Security News

Fallout from nation-state sponsored cyberattacks will no longer be covered under cyber-insurance policies issued by famed insurer Lloyd's of London. The insurance juggernaut's underwiring director Patrick Davidson just released four new Cyber War and Cyber Operation Exclusion Clauses, outlining the new terms.

Google's Threat Analysis Group on Thursday said it's tracking more than 270 government-backed threat actors from more than 50 countries, adding it has approximately sent 50,000 alerts of state-sponsored phishing or malware attempts to customers since the start of 2021. Google said it disrupted a number of campaigns mounted by an Iranian state-sponsored attacker group tracked as APT35, including a sophisticated social engineering attack dubbed "Operation SpoofedScholars" aimed at think tanks, journalists, and professors with an aim to solicit sensitive information by masquerading as scholars with the University of London's School of Oriental and African Studies.

Google said today that it sent roughly 50,000 alerts of state-sponsored phishing or hacking attempts to customers during 2021, a considerable increase compared to the previous year. "So far in 2021, we've sent over 50,000 warnings, a nearly 33% increase from this time in 2020," said Ajax Bash, a Google security engineer working with the company's Threat Analysis Group.

Blackberry's Research and Intelligence Team has uncovered three phishing schemes targeting Indian nationals, and says a Chinese state-sponsored malware gang is the culprit. Blackberry identified the responsible party as APT41 - a prolific Chinese state-sponsored cyberthreat group that has carried out what Fireye called "Espionage activity in parallel with financially motivated operations" since at least 2012.

Masquerading as UK scholars with the University of London's School of Oriental and African Studies, the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps intelligence collection efforts, established backstopping for their credential phishing infrastructure by compromising a legitimate site of a highly regarded academic institution to deliver personalized credential harvesting pages disguised as registration links.

Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard'," cybersecurity firm Flashpoint said in its findings summarizing three documents leaked by an anonymous entity named Read My Lips or Lab Dookhtegan between March 19 and April 1 via its Telegram channel.

Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. "While the initial vector for the infection is not entirely clear. [We believe] with a medium level of confidence that victims were lured to a domain under control [a] the threat actor, from which they were infected with malware," according to McAfee researchers in a Tuesday report.

Twitter this week announced that it has suspended multiple accounts that were found to be part of four networks involved in disinformation activities associated with Armenia, Iran, and Russia. The threat actors behind these accounts are believed to be state-sponsored, and Twitter permanently suspended all four networks, for violating its manipulation policies.

A majority of businesses surveyed for a study by the Economist Intelligence Unit and the Cybersecurity Tech Accord, see state-led and sponsored cyberattacks as a major threat. That attack was a moment of reckoning for many organizations about the challenges posed by state-led and -sponsored cyberattacks but, as the survey reveals, many businesses have long been aware of the escalating threat.

Researchers at mobile security firm Lookout have published information on two recently discovered Android spyware families employed by an advanced persistent threat group named Confucius. For the past several years it also switched to mobile malware, with the first Android surveillanceware ChatSpy being observed in 2018.