Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Aerospace. Show all posts
data sovereignty
Aerospace Cloud Cloud Security Corporate Security cyber resilience Cyber Security data security data sovereignty

Airbus Signals Shift Toward European Sovereign Cloud to Reduce Reliance on US Tech Giants

 

Airbus, the aerospace manufacturer in Europe is getting ready to depend less on big American technology companies like Google and Microsoft. The company wants to rethink how and where it does its important digital work. 

Airbus is going to put out a request for companies to help it move its most critical systems to a European cloud that is controlled by Europeans. This is a change in how Airbus handles its digital infrastructure. Airbus is doing this to have control over its digital work. The company wants to use a cloud, for its mission-critical systems. Airbus uses a lot of services from Google and Microsoft. The company has a setup that includes big data centers and tools like Google Workspace that help people work together. 

Airbus also uses software from Microsoft to handle money matters.. When it comes to very secret and military documents these are not allowed to be stored in public cloud environments. This is because Airbus wants to be in control of its data and does not want to worry about rules and regulations. Airbus has had these concerns for a time. 

The company wants to make sure it can keep its information safe. Airbus is careful, about where it stores its documents, especially the ones that are related to the military. The company is now looking at moving its applications from its own premises to the cloud. This includes things like systems for planning and managing the business platforms for running the factories tools for managing customer relationships and software for managing the life cycle of products which's where the designs for the aircraft are kept. 

These systems are really important to Airbus because they hold a lot of information and are used to run the business. So it is very important to think about where they are hosted. The people in charge have said that the information, in these systems is a matter of European security, which means the systems need to be kept in Europe. Airbus needs to make sure that the cloud infrastructure it uses is controlled by companies. The company wants to keep its aircraft design data safe and secure which is why it is looking for a solution that meets European security standards. 

European companies are getting really worried about being in control of their digital stuff. This is a deal for them especially now that people are talking about how different the rules are in Europe and the United States. Some big American companies like Microsoft, Google and Amazon Web Services are trying to make European companies feel better by offering services that deal with these worries.. European companies are still not sure if they can really trust these American companies. 

The main reason they are worried is because of a law in the United States called the US CLOUD Act. This law lets American authorities ask companies for access to data even if that data is stored in other countries. European companies do not like this because they think it means American authorities have much power over their digital sovereignty. Digital sovereignty is a concern for European companies and they want to make sure they have control, over their own digital stuff. 

For organizations that deal with sensitive information related to industry, defense or the government this set of laws is a big problem. Digital sovereignty is about a country or region being in charge of its digital systems the way it handles data and who gets to access that data. This means that the laws of that country decide how information is taken care of and protected. The way Airbus is doing things shows that Europe, as a whole is trying to make sure its cloud operations follow the laws and priorities of the region. European organizations and Europe are working on sovereignty and cloud operations to keep their information safe. 

People are worried about the CLOUD Act. This is because of things that happened in court before. Microsoft said in a court in France that it cannot promise to keep people from the United States government getting their data. This is true even if the data is stored in Europe. Microsoft said it has not had to give the United States government any data from customers yet.. The company admitted that it does have to follow the law. 

This shows that companies, like Microsoft that are based in the United States and provide cloud services have to deal with some legal problems. The CLOUD Act is a part of these problems. Airbus’ reported move toward a sovereign European cloud underscores a growing shift among major enterprises that view digital infrastructure not just as a technical choice, but as a matter of strategic autonomy. 

As geopolitical tensions and regulatory scrutiny increase, decisions about where data lives and who ultimately controls access to it are becoming central to corporate risk management and long-term resilience.
Read more »
Russia
Aerospace Cyber Attacks Europe Poland Russia

Poland’s Space Agency Investigates Cyberattack, Works On Security Measures

 



Poland’s space agency, POLSA, has reported a cyberattack on its systems, prompting an ongoing investigation. In response to the breach, the agency quickly disconnected its network from the internet to prevent further damage. As of Monday, its official website was still offline.  


