#statehacking — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #statehacking, aggregated by home.social.
-
"Speaking at a public event hosted by the Eteron think tank in Athens on Thursday on spyware, democratic oversight and the rule of law, Deibert placed Greece’s Predator scandal within a broader international trend in which governments are increasingly relying on private surveillance vendors while accountability mechanisms struggle to keep pace.
Citizen Lab, the University of Toronto-based research center internationally known for exposing digital surveillance operations, has spent years investigating what Deibert described as the “mercenary spyware industry” — a transnational ecosystem of companies selling governments tools capable of compromising mobile devices, tracking targets and conducting covert surveillance.
While spyware vendors often argue such technologies are necessary to combat terrorism and serious crime, Citizen Lab’s findings have repeatedly shown journalists, opposition figures, activists and human rights defenders among those targeted across multiple jurisdictions.
“The investigative journalists who worked on this case in Greece are real heroes,” Deibert said, arguing that domestic reporting efforts played the decisive role in bringing the scandal into public view.
The Greek case emerged internationally after revelations that Predator spyware had been used against journalists, political figures and individuals linked to state institutions, triggering investigations at both national and European level and placing Athens under scrutiny over transparency and democratic oversight."
#CyberSecurity #Spyware #Greece #Surveillance #Predator #StateHacking #Journalism
-
"Threat intelligence that relies on disposable indicators locks defenders into a reactive loop of detection and evasion. Shifting focus to provider-level infrastructure disrupts that cycle by exposing the hosting providers, cloud platforms, and telecom networks that consistently underpin malicious activity, allowing defenders to anticipate adversary behavior instead of chasing it.
We've seen this play out repeatedly across the region. Iranian-nexus actors have been caught staging operations weeks before activation, botnet operators leaving entire relay networks exposed through misconfigured directories, and APT infrastructure sitting dormant on Iraqi hosting waiting to be activated. In each case, the infrastructure told the story before the attack did.
During the last three months (1 Feb 2026 - 1 May 2026) analysis window, we identified more than 1,350 active command-and-control (C2) servers operating across 98 Middle East infrastructure providers, spanning shared hosting platforms, virtual server providers, and telecommunications networks across 14 countries."
https://hunt.io/blog/middle-east-malicious-infrastructure-report
#MiddleEast #Iran #CyberSecurity #StateHacking #CyberWarfare
-
"Researchers have confirmed that a remarkable piece of malware discovered years ago but analyzed only recently was designed to subvert nuclear weapons testing simulations with the aim of undermining those tests and slowing the progress of a nuclear program. The new information, from researchers at the security firm Symantec, confirms what has only previously been speculated about the code by the company that first discovered it — SentinelOne.
The malicious code, known as Fast16, was designed to subvert at least two specialized software programs that were commonly used for simulating weapons explosions at the time the code was active in 2005. It cleverly swapped out legitimate data produced by the simulation software, replacing it with false data that was fed to engineers monitoring those simulated tests. Specifically, it waited until the simulation neared the point of “supercriticality,” when the chain reaction leading to a nuclear explosion would begin, and altered data pertaining to the pressure inside the uranium core to indicate to engineers that the pressure was insufficient to achieve supercriticality, even though the real data showed otherwise.
This appears to have been aimed at tricking the engineers into believing the tests were less successful than they actually were, in order create confusion and slow the progress of the nuclear program Fast16 was targeting.
Nuclear experts say that based on details contained in the code and the period in which it was active, they are certain the target was Iran’s nuclear weapons program."
