What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-04-29 11:04:11 | Blackout d'Espagne: Cyber ou pas? Une analyse technique impartiale Spain\\'s blackout: Cyber or Not? An unbiased technical analysis (lien direct) |
 IntroductionYesterday afternoon, I was writing what should have been the regular newsletter when the power suddenly went out. I wasn\'t alarmed at all because I live in a mountain area, and power outages like this happen several times a year. It was a slightly windy day, so I assumed that maybe a tree had cracked and hit a low-voltage line or something similar. But, as it turns out, that wasn\'t the case. Instead, something unprecedented occurred, a \'zero energy\' event: the power grid in Spain and Portugal went down completely.As we can see from the following graph coming from Red Eléctrica Española (transmission system operator responsible for managing the Spanish electricity system), at 12:35pm suddenly 15 GW of generation power went \'missing\'. As the prime minister would explain during a press release: "in 5 seconds, 60% of the country\'s demand disappeared from the system". The interconnected power system is one of the most complex systems ever built. It is beyond the scope of this article to provide a detailed technical assessment of all possible non-cyber scenarios that could contribute to a \'black swan\' event. In fact, investigations into large-scale power outages typically take months to reach reliable conclusions. Therefore, I will leave this task to the experts, who have access to the necessary data to conduct such a complex analysis.However, there is specific information suggesting that a potential cyber attack could be behind this. For example:https://www.larazon.es/economia/cni-apunta-ciberataque-como-posible-causa-apagon_20250428680f7e19319ae75da4ba8c32.htmlThe President of the regional government of Andalusia (Spain) claims that, after consulting with cybersecurity experts, the massive power outage is likely the result of a cyber attack.https://www.eleconomista.es/energia/noticias/13337515/04/25/juanma-moreno-apunta-a-un-ciberataque-como-posible-causa-del-gran-apagon-en-espana.htmlMeanwhile, top European figures such as the European Council p |
Ransomware Malware Threat Studies Prediction Technical | APT 44 | ★★★ |
 |
2025-04-15 08:22:39 | Les hacktivistes ciblent l'infrastructure critique, passez à des ransomwares Hacktivists Target Critical Infrastructure, Move Into Ransomware (lien direct) |
Présentation
Selon un nouveau rapport Cyble, les hacktivistes vont de plus en plus au-delà des activités traditionnelles telles que les attaques DDOS et les défaillances de sites Web en infrastructure critique plus sophistiquée et attaques de ransomwares.
Dans un rapport pour les clients, Cyble a déclaré que le hacktivisme s'est «transformé en un instrument complexe de guerre hybride» avec la montée en puissance des groupes qui ont adopté des techniques d'attaque plus sophistiquées plus généralement associées aux acteurs de l'État-nation et aux groupes de menaces motivés financièrement.
Hacktivism "ne se limite plus aux explosions idéologiques marginales", selon le rapport. «Il s'agit maintenant d'un appareil de cyber-insurrection décentralisé, capable de façonner les récits géopolitiques, de déstabiliser les systèmes critiques et de s'engager directement dans des conflits mondiaux à travers le domaine numérique.»
Le rapport CYBLE a examiné les groupes hacktiviste les plus actifs au premier trimestre de 2025, les nations et les secteurs les plus ciblés, les techniques d'attaque émergentes, et plus encore.
Les groupes hacktiviste les plus actifs ciblent l'infrastructure critique
Les hacktivistes pro-russes étaient les plus actifs au premier trimestre, dirigés par NONAME057 (16), Hacktivist Sandworm |
Ransomware Tool Vulnerability Threat Legislation Industrial Prediction Cloud Technical | APT 44 | ★★★ |
|
2025-02-20 13:21:16 | (Déjà vu) Russia-Linked Actors Exploiting Signal Messenger\\'s “Linked Devices” Feature for Espionage in Ukraine (lien direct) | 
Overview
Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists.
The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques.
Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app.
Tactics Used to Compromise Signal Accounts
Exploiting Signal\'s "Linked Devices" Feature
Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise.
The phishing methods used to deliver these malicious QR codes include:
Fake Signal group invites containing altered JavaScript redirects.
