Daily Drop (829): | UKA: Cyber OPs | IC: TikTok | Shipping: Cyber | FRA: Railway | RU: YouTube | Missile Crisis | UKA: Drones | FRA: Cyber OPs | OT & ICS | FBI: DPRK | RU: MS Infra | CN: Cyberspace ID
07-28-24
Sunday, Jul 28 2024 // (IG): BB // ShadowNews // Coffee for Bob
Measures of Effectiveness (MoE):
MoEs are used to assess how well a system or operation achieves its intended goals. They are qualitative or quantitative metrics that reflect the success of achieving desired outcomes. For example, in a cybersecurity context, an MoE could be the reduction in successful cyber-attacks after implementing new security protocols.
Results: We are seeing an uptick in “163.com”, “189.com” and “QQ” subscribers.
Russia-Backed Brute-Force Campaign Targets Microsoft Infrastructure in EU
Bottom Line Up Front (BLUF): The European Union is experiencing a significant surge in cyberattacks from Russia, targeting Microsoft infrastructure in Belgium and the Netherlands. These brute-force attacks exploit non-administrative accounts and weak credentials, leveraging compromised IP addresses from Moscow, Amsterdam, and Brussels.
Analyst Comments: The recent wave of cyberattacks underscores the evolving threat landscape, where state-sponsored actors use sophisticated techniques to bypass security measures. Russia’s use of brute-force attacks on EU infrastructure highlights the critical need for robust cybersecurity defenses and international cooperation. The exploitation of trusted European Microsoft infrastructure and compromised Indian telecom resources adds complexity to the cybersecurity challenge. Enhanced IAM practices and MFA implementation are essential for mitigating these threats.
FROM THE MEDIA: The EU is facing an influx of cyberattacks primarily originating from Russia, with a focus on Microsoft infrastructure in Belgium and the Netherlands. Heimdal Security reports that over half of the attack IPs are linked to Moscow, targeting non-administrative accounts for lateral movement within networks. These attacks use methods like password guessing and exploiting weak credentials, with compromised IPs facilitating the assaults. Key techniques include SMBv1 Crawler (32% of attacks), RDP Crawler (27%), and RDP Alt Port Crawler (8%), exploiting weak credentials on non-standard ports. Major ISPs and Indian telecom resources have also been implicated, indicating a sophisticated setup blending direct Kremlin involvement with infiltration of European infrastructure.
READ THE STORY: Security Boulevard
Ukraine's Cyber Operation Shuts Down ATM Services of Major Russian Banks
Bottom Line Up Front (BLUF): Ukraine has executed a significant cyber operation that disrupted the ATM services of major Russian banks, affecting payment systems, and mobile applications, and blocking debit and credit cards. This attack is part of the broader cyber conflict between Ukraine and Russia.
Analyst Comments: This operation represents a notable escalation in the cyber warfare tactics employed in the ongoing conflict between Russia and Ukraine. The targeting of financial institutions highlights the strategic importance of economic disruption as a tool in cyber warfare. Historically, such attacks aim to undermine public confidence in financial systems and can have far-reaching consequences on a nation's economy. The comprehensive nature of this attack, affecting multiple major banks and service providers, indicates a high level of sophistication and coordination by Ukrainian cyber forces.
FROM THE MEDIA: Ukraine's massive cyber operation began on July 23 and has since disrupted the ATM services of major Russian banks, including Dom.RF, VTB Bank, Alfa-Bank, Sberbank, Raiffeisen Bank, RSHB Bank, Rosbank, Gazprombank, Tinkoff Bank, and iBank. The attack, which also affected bank payment systems and mobile applications, is ongoing and described as gaining momentum. Ukrainian intelligence confirmed that the operation aims to counter Russian financial support for its armed aggression. The cyberattack extended to disrupting services from Russian mobile and internet providers Beeline, MegaFon, Tele2, and Rostelecom, as well as popular online messengers and social networks. This comprehensive disruption reflects a strategic effort to significantly impair Russian financial and communication infrastructures.
READ THE STORY: Security Affairs
U.S. Intelligence Community Discovers TikTok Censored for China
Bottom Line Up Front (BLUF): The U.S. intelligence community revealed that TikTok, under its Chinese parent company ByteDance, censored content at the behest of the Chinese government. This discovery, detailed in a Justice Department court filing, forms part of an ongoing effort by the U.S. government to compel ByteDance to divest TikTok.
