The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency (NSA) assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020. GRU Unit 29155 cyber actors began deploying the destructive WhisperGate malware against multiple Ukrainian victim organizations as early as January 13, 2022. These cyber actors are separate from other known and more established GRU-affiliated cyber groups, such as Unit 26165 and Unit 74455.
The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations.
#APT31 #China #Computer #Critical #InfoSec #Infrastructure #Sanctions #Security #USA
This blog post seeks to draw out some high-level trends and anomalies based on our ongoing tracking of QakBot command and control (C2) infrastructure. By looking at the data with a broader scope, we hope to supplement other research into this particular threat family, which in general focuses on specific infrastructure elements; e.g., daily alerting on active C2 servers.
Canada's domestic food production system may actually be one of the most glaring cracks in Canada's national defences.
...
Attacking agricultural infrastructure has proven to be an effective part of the Russian playbook so far in its invasion of Ukraine. In June 2022, EU trade counsellor Maud Labat said Moscow has figured out how to wield food as a “geopolitical weapon.”
Summary Three key takeaways from our analysis of Vidar infrastructure: Russian VPN gateways are potentially providing anonymity for Vidar operators / customers, making it more challenging for analysts to have a complete overview of this threat. These gateways now appear to be migrating to Tor. Vidar operators appear to be expanding their infrastructure, so analysts need to keep them in their sights. We expect a new wave of customers and as a result, an increase of campaigns in the upcoming weeks
The U.S. military's Cyber Command hunted down foreign adversaries overseas ahead of this year's mid-term elections, taking down their infrastructure before they could strike, the head of U.S. Cyber Command said.
U.S. Army General Paul Nakasone said the cyber effort to secure the vote began before the Nov. 8 vote and carried through until the elections were certified.
"We did conduct operations persistently to make sure that our foreign adversaries couldn't utilize infrastructure to impact us," Nakasone, who is also the director of the U.S. National Security Agency, told reporters.
In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavior and will provide investigation guidance.