#CyberSecurity #StateHacking #Malware #Fast16 #Iran #NuclearWeapons
-
Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover | Tom's Hardware
https://www.tomshardware.com/software/security-software/decades-old-pre-stuxnet-cyber-sabotage-tool-breaks-cover-nsa-listed-it-as-nothing-to-see-here-fast16-targeted-nuclear-reactors-dam-design-and-other-high-precision-civil-engineering-software-years-before-stuxnet-broke-cover -
Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover | Tom's Hardware
https://www.tomshardware.com/software/security-software/decades-old-pre-stuxnet-cyber-sabotage-tool-breaks-cover-nsa-listed-it-as-nothing-to-see-here-fast16-targeted-nuclear-reactors-dam-design-and-other-high-precision-civil-engineering-software-years-before-stuxnet-broke-cover -
Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover | Tom's Hardware
https://www.tomshardware.com/software/security-software/decades-old-pre-stuxnet-cyber-sabotage-tool-breaks-cover-nsa-listed-it-as-nothing-to-see-here-fast16-targeted-nuclear-reactors-dam-design-and-other-high-precision-civil-engineering-software-years-before-stuxnet-broke-cover -
Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' — fast16 targeted nuclear reactors, dam design, and other high-precision civil engineering software years before Stuxnet broke cover | Tom's Hardware
https://www.tomshardware.com/software/security-software/decades-old-pre-stuxnet-cyber-sabotage-tool-breaks-cover-nsa-listed-it-as-nothing-to-see-here-fast16-targeted-nuclear-reactors-dam-design-and-other-high-precision-civil-engineering-software-years-before-stuxnet-broke-cover -
"In the history of state-sponsored hacking, the spectrum of cyber operations bent on sabotage have ranged from crude “wiper” attacks that destroy data on target computers to the legendary Stuxnet, a piece of malware the US and Israel first deployed in Iran in 2007 to silently accelerate the spinning of nuclear enrichment centrifuges until they destroyed themselves. Now researchers have discovered another chapter in that decades-long evolution of cybersabotage techniques: a 21-year-old specimen of malware capable of tampering with research and engineering software to undetectably sow mayhem—one that may have been used in Iran, even before Stuxnet.
Vitaly Kamluk and Juan Andrés Guerrero-Saade, two researchers from the cybersecurity firm SentinelOne, on Thursday revealed a breakthrough in the mystery of a piece of malware known as Fast16, a piece of code whose purpose has eluded the cybersecurity world since its existence was first revealed in an NSA leak in 2017. The SentinelOne researchers have now reverse-engineered the Fast16 code, which they say dates back to 2005 and was likely created by either the US government or one of its allies.
Kamluk and Guerrero-Saade have determined that the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malware tool: By automatically spreading across networks and then silently manipulating computation processes in certain software applications that perform high-precision mathematical calculations and simulate physical phenomena, Fast16 can alter the results of those programs to cause failures that range from faulty research results to catastrophic damage to real-world equipment."
https://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/
-
"In the history of state-sponsored hacking, the spectrum of cyber operations bent on sabotage have ranged from crude “wiper” attacks that destroy data on target computers to the legendary Stuxnet, a piece of malware the US and Israel first deployed in Iran in 2007 to silently accelerate the spinning of nuclear enrichment centrifuges until they destroyed themselves. Now researchers have discovered another chapter in that decades-long evolution of cybersabotage techniques: a 21-year-old specimen of malware capable of tampering with research and engineering software to undetectably sow mayhem—one that may have been used in Iran, even before Stuxnet.
Vitaly Kamluk and Juan Andrés Guerrero-Saade, two researchers from the cybersecurity firm SentinelOne, on Thursday revealed a breakthrough in the mystery of a piece of malware known as Fast16, a piece of code whose purpose has eluded the cybersecurity world since its existence was first revealed in an NSA leak in 2017. The SentinelOne researchers have now reverse-engineered the Fast16 code, which they say dates back to 2005 and was likely created by either the US government or one of its allies.
Kamluk and Guerrero-Saade have determined that the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malware tool: By automatically spreading across networks and then silently manipulating computation processes in certain software applications that perform high-precision mathematical calculations and simulate physical phenomena, Fast16 can alter the results of those programs to cause failures that range from faulty research results to catastrophic damage to real-world equipment."
https://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/
-
"In the history of state-sponsored hacking, the spectrum of cyber operations bent on sabotage have ranged from crude “wiper” attacks that destroy data on target computers to the legendary Stuxnet, a piece of malware the US and Israel first deployed in Iran in 2007 to silently accelerate the spinning of nuclear enrichment centrifuges until they destroyed themselves. Now researchers have discovered another chapter in that decades-long evolution of cybersabotage techniques: a 21-year-old specimen of malware capable of tampering with research and engineering software to undetectably sow mayhem—one that may have been used in Iran, even before Stuxnet.
Vitaly Kamluk and Juan Andrés Guerrero-Saade, two researchers from the cybersecurity firm SentinelOne, on Thursday revealed a breakthrough in the mystery of a piece of malware known as Fast16, a piece of code whose purpose has eluded the cybersecurity world since its existence was first revealed in an NSA leak in 2017. The SentinelOne researchers have now reverse-engineered the Fast16 code, which they say dates back to 2005 and was likely created by either the US government or one of its allies.
