WARSAW, Aug 14 (Reuters) - A large Polish city could have had its water supply cut off on Wednesday as a result of a cyberattack, a deputy prime minister said after the intrusion was foiled.
In an interview with news portal Onet on Thursday, Deputy Prime Minister Krzysztof Gawkowski, who is also digital affairs minister, did not specify who was behind the attack or which city was targeted.
Poland has said that its role as a hub for aid to Ukraine makes it a target for Russian cyberattacks and acts of sabotage. Gawkowski has described Poland in the past as the "main target" for Russia among NATO countries.
Gawkowski told Onet that the cyberattack could have meant there would be no water in one of Poland's big cities.
"At the last moment we managed to see to it that when the attack began, our services had found out about it and we shut everything down. We managed to prevent the attack."
He said Poland manages to thwart 99% of cyberattacks.
Gawkowski last year that Poland would spend over 3 billion zlotys ($800 million) to boost cybersecurity after the state news agency PAP was hit by what authorities said was likely to have been a Russian cyberattack.
The digital affairs ministry did not immediately respond to an email requesting further details.
On Wednesday Prime Minister Donald Tusk, who has warned that Russia is trying to drive a wedge between Warsaw and Kyiv, said that a young Ukrainian man had been detained for acts of sabotage on behalf of foreign intelligence services, including writing graffiti insulting Poles.
PAP reported on Thursday that a 17-year-old Ukrainian man detained, among other things, for desecrating a monument to Poles killed by Ukrainian nationalists in World War Two has been charged with participating in an organised criminal group aimed at committing crimes against Poland.
reuters.com - Aug 13 (Reuters) - U.S. authorities have secretly placed location tracking devices in targeted shipments of advanced chips they see as being at high risk of illegal diversion to China, according to two people with direct knowledge of the previously unreported law enforcement tactic.
The measures aim to detect AI chips being diverted to destinations which are under U.S. export restrictions, and apply only to select shipments under investigation, the people said.
They show the lengths to which the U.S. has gone to enforce its chip export restrictions on China, even as the Trump administration has sought to relax some curbs on Chinese access to advanced American semiconductors.
The trackers can help build cases against people and companies who profit from violating U.S. export controls, said the people, who declined to be named because of the sensitivity of the issue.
Location trackers are a decades-old investigative tool used by U.S. law enforcement agencies to track products subject to export restrictions, such as airplane parts. They have been used to combat the illegal diversion of semiconductors in recent years, one source said.
Five other people actively involved in the AI server supply chain say they are aware of the use of the trackers in shipments of servers from manufacturers such as Dell (DELL.N), opens new tab and Super Micro (SMCI.O), opens new tab, which include chips from Nvidia (NVDA.O), opens new tab and AMD (AMD.O), opens new tab.
Those people said the trackers are typically hidden in the packaging of the server shipments. They did not know which parties were involved in installing them and where along the shipping route they were inserted.
Reuters was not able to determine how often the trackers have been used in chip-related investigations or when U.S. authorities started using them to investigate chip smuggling. The U.S. started restricting the sale of advanced chips by Nvidia, AMD and other manufacturers to China in 2022.
In one 2024 case described by two of the people involved in the server supply chain, a shipment of Dell servers with Nvidia chips included both large trackers on the shipping boxes and smaller, more discreet devices hidden inside the packaging — and even within the servers themselves.
A third person said they had seen images and videos of trackers being removed by other chip resellers from Dell and Super Micro servers. The person said some of the larger trackers were roughly the size of a smartphone.
The U.S. Department of Commerce's Bureau of Industry and Security, which oversees export controls and enforcement, is typically involved, and Homeland Security Investigations and the Federal Bureau of Investigation may take part too, said the sources.
The HSI and FBI both declined to comment. The Commerce Department did not respond to requests for comment.
The Chinese foreign ministry said it was not aware of the matter.
Super Micro said in a statement that it does not disclose its “security practices and policies in place to protect our worldwide operations, partners, and customers.” It declined to comment on any tracking actions by U.S. authorities.
reuters.com - July 30 (Reuters) - More than 90 state and local governments have been targeted using the recently revealed vulnerability in Microsoft server software, according to a U.S. group devoted to helping local authorities collaborate against hacking threats.
The nonprofit Center for Internet Security, which houses an information-sharing group for state, local, tribal, and territorial government entities, provided no further details about the targets, but said it did not have evidence that the hackers had broken through.
None have resulted in confirmed security incidents," Randy Rose, the center's vice president of security operations and intelligence, said in an email.
A wave of hacks hit servers running vulnerable versions of Microsoft SharePoint this month, causing widespread concern. The campaign has claimed at least 400 victims, according to Netherlands-based cybersecurity firm Eye Security. Multiple federal government agencies are reportedly among the victims, and new ones are being identified every day.
On Wednesday, a spokesperson for one of the U.S. Department of Energy's 17 national labs said it was among those hit.
"Attackers did attempt to access Fermilab's SharePoint servers," the spokesperson said, referring to the U.S. Fermi National Accelerator Laboratory. "The attackers were quickly identified, and the impact was minimal, with no sensitive or classified data accessed." The Fermilab incident was first reported by Bloomberg.
The U.S. Department of Energy has previously said the SharePoint security hack has affected "a very small number" of its systems
reuters.com - Russian airline Aeroflot was forced to cancel more than 50 round-trip flights on Monday, disrupting travel across the world's biggest country, as two pro-Ukraine hacking groups claimed to have inflicted a crippling cyberattack.
