Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Warfare. Show all posts
Threat Landscape
Cyber Warfare Online Security Russia-Ukraine War Technology Threat Landscape

The Rise of Cyber Warfare and Its Global Implications

 

In Western society, the likelihood of cyberattacks is arguably higher now than it has ever been. The National Cyber Security Centre (NCSC) advised UK organisations to strengthen their cyber security when Russia launched its attack on Ukraine in early 2022. In a similar vein, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued warnings about increased risks to US companies. 

There is no doubt that during times of global transition and turmoil, cyber security becomes a battlefield in its own right, with both state and non-state actors increasingly turning to cyber-attacks to gain an advantage in combat. Furthermore, as technology advances and an increasing number of devices connect to the internet, the scope and sophistication of cyber-attacks has grown significantly. 

Cyber warfare can take numerous forms, such as breaking into enemy state computer systems, spreading malware, and executing denial-of-service assaults. If a cyber threat infiltrates the right systems, entire towns and cities may be shut off from information, services, and infrastructure that have become fundamental to our way of life, such as electricity, online banking systems, and the internet. 

The European Union Agency for Network and Information Security (ENISA) believes that cyber warfare poses a substantial and growing threat to vital infrastructure. Its research on the "Threat Landscape for Foreign Information Manipulation Interference (FIMI)" states that key infrastructure, such as electricity and healthcare, is especially vulnerable to cyber-attacks during times of conflict or political tension.

In addition, cyber-attacks can disrupt banking systems, inflicting immediate economic loss and affecting individuals. According to the report, residents were a secondary target in more than half of the incidents analysed. Cyber-attacks are especially effective at manipulating public perceptions through, at the most basic level, inconvenience, to the most serious level, which could result in the loss of life. 

Risk to businesses 

War and military conflicts can foster a business environment susceptible to cyber-attacks, since enemies may seek to target firms or sectors deemed critical to a country's economy or infrastructure. They may also choose symbolic targets, like media outlets or high-profile businesses connected with a country. 

Furthermore, the use of cyber-attacks in war can produce a broad sense of instability and uncertainty, which can be exploited to exploit vulnerabilities in firms' cyber defences.

Cyber-attacks on a company's computer systems, networks, and servers can cause delays and shutdowns, resulting in direct loss of productivity and money. However, they can also harm reputation, prompt regulatory action (including the imposition of fines), and result in consumer loss. 

Prevention tips

To mitigate these risks, firms can take proactive actions to increase their cyber defences, such as self-critical auditing and third-party testing. Employees should also be trained to identify and respond to cyber risks. Furthermore, firms should conduct frequent security assessments to detect vulnerabilities and adopt mitigation techniques.
Read more »
Threat Landscape
Cyber Warfare Drone malware Russia-Ukraine War Threat Landscape

Russians Seize Malware-Infected Ukrainian Drones

 

Ukrainian forces are installing malware into their drones as a new tactic in their ongoing war with Russia. This development adds a cyber warfare layer to a battlefield that has already been impacted by drone technology, Forbes reported. 

Russian forces identified Ukrainian drones carrying malware, as evidenced by a video uploaded on social media. According to a Reddit thread that includes the video, this malware performs a variety of disruptive functions, including "burning out the USB port, preventing reflashing, or hijacking the repurposed FPV and revealing the operator location.” 

“This tactic highlights how Ukraine is leveraging its strong pre-war information technology sector to counter Russia’s advanced military technologies and strong defense industrial base,” states defense expert Vikram Mittal in his analysis. 

The malware serves several strategic objectives. It hinders Russian troops from analyzing seized Ukrainian drones to create countermeasures, prohibits them from repurposing captured technology, and may allow Ukrainian forces to track the whereabouts of Russian drone operators attempting to use captured devices.

“By embedding malware into their drones, Ukrainian developers have found a way to disrupt Russian counter-drone efforts without requiring additional physical resources, a critical advantage given Ukraine’s logistical constraints. This innovation could have broader implications for the war. If successful, Ukraine may begin integrating malware into other electronic systems to limit Russia’s ability to study or reuse them,” Mittal explains.

As drone warfare tactics continue to evolve, the report suggests that this trend would likely lead to a new technological competition between Russia and Ukraine. Ukraine's use of malware is expected to spark a new technological competition, similar to what is already happening with Ukrainian and Russian drone technology. 

