Security News

The Treasury Department's Office of Foreign Assets Control announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps for their involvement in ransomware attacks. Throughout the last two years, these threat actors have been linked to ransomware incidents where they compromised networks belonging to organizations in the United States and worldwide.

The U.S. Treasury Department announced sanctions today against Iran's Ministry of Intelligence and Security and its Minister of Intelligence for their role in the July cyberattack against the government of Albania, a U.S. ally and a NATO member state. MOIS is the Iranian government's leading intelligence agency, tasked with coordinating intelligence and counterintelligence efforts, as well as covert actions supporting the Islamic regime's goals beyond the country's borders.

The US Commerce Department's Bureau of Industry and Security has relaxed restrictions that barred export of some encryption technologies to Huawei, in the name of ensuring the United States is in a better position to negotiate global standards. A Thursday announcement [PDF] explains the decision was taken because American businesses have told the Biden administration they're confused about whether they need to seek a license before bringing some tech to standards talks.

Mandiant is "Highly confident" that foreign cyberspies will target US election infrastructure, organizations, and individuals in the run-up to the November midterm elections. "We have tracked activity from groups associated with Russia, China, Iran, North Korea, and other nations targeting organizations and individuals related to elections in the US and/or other nations with apparent goals ranging from information collection and establishing footholds or stealing data for later activity to one known case of a destructive attack against critical election infrastructure," the Mandiant team said in research published today.

With the help of blockchain analysts and FBI agents, the U.S. government seized $30 million worth of cryptocurrency stolen by the North Korean threat group 'Lazarus' from the token-based 'play-to-earn' game Axie Infinity earlier in the year. "Chainalysis Crypto Incident Response team played a role in these seizures, utilizing advanced tracing techniques to follow stolen funds to cash out points and liaising with law enforcement and industry players to quickly freeze funds," the company reports.

The Vice Society threat group is ramping up ransomware attacks on US school districts just as students around the country return to the classroom, the FBI and other federal agencies are warning. The FBI, Cybersecurity and Infrastructure Agency, and Multi-State Information Sharing and Analysis Center said in a joint advisory this week that the Vice Society, which first appeared in the summer of 2021, recently began to disproportionately target the US education sector with ransomware attacks and they expect such attacks to increase as the school year rolls on.

China has accused the United States of a savage cyber-attack on a university famed for conducting aerospace research and linked to China's military. The National Computer Virus Emergency Response Centre made its accusation on September 5th, claiming that the Office of Tailored Access Operation at the USA's National Security Agency has unleashed over 10,000 attacks in China, some using zero-day exploits, and lifted 140GB of "High value data".

An international law enforcement operation has seized the website and domains for WT1SHOP, a criminal marketplace that sold stolen credit cards, I.D. cards, and millions of login credentials. WT1SHOP was one of the largest criminal marketplaces of PII data commonly used by threat actors to buy credentials for account takeovers, credit cards used for online purchases, and government I.D. cards for identity theft.

Cybercriminals hit the Los Angeles Unified School District over the holiday weekend with a ransomware attack that temporarily shut down email, computer systems, and applications. Federal agencies including the FBI and CISA are working on-site to assist the US's second-largest public school district in its response.

Google and its YouTube subsidiary have joined other social media networks pledging to keep the 2022 US midterm elections safe and free from Russian trolls - and anyone else spewing democracy-damaging disinformation - by taking down such content. The election strategies follow Google's move to ban MAGA message-board Truth Social from its Play store until the app removes content that incites violence.