Analyst Comments: This revelation heightens concerns about TikTok's potential role as a tool for Chinese influence and espionage. Historically, the intersection of technology and national security has been contentious, and this case underscores the complexities of safeguarding economic and informational sovereignty in the digital age. The U.S. government's push for divestment highlights its strategy to mitigate risks associated with foreign control over influential tech platforms.
FROM THE MEDIA: The U.S. Court of Appeals for the District of Columbia received a filing from the Justice Department, revealing that TikTok censored content on behalf of the Chinese government. Casey Blackburn from the Office of the Director of National Intelligence provided evidence that ByteDance and TikTok complied with Chinese government censorship demands. The filing, heavily redacted, hints at broader concerns regarding national security threats posed by ByteDance’s control over TikTok, including potential blackmail, coercion, and identification of U.S. intelligence officers. TikTok, however, disputes these claims, arguing that the U.S. government lacks proof and that the actions infringe on constitutional rights. This legal battle is a critical test of the U.S. government's measures against perceived threats from Chinese tech companies.
READ THE STORY: The Washington Times
China Proposes National 'Cyberspace ID' System
Bottom Line Up Front (BLUF): China has proposed a national 'cyberspace ID' system to streamline online identity verification and protect personal information. This ID would replace the current practice of ISPs and social services keeping individual records, aiming to centralize data management under government control.
Analyst Comments: The introduction of a national cyberspace ID in China represents a significant shift towards tighter state control over online activities. While it promises enhanced data security and reduced duplication of personal information collection by ISPs, it also raises concerns about privacy and the potential for increased state surveillance. Historical issues with similar systems in India and Japan highlight the risks of data breaches and privacy violations, underscoring the need for robust security measures.
FROM THE MEDIA: Beijing has proposed the issuance of 'cyberspace IDs' to Chinese citizens to regulate online identity verification and protect personal data. Managed by the Ministry of Public Security and the Cyberspace Administration of China, this system aims to eliminate the need for real-life personal information collection by ISPs. The IDs, comprising encrypted alphanumeric codes and online credentials, would link to citizens' real identities without plaintext details. The initiative is intended to reduce excessive data collection by private entities and enhance personal data security. However, concerns about privacy and free speech remain, given China's stringent real-name registration laws for internet use. Past experiences in India and Japan with similar national ID systems, such as Aadhar and MyNumber, have shown vulnerabilities to data breaches, raising questions about the security and implementation of China's proposed cyberspace ID.
READ THE STORY: The Register
Cyber Attacks on Shipping Rise Amid Geopolitical Tensions
Bottom Line Up Front (BLUF): The shipping industry faces an alarming increase in cyberattacks, driven by geopolitical tensions. With state-sponsored hackers primarily from Russia, China, North Korea, and Iran, the sector is under unprecedented digital threat.
Analyst Comments: The surge in cyberattacks on the maritime industry reflects the evolving nature of geopolitical conflicts, where digital warfare complements traditional military strategies. Historically, the industry has focused on physical threats like piracy; however, the growing reliance on digital systems has created new vulnerabilities. The incidents highlight the urgent need for enhanced cybersecurity measures and investment in IT infrastructure within the maritime sector to safeguard global trade routes.
FROM THE MEDIA: Research from NHL Stenden University of Applied Sciences reveals a significant rise in cyber incidents targeting the shipping industry, with at least 64 incidents in 2023 compared to just three in 2013. The majority of these attacks have been linked to state actors from Russia, China, North Korea, and Iran. These cyber-threats have destabilized global trade by disrupting crucial maritime operations. The Port of Rotterdam and Iran's Rajaee Port are among the notable victims, highlighting the sector's vulnerability. Experts like Stephen McCombie emphasize the industry's inadequate IT spending and the scarcity of professionals with both maritime and cybersecurity expertise. The increasing digitization of ships and the use of internet-enabled devices at sea have further expanded the attack surface, necessitating a comprehensive response to fortify the industry's cyber defenses.
READ THE STORY: FT
FBI Seizes Cryptocurrency Linked to North Korea Group
Bottom Line Up Front (BLUF): The FBI has seized approximately $500,000 in cryptocurrency linked to North Korean state-sponsored ransomware activities. This decisive action highlights the intersection of cybersecurity and cryptocurrency in modern cyber warfare, emphasizing the importance of reporting and cooperation in combating such threats.
Analyst Comments: The seizure underscores the growing sophistication of state-sponsored cyber operations, particularly those from North Korea, which utilize ransomware to fund military and nuclear ambitions. The case also demonstrates the efficacy of international cooperation and law enforcement efforts in tracking and recovering illicit funds. The involvement of advanced cyber units from countries like China, Russia, Iran, and North Korea necessitates robust cybersecurity measures and continuous vigilance to protect critical infrastructure and national security interests.
