Security News

The US Department of Energy has announced that it will provide $12 million in funding to six university teams to develop defense and mitigation tools to protect US energy delivery systems from cyberattacks. Cybersecurity tools developed as a result of the six university-led research, development, and demonstration projects will focus on detecting, blocking, and mitigating attempts to compromise critical controls within the US power grid.

The US Federal Bureau of Investigation warned Food and Agriculture sector organizations today of an increased risk that ransomware gangs "May be more likely" to attack them during the harvest and planting seasons. While ransomware groups regularly target the US agriculture sector, the FBI noted that the number of attacks against such entities during such critical seasons stands out.

"Given recent intelligence indicating that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure, CISA along with our interagency and international partners are putting out this advisory to highlight the demonstrated threat and capability of Russian state-sponsored and Russian aligned cybercrime groups," added CISA Director Jen Easterly. The Five Eyes cybersecurity agencies recommends measures critical infrastructure orgs should take to harden their defenses and protect their information technology and operational technology networks against Russian state-sponsored and criminal cyber threats, including ransomware, destructive malware, DDoS attacks, and cyber espionage.

Lazarus - also known as APT38, BlueNoroff, and Stardust Chollima - is casting a wide net with this campaign, with targets including cryptocurrency exchanges, decentralized finance protocols, pay-to-earn cryptocurrency video games, and crypto-coin trading companies. The TraderTraitor apps come with a range of names, such as DAFOM, which purports to be a cryptocurrency portfolio app; TokenAIS and CryptAIS, for building AI-based trading portfolios for cryptocurrencies; and Esilet, for live cryptocurrency prices.

CISA, the FBI, and the US Treasury Department warned today that the North Korean Lazarus hacking group is targeting organizations in the cryptocurrency and blockchain industries with trojanized cryptocurrency applications. The attackers use social engineering to trick employees of cryptocurrency companies into downloading and running malicious Windows and macOS cryptocurrency apps.

US critical infrastructures targeted by complex malware. The Department of Energy, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation are warning the US energy sector that certain APT threat actors have exhibited the capability to gain full system access to multiple industrial control system and supervisory control and data acquisition devices.

Attackers unleash LockBit ransomware on US government computers. One attack highlighted in the report found that ransomware groups spend at least five months combing through a regional U.S. government agency's files and system before deploying a LockBit attack onto the affected computer.

The Treasury Department's Office of Foreign Assets Control has updated its Specially Designated Nationals list with new information linking the North Korean-backed Lazarus Group APT to the largest cryptocurrency hack in history. Blockchain data platform Chainalysis first spotted that a new ETH address added by OFAC to the SDN list as part of the Lazarus Group entry was also used in March to collect the ETH and USDC tokens stolen during the Axie Infinity's Ronin bridge hack.

You may recall the late cryptocurrency trading hamster, Mr Goxx, who went viral during his brief and colourful life as a rodentine coinhodler. Sadly, given how this particular story ends, US cryptocurrency developer Virgil Griffith has provided another episode in the never-a-dull-moment world of cryptocurrencies.

A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy warns of government-backed hacking groups being able to hijack multiple industrial devices.The federal agencies said the threat actors could use custom-built modular malware to scan for, compromise, and take control of industrial control system and supervisory control and data acquisition devices.