Security News

Federal regulators are taking a closer look at Google's planned $5.4 billion acquisition of Mandiant, a deal designed to boost the web giant's public cloud's cybersecurity capabilities. In announcing its bid March 8, Google Cloud CEO Thomas Kurian said in a statement that "Organizations around the world are facing unprecedented cybersecurity challenges as the sophistication and severity of attacks that were previously used to target major governments are now being used to target companies in every industry."

Researchers have compared Triton's targeting of industrial control systems to malware used in the watershed attacks Stuxnet and Industroyer/Crashoverride, the latter of which is a backdoor that targets ICS and which took down the Ukrainian power grid in Kiev in 2016. The indictment that names the FSB officers alleges that, between 2012 and 2017, Akulov, Gavrilov, Tyukov and their co-conspirators engaged in computer intrusions, including supply chain attacks, "In furtherance of the Russian government's efforts to maintain surreptitious, unauthorized and persistent access to the computer networks of companies and organizations in the international energy sector, including oil and gas firms, nuclear power plants, and utility and power transmission companies."

The United States Department of Justice has unsealed a pair of indictments that detail alleged Russian government hackers' efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure around the world - including at least one nuclear power plant. The trio allegedly spent 2012 to 2014 working on a project code-named "Dragonfly" during which a supply chain attack targeted updates of industrial control systems and supervisory control and data acquisition systems.

The US Federal Trade Commission and Department of Justice Antitrust Division are launching a joint public inquiry as a first step to modernising merger guidelines and preventing anticompetitive deals. FTC chair Lina Khan said it was time for a merger review because the number of global deals reached in 2021 was the highest ever recorded - at a whopping $5.8 trillion - with the DoJ receiving twice the number of merger filings as in 2020.

The DOJ said that the money was traced back to alleged ransom payments received by Yevgeniy Polyanin, 28, a Russian national, who's also been charged with REvil ransomware attacks against multiple victims, including businesses and government entities in Texas on or about Aug. 16, 2019. Romanian authorities arrested two suspected REvil operators whom they suspect are behind 5,000 infections and who've allegedly pocketed half a million euros in ransom payments.

The U.S. Attorney's Office for the Southern District of New York has charged a man for illegally streaming MLB, NBA, NFL, and NHL games via the web and hacking into sports leagues' customer accounts. The charged individual is Joshua Streit, 30, of Minnesota, who allegedly streamed illegal re-broadcasts of major American sports leagues, including the Major League Baseball, National Basketball Association, National Football League, and the National Hockey League.

The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russian Foreign Intelligence Service during the SolarWinds global hacking spree. Even though other districts were also affected by the attacks to a lesser degree, the Russian SVR state hackers managed to breach the O365 email accounts of at least 80 percent of employees from US Attorneys' offices located in the Eastern, Northern, Southern, and Western Districts of New York.

The Department of Justice has seized 63.7 bitcoins currently valued at approximately $2.3 million. "Ransom payments are the fuel that propels the digital extortion engine, and today's announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks."

The Department of Justice has charged a woman in Rhode Island in a phishing campaign against candidates for political office and related associates that impersonated various individuals-including campaign workers and the Microsoft security team-in an attempt to trick victims into providing account credentials. The U.S. Attorney's Office for the District of Massachusetts has charged Diana Lebeau, 21, of Cranston, R.I., with "Attempted unauthorized access to a protected computer," according to a press release from the DoJ. The charge relates to a phishing campaign Lebeau allegedly mounted beginning in January 2020 against about 22 campaign staffers for an unnamed candidate for political office, as well as another political candidate-also not identified-and related associates, according to the DoJ. Assistant U.S. Attorney Seth Kosto is prosecuting the case.

A former track-and-field coach who worked at several universities has been arrested and is facing up to five years in prison for attempting to solicit nude photos of his athletes through sham social-media accounts and cyberstalking. The Department of Justice alleged that Steve Waithe, while coaching at Northeastern University, would often ask his athletes to give him their phones during competition and practices, ostensibly, so he could film their form, the U.S. Attorney for the District of Massachusetts said.