#statehacking — Public Fediverse posts

Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover | Tom's Hardware
https://www.tomshardware.com/software/security-software/decades-old-pre-stuxnet-cyber-sabotage-tool-breaks-cover-nsa-listed-it-as-nothing-to-see-here-fast16-targeted-nuclear-reactors-dam-design-and-other-high-precision-civil-engineering-software-years-before-stuxnet-broke-cover

#malware #nsa #statehacking

"In the history of state-sponsored hacking, the spectrum of cyber operations bent on sabotage have ranged from crude “wiper” attacks that destroy data on target computers to the legendary Stuxnet, a piece of malware the US and Israel first deployed in Iran in 2007 to silently accelerate the spinning of nuclear enrichment centrifuges until they destroyed themselves. Now researchers have discovered another chapter in that decades-long evolution of cybersabotage techniques: a 21-year-old specimen of malware capable of tampering with research and engineering software to undetectably sow mayhem—one that may have been used in Iran, even before Stuxnet.

Vitaly Kamluk and Juan Andrés Guerrero-Saade, two researchers from the cybersecurity firm SentinelOne, on Thursday revealed a breakthrough in the mystery of a piece of malware known as Fast16, a piece of code whose purpose has eluded the cybersecurity world since its existence was first revealed in an NSA leak in 2017. The SentinelOne researchers have now reverse-engineered the Fast16 code, which they say dates back to 2005 and was likely created by either the US government or one of its allies.

Kamluk and Guerrero-Saade have determined that the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malware tool: By automatically spreading across networks and then silently manipulating computation processes in certain software applications that perform high-precision mathematical calculations and simulate physical phenomena, Fast16 can alter the results of those programs to cause failures that range from faulty research results to catastrophic damage to real-world equipment."

https://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/

#CyberSecurity #NSA #Fast16 #StateHacking #Iran #USA

"The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of the country.

The hackers succeeded in disabling the communication systems, known as remote terminal units or RTUs, that are used to monitor and control other equipment, and they were able to render the RTUs inoperable and beyond repair. But they did not cause an outage or otherwise have an impact on generation and transmission equipment at these nearly three dozens sites, according to Dragos, a US-based company that participated in the forensic investigation of one of the entities that was hit in the attack.

Most of the devices they targeted were not directly part of control infrastructure, Dragos says, but were instead systems related to grid safety and stability monitoring rather than active generation control. Nonetheless, the systems the attackers targeted do play a role in monitoring functions and maintaining grid stability, and had the attackers gained full operational control of these systems, could have created an impact that would have been "significantly different,” Dragos notes. Dragos also says the attack appears to have been "opportunistic" rather than fully targeted and well planned.

The sites that were impacted are managed by several energy entities, including two combined-heat-and-power plants and a number of facilities used to manage the dispatch of renewable energy from wind and solar sites. Dragos did not identify which entity was part of its investigation."

https://www.zetter-zeroday.com/attack-against-polands-grid-disrupted-communication-devices-at-about-30-sites/

#CyberSecurity #CyberWarfare #Poland #StateHacking #GridInfrastructure #Energy

"A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and in an operation that was intended to cause a power outage and other disruption to services, says European security firm ESET, which obtained a copy of the malware used in the attack.

Wipers are designed to delete or overwrite critical files on a computer in order to render them inoperable. They have been used extensively by Russia against targets in Ukraine before and during its current war with that country.

Robert Lipovsky, principal threat intelligence researcher for the Slovakian firm, whose team has examined the malware – which they're calling DynoWiper – says the operation is “unprecedented” in Poland, since past cyberattacks targeting that country were not disruptive in nature or intent.

“Pulling off a disruptive cyberattack against the Polish energy sector is a big deal,” he told Zero Day.

Although the attack was thwarted, Polish authorities have stated that if successful it could have taken out power to 500,000 people in Poland. Polish officials haven't revealed how the hackers pulled off the attack or how officials determined the intent was to be disruptive or destructive, but the use of a wiper supports a conclusion that this was the intent of the attack.