Government and Cybersecurity Teams Take Action

Poland’s Minister of Digital Affairs, Krzysztof Gawkowski, confirmed that cybersecurity experts detected unauthorized access to POLSA’s systems. Security specialists have since secured the affected infrastructure and are now working to determine who was behind the attack. However, officials have not yet shared whether the hackers were financially motivated cybercriminals or politically driven groups. The method used to infiltrate the agency’s network also remains undisclosed.  


Why Hackers Target Space Agencies

Organizations involved in space research and technology are often appealing targets for cybercriminals. Many of these agencies collaborate with defense and intelligence sectors, making them vulnerable to attacks that could expose confidential projects, satellite communications, and security-related data. A cyberattack on such an agency could disrupt critical operations, leak classified research, or even interfere with national security.  


Poland Faces a Surge in Cyberattacks

Poland has become one of the most frequently targeted countries in the European Union when it comes to cyber threats. Earlier this year, Gawkowski stated that the country experiences more cyber incidents than any other EU nation, with most attacks believed to be linked to Russian actors. Poland’s strong support for Ukraine, both in military assistance and humanitarian aid, has likely contributed to this rise in cyber threats.  

The number of cyberattacks against Poland has increased drastically in recent years. Reports indicate that attacks doubled in 2023 compared to previous years, with over 400,000 cybersecurity incidents recorded in just the first half of the year. In response, the Polish government introduced a cybersecurity initiative in June, allocating $760 million to strengthen the country’s digital defenses.  


Other Space Agencies Have Also Been Targeted

This is not the first time a space agency has fallen victim to cyberattacks. Japan’s space agency, JAXA, has faced multiple breaches in the past. In 2016, reports suggested that JAXA was among 200 Japanese organizations targeted by suspected Chinese military hackers. In 2023, unknown attackers infiltrated the agency’s network, raising concerns that sensitive communications with private companies, such as Toyota, may have been exposed.  

As space technology continues to advance, protecting space agencies from cyber threats has become more crucial than ever. These organizations handle valuable and often classified information, making them prime targets for espionage, sabotage, and financial cybercrime. If hackers manage to breach their systems, the consequences could be severe, ranging from stolen research data to disruptions in satellite operations and defense communications.  

POLSA’s ongoing investigation will likely uncover more details about the cyberattack in the coming weeks. For now, the incident highlights the increasing need for governments and space organizations to invest in stronger cybersecurity measures to protect critical infrastructure.

Read more »
WinRAR
Aerospace APT29 CVE vulnerability Data Breach Foreign policy Russia-Ukraine War Russian Hacker Software Bug supply chain security Ukraine WinRAR

APT29 Strikes: WinRAR Exploits in Embassy Cyber Attacks

During the latest wave of cyberattacks, foreign embassies have been the target of a malicious group known as APT29. They have employed a highly complex attack method that takes advantage of weaknesses in WinRAR, a widely used file compression software. There have been shockwaves throughout the cybersecurity world due to this worrisome disclosure, leading to immediate action to strengthen digital defenses.

According to reports from cybersecurity experts, APT29 has ingeniously employed the NGROK feature in conjunction with a WinRAR exploit to infiltrate embassy networks. The NGROK service, designed for secure tunneling to localhost, has been repurposed by hackers to conceal their malicious activities, making detection and attribution a formidable challenge.

WinRAR, a widely used application for compressing and decompressing files, has been targeted due to a specific vulnerability, identified as CVE-2023-38831. This flaw allows the attackers to execute arbitrary code on the targeted systems, giving them unfettered access to sensitive information stored within embassy networks.

The attacks, initially discovered by cybersecurity researchers, have been corroborated by the Ukrainian National Security and Defense Council (RNBO). Their November report outlines the APT29 campaigns, shedding light on the extent of the damage inflicted by these cyber intruders.

The fact that foreign embassies are specifically being targeted by this onslaught is very disturbing. Because these organizations handle so much private, political, and diplomatic data, they are often the focus of state-sponsored cyber espionage. The attackers' capacity to take advantage of flaws in popular software, such as WinRAR, emphasizes the necessity of constant watchfulness and timely software updates to reduce any threats.

