Security News

The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. "Today, the Department of State is announcing a reward offer of up to $10,000,000 for information leading to the identification and/or location of any individual(s) who hold a key leadership position in the Hive ransomware variant transnational organized crime group," the State Department said.

Volt Typhoon isn't the only Chinese spying crew infiltrating computer networks in America's energy sector and other critical organizations with the aim of wrecking equipment and causing other headaches, the US government has said. Last week, the FBI said it obtained search warrants and issued a remote kill command to wipe Volt Typhoon's botnet after the gang infected hundreds of end-of-life routers with backdoor malware to break into critical infrastructure networks.

The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. Volt Typhoon hackers are known for extensively using living off the land techniques as part of their attacks on critical infrastructure organizations.

The US government today confirmed that China's Volt Typhoon crew comprised "Multiple" critical infrastructure org's IT networks, and warned that the state-sponored hackers are readying "Disruptive or destructive cyberattacks" against these targets. "Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the 12 government agencies warned.

Iran's anti-Israel cyber operations are providing a window into the techniques the country may deploy in the run-up to the 2024 US Presidential elections, Microsoft says. An analysis of Iran's activity, published by Microsoft Threat Analysis Center today, concluded that Iran may again target US elections as it did in 2020, using more sophisticated techniques from a wealth of different groups.

Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States. "The State Department is implementing a new policy today that will allow the imposition of visa restrictions on individuals involved in the misuse of commercial spyware," Blinken said.

The FBI has disrupted the KV botnet, used by People's Republic of China state-sponsored hackers to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations.

Chinese attackers are preparing to "Wreak havoc" on American infrastructure and "Cause societal chaos" in the US, infosec, and law enforcement bosses told a US House committee on Wednesday. The hearing coincided with the FBI's confirmation that it obtained search warrants and issued a remote kill command to wipe Volt Typhoon's botnet after the Chinese crew infected hundreds of end-of-life routers and attempted to break into American critical infrastructure targets.

The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack. One month later, DraftKings said it had refunded hundreds of thousands of dollars stolen from 67,995 customers whose accounts were hijacked in the incident.

The US Justice Department and FBI may have scored a win over Chinese state-sponsored snoops trying to break into American critical infrastructure. Law enforcement obtained a court order granting them permission to "Remotely disable aspects of the Chinese hacking campaign."