In response, Russia is likely to deploy similar spyware on its drones and equipment, while both sides respond by establishing safety protocols and developing anti-virus software to combat the malware. In response, scientists on both sides will create increasingly powerful malware to circumvent these protections. This continuous cycle of assault and defence will add a new dimension to the fight for drone supremacy.
Read more »
North Korea
Cyber Intelligence Cyber Researchers Cyber Security Cyber Warfare cybersecurity research North Korea

North Korea Establishes Research Center 227 to Strengthen Cyber Warfare Capabilities

 

North Korea has reportedly launched a new cyber research unit, Research Center 227, as part of its efforts to enhance hacking capabilities and intelligence operations. According to Daily NK, this center is expected to function continuously, providing real-time support to North Korean intelligence agencies by developing advanced cyber tools. 

The initiative highlights North Korea’s increasing reliance on cyber warfare as a key component of its broader security strategy. In February 2025, North Korean leadership directed the Reconnaissance General Bureau (RGB) under the General Staff Department to strengthen the nation’s offensive cyber capabilities. As part of this directive, Research Center 227 was formed to focus on the development of sophisticated hacking techniques and cyber warfare tools. 

These efforts are primarily aimed at infiltrating foreign cybersecurity systems, disrupting critical infrastructure, and stealing sensitive data from targeted nations. The research facility will recruit approximately 90 highly skilled professionals, including graduates from top universities and individuals with advanced degrees in computer science. Unlike frontline cyber operatives who execute attacks, these researchers will focus on creating and refining malware, intrusion methods, and other offensive cyber tools. 

By centralizing its cyber research efforts, North Korea aims to develop more sophisticated digital weapons that can be deployed by operational hacking units in intelligence and espionage missions. North Korea has significantly expanded its cyber operations in recent years, with its state-sponsored hacking groups, such as Lazarus, launching large-scale attacks across the globe. These groups have been responsible for financial cybercrimes, espionage, and the theft of cryptocurrency, targeting both private companies and government agencies. 

Their activities have included spreading malware, infiltrating secure networks, and deploying information-stealing tools to compromise Western organizations. One particularly deceptive tactic used by North Korean hackers is the “Contagious Interview” campaign, in which cybercriminals pose as recruiters or hiring managers to manipulate professionals into downloading malicious software disguised as video conferencing applications. 

This technique has allowed hackers to gain access to corporate systems and steal valuable credentials. Additionally, there have been numerous cases of North Korean operatives using false identities to secure employment in global technology firms, potentially accessing critical software infrastructure or engaging in fraudulent activities. With the establishment of Research Center 227, North Korea is likely to intensify its cyber warfare operations, making its hacking activities more strategic and efficient. 

The development of custom malware, sophisticated intrusion techniques, and advanced cyber espionage methods could further increase the scale and complexity of North Korean cyberattacks. As these threats evolve, governments and cybersecurity professionals worldwide will need to bolster their defenses against the growing risks posed by North Korea’s cyber capabilities.
Read more »
Russia cyber threats
Cyber Defence Cyber Security Cyber Warfare FBI Russia Russia cyber threats

U.S. Pauses Offensive Cyberoperations Against Russia Amid Security Concerns

 

Defense Secretary Pete Hegseth has paused offensive cyberoperations against Russia by U.S. Cyber Command, rolling back some efforts to contend with a key adversary even as national security experts call for the U.S. to expand those capabilities. A U.S. official, speaking on condition of anonymity to discuss sensitive operations, on Monday confirmed the pause. 

Hegseth’s decision does not affect cyberoperations conducted by other agencies, including the CIA and the Cybersecurity and Infrastructure Security Agency. But the Trump administration also has rolled back other efforts at the FBI and other agencies related to countering digital and cyber threats. The Pentagon decision, which was first reported by The Record, comes as many national security and cybersecurity experts have urged greater investments in cyber defense and offense, particularly as China and Russia have sought to interfere with the nation’s economy, elections and security. 