MOSCOW, July 28 (Reuters) - Russian airline Aeroflot (AFLT.MM), opens new tab was forced to cancel more than 50 round-trip flights on Monday, disrupting travel across the world's biggest country, as two pro-Ukraine hacking groups claimed to have inflicted a crippling cyberattack.
The Kremlin said the situation was worrying, and lawmakers described it as a wake-up call for Russia. Prosecutors confirmed the disruption at the national flag carrier was caused by a hack and opened a criminal investigation.
Senior lawmaker Anton Gorelkin said Russia was under digital attack.
"We must not forget that the war against our country is being waged on all fronts, including the digital one. And I do not rule out that the ‘hacktivists’ who claimed responsibility for the incident are in the service of unfriendly states," Gorelkin said in a statement.
Another member of parliament, Anton Nemkin, said investigators must identify not only the attackers but "those who allowed systemic failures in protection".
Aeroflot did not say how long the problems would take to resolve, but departure boards at Moscow's Sheremetyevo Airport turned red as flights were cancelled at a time when many Russians take their holidays.
The company's shares were down by 3.9% by 1533 GMT, underperforming the wider market, which was 1.3% lower.
A statement purporting to be from a hacking group called Silent Crow said it had carried out the operation together with Belarusian Cyberpartisans, a self-styled hacktivist group that opposes president Alexander Lukashenko and says it wants to liberate Belarus from dictatorship.
reuters.com - Bleach maker Clorox said Tuesday that it has sued information technology provider Cognizant over a devastating 2023 cyberattack, alleging the hackers gained access by asking the tech company's staff for its employees' passwords.
WASHINGTON, July 22 (Reuters) - Bleach maker Clorox (CLX.N), opens new tab said Tuesday that it has sued information technology provider Cognizant (CTSH.O), opens new tab over a devastating 2023 cyberattack, alleging the hackers gained access by asking the tech company's staff for its employees' passwords.
Clorox was one of several major companies hit in August 2023 by the hacking group dubbed Scattered Spider, which specializes in tricking IT help desks into handing over credentials and then using that access to lock them up for ransom.
The group is often described as unusually sophisticated and persistent, but in a case filed in California state court on Tuesday, Clorox said one of Scattered Spider's hackers was able to repeatedly steal employees' passwords simply by asking for them.
"Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques," according to a copy of the lawsuit, opens new tab reviewed by Reuters. "The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over."
Cognizant, in an emailed statement, pushed back, saying it did not manage cybersecurity for Clorox and it was only hired for limited help desk services.
Weekend attacks compromised about 100 organisations
May hacker contest uncovered SharePoint weak spot
Initial Microsoft patch did not fully fix flaw
LONDON, July 22 (Reuters) - A security patch Microsoft (MSFT.O), opens new tab released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber espionage effort, a timeline reviewed by Reuters shows.
On Tuesday, a Microsoft spokesperson confirmed that its initial solution to the flaw, identified at a hacker competition in May, did not work, but added that it released further patches that resolved the issue.
It remains unclear who is behind the spy effort, which targeted about 100 organisations over the weekend, and is expected to spread as other hackers join the fray.
In a blog post Microsoft said two allegedly Chinese hacking groups, dubbed "Linen Typhoon" and "Violet Typhoon," were exploiting the weaknesses, along with a third, also based in China.
Microsoft and Alphabet's (GOOGL.O), opens new tab Google have said China-linked hackers were probably behind the first wave of hacks.
Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies such hacking operations.
In an emailed statement, its embassy in Washington said China opposed all forms of cyberattacks, and "smearing others without solid evidence."
The vulnerability opening the way for the attack was first identified in May at a Berlin hacking competition, opens new tab organised by cybersecurity firm Trend Micro (4704.T), opens new tab that offered cash bounties for finding computer bugs in popular software.
It offered a $100,000 prize for so-called "zero-day" exploits that leverage previously undisclosed digital weaknesses that could be used against SharePoint, Microsoft's flagship document management and collaboration platform.
The U.S. National Nuclear Security Administration, charged with maintaining and designing the nation's cache of nuclear weapons, was among the agencies breached, Bloomberg News said on Tuesday, citing a person with knowledge of the matter.
WASHINGTON, July 15 (Reuters) - A U.S. state's Army National Guard network was thoroughly hacked by a Chinese cyberespionage group nicknamed "Salt Typhoon," according to a Department of Homeland Security memo.
The memo obtained by Property of the People, a national security transparency nonprofit, said the hackers "extensively compromised" the unnamed state Army National Guard's network between March and December 2024 and exfiltrated maps and "data traffic" with counterparts' networks in "every other US state and at least four US territories."
he National Guard and the Department of Homeland Security's cyber defense arm, CISA, did not immediately return messages. News of the memo was first reported by NBC News.
Salt Typhoon has emerged as one of the top concerns of American cyber defhen Coatesenders. U.S. officials allege that the hacking group is doing more than just gathering intelligence; it is prepositioning itself to paralyze U.S. critical infrastructure in case of a conflict with China. Beijing has repeatedly denied being behind the intrusions.
The memo, which said it drew on reporting from the Pentagon, said that Salt Typhoon's success in compromising states' Army National Guard networks nationwide "could undermine local cybersecurity efforts to protect critical infrastructure," in part because such units are often "integrated with state fusion centers responsible for sharing threat information—including cyber threats."