Cybersecurity professionals advise companies, particularly those in delicate industries like diplomacy, to conduct extensive security assessments, quickly fix holes, and strengthen their defenses against ever-evolving cyber attacks in reaction to these disclosures. The APT29 attacks highlight the significance of a multi-pronged cybersecurity strategy that incorporates advanced threat detection methods, personnel awareness training, and strong software security procedures.

International cybersecurity organizations must work together as governments struggle with the ever-changing world of cyber threats. The APT29 attacks are a sobering reminder that the digital sphere has turned into a combat zone and that, in order to preserve diplomatic relations and maintain national interests, defense against such threats necessitates a united front.

Read more »
US Space Industry
Aerospace Cyber Attacks Cyberattacks NCSC new technologies satellite infrastructure space-based assets US Space Industry

U.S. Intelligence Reports: Spies and Hackers are Targeting US Space Industry


U.S. intelligence agencies have recently issued a warning against foreign spies who are targeting the American space industry and executing cyberattacks against the country’s satellite infrastructure.

The U.S. Office of the Director of National Intelligence's National Counterintelligence and Security Center (NCSC) issued a bulletin on August 18, alerting the public that foreign intelligence agencies may use cyberattacks, front companies, or traditional espionage to gather sensitive data about American space capabilities or cutting-edge technologies. The threat also mentions the employment of counter space technologies, such as hacking or jamming of satellites, to interfere with or harm American satellite systems.

As noted by the NCSC bulletin, foreign intelligence agencies "recognize the importance of the commercial space industry to the U.S. economy and national security, including the growing dependence of critical infrastructure on space-based assets." 

A set of guidelines is provided in the statement to assist private enterprises in minimizing any potential harm that these espionage attempts may create. The warning comes as funding for the U.S. space sector is rising rapidly with America’s satellite infrastructure expanding at an unparalleled rate.

NCSC further mentions a number of ways that foreign intelligence can seek to gain access to space agencies, to get hold of their insights and new technologies. Some of these methods appeared innocent enough, such as approaching space industry professionals at conferences or getting in touch with them through online forums to get information.

Other methods were more linked to ‘business dealings,’ through which foreign intel agencies frequently try to obtain access to sensitive information by investing in space companies through joint ventures or shell companies, or by buying their way into the supply chain that American aerospace companies rely on for the sourcing of parts and materials.

Some of the other methods mentioned were more explicit in nature, like carrying out cyberattacks or breaching private networks to steal intellectual property.

Moreover, the NCSC's bulletin warned the private space sector and stated that foreign intelligence agencies can compromise American national security by "collecting sensitive data related to satellite payloads, disrupting and degrading U.S. satellite communications, remote sensing and imaging capabilities," and targeting American commercial space infrastructure during interstate hostilities.  

Read more »
Technology
Aerospace APT Cyber Crime cyber espionage Cyber Intelligence Cyber Spying Cyberattacks CyberCrime Cybersecurity FBI FireEye Hackers Technology

Cyber Spying Seems to be the Predominant Goal of North Korean Hackers

 


According to a new study, an increasingly sophisticated North Korean cyber-espionage unit is using its skills to carry out spying operations on the aerospace and defense industries. 

As per an updated report released by a cyber-intelligence company, North Korean hackers are no longer viewed as sole criminals who commit cybercrimes motivated by financial gain and break into cryptocurrency exchanges. According to the report, instead of focusing on cyber espionage and data collection, they focus more on information collection. 

A group of bad actors connected to potentially criminal activities on the internet has been identified by Google analysts as an advanced persistent threat (APT) or as a group of cybercriminals linked to activities that might be considered criminal. 

In its report, FireEye, a US-based security firm that keeps track of cyber-attackers around the world, examines the threat from North Korean hackers called APT37 (Reaper) and claims to have found that the group uses malware to infiltrate computer networks at home and abroad. This group has been active in the past but has now migrated to an advanced persistent threat. 

Yet another  report published exclusively by Foreign Policy, authored by private cyber-intelligence company Recorded Future, identifies espionage as the primary motivation behind North Korea's cyber program, which experts attribute to a desire for economic advantage. 