FROM THE MEDIA: The FBI's operation targeted ransomware activities connected to North Korea, resulting in the seizure of about $500,000 in cryptocurrency. This action followed an investigation into a ransomware strain called Maui, which had been used against a medical center in Kansas. The timely reporting by the medical center enabled the FBI to trace the Bitcoin ransom payment to money launderers in China, leading to the recovery of the stolen funds and the identification of a previously unknown ransomware strain. North Korea's use of ransomware serves dual purposes: causing disruption and circumventing international sanctions to fund its military ambitions. The Justice Department's proactive measures, including the seizure and forfeiture of these funds, highlight the importance of prompt incident reporting and cooperation with law enforcement.
READ THE STORY: Tekedia
France Investigates Railway Network Sabotage as Olympic Games Begin
Bottom Line Up Front (BLUF): France is investigating a coordinated sabotage attack on its high-speed railway network that disrupted travel during the opening of the Olympic Games. Authorities are working to identify the responsible parties, with possibilities ranging from internal dissenters to foreign actors.
Analyst Comments: The timing and precision of these attacks suggest a high level of planning and knowledge of France's railway infrastructure. Historically, acts of sabotage have been used to draw attention to political or ideological causes. Given the context of the Olympic Games, which draw significant global attention, the attacks may aim to maximize disruption and visibility. The involvement of foreign actors, particularly given recent geopolitical tensions, cannot be ruled out. France's strong stance on various international issues, including support for Ukraine, may have made it a target for such operations.
FROM THE MEDIA: On the day of the Olympic Games opening ceremony, France's high-speed railway lines were sabotaged, causing significant travel disruptions. Outgoing Prime Minister Gabriel Attal described the attack as coordinated, involving intelligence services and internal security forces. Interior Minister Gerald Darmanin reported the recovery of substantial evidence but noted no group has claimed responsibility. The attacks targeted key railway routes, indicating the perpetrators had extensive knowledge of the network. Axel Persson of the CGT rail union suggested the attackers had precise information, possibly from someone within the railway system or related construction workers.
READ THE STORY: CNN
Russia Admits to Slowing YouTube Speeds for Refusing to Comply with ‘Legislation’
Bottom Line Up Front (BLUF): Russian authorities have admitted to deliberately slowing down YouTube speeds in response to Google's refusal to comply with Russian tech regulations. This move is part of Russia’s broader strategy to isolate its internet from global platforms and promote domestic alternatives.
Analyst Comments: This development represents a significant escalation in Russia's efforts to control online content and enforce digital sovereignty. Historically, Russia has progressively tightened its grip on internet freedom, and the current actions against YouTube illustrate the government's willingness to leverage technological disruptions to assert regulatory compliance. The creation and promotion of domestic alternatives like Rutube and VK Video highlight a strategic pivot towards a self-contained digital ecosystem, akin to the "Great Firewall" of China.
FROM THE MEDIA: Russian lawmaker Alexander Khinshtein confirmed that the country is intentionally reducing YouTube download speeds, which could drop by up to 70% on desktops by the end of next week. This follows disruptions blamed on Google's outdated Global Cache equipment, which has not been updated due to sanctions imposed after Russia invades Ukraine. Khinshtein stated that YouTube's "anti-Russian policy," including the removal of channels with dissenting views, triggered these measures. The slowdown is expected to minimally impact mobile users, strategically timed during the summer vacation period. Additionally, Russia's telecom regulator Roskomnadzor has requested the removal of VPN services from Apple's App Store to further control internet usage. These actions underline Russia's ongoing efforts to create an isolated internet, or "Runet," ensuring compliance with national laws amidst growing geopolitical tensions.
READ THE STORY: The Record
Disconnected: 23 Million Americans Affected by the Shutdown of the Affordable Connectivity Program
Bottom Line Up Front (BLUF): The end of the Affordable Connectivity Program (ACP) has left 23 million low-income Americans struggling with increased internet costs, with 13% considering canceling their service. The abrupt halt has intensified the digital divide and forced many households to make difficult financial adjustments.
Analyst Comments: The termination of the ACP highlights the persistent issue of internet affordability in the U.S. Despite significant investments in broadband infrastructure, the cost barrier remains a critical challenge. Historically, federal efforts have focused more on expanding access rather than affordability, which this situation underscores. The cessation of the ACP may lead to reduced internet access for vulnerable populations, exacerbating economic and educational disparities.
