Security experts are dismissing a pro-Iranian hacktivist group's claim to have breached Indian nuclear secrets in reprisal for the country's support of Israel.
The LulzSec Black group last week claimed to have hacked "the company responsible for Indian nuclear reactors" and to have stolen 80 databases, of which it was now selling 17 databases containing 5.2 gigabytes of data. The group claimed the information detailed the precise location of India's nuclear reactors, numerous chemical laboratories, employee personally identifiable information, industrial and engineering information, precise details of guard shifts and "other sensitive data related to infrastructure."
LulzSec Black, named after the notorious hacktivist collective that committed a string of high-profile hits in 2011, claims to be a group of "Palestinian hackers." Previous attacks tied to the group include disruptions targeting Israel, as well as countries that support Israel, including France and Cyprus.
Threat intelligence firm Resecurity said the group's nuclear claims vary from being dramatically overstated to outright lies.
"This activity is related to the 'pseudo-hacktivist' activities by Iran" designed to provoke fear, uncertainty and doubt, Resecurity told Information Security Media Group. "Many of their statements are overstatements, having no connection to reality. For example, they clearly do not have '80 databases' or even 5.2 GB of data."
LulzSec Black's claims arrive amidst U.S. government alerts of the "heightened threat environment" facing critical infrastructure networks and operational technology environments, following Israel launching missile strikes against Iran on June 13 (see: Infrastructure Operators Leaving Control Systems Exposed).
While the resulting regional war appears to now be moderated by a fragile ceasefire, many governments are still bracing for reprisals (see: Israel-Iran Ceasefire Holding Despite Fears of Cyberattacks).
What LulzSec Black may actually possess is identity and contact information for nuclear specialists, likely stolen from third-party HR firms and recruitment websites such as the CATS Software applicant tracking system and recruitment software, Resecurity said. This can be seen in the long list of various job titles - "security auditor, heavy water unit," "nuclear engineer, analysis lab, tritium gas," and "radiation officer, fuel fabrication, uranium dioxide" - in a sample of dumped data.
In that data, tags such as "Top Secret," appear, which Resecurity said likely either reflect clearances held by job candidates, or were added by the hackers themselves "so it will look like it is from some nuclear energy facility."
A suspected Chinese hacking campaign that began in November is exploiting a vulnerability in Palo Alto firewalls to install a custom malware backdoor for espionage.
CDK Global, the auto dealership software solutions firm that supplies services to an estimated 15,000 dealerships in the U.S. and Canada, said it has begun the
The U.S. Department of Justice in a lawsuit filed Thursday is accusing Apple of discarding user security and privacy protections as part of a broader effort to
The fallout from the Clop cybercrime group's mass theft of data from MOVEit servers continues to increase. Colorado's state healthcare agency alone is now notifying
Since Hydra Market Got Shuttered by Police, Russian Rivals Battle for Market Share.
Competition between Russian-language darknet markets remains fierce following the takedown of market leader Hydra last April by a multinational law enforcement operation.
Researchers have found that Kinsing malware gained access to Kubernetes servers by exploiting misconfigured and exposed PostgreSQL servers. The threat actors gained
California's largest public school district and the second-largest in the U.S. is undergoing a ransomware attack. The attack has disrupted the district's email
School is out for more than 3,000 students of a suburban Detroit district undergoing its second day of forensics analysis following an online attack. Students have
The broadcast of the Football World Cup 2022 qualifier game between Wales and Ukraine on Sunday was interrupted in Ukraine by a cyberattack that targeted OLL.TV...
