Security News

The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S. government has previously attributed to the Main Intelligence Directorate of the General Staff of the Armed Forces of the Russian Federation. The operation copied and removed malware from vulnerable internet-connected firewall devices that Sandworm used for command and control of the underlying botnet.

US government officials announced today the disruption of the Cyclops Blink botnet linked to the Russian-backed Sandworm hacking group before it was used in attacks. The malware, used by Sandworm to create this botnet since at least June 2019, is targeting WatchGuard Firebox firewall appliances and multiple ASUS router models.

The US State Department this week launched an agency responsible for developing online defense and privacy-protection policies and direction as the Biden administration seeks to integrate cybersecurity into America's foreign relations. "The last few years have made evident how vital cybersecurity and digital policy are to America's national security," said Secretary of State Antony Blinken during a ribbon-cutting ceremony for the new Bureau of Cyberspace and Digital Policy.

Cash App is notifying 8.2 million current and former US customers of a data breach after a former employee accessed their account information. Block, Inc., the owner of Cash App, disclosed in a Form 8-K SEC filing that the breach occurred on December 10th, 2021, after a former employee downloaded internal Cash App reports while no longer employed at the company.

US President Joe Biden today has extended the state of national emergency declared to deal with increasingly prevalent and severe malicious cyber threats to the United States national security, foreign policy, and economy. The national emergency was declared on April 1, 2015, by former President Barack Obama through Executive Order 13694, which also sanctioned the individuals coordinating or contributing to cyberattacks against the US. On December 28, 2016, Obama issued Executive Order 13757 to amend E.O. 13694 because such malicious attacks were being used to undermine democratic processes and institutions.

If ZTE and other Chinese giants defy bans on selling American technology to Russia, it will be because they can't help but chase the revenue, says Ashley Yablon, the whistleblower whose evidence led to ZTE being fined for willfully ignoring the US ban on exports to Iran. Yablon is a lawyer who, after working in senior roles at Huawei USA, in late 2011 became general counsel at Chinese telco kit-maker ZTE's US operations.

The United Stations Federal Communications Commission has labelled Kaspersky, China Mobile, and China Telecom as threats to national security. Kaspersky is the first non-Chinese company to be added to the FCC's list, but the agency did not tie its decision to Russia's illegal invasion of Ukraine.

The Federal Communications Commission added Russian cybersecurity firm Kaspersky to its Covered List, saying it poses unacceptable risks to U.S. national security. Kaspersky services covered by this decision include information security products, solutions, and services supplied by Kaspersky or any linked companies, including subsidiaries or affiliates.

The United States Department of Justice has unsealed a pair of indictments that detail alleged Russian government hackers' efforts to use supply chain attacks and malware in an attempt to compromise and control critical infrastructure around the world - including at least one nuclear power plant. The trio allegedly spent 2012 to 2014 working on a project code-named "Dragonfly" during which a supply chain attack targeted updates of industrial control systems and supervisory control and data acquisition systems.

The U.S. has indicted four Russian government employees for their involvement in hacking campaigns targeting hundreds of companies and organizations from the global energy sector between 2012 and 2018. "In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries," the Department of Justice said.