FROM THE MEDIA: The Affordable Connectivity Program, which provided $30 to $75 monthly subsidies to help low-income households pay for internet, ended in May 2024. This has resulted in increased financial strain for 23 million households, with a Benton Institute survey indicating that 13% of ACP subscribers might cancel their service. The program’s end has forced many to make tough budget adjustments, such as cutting back on groceries or electricity. The ACP was part of a broader $90 billion federal initiative to close the digital divide, yet only $14.2 billion of that was dedicated to affordability. Experts argue that the primary barrier to home broadband is cost, not infrastructure. The end of the ACP has prompted local organizations to revert to short-term solutions like distributing Wi-Fi hotspots, but these are seen as insufficient. Proponents of the ACP contend that the program provided significant economic and social benefits, and its discontinuation could negatively impact areas like telehealth and education.
READ THE STORY: CNET
Italy’s Giorgia Meloni Pledges ‘Relaunch’ of Ties with China
Bottom Line Up Front (BLUF): Italian Prime Minister Giorgia Meloni has initiated a visit to China to "relaunch" bilateral relations, emphasizing the need for fairer trade practices. This comes after Italy's controversial exit from China's Belt and Road Initiative (BRI).
Analyst Comments: Meloni’s visit to China signifies a strategic effort to stabilize and strengthen Italy-China relations despite previous tensions from Italy’s exit from the BRI. Her approach aims to balance economic interests while addressing trade imbalances and intellectual property concerns. This move is crucial for maintaining robust economic ties with China, which are vital for Italy's export-driven economy. However, Meloni’s cautious stance on China’s trade practices reflects broader European concerns about over-reliance on Chinese investments and the need for diversified supply chains.
FROM THE MEDIA: During her visit to Beijing, Giorgia Meloni met with Chinese Premier Li Qiang and discussed plans to enhance industrial cooperation and food safety through a three-year action plan. Meloni’s focus on a fairer trade relationship highlights Italy's substantial trade deficit with China and the need for better market access and intellectual property protections. While emphasizing cooperation, Meloni also acknowledged Italy’s commitment to maintaining strong bilateral ties post-BRI exit. Premier Li Qiang, in turn, warned against protectionism and urged the EU to view China’s development objectively, emphasizing deeper dialogue and cooperation.
READ THE STORY: FT
Cyberattacks Present Shipping Industry’s Biggest Threat Since WWII
Bottom Line Up Front (BLUF): The shipping industry is facing a surge in cyberattacks, primarily from state-sponsored hackers, with significant incidents escalating over the past decade. Research indicates that these threats, originating mainly from Russia, China, North Korea, and Iran, pose the most severe challenge since World War II.
Analyst Comments: The increase in cyber incidents within the shipping industry highlights a critical vulnerability in global trade infrastructure. Historically, the sector has contended with physical threats such as piracy; however, the digital age introduces complex cybersecurity challenges that require specialized knowledge and significant investment. The industry must adapt by integrating robust cybersecurity measures and fostering expertise that bridges maritime operations with advanced IT security.
FROM THE MEDIA: A study by NHL Stenden University of Applied Sciences reported a dramatic rise in cyber incidents within the shipping sector, with 64 incidents in the past year compared to just three in 2013. Over 80% of these attacks were traced back to Russia, China, North Korea, and Iran. Guy Platten of the International Chamber of Shipping emphasized the unprecedented threat to the post-WWII international rules-based order that has benefited global shipping. Maritime cybersecurity expert Stephen McCombie noted that the industry's low IT investment and lack of specialized personnel exacerbate its vulnerability. This situation is part of a broader trend of increasing cyberattacks across various industries, as highlighted by PYMNTS' recent findings on the prevalence and impact of cyber threats in eCommerce and other sectors.
READ THE STORY: PYMNTS
Putin Warns the U.S. of Cold War-Style Missile Crisis
Bottom Line Up Front (BLUF): Russian President Vladimir Putin has warned the United States that deploying long-range missiles in Germany could trigger a Cold War-style missile crisis. Putin indicated that Russia would respond by positioning similar missiles within striking distance of Western targets.
Analyst Comments: This escalation marks a significant deterioration in U.S.-Russia relations, reminiscent of the Cold War tensions during the 1962 Cuban Missile Crisis and the 1980s Pershing II deployments. Historically, such confrontations have led to brinkmanship and necessitated intense diplomatic efforts to avoid conflict. The deployment of long-range missiles, including advanced hypersonic weapons, could further destabilize the strategic balance and provoke a regional arms race in Europe and beyond.