Kamluk and Guerrero-Saade have determined that the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malware tool: By automatically spreading across networks and then silently manipulating computation processes in certain software applications that perform high-precision mathematical calculations and simulate physical phenomena, Fast16 can alter the results of those programs to cause failures that range from faulty research results to catastrophic damage to real-world equipment."
https://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/
-
"In the history of state-sponsored hacking, the spectrum of cyber operations bent on sabotage have ranged from crude “wiper” attacks that destroy data on target computers to the legendary Stuxnet, a piece of malware the US and Israel first deployed in Iran in 2007 to silently accelerate the spinning of nuclear enrichment centrifuges until they destroyed themselves. Now researchers have discovered another chapter in that decades-long evolution of cybersabotage techniques: a 21-year-old specimen of malware capable of tampering with research and engineering software to undetectably sow mayhem—one that may have been used in Iran, even before Stuxnet.
Vitaly Kamluk and Juan Andrés Guerrero-Saade, two researchers from the cybersecurity firm SentinelOne, on Thursday revealed a breakthrough in the mystery of a piece of malware known as Fast16, a piece of code whose purpose has eluded the cybersecurity world since its existence was first revealed in an NSA leak in 2017. The SentinelOne researchers have now reverse-engineered the Fast16 code, which they say dates back to 2005 and was likely created by either the US government or one of its allies.
Kamluk and Guerrero-Saade have determined that the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malware tool: By automatically spreading across networks and then silently manipulating computation processes in certain software applications that perform high-precision mathematical calculations and simulate physical phenomena, Fast16 can alter the results of those programs to cause failures that range from faulty research results to catastrophic damage to real-world equipment."
https://www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/
-
"Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry.
The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and ultimately drop a developer-targeted credential stealer and remote access trojan. The C2 infrastructure is hosted on Vercel across 31 deployments.
The campaign, tracked by Socket and kmsec.uk's Kieran Miyamoto is being tracked under the moniker StegaBin.
"The loader extracts C2 URLs steganographically encoded within three Pastebin pastes, innocuous computer science essays in which characters at evenly-spaced positions have been replaced to spell out hidden infrastructure addresses," Socket researchers Philipp Burckhardt and Peter van der Zee said."
https://thehackernews.com/2026/03/north-korean-hackers-publish-26-npm.html
-
"Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry.
The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and ultimately drop a developer-targeted credential stealer and remote access trojan. The C2 infrastructure is hosted on Vercel across 31 deployments.
The campaign, tracked by Socket and kmsec.uk's Kieran Miyamoto is being tracked under the moniker StegaBin.
"The loader extracts C2 URLs steganographically encoded within three Pastebin pastes, innocuous computer science essays in which characters at evenly-spaced positions have been replaced to spell out hidden infrastructure addresses," Socket researchers Philipp Burckhardt and Peter van der Zee said."
https://thehackernews.com/2026/03/north-korean-hackers-publish-26-npm.html
-
"Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry.
The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and ultimately drop a developer-targeted credential stealer and remote access trojan. The C2 infrastructure is hosted on Vercel across 31 deployments.
The campaign, tracked by Socket and kmsec.uk's Kieran Miyamoto is being tracked under the moniker StegaBin.
"The loader extracts C2 URLs steganographically encoded within three Pastebin pastes, innocuous computer science essays in which characters at evenly-spaced positions have been replaced to spell out hidden infrastructure addresses," Socket researchers Philipp Burckhardt and Peter van der Zee said."
https://thehackernews.com/2026/03/north-korean-hackers-publish-26-npm.html
-
"Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat actors have published a set of 26 malicious packages to the npm registry.
The packages masquerade as developer tools, but contain functionality to extract the actual command-and-control (C2) by using seemingly harmless Pastebin content as a dead drop resolver and ultimately drop a developer-targeted credential stealer and remote access trojan. The C2 infrastructure is hosted on Vercel across 31 deployments.
The campaign, tracked by Socket and kmsec.uk's Kieran Miyamoto is being tracked under the moniker StegaBin.
"The loader extracts C2 URLs steganographically encoded within three Pastebin pastes, innocuous computer science essays in which characters at evenly-spaced positions have been replaced to spell out hidden infrastructure addresses," Socket researchers Philipp Burckhardt and Peter van der Zee said."
https://thehackernews.com/2026/03/north-korean-hackers-publish-26-npm.html
-
"Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks.