Phishing pages masquerading as Ukrainian military applications.
|
Malware Tool Vulnerability Threat Mobile Cloud Conference | APT 44 | ★★ |
 |
2025-02-19 14:00:00 | Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger (lien direct) | Written by: Dan Black
Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia\'s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia\'s re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war. Signal\'s popularity among common targets of surveillance and espionage activity-such as military personnel, politicians, journalists, activists, and other at-risk communities-has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements. More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats. We are grateful to the team at Signal for their close partnership in investigating this activity. The latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features. Phishing Campaigns Abusing Signal\'s "Linked Devices" Feature The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate "linked devices" feature that enables Signal to be used on multiple devices concurrently. Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim\'s account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim\'s secure conversations without the need for full-device compromise. |
Malware Threat Mobile Cloud Commercial | APT 44 | ★★ |
|
2025-02-13 21:27:54 | Microsoft Uncovers \\'BadPilot\\' Campaign as Seashell Blizzard Targets US and UK (lien direct) | Russian GRU-linked hackers exploit known software flaws to breach critical networks worldwide, targeting the United States and the…
Russian GRU-linked hackers exploit known software flaws to breach critical networks worldwide, targeting the United States and the… |
Threat | APT 44 | ★★★ |
 |
2025-02-13 06:02:16 | Russia-Linked Seashell Blizzard Intensifies Cyber Operations Against Critical Sectors (lien direct) | The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed. Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots, and Voodoo Bear, Seashell Blizzard has been active since at least 2009 and is believed [...]
The Russia-linked threat actor known as Seashell Blizzard has assigned one of its subgroups to gain initial access to internet-facing infrastructure and establish long-term persistence within targeted entity, a Microsoft report has revealed. Also dubbed APT44, BlackEnergy Lite, Sandworm, Telebots, and Voodoo Bear, Seashell Blizzard has been active since at least 2009 and is believed [...] |
Threat | APT 44 | ★★★ |
 |
2025-02-12 17:58:47 | Russian state threat group shifts focus to US, UK targets (lien direct) | >A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said.
>A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said. |
Vulnerability Threat | APT 44 | ★★★ |
|
2025-02-11 20:00:00 | Cybercrime: A Multifaceted National Security Threat (lien direct) | Executive Summary Cybercrime makes up a majority of the malicious activity online and occupies the majority of defenders\' resources. In 2024, Mandiant Consulting responded to almost four times more intrusions conducted by financially motivated actors than state-backed intrusions. Despite this overwhelming volume, cybercrime receives much less attention from national security practitioners than the threat from state-backed groups. While the threat from state-backed hacking is rightly understood to be severe, it should not be evaluated in isolation from financially motivated intrusions. A hospital disrupted by a state-backed group using a wiper and a hospital disrupted by a financially motivated group using ransomware have the same impact on patient care. Likewise, sensitive data stolen from an organization and posted on a data leak site can be exploited by an adversary in the same way data exfiltrated in an espionage operation can be. These examples are particularly salient today, as criminals increasingly target and leak data from hospitals. Healthcare\'s share of posts on data leak sites has doubled over the past three years, even as the number of data leak sites tracked by Google Threat Intelligence Group has increased by nearly 50% year over year. The impact of these attacks mean that they must be taken seriously as a national security threat, no matter the motivation of the actors behind it. Cybercrime also facilitates state-backed hacking by allowing states to purchase cyber capabilities, or co-opt criminals to conduct state-directed operations to steal data or engage in disruption. Russia has drawn on criminal capabilities to fuel the cyber support to their war in Ukraine. GRU-linked APT44 (aka Sandworm), a unit of Russian military intelligence, has employed malware available from cybercrime communities to conduct espionage and disruptive operations in Ukraine and CIGAR (aka RomCom), a group that historically focused on cybercrime, has conducted espionage operations against the Ukrainian government since 2022. However, this is not limited to Russia. Iranian threat groups deploy ransomware to raise funds while simultaneously conducting espionage, and Chinese espionage groups often supplement their income with cybercrime. Most notably, North Korea uses state-backed groups to directly generate revenue for the regime. North Korea has heavily targeted cryptocurrencies, compromising exchanges and individual victims\' crypto wallets. Despite the overlaps in effects and collaboration with states, tackling the root causes of cybercrime requires fundamentally different solutions. Cybercrime involves collaboration between disparate groups often across borders and without respect to sovereignty. Any solution requires international cooperation by both law enforcement and intelligence agencies to track, arrest, and prosecute these criminals. Individual takedowns can have important temporary effects, but the collaborative nature of cybercrime means that the disrupted group will be quickly replaced by others offering the same service. Achieving broader success will require collaboration between countries and public and private sectors on systemic solutions such as increasing education and resilience efforts. aside_block | Ransomware Malware Tool Vulnerability Threat Legislation Medical Cloud Technical | APT 41 APT 38 APT 29 APT 43 APT 44 | ★★★ |
1
We have: 8 articles.
We have: 8 articles.
To see everything:
Our RSS (filtrered)