FROM THE MEDIA: During a Navy Day speech in St. Petersburg, President Putin issued a stark warning to the U.S. regarding its plans to deploy long-range missiles, including SM-6, Tomahawk cruise missiles, and developmental hypersonic weapons, in Germany starting in 2026. He emphasized that such missiles could reach Russian territory in about 10 minutes, potentially carrying nuclear warheads. Putin asserted that Russia would take reciprocal measures to counter this perceived threat, including stationing missiles near Western targets. This rhetoric mirrors Cold War-era tensions, notably the deployment of Pershing II missiles in West Germany in the early 1980s, which the Soviet Union viewed as a decapitation threat. The U.S. and Russia have both called for de-escalation, yet their actions suggest a trend toward increased military posturing and strategic deployments, raising concerns about a new arms race and heightened global instability.
READ THE STORY: Reuters
Ukraine Drones Reportedly Hit Russian Airfield in Arctic
Bottom Line Up Front (BLUF): Ukrainian drones attacked Russia's Olenya airfield in the Arctic, targeting a strategic bomber. This strike underscores Ukraine's increasing capability to hit deep within Russian territory amid ongoing conflict.
Analyst Comments: The drone strike on Olenya airfield, a significant distance from the Ukrainian border, highlights the expanding range and precision of Ukrainian drone operations. Historically, such deep strikes demonstrate not only technological advancements but also strategic intent to disrupt adversary capabilities far from immediate battle zones. This development could potentially escalate the conflict by compelling Russia to reinforce its air defenses and reassess the vulnerability of its strategic assets.
FROM THE MEDIA: On Saturday, Ukrainian drones struck the Olenya airfield in Russia's Arctic region, targeting a Tupolev Tu-22M3 supersonic long-range missile carrier, according to Ukrainian Pravda. The airfield, located on the Kola Peninsula near Finland, has been a launch point for attacks on Ukrainian infrastructure. Finland's President Alexander Stubb assured that the situation is under control and poses no immediate threat to Finland. Ukrainian President Volodymyr Zelenskyy commended his military's successful strikes on Russian bases, emphasizing the importance of neutralizing Russian military aircraft to save Ukrainian lives. This incident follows recent reports of Russian bombers from Olenya attacking civilian targets in Ukraine, including a children's hospital in Kyiv. The Ukrainian military has not provided further details on the operation, and Russia has yet to comment on the attack.
READ THE STORY: Politico
Why a ‘Military First’ Strategy Isn’t Enough When it Comes to China
Bottom Line Up Front (BLUF): Relying primarily on military power to manage U.S.-China relations is ineffective and potentially escalates tensions. The U.S. should adopt a more balanced approach, emphasizing diplomacy and addressing mutual interests to achieve more stable and productive interactions with China.
Analyst Comments: The historical context of U.S.-China relations reveals that military posturing alone has often led to increased hostilities rather than deterrence. The U.S.'s focus on military alliances and security guarantees has not curbed China's assertive actions in the South and East China Seas or its stance on Taiwan. A shift towards addressing core mutual interests through rigorous diplomacy, alongside maintaining a strong military, could provide a more sustainable path to managing competition and reducing the risk of conflict.
FROM THE MEDIA: Quinn Marschik argues that the U.S.'s current military-first approach towards China is flawed and counterproductive. Despite military exercises like RIMPAC aimed at enhancing combat effectiveness among allies, China has continued to assert its territorial claims. The expansion of U.S. military partnerships is perceived by Beijing as a significant threat, potentially prompting more aggressive Chinese actions. Marschik suggests that the U.S. should focus on non-military strategies, such as redefining bilateral relations, addressing critical issues like the fentanyl crisis, and engaging in respect-based diplomacy. Recognizing China as a significant global power with deep historical roots and focusing on direct U.S.-China interests may pave the way for more effective cooperation and conflict mitigation.
READ THE STORY: The Hill
France Launches Large-Scale Operation to Fight Cyber Spying Ahead of Olympics
Bottom Line Up Front (BLUF): Ahead of the Olympics, French authorities have initiated a significant operation to clean malware from the country's computer systems, targeting espionage activities believed to involve thousands of devices. This proactive measure is part of broader efforts to mitigate security threats during the event.