Recorded Future says over 14 years there have been 273 cyberattacks associated with state-sponsored groups in North Korean society. Over 70% of the respondents stated that they were motivated primarily by the desire to collect information about government entities and countries in neighboring Asia, as well as to use their skill sets to commit high-profile cryptocurrency heists. 

It is clear from the report that Pyongyang intends to gain a better understanding of how its adversaries think. This is done by providing the country with "insight into how its adversaries think" as well as knowledge about technologies that could benefit the North in the event of a conflict. Government agencies are usually the targets of this type of attack, followed by cryptocurrency exchanges, media outlets, financial institutions, defense institutions, and nongovernmental organizations as the next most frequent targets. 

Unlike many other countries, North Korea's government seems much more interested in finding out what other nations think of them and how they can improve. It only takes them a minute or two to gather information that can help them develop nuclear and ballistic missile technology. They steal money to fund their regime. 

According to Anne Neuberger, deputy national security adviser for cyber and emerging technologies under President Biden, North Korea is unique in how it views and uses cryptocurrency. This is because it employs cyber operations to finance its nuclear arsenal. About half of the regime's missile program is financed by cryptocurrency and cyber heists. 

The group's cyber operation targets Japan, Vietnam, and the Middle East as part of its efforts. By attempting to steal secret information from companies and organizations involved in chemical, electronics, manufacturing, aerospace, automotive, healthcare, and other sectors, it is attempting to steal valuable information.

In recent years, North Korean hackers have been reported to have stolen billions of dollars from cryptocurrency exchanges around the world. The greatest threat of this year has so far been the high-profile attacks on exchanges, which have targeted Estonia and California so far. 

There has been an increasing number of instances in which North Korea has been linked to attacks beyond crypto, as well as smaller, more disruptive attacks across the globe, starting with the crippling of Sony Pictures just under a decade ago that put its cyber capabilities in the spotlight. After that, Bangladesh's central bank was hacked, which compromised the Swift global financial transfer system used by the United Kingdom to transfer money, and the National Health Service of the United Kingdom was crippled following the hack. 

Nevertheless, Haszard and his coworkers found that a substantial majority of North Korea's cyber activities are directed at domestic targets to which they do not have access.  

According to the report, 83 percent of the attacks for which spatial information is available occurred in Asia, where the majority of the attacks were targeted. There were 29 countries where attacks took place, most of them being in the immediate neighborhood of South Korea, where almost 65 percent of the targets were located North Korean attacks accounted for 8.5 percent of countries, while only three percent of countries were responsible for more than three percent of total North Korean attacks. 

A study by Recorded Future revealed that Lazarus, the biggest and most prominent group of hackers connected to the authoritarian regime, tends to target global targets but is not the most frequent perpetrator of cyberattacks in the world. A group known as Kimsuky targets Asian governments and civil organizations. This accounts for more than one-third of the group's attacks.

U.S. law enforcement agencies say kinky hackers pose as South Korean journalists. They exchange emails with their targets to set up interviews before sending them a link or document embedded with malware. This is the result of their scam. 

It is believed that the malware, known as BabyShark, can provide hackers with access to the devices and communications of those victims. It was found in a joint cybersecurity advisory published earlier this month by the FBI, National Security Agency, and South Korean authorities that Kimsuky actors had also been known to configure a victim's email account so that all emails were automatically forwarded to another account controlled by them. 

North Korea is increasingly focusing on cyber espionage and information collection to gain an advantage over its adversaries. This raises concerns about its intentions and capabilities in cyberspace. Despite this, the report also confirms that North Korea has demonstrated enhanced flexibility when conducting large-scale disruptions of critical infrastructure or engaging in ransomware campaigns compared to opposing adversaries with cyber capabilities like Russia and China.
Read more »
ransomware attacks
Aerospace Cyber Attacks Defense Lorenz Lorenz Ransomware Ransom ransomware attacks

Defense Contractor Hensoldt Confirms Lorenz Ransomware Attack

 

Hensoldt, a multinational defence contractor, disclosed that Lorenz ransomware has infected part of its UK subsidiary's systems. A spokesman for Hensholdt acknowledged the security vulnerability to BleepingComputer this week. 

