Security News

The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022. "Once the victim installs a Trojanized bundle, it drops RomCom RAT to the system."

Spies for months hid inside a US military contractor's enterprise network and stole sensitive data, according to a joint alert from the US government's Cybersecurity and Infrastructure Security Agency, the FBI, and NSA. The intruders somehow broke into the defense org's Microsoft Exchange Server - the Feds still aren't sure how - and rummaged through mailboxes for hours and used a compromised admin account to query Exchange via its EWS API. The snoops also ran Windows commands to learn more about the IT setup and gathered up files into archives using WinRAR. Interestingly, the cyberattackers also used the open source network toolkit Impacket to remote-control machines on the network and move laterally. It seems someone eventually realized something was up because from November 2021 to January 2022, CISA and a "Trusted third-party" security company were called in to check over the contractor's enterprise network in an incident response.

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. "The attack was carried out starting in late summer 2022 targeting at least two high-profile military contractor companies," Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in an analysis.

Security researchers have discovered a new campaign targeting multiple military contractors involved in weapon manufacturing, including an F-35 Lightning II fighter aircraft components supplier. The campaign stands out for its secure C2 infrastructure and multiple layers of obfuscation in the PowerShell stagers.

China has accused the U.S. National Security Agency of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi'an in June 2022. The National Computer Virus Emergency Response Centre disclosed its findings last week, and accused the Office of Tailored Access Operations at the USA's National Security Agency of orchestrating thousands of attacks against the entities located within the country.

China has accused the United States of a savage cyber-attack on a university famed for conducting aerospace research and linked to China's military. The National Computer Virus Emergency Response Centre made its accusation on September 5th, claiming that the Office of Tailored Access Operation at the USA's National Security Agency has unleashed over 10,000 attacks in China, some using zero-day exploits, and lifted 140GB of "High value data".

Russia's military has praised civilian grade Chinese-made drones and robots for having performed well on the battlefield, leading their manufacturers to point out the equipment is not intended or sold for military purposes. "When assembling the M-81, Chinese technologies are used, the cost is 1 million rubles. The company plans to launch production in Russia," reported Russian tech media source iXBT. In late July, Unitree tweeted that it "Opposes any form of refit and behavior that is harmful or potentially harmful for human beings" and that it only manufactures and sells civilian products.

India's military has celebrated the nation's Independence Day by announcing it will adopt locally developed quantum key distributiontechnology that can operate across distances of 150km. While the likes of Toshiba offer a commercial service, current implementations such as a network in London span just 32km. India's military announced it has trialled tech that operates over 150km, and now plans to buy it and put it to work.

Taiwan's Ministry of National Defense confirmed it was hit by a DDoS attack on Wednesday in what has been an eventful week for the island nation, US-Sino relations, and semiconductors. The DDoS attack on the Ministry of Defense followed a separate one on Taiwan's presidential website on Tuesday.

The government of Belgium has claimed it detected three Chinese Advanced Persistent Threat actors attacking its public service and defence forces. A government statement names Advanced Persistent Threat 27, 30, and 31 - aka UNSC 2814, GALLIUM, and SOFTCELL - as the groups responsible for the attacks.