Analyst Comments: This operation reflects the heightened cybersecurity vigilance necessary for major international events like the Olympics. Historically, such events attract increased cyber espionage and cyberattack due to their high profile and the vast amount of data transmitted. The use of old yet potent malware like PlugX, often associated with Chinese state-sponsored groups, underscores the persistent threat from nation-state actors. France's comprehensive disinfection campaign, supported by international collaboration, exemplifies a proactive stance against cyber threats.
FROM THE MEDIA: French authorities have commenced an extensive "disinfection operation" to remove malware from thousands of computers, particularly targeting espionage activities. The operation, which began a week before the report and will continue for several months, is not explicitly tied to the upcoming Olympics but is part of broader security preparations. PlugX malware, historically used by Chinese hacker groups like Mustang Panda, has infected numerous devices worldwide, including 3,000 in France. French investigators, with support from cybersecurity firm Sekoia, aim to neutralize this botnet. As part of the global effort, several other countries including Malta, Portugal, and Austria are also engaged in disinfection activities. This operation highlights the increased cyber vigilance required to safeguard the Olympics from espionage and other cyber threats, amidst concerns of potential terrorist acts and infrastructure sabotage.
READ THE STORY: The Record
Intensifying Focus on Advancing Product Security in OT and ICS Environments Amid Escalating Cyber Threats
Bottom Line Up Front (BLUF): As cyber threats targeting Operational Technology (OT) and Industrial Control Systems (ICS) grow, vendors are increasingly prioritizing product security. Compliance with standards like NERC CIP and IEC 62443 is essential, and innovations in AI-driven threat detection and blockchain are emerging as key tools in the fight against cyberattacks.
Analyst Comments: The heightened focus on OT and ICS security is a necessary response to the persistent vulnerabilities these systems face, primarily due to their long lifecycles and complex update processes. As critical infrastructure, the stakes are high; disruptions can have far-reaching and severe consequences. Collaboration through public-private partnerships and information sharing is crucial in advancing security measures. Future innovations will likely emphasize real-time monitoring, secure-by-design principles, and leveraging AI and blockchain technologies to bolster defenses.
FROM THE MEDIA: Vendors in OT and ICS environments face unique challenges in product security, including long equipment lifecycles, infrequent updates, and complex patching processes. According to Itay Glick, VP of Products at OPSWAT, vulnerabilities in OT systems can persist for extended periods, increasing the risk of undetected threats. Jon Taylor, VP of Solution Engineering at Fortress Information Security, highlighted that the long service life of OT equipment and its limited computational power for cyber defense software makes these systems appealing targets for cybercriminals and adversarial nations.
READ THE STORY: Industrial Cyber
Items of interest
European Parliament Member Targeted with Commercial Spyware
Bottom Line Up Front (BLUF): A German member of the European Parliament, Daniel Freund, reported an attempted spyware infection on his mobile phone, suspected to be from the spyware vendor Candiru. The attack is believed to be politically motivated, with suspicions pointing towards Hungary's government under Viktor Orbán.
Analyst Comments: The incident underscores the persistent and evolving threat of commercial spyware in political arenas. As governments increasingly utilize advanced surveillance tools for political leverage, the implications for privacy and democratic processes are profound. The European Parliament's ongoing challenges with spyware reflect broader concerns about state-sponsored cyber activities undermining political integrity and the rule of law within the EU.
FROM THE MEDIA: Daniel Freund, a German MEP, disclosed that his mobile phone was targeted by commercial spyware in May, with the attack likely originating from Candiru, a prominent spyware vendor. Freund, a critic of Hungary's Prime Minister Viktor Orbán, suspects the Hungarian government’s involvement due to its history of using similar spyware. The attack involved a phishing email disguised as a request from a Kyiv International University student. This incident is part of a larger pattern of spyware attacks on European politicians, with previous cases involving Pegasus and Predator spyware targeting members of the European Parliament. The European Commission is preparing a document to prevent member states from using national security as a pretext to justify spyware use, highlighting the growing scrutiny and regulatory response to such activities within the EU.
READ THE STORY: The Record
Operation Clairvoyance: How APT Groups Spy on the Media Industry (Video)
FROM THE MEDIA: Cyber espionage actors have demonstrated great interest in the media industry. These actors seem to like to see Taiwan's daily activities through the "eyes" of these media companies and journalists. During Taiwan's intense 2022, we saw more and more Advanced Persistent Threat (APT) groups infiltrate Taiwan's media industry. In our observation, the media has become the first non-government target of those APT groups.
What Is Robots.txt (Video)
FROM THE MEDIA: Find out what is robots.txt and how it can benefit your site’s SEO.
The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in their original material or related links on their sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.