Republican lawmakers and national security experts have all called for a greater offensive posture. During his Senate confirmation hearing this year, CIA Director John Ratcliffe said America’s rivals have shown that they believe cyberespionage — retrieving sensitive information and disrupting American business and infrastructure — to be an essential weapon of the modern arsenal. “I want us to have all of the tools necessary to go on offense against our adversaries in the cyber community,” Ratcliffe said. Cyber Command oversees and coordinates the Pentagon’s cybersecurity work and is known as America’s first line of defense in cyberspace. It also plans offensive cyberoperations for potential use against adversaries. 

Hegseth’s directive arrived before Friday’s dustup between President Donald Trump and Ukrainian President Volodymyr Zelenskyy in the Oval Office. It wasn’t clear if the pause was tied to any negotiating tactic by the Trump administration to push Moscow into a peace deal with Ukraine. Trump has vowed to end the war that began when Russia invaded Ukraine three years ago, and on Monday he slammed Zelenskyy for suggesting the end to the conflict was “far away.” 

The White House did not immediately respond to questions about Hegseth's order. Cyber warfare is cheaper than traditional military force, can be carried out covertly and doesn’t carry the same risk of escalation or retaliation, making it an increasingly popular tool for nations that want to contend with the U.S. but lack the traditional economic or military might, according to Snehal Antani, CEO of Horizon3.ai, a San Francisco-based cybersecurity firm founded by former national security officers. Cyberespionage can allow adversaries to steal competitive secrets from American companies, obtain sensitive intelligence or disrupt supply chains or the systems that manage dams, water plants, traffic systems, private companies, governments and hospitals. The internet has created new battlefields, too, as nations like Russia and China use disinformation and propaganda to undermine their opponents. 

Artificial intelligence now makes it easier and cheaper than ever for anyone — be it a foreign nation like Russia, China or North Korea or criminal networks — to step up their cybergame at scale, Antani said. Fixing code, translating disinformation or identifying network vulnerabilities once required a human — now AI can do much of it faster. “We are entering this era of cyber-enabled economic warfare that is at the nation-state level,” Antani said. “We’re in this really challenging era where offense is significantly better than defense, and it’s going to take a while for defense to catch up.” Meanwhile, Attorney General Pam Bondi also has disbanded an FBI task force focused on foreign influence campaigns, like those Russia used to target U.S. elections in the past. And more than a dozen people who worked on election security at the Cybersecurity and Infrastructure Security Agency were put on leave. 

These actions are leaving the U.S. vulnerable despite years of evidence that Russia is committed to continuing and expanding its cyber efforts, according to Liana Keesing, campaigns manager for technology reform at Issue One, a nonprofit that has studied technology’s impact on democracy. “Instead of confronting this threat, the Trump administration has actively taken steps to make it easier for the Kremlin to interfere in our electoral processes,” Keesing said.
Read more »
Technology Threats
Advanced Technology Cyber Warfare malware Technology Threats

Sitting Ducks DNS Attack Hijack 35,000 Domains

 

Cybersecurity researchers have uncovered a significant threat affecting the internet's Domain Name System (DNS) infrastructure, known as the "Sitting Ducks" attack. This sophisticated method allows cybercriminals to hijack domains without needing access to the owner's account at the DNS provider or registrar. 

Researchers from DNS security firm Infoblox and hardware protection company Eclypsium revealed that more than one million domains are vulnerable to this attack daily. This has resulted in over 35,000 confirmed domain hijackings, primarily due to poor domain verification practices by DNS providers. The Sitting Ducks attack exploits misconfigurations at the registrar level and insufficient ownership verification. Attackers leverage these vulnerabilities to take control of domains through "lame" delegations, making the hijacking process more effective and harder to detect. 

Once in control, these hijacked domains are used for malware distribution, phishing, brand impersonation, and data theft. Russian threat actors have been particularly active, with twelve known cyber-gangs using this method since 2018 to seize at least 35,000 domains. These attackers often view weak DNS providers as "domain lending libraries," rotating control of compromised domains every 30-60 days to avoid detection. 

The Sitting Ducks attack has been exploited by several cybercriminal groups. "Spammy Bear" hijacked GoDaddy domains in late 2018 for spam campaigns. "Vacant Viper" began using Sitting Ducks in December 2019, hijacking 2,500 domains yearly for the 404TDS system to distribute the IcedID malware and set up command and control (C2) domains. "VexTrio Viper" started using the attack in early 2020, employing the hijacked domains in a massive traffic distribution system (TDS) that supports the SocGholish and ClearFake operations. 

