Security News

A new threat actor named 'YoroTrooper' has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States countries. Cisco Talos reports having evidence of YoroTrooper exfiltrating large volumes of data from infected endpoints, including account credentials, cookies, and browsing histories.

The Russia-affiliated Sandworm used yet another wiper malware strain dubbed NikoWiper as part of an attack that took place in October 2022 targeting an energy sector company in Ukraine. The use of SDelete is notable, as it suggests that Sandworm has been experimenting with the utility as a wiper in at least two different instances to cause irrevocable damage to the targeted organizations in Ukraine.

Colombian energy company Empresas Públicas de Medellín suffered a BlackCat/ALPHV ransomware attack on Monday, disrupting the company's operations and taking down online services. The Prosecutor's Office later confirmed to EL COLOMBIANO that ransomware was behind the attack on EPM that caused devices to be encrypted and data to be stolen.

Microsoft said today that security vulnerabilities found to impact a web server discontinued since 2005 have been used to target and compromise organizations in the energy sector. The attackers gained access to the internal networks of the hacked entities via Internet-exposed cameras on their networks as command-and-control servers.

The key trends for the energy industry are about how we manage the future supply and demand challenges at a much more granular level than we are currently able do. If we're ever to balance the supply and demand equation against the backdrop of increased consumer demands, and the increased complexity in the generation, distribution and storage systems, this supply and demand will have to base its existence on an increase in interconnectivity and information sharing between all these elements to make them work.

The Hive ransomware-as-a-service group has claimed responsibility for a cyber attack against Tata Power that was disclosed by the company less than two weeks ago. The threat actor has also been observed leaking stolen data exfiltrated prior to encrypting the network as part of its double extortion scheme.

The Iranian Atomic Energy Organization has confirmed that one of its subsidiaries' email servers was hacked after the ''Black Reward' hacking group published stolen data online.AEOI says an unauthorized party from a specific foreign country, which is not named, stole emails from the hacked server, which consisted of daily correspondence and technical memos.

Iran's Atomic Energy Organization has laughed off claims that the email systems of a subsidiary were compromised, revealing important operational data about a nuclear power plant. An activist group that calls itself Black Reward and claims to be from Iran took to Telegram last Friday with claims it had accessed an email server run by a company related to Iran's Atomic Energy Organization and exfiltrated 324 inboxes comprising over 100,000 messages and totalling over 50G of files.

You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.

Tata Power Company Limited, India's largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted "Some of its IT systems," the company said in a filing with the National Stock Exchange of India.