Hensoldt's Head of Public Relations, Lothar Belz, told BleepingComputer, "I can confirm that a small number of mobile devices in our UK subsidiary has been affected." 

Belz, on the other hand, refused to provide any other specifics on the incident, adding, "for obvious reasons, we do not reveal any more facts in such cases." 

Since April, the Lorenz ransomware group has targeted several institutions around the world, demanding hundreds of thousands of dollars in ransom. Lorenz operators, like other ransomware groups, use a double-extortion approach, acquiring data before encrypting it and threatening victims if they don't pay the ransom. Ransom demands have been quite high, between $500.000 and $700.000.

Hensoldt AG emphasizes sensor technology for security and surveillance missions in the defence, security, and aerospace sectors. Radar, optoelectronics, and avionics are the company's core product areas, and it is listed on the Frankfurt Stock Exchange. 

The defence multinational, which is listed on the Frankfurt Stock Exchange and with a revenue of 1.2 billion euros in 2020, offers sensor solutions for defence, aerospace, and security applications. The corporation works with the US government on classified and sensitive contracts, and its products include and equip tanks, helicopter platforms, submarines, and Littoral Combat Ships, among other things. 

The Lorenz ransomware group has already published the names of the firms that have been compromised on their Tor leak site. The ransomware group claims to have already transferred 95 percent of all stolen files to its leak site as of this time of writing. The gang named the archive file "Paid," implying that someone else paid to keep the Hensoldt files from being exposed. 

Tesorion, a cybersecurity firm, studied the Lorenz ransomware and produced a decryptor that may allow victims to decrypt their files for free in some situations.
Read more »
RAT
Aerospace malware Phishing emails RAT

Remote Access Trojans Target Aerospace and Travel Industries

 

Earlier this week, Microsoft Security Intelligence tweeted that somehow a remote access Trojan (RAT) campaign was being tracked by them which was aimed at the aerospace and travel sectors by emailing spear-phishes that spreads an actively created loader and then deliver RevengeRAT or AysncRAT. 

In the context of the exchange of tweets, it was pointed out that attackers use the RATs for theft of data, follow-up operation, and additional payloads, such as Agent Tesla. The loader is being developed and named Morphisec's Snip3. 

These campaigns are not surprising particularly when everyone leaves the lockdown and the people travel again making the travel and tourism industry rich, stated Netenrich's chief information security officer Chris Morales. 

“The level of targeting is also a reason why it’s so hard to detect attacks,” Morales added. “They change and are tailored. SecOps has to align to with threats targeting their organizations specifically and not look for generic threats.” 

New Net Technologies, vice president for security studies, Dirk Schrader, stated that he intends to see sectoral spear-phishing campaigns as everyone emerges from the pandemic. “Using familiar language and terminology can help in the effectiveness of a targeted campaign,” Schrader said. “It’s not shocking that attackers are targeting the transport sector as the sector is about to come back to life. Therefore, a well-crafted campaign addressing this situation is even better.” 

Roger Grimes, KnowBe4 Data-Driven Defense evangelist, adds that when attackers enter one industry company, they could read their emails and use this freshly infiltrated spot known as "cyber haven" to target their partners. 

The mails come from individuals who use the email topic threads in which they are involved and email addresses the new victims' trust. There would be a much higher risk of the new victims falling into fraud when the request to click on the connection or to open a document arrives suddenly. This is the reason why the staff has to understand that phishing emails will come through people they know and trust and also that depending on an email address is not sufficient whether or not the employees recognize it.

Grimes said security awareness training should educate users on the following features to beware of e-mails, which invites users to do something completely foreign. Also, emails that arrive unexpectedly and the behavior can be detrimental to their own best interest or their organization. 

“If any two of those traits are present, the recipient should slow down, stop, think and verify the request another way, like calling the person on a predefined phone number,” Grimes added.
Read more »
Subscribe to: Comments (Atom)