Officials there have attributed the attack to Russia, and Lipovsky says his team concurs."

https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/

#CyberWarfare #CyberSecurity #Poland #Russia #StateHacking #EnergyGrid

"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.

A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.

At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.

For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.

Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.

The proposed legal reform would overturn those restrictions.

The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."

https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking

#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking

"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.

A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.

At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.

For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.

Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.

The proposed legal reform would overturn those restrictions.

The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."

https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking

#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking

"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.

A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.

At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.

For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.

Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.

The proposed legal reform would overturn those restrictions.

The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."

https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking

#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking

"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.

A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.

At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.

For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.

Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.

The proposed legal reform would overturn those restrictions.

The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."

https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking

#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking

"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.

A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.

At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.

For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.

Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.

The proposed legal reform would overturn those restrictions.

The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."

https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking

#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking

"Cisco’s Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: “We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era,” reads the first line on its website.

That laudable statement, however, reads a bit differently when the “destiny” of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West—and many of Cisco's own products.

That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon. That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans’ real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others."

https://www.wired.com/story/2-men-linked-to-chinas-salt-typhoon-hacker-group-likely-trained-in-a-cisco-academy/

#CyberSecurity #China #SaltTyphoon #StateHacking #Cisco #CiscoAcademy

"China’s state-owned aircraft maker had just announced the Western engine it had chosen for its new aircraft.

One month later, in January 2010, American cyber researchers started to see the “preparatory activity” of a Chinese hacking group focusing on an American turbine company that made a part needed for jet engines.

For years afterwards, a division of China’s intelligence apparatus could be seen trying to steal engine design information from Western companies. By 2017 and 2018, the US government had opened indictments – with convictions to follow – against figures in the US and China trying to steal Western aerospace information.

The subterfuge, now largely forgotten by the public, is an essential chapter in the origin story of the C919, which was developed to compete with two of the world’s most widely used passenger aircraft – the Boeing 737 and the Airbus A320neo. It was also the foundation of establishing the Commercial Aircraft Corporation of China (COMAC) as a serious player in the global commercial aviation market.

The C919 is now in regular production, and it’s taking its first steps in aiding China’s systematic efforts to both develop its aerospace industry and to produce a viable passenger aircraft.
But years after concerns were raised over Chinese intellectual property theft, few of the affected parties are keen to talk openly about the alleged cyber-espionage."

https://www.smh.com.au/business/companies/prisoner-s-dilemma-how-china-is-using-the-west-to-break-an-aviation-duopoly-20250530-p5m3ir.html

#China #Boeing #Airbus #COMAC #C919 #IPTheft #StateHacking #CyberSecurity

"The office of Hannah Neumann, a member of the German Greens and head of the delegation spearheading work on European Union-Iran relations, was targeted by a hacking campaign that started in January, she said. Her staff was contacted with messages, phone calls and emails by hackers impersonating a legitimate contact. They eventually managed to target a laptop with malicious software.

"It was a very sophisticated attempt using various ways to manage that someone accidentally opens a link, including putting personal pressure on them," Neumann said.

Neumann was made aware of the ongoing ploy four weeks ago by the German domestic intelligence service, she said.

The group thought to be behind the attack is a hacking collective associated with the Iranian Revolutionary Guard, known as APT42, according to a report by the Parliament’s in-house IT service DG ITEC and seen by POLITICO. Another Iranian hacking group, called APT35 or Charming Kitten, was initially considered a culprit too. The two Iranian threat groups are closely related."

https://www.politico.eu/article/european-parliament-iran-delegation-chair-victim-tehran-linked-hacking-hannah-neumann/

#EU #Germany #Iran #CyberSecurity #StateHacking #Spyware #APT42 #APT35

"Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate.

The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said.

The first-of-its-kind signal at a Geneva summit with the outgoing Biden administration startled American officials used to hearing their Chinese counterparts blame the campaign, which security researchers have dubbed Volt Typhoon, on a criminal outfit, or accuse the U.S. of having an overactive imagination."

https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb

#USA #CyberSecurity #China #StateHacking #VoltTyphoon #Infrastructure