Additionally, several smaller and unknown actors have used Sitting Ducks to create TDS, spam distribution, and phishing networks. Despite the Sitting Ducks attack being reported in 2016, the vulnerability remains largely unresolved. This highlights the critical yet often neglected aspect of DNS security within broader cybersecurity efforts. 

To effectively combat this pressing cybersecurity threat, a collaborative effort is essential involving domain holders, DNS providers, registrars, regulatory bodies, and the broader cybersecurity community. Infoblox and Eclypsium are playing a crucial role by partnering with law enforcement agencies and national Computer Emergency Response Teams (CERTs) to mitigate and diminish the impact of this critical security issue.
Read more »
Ukraine-Russia Conflict
ATM ATM Hacking Banking System attacked Cyber Attacks Cyber Warfare Russian Cyber Security Ukraine-Russia Conflict

Ukraine Hacks ATMs Across Russia in Massive Cyberattack



On July 23, 2024, a massive cyberattack launched by Ukrainian hackers targeted Russian financial institutions, disrupting ATM services across the country. According to a source within Ukrainian intelligence, the attack is “gaining momentum” as it continues to cripple banking services. By July 27, the fifth day of the cyberattack, customers of several prominent Russian banks found themselves unable to withdraw cash. When attempting to use ATMs, their debit and credit cards were immediately blocked, leaving them stranded without access to their funds. 

The intelligence source, who provided written comments to the Kyiv Post, indicated that the attack had affected numerous banks, including Dom.RF, VTB Bank, Alfa-Bank, Sberbank, Raiffeisen Bank, RSHB Bank, Rosbank, Gazprombank, Tinkoff Bank, and iBank. The widespread disruption has caused significant inconvenience for customers and highlighted vulnerabilities within Russia’s financial infrastructure. The source in Ukrainian intelligence mocked the situation, suggesting that the Kremlin’s long-desired “import substitution” might now include reverting to wooden abacuses, paper savings books, and cave paintings for accounting. 

This remark underscores the scale of the disruption and the potential for outdated methods to replace modern financial technologies temporarily. The cyberattack represents a significant escalation in the ongoing cyber conflict between Ukraine and Russia. While cyberattacks have been frequent on both sides, the targeting of ATM services and the subsequent blocking of debit and credit cards mark a notable shift towards directly impacting ordinary citizens’ daily lives. This attack not only disrupts financial transactions but also instills a sense of insecurity and distrust in the reliability of banking systems. 

The list of affected banks reads like a who’s who of Russia’s financial sector, including both state-owned and private institutions. The inability to withdraw cash from ATMs during the attack has put pressure on these banks to quickly resolve the issues and restore normal services to their customers. However, the continued nature of the cyberattack suggests that solutions may not be forthcoming in the immediate future. The Ukrainian hackers’ ability to sustain such a large-scale cyberattack over several days indicates a high level of coordination and technical expertise. It also raises questions about the preparedness and resilience of Russian banks’ cybersecurity measures. 

As the attack progresses, it is likely that both sides will escalate their cyber capabilities, leading to further disruptions and countermeasures. The broader implications of this cyberattack are significant. It highlights the increasingly blurred lines between cyber warfare and traditional warfare, where digital attacks can cause real-world consequences. The disruption of banking services serves as a stark reminder of how dependent modern societies are on digital infrastructure and the potential vulnerabilities that come with it. 

In response to the ongoing cyberattack, Russian banks will need to bolster their cybersecurity defenses and develop contingency plans to mitigate the impact of such attacks in the future. Additionally, international cooperation and dialogue on cybersecurity norms and regulations will be crucial in preventing and responding to similar incidents on a global scale. As the situation develops, the cyber conflict between Ukraine and Russia will likely continue to evolve, with both sides seeking to leverage their technological capabilities to gain an advantage. The ongoing cyberattack on Russian ATMs is a clear demonstration of the disruptive potential of cyber warfare and the need for robust cybersecurity measures to protect critical infrastructure.
Read more »
Threat Landscape
Canada City of Hamilton Cyber Attacks Cyber Warfare Threat Landscape

Hamilton City's Network is the Latest Casualty of the Global Cyberwar.

