Anticipated for months, the Biden administration unveiled a sweeping set of sanctions and other actions against the Russian government, as well as private individuals and a number of Russian tech and defense companies. While applauded in cyber circles, some remain skeptical that the efforts will deter Moscow’s cyberespionage efforts.
Amid tensions along their border, the new RedEcho group is breaching power infrastructure in India.
Malwarebytes’ exposé of LazyScripter revealed that the group has operated since at least 2018, targeting International Air Transport Association (IATA) members, airlines and immigrants seeking employment in Canada. How significant are such findings? SC media spoke to researchers, who said Identifying a new actor is the first step in creating a defense.
Researchers at Kasperksy have tied a piece of malware used by Lazarus Group last seen targeting security vulnerability researchers earlier this year to another campaign by the North Korean hacking group focused on pilfering sensitive data from defense contractors.
New Cisco research shows that the Gamaredon group, traditionally associated with attacks against Ukraine, is willing to target anybody, unlike the traditional model of espionage focusing on a few defined regions or industries at a time.
Some question Microsoft’s decision to close the book on the investigation, and say zero trust might not have made a significant difference.
The Lebanese group’s attacks started by using known vulnerabilities on public web servers, then distributing custom malware to steal files, while staying hidden.
While tempting, most experts agree that hack-back strategies are a bad idea for companies. But there are tactics that can help deter nation-state actors and limit their ability to penetrate networks.
Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.
The effectiveness of this operation serves as a reminder of the risks of openly sharing and storing plain-text network credentials or sensitive network access instructions on internet-accessible apps or servers.
