At a glance.
- Iranian cyberespionage campaign: "Peach Sandstorm."
- Cyberattack against telecom provider affects Colombian government, corporate online operations.
- Python NodeStealer takes browser credentials.
- Caesars Entertainment files its 8-K.
- Some MGM Entertainment systems remain down.
- Considering Internet autarky for information control.
- Starlink service in the Black Sea.
- Third-party incident affects Manchester police.
Iranian cyberespionage campaign: "Peach Sandstorm."
Microsoft warns that the Iranian state-sponsored actor Peach Sandstorm (which Microsoft formerly tracked as “HOLMIUM”) has been launching password-spraying campaigns against thousands of organizations since February 2023, with a particular focus on the satellite, defense, and pharmaceutical sectors. The goal of the campaign appears to be espionage. In a small number of cases, the threat actor succeeded in breaching organizations and exfiltrating data. Microsoft says, “The capabilities observed in this campaign are concerning as Microsoft saw Peach Sandstorm use legitimate credentials (gleaned from password spray attacks) to authenticate to targets’ systems, persist in targets’ environments, and deploy a range of tools to carry out additional activity. Peach Sandstorm also created new Azure subscriptions and leveraged the access these subscriptions provided to conduct additional attacks in other organizations’ environments.”
Cyberattack against telecom provider affects Colombian government, corporate online operations.
An incident broadly characterized as a cyberattack that began Tuesday hit Colombian telco IFX Networks and has affected the company's customers. These include, according to statements by Colombia's ICT Ministry cited by Bnamerica's, some seven-hundred-sixty companies in Latin America as well as at least twenty Colombian government agencies. The agencies include the health ministry, the health regulator, and the superior council of the judiciary. Colombia's cybersecurity unit, PMU Ciber, has established a command post to cope with the emergency. The judiciary seems to have been particularly hard-hit, and many courts will suspend operations until September 20th. Colombia Reports says that early indications are that IFX Networks was the target of a ransomware attack, obviously criminal and presumably financially motivated.