 

The attack that took down a large portion of the City of Hamilton's digital network is only the latest weapon in a global fight against cybersecurity, claims one of Canada's leading cybersecurity experts. 

Regarding the unprecedented attack on the municipality's network that affected emergency services operations, the public library website, and the phone lines of council members, not much has been stated by city officials. Although the specifics of the Sunday incident are yet unknown, Charles Finlay, executive director of Rogers Cybersecure Catalyst, believes that the attack is a part of a larger campaign against a shadow firm that is determined to steal money and data. 

“I don't think that the average citizen of Hamilton or any other city, fully understands what's at play here,” Finlay stated. “Our security services certainly are, but I don't think the average citizen is aware of the fact that institutions in Canada, including Hamilton, are at the front lines of what amounts to a global cybersecurity conflict.” 

On Sunday, city hall revealed service delays caused by what it later described as a "cybersecurity incident" that had far-reaching consequences for the city's network and related services. 

The specifics of what took place, however, remain unknown as local officials maintain a cloak of secrecy. So far, the city has refused to divulge the amount of the damage or how affected departments are operating. Emergency services are described as "operational," with some activities now being completed "manually," but officials refuse to disclose specifics.

The city also refuses to reveal whether sensitive data was stolen or is being held ransom.

According to Vanessa Iafolla of Halifax-based Anti-Fraud Intelligence Consulting, a municipality may prefer to delay reporting the extent of the harm in order to preserve an impression of security and control. 

Finlay and Iafolla said they can only speculate about what transpired because city hall hasn't provided any information. However, given the available details and the consequences of other institutions' attacks, a ransomware attack is a realistic possibility. 

A ransomware assault is one in which malicious software is installed on a network, allowing users to scan and grab sensitive data. In the case of the city, Iafolla could refer to personal information on employees and citizens, such as social insurance numbers and other identifying information.

“It's a safe bet that whatever they took is likely of real financial value,” concluded Iafolla. “It's difficult to speculate exactly what may have been taken, but I would be pretty confident in thinking whatever it is, is going to be a hot commodity.”
Read more »
Threat actors
critical infrastructures Cyber Attacks Cyber Warfare Data Hacktivists Israel-Palestine tensions Safety Security Threat actors

Pro-Palestinian Hacktivists Reportedly Employ Crucio Ransomware

 

In a recent development, a newly emerged pro-Palestine hacking collective identifying itself as the 'Soldiers of Solomon' has claimed responsibility for infiltrating more than 50 servers, security cameras, and smart city management systems located within the Nevatim Military area.

According to the group's statement, they employed a ransomware strain dubbed 'Crucio,' hinting at a possible utilization of Ransomware-as-a-Service. Additionally, they assert to have gained access to an extensive cache of data amounting to a staggering 25 terabytes.

In an unconventional public relations move, the Soldiers of Solomon disseminated this information via email to multiple threat intelligence firms, including Falconfeeds, alongside other influential entities actively engaged on Twitter.

To substantiate their claims, the group supplied visual evidence obtained from the breached CCTV systems, as well as images showcasing altered desktop wallpapers bearing their statement, as per Falconfeeds.

The year 2023 has witnessed a resurgence of hostilities between Israel and Palestine, culminating in a full-scale armed conflict. The longstanding discord between the two nations, which traces back to the early 20th century, has witnessed significant escalations since 2008. 

Reports indicate that while the 2014 conflict was marked by unprecedented devastation, the 2023 altercation raises concerns about an even higher casualty count.

The conflict zone in Gaza has become a focal point for retaliatory strikes from both hacktivist groups and Threat Actors (TAs), a trend anticipated given similar patterns observed since 2012. 

Cyberattacks have increasingly become complementary strategies within the context of contemporary warfare, a phenomenon noted even prior to the onset of the Russia-Ukraine conflict in early 2022.

Additionally, Cyble Research & Intelligence Labs (CRIL) has been meticulously curating intelligence amidst the fog of cyber-attacks, monitoring the activities of hacktivists and various threat actors to discern noteworthy developments in the cyber theatre. They have observed a diverse array of malicious techniques being employed by hacktivists and threat actors to exploit vulnerabilities in critical infrastructures and disrupt their operations.
Read more »
Subscribe to: Posts (Atom)