"The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance," Google Threat Intelligence Group (GTIG) said in a report shared with The Hacker News. "This actor's target profiling included searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information."
The tech giant's threat intelligence team characterized this activity as a blurring of boundaries between what constitutes routine professional research and malicious reconnaissance, allowing the state-backed actor to craft tailored phishing personas and identify soft targets for initial compromise.
UNC2970 is the moniker assigned to a North Korean hacking group that overlaps with a cluster that's tracked as Lazarus Group, Diamond Sleet, and Hidden Cobra. It's best known for orchestrating a long-running campaign codenamed Operation Dream Job to target aerospace, defense, and energy sectors with malware under the guise of approaching victims under the pretext of job openings.
GTIG said UNC2970 has "consistently" focused on defense targeting and impersonating corporate recruiters in their campaigns, with the target profiling including searches for "information on major cybersecurity and defense companies and mapping specific technical job roles and salary information.""
https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html
#CyberSecurity #Gemini #AI #GenerativeAI #Google #NorthKorea #OSINT #StateHacking
-
"Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks.
"The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance," Google Threat Intelligence Group (GTIG) said in a report shared with The Hacker News. "This actor's target profiling included searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information."
The tech giant's threat intelligence team characterized this activity as a blurring of boundaries between what constitutes routine professional research and malicious reconnaissance, allowing the state-backed actor to craft tailored phishing personas and identify soft targets for initial compromise.
UNC2970 is the moniker assigned to a North Korean hacking group that overlaps with a cluster that's tracked as Lazarus Group, Diamond Sleet, and Hidden Cobra. It's best known for orchestrating a long-running campaign codenamed Operation Dream Job to target aerospace, defense, and energy sectors with malware under the guise of approaching victims under the pretext of job openings.
GTIG said UNC2970 has "consistently" focused on defense targeting and impersonating corporate recruiters in their campaigns, with the target profiling including searches for "information on major cybersecurity and defense companies and mapping specific technical job roles and salary information.""
https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html
#CyberSecurity #Gemini #AI #GenerativeAI #Google #NorthKorea #OSINT #StateHacking
-
"Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks.
"The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance," Google Threat Intelligence Group (GTIG) said in a report shared with The Hacker News. "This actor's target profiling included searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information."
The tech giant's threat intelligence team characterized this activity as a blurring of boundaries between what constitutes routine professional research and malicious reconnaissance, allowing the state-backed actor to craft tailored phishing personas and identify soft targets for initial compromise.
UNC2970 is the moniker assigned to a North Korean hacking group that overlaps with a cluster that's tracked as Lazarus Group, Diamond Sleet, and Hidden Cobra. It's best known for orchestrating a long-running campaign codenamed Operation Dream Job to target aerospace, defense, and energy sectors with malware under the guise of approaching victims under the pretext of job openings.
GTIG said UNC2970 has "consistently" focused on defense targeting and impersonating corporate recruiters in their campaigns, with the target profiling including searches for "information on major cybersecurity and defense companies and mapping specific technical job roles and salary information.""
https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html
#CyberSecurity #Gemini #AI #GenerativeAI #Google #NorthKorea #OSINT #StateHacking
-
"Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks.
"The group used Gemini to synthesize OSINT and profile high-value targets to support campaign planning and reconnaissance," Google Threat Intelligence Group (GTIG) said in a report shared with The Hacker News. "This actor's target profiling included searching for information on major cybersecurity and defense companies and mapping specific technical job roles and salary information."
The tech giant's threat intelligence team characterized this activity as a blurring of boundaries between what constitutes routine professional research and malicious reconnaissance, allowing the state-backed actor to craft tailored phishing personas and identify soft targets for initial compromise.
UNC2970 is the moniker assigned to a North Korean hacking group that overlaps with a cluster that's tracked as Lazarus Group, Diamond Sleet, and Hidden Cobra. It's best known for orchestrating a long-running campaign codenamed Operation Dream Job to target aerospace, defense, and energy sectors with malware under the guise of approaching victims under the pretext of job openings.
GTIG said UNC2970 has "consistently" focused on defense targeting and impersonating corporate recruiters in their campaigns, with the target profiling including searches for "information on major cybersecurity and defense companies and mapping specific technical job