This is Firefly’s third lunar mission and follows its successful Blue Ghost Mission 1 in March 2025. Honeybee and Firefly have previously collaborated on the Lunar PlanetVac and subsurface drill technologies deployed earlier this year.
READ THE STORY: The Register
Items of interest
Subsea Sabotage Threatens European Energy Security as Power Interconnectors Targeted
Bottom Line Up Front (BLUF): Subsea power interconnectors—critical to Europe’s cross-border electricity supply—are increasingly at risk of sabotage, with recent incidents in the Baltic Sea raising alarms. The December 2024 disruption of the Estlink 2 cable, allegedly caused by a Russian-linked vessel, underscores the challenges of both attribution and repair, particularly given the shortage of specialized repair vessels.
Analyst Comments: As geopolitical tensions escalate, the vulnerability of undersea infrastructure is emerging as a significant security risk. Unlike fiber optic cables, power interconnectors are more challenging to repair and more expensive to insure, particularly when sabotage is suspected. These outages can result in months-long service disruptions, affecting not only national power grids but also public services and digital infrastructure. As attackers increasingly utilize commercial vessels and employ plausible deniability, nations may need to prioritize subsea cable surveillance, enhance repair fleet readiness, and fortify critical infrastructure against hybrid threats.
FROM THE MEDIA: The Estlink 2 interconnector, which supplies power between Estonia and Finland, was severed on Christmas Day 2024. A vessel under investigation, the oil tanker Eagle S, was allegedly part of Russia’s shadow fleet and may have used its anchor to damage the cable intentionally. Finnish authorities have yet to prove deliberate sabotage, complicating liability and insurance claims. Industry experts warn that power cables are even more challenging to repair than communication lines, with few vessels globally capable of doing the job—resulting in potential downtime of three to nine months. Operators like Fingrid and Elering are now pursuing legal action, but tracking ownership in such cases remains challenging.
READ THE STORY: FT
The Mystery of the Vanishing Undersea Cable (Video)
FROM THE MEDIA: In 2021, a research cable off the coast of Norway was severed. It may have been accidentally snagged by a fishing vessel, but analysts allege it may be part of a wider pattern of Russian sabotage.
Nord Stream Sabotage Sparks NATO Security Response Across Energy Sector (Video)
FROM THE MEDIA: Following the suspected sabotage of the Nord Stream pipelines, European nations and NATO are intensifying security measures to safeguard critical energy infrastructure. The incident has heightened fears of hybrid warfare, particularly from Russia, and triggered a coordinated military and surveillance response across northern Europe.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.