Security News

The threat actor's goal is Microsoft Office 365 account takeovers. Microsoft, which began tracking the activity in late July 2021, detailed the attacks in an alert released Monday, adding that the culprits appear to be bent on espionage and have ties to Iran.

Olympus, a leading medical technology company, was forced to take down IT systems in the Americas following a cyberattack that hit its network Sunday, October 10, 2021. "Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue," Olympus says in a statement published today, two days after the attack.

An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website. Not only that, but the Schools Marketing Company seemingly dismissed the findings of the infosec company which spotted the flaw when the infoseccers tried to draw its attention to the problem.

An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting U.S., E.U., and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo transportation companies focused in the Middle East. Microsoft is tracking the hacking crew under the moniker DEV-0343.

Iran-linked threat actors are targeting the Office 365 tenants of US and Israeli defense technology companies in extensive password spraying attacks. The activity cluster was temporarily dubbed DEV-0343 by researchers at Microsoft Threat Intelligence Center and Microsoft Digital Security Unit, who have tracked it since late July.

A court filing and announcement allege that a chap named Jonathan Toebbe, an employee of the Department of the Navy who served as a nuclear engineer, contacted entities that he believed represented a foreign power and offered to sell "Restricted Data concerning the design of a nuclear-powered warship". An FBI legal attaché obtained a letter sent by Toebbe in April 2020 that included some US Navy documents and instructions on how to establish a secure channel between a foreign nation and Toebbe.

Microsoft says that Russian-sponsored hacking groups are increasingly targeting US government agencies, with roughly 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 coming from Russia. "Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% - largely agencies involved in foreign policy, national security or defense," said Tom Burt, Microsoft's Corporate Vice President for Customer Security & Trust.

Russia's SVR spy agency made off with information about US counterintelligence investigations in the wake of the SolarWinds hack, according to people familiar with the American government cleanup operation. The SVR was named and shamed in April by Britain and the US as the organisation that compromised the build systems of SolarWinds' network monitoring software Orion, used by 18,000 customers across the world.

Today, U.S. President Joe Biden said that the U.S. will bring together 30 countries to jointly crack down on ransomware gangs behind a barrage of attacks impacting organizations worldwide. "I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security."

The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind the FBI's decision to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks. "To understand the FBI's decision, the lawmakers are requesting a briefing from the FBI on its legal and policy rationale for withholding the ransomware key, as well as the FBI's overall strategy for addressing, investigating, preventing, and defeating ransomware attacks," the Committee said in a press release on Wednesday.