Chinese Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions (Recorded Future) Insikt Group has revealed details of a cyber campaign conducted by a China-linked group, named RedEcho, targeting India's power sector.
China Appears to Warn India: Push Too Hard and the Lights Could Go Out (New York Times) As border skirmishing increased last year, malware began to flow into the Indian electric grid, a new study shows, and a blackout hit Mumbai. It now looks like a warning.
Amidst Border Tensions, Chinese Hackers Targeted India's Power Grid Through Malware (The Wire) A report by the US-based firm Recorded Future suggests that the power outage in Mumbai in October may have been the result of a Chinese cyber campaign against India.
Chinese cyber attack caused massive Mumbai power outage last year? (The Week) US study found Chinese malware was present in India's electricity supply systems
Cyber intel firm says Chinese hackers have infiltrated India's power sector (Tribuneindia News Service) In a warning message after tension at Ladakh border, China launched a cyber-campaign hit against India's power grid targeting Mumbai in October A cyber intelligence company says it has found that hackers linked to China have infiltrated power systems and ports in India in a "show of force" and they have the ability to create disruptions.
Chinese hacker groups target at least dozen Indian organisations (Hindustan Times) Among the organisations that were targeted were NTPC Limited, five key regional load dispatch centres that help in the management of the national power grid by balancing electricity supply and demand and two ports, says the study by Recorded Future, a US-based company
Russian hackers aim cyber attack on Ukrainian government agencies (teiss) Russian hackers used a popular file-sharing system as a vector to spread malware to the networks of multiple Ukrainian government agencies.
Oxford University says research not affected after expert flags COVID lab hack (Reuters) Oxford University said on Thursday it was investigating a digital intrusion after a researcher said he had seen evidence that a laboratory researching COVID-19 had been hacked.
Lazarus targets defense industry with ThreatNeedle (Kaspersky ICS CERT) In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
The SolarWinds Body Count Now Includes NASA and the FAA (Wired) Plus: Firefox blocks more tracking, how to fight a robodog, and more of the week’s top security news.
SolarWinds’s Security Practices Questioned by Lawmakers (Bloomberg) Technology company defends its cybersecurity culture, spending. ‘Password spraying’ among 3 potential methods for initial hack.
Former SolarWinds CEO blames intern for 'solarwinds123' password leak (CNN) Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years.
CrowdStrike Exec Points to Active Directory 'Structural Problems' in Senate Solorigate Hearing (Redmondmag) Microsoft's Active Directory authentication solution got notably skewered during a Feb. 23 U.S. Senate hearing on the SolarWinds Orion software hack.
Assessing Fallout from the SolarWinds Breach (eWEEK) It’s entirely possible that the U.S. government has undergone—and is still suffering the fallout from—the harshest, most potentially devastating cyber breach in the short history of digital information. Reuters broke the story last December that foreign entities—the National Security Agency and FBI have identified them as the Russian hacking group APT29, also known as Dark […]
The anatomy of the SolarWinds attack chain (ITWeb) As traditional network security barriers dissolve, the ‘assume breach’ mindset has never been more critical.
Microsoft Releases Free Tool for Hunting SolarWinds Malware (Dark Reading) Meanwhile, researchers at SecurityScorecard say the fileless malware loader in the attack - Teardrop - actually dates back to 2017.
Microsoft open sources CodeQL queries used to hunt for Solorigate activit (Microsoft Security) We are sharing the CodeQL queries that we used to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate so that other organizations may perform a similar analysis.
()
No, 1,000 engineers were not needed for SolarWinds (Errata Security) Microsoft estimates it would take 1,000 to carry out the famous SolarWinds hacker attacks . This means in reality that it was probably fewer...
SolarWinds Hack Pits Microsoft Against Dell, IBM Over How Companies Store Data (Wall Street Journal) Microsoft argues the cloud offers more protection; rivals point to the need of firms to hold and access their information on-premise.
Texas power outages demonstrate grid cyber vulnerability and inadequacy of existing regulations (Control Global) Recent Texas power outages and the loss of both electricity and water across Texas demonstrate how vulnerable ERCOT and Texas are to not only natural disasters such as snowstorms and hurricanes but also manmade and malicious activities.
FireEye cyber CEO: American internet users will be targeted in next war (Yahoo) Any future real-world conflict between the United States and an adversary like China or Russia will have direct impacts on regular Americans because of the risk of cyber attack, Kevin Mandia, CEO of cybersecurity company FireEye, tells "Axios on HBO.
UK taxpayer to take more stakes in tech start-ups (Financial Times) Sunak fund intended for groups that need to scale up to next stage of development
Former NSA and Cyber Command Chief Keith Alexander on SolarWinds, Cyberwar, and China (The Record by Recorded Future) The former head of NSA and Cyber Command talked to The Record about SolarWinds, China, and the importance of information sharing.
Ex-NSA chief: No idea how badly SolarWinds hack harmed security (The Jerusalem Post) NSA Cyber Chief Anne Neuberger, an Orthodox Jewish woman, has been assigned as the government's "lead person” to investigate the incident.
Congress has new appetite for breach law following SolarWinds hack (iTnews) That led to sprawling series of digital intrusions.
Hearing on Hack Prompts Call for Review of Government’s Cloud Procurement (Nextgov.com) A key lawmaker highlighted a profit motive for “basic” cybersecurity as problematic following an exchange with Microsoft President Brad Smith.
WSJ News Exclusive | U.S. to Impose Sweeping Rule Aimed at China Technology Threats (Wall Street Journal) The rule enables the Commerce Department to ban technology-related business transactions that it determines pose a national security threat, part of an effort to secure U.S. supply chains.
DHS to Provide $25 Million More for Cybersecurity Grants (BankInfo Security) The U.S. Department of Homeland Security will provide an additional $25 million in grants to state and local cybersecurity preparedness programs with a particular
US shifts state grant focus to extremism, cyberthreats (Star Tribune) State and local governments will be required to spend a portion of nearly $1.9 billion in annual federal public safety grants on the fight against domestic extremism and improved cybersecurity, the Department of Homeland Security said Thursday.
F.C.C. Approves a $50 Monthly High-Speed Internet Subsidy (New York Times) The money, aimed at low-income households, is part of an effort to bridge the access gap to broadband connectivity amid the pandemic.
New York Cyber Task Force Publishes New Report Calling for National Cyber Response Readiness (Next Peak) Over the last year, the New York Cyber Task Force (NYCTF) gathered leading experts from business, policy and academia to analyze the degree to which the United States is ready for future cyber challenges to its national security.
Krebs Lays Out CISA Bite-Back at Health-Sector Hackers (Meritalk) While it’s no secret that the healthcare sector became a major target for ransomware attacks during the COVID-19 pandemic, former Cybersecurity and Infrastructure Security Agency (CISA) Director Chris Krebs is shedding new light on the tone of CISA’s efforts to bite back against health-sector threats.
()
Warnings From the Queer History of Modern Internet Regulation (Wired) Section 230 faces countless reform efforts. But a look back reminds us that categorical content bans often come at the expense of marginalized groups.
How One State Managed to Actually Write Rules on Facial Recognition (New York Times) Massachusetts is one of the first states to put legislative guardrails around the use of facial recognition technology in criminal investigations.
Report: Saudi Crown Prince Approved Khashoggi Operation (Foreign Policy) A long-awaited intelligence report comes as Biden reassesses the United States’ relationship with Saudi Arabia.
()
Intel report finds Saudi crown prince approved Khashoggi murder (POLITICO) But critics argue the new Biden administration sanctions don't go far enough.
Biden Administration Urged to Penalize Saudi Crown Prince Over Khashoggi Killing (Wall Street Journal) The administration has sanctioned a top aide as well as the force that played a role in the murder of Jamal Khashoggi, but stopped short of punishing Mohammed bin Salman for ordering the operation that led to the journalist’s death.
How Biden, Congress, and US Business and Civic Leaders Can Deliver Justice for Jamal Khashoggi (Just Security) The world must ensure that the Saudi regime, and the Crown Prince in particular, are held accountable for Khashoggi's murder.
Statement by Foreign Affairs Committee Vice Chair Rep. Tom Malinowski on the Release of the Khashoggi Report (Representative Tom Malinowski) “I welcome the overdue release of the DNI’s report confirming the judgement of the intelligence community that Saudi Crown Prince Mohammed bin Salman was responsible for the entrapment and gruesome murder of Virginia-resident and journalist Jamal Khashoggi. The House of Representatives called for this report on a fully bipartisan basis nearly two years ago, when it voted 405-7 to pass my bill, the Saudi Arabia Human Rights and Accountability Act.
The Cybersecurity 202: A report on Jamal Khashoggi's death renews concerns over spyware (Washington Post) U.S. intelligence officials released a report Friday concluding that Saudi Arabia's Crown Prince Mohammed bin Salman “approved” the operation that resulted in the 2018 murder of Washington Post journalist Jamal Khashoggi, Karen DeYoung reports.
Israeli spyware firm NSO Group faces renewed US scrutiny (the Guardian) Department of Justice said to have asked WhatsApp for details of alleged targeting of clients in 2019