Security News

Recent activity that Facebook associated with the group focused on military personnel, defense organizations, and aerospace entities primarily in the United States and, to a lesser extent, the U.K. and Europe, showing an escalation of the group's cyberespionage activities. Today, Facebook revealed that it took action against similar attacks from the Iranian hacking group, which leveraged its online platform to lure victims into downloading malware.

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency, Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and the U.K.'s National Cyber Security Centre formally attributed the incursions to the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center. "The campaign uses a Kubernetes cluster in brute force access attempts against the enterprise and cloud environments of government and private sector targets worldwide," CISA said.

United States trucks and military vehicles maker Navistar International Corporation has confirmed a cyberattack that resulted in some data being stolen. On Monday, in a Form 8-K filing with the Securities and Exchange Commission, Navistar said it earned of a credible potential cybersecurity threat to its information technology system on May 20, 2021.

Navistar International Corporation, a US-based maker of trucks and military vehicles, says that unknown attackers have stolen data from its network following a cybersecurity incident discovered on May 20, 2021. "Upon learning of the cybersecurity threat, the Company launched an investigation and undertook immediate action in accordance with its cybersecurity response plan, including employing containment protocols to mitigate the impact of the potential threat, engaging internal and third-party information technology security and forensics experts to assess any impact on the Company's IT System, and utilizing additional security measures to help safeguard the integrity of its IT System's infrastructure and data contained therein," Navistar said.

The Russia-linked threat group known as APT28 has been observed using a new backdoor in a series of attacks targeting military and government institutions, researchers with threat intelligence company Cluster25 reveal. For initial access, the threat actor is known to use tactics such as watering hole attacks, social engineering, zero-day vulnerabilities, and stolen credentials, followed by the deployment of tools and malware that allow it to achieve persistence and gain access to information of interest.

Fans of John le Carré's Tinker Tailor Soldier Spy know how top military secrets are extracted from the enemy. If head KGB spy Karla wanted to learn intricate details of the British military today, he'd just have to check WhatsApp.

USENIX, the not-for-profit advanced computing association, has decided to put an end to its beloved LISA sysadmin conferences, at least as a standalone event. In an online announcement, the LISA steering committee said that after 35 years of producing the "Best systems engineering content" the event "Will no longer be scheduled as a standalone conference."

Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions.

A cyber-espionage group believed to be sponsored by the Chinese government has been observed targeting military organizations in Southeast Asia in attacks involving previously undocumented malware, Bitdefender reported on Wednesday. The group has been known to focus on government and military organizations.

A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. Naikon is likely a state-sponsored threat actor tied to China, mostly known for focusing its efforts on high-profile orgs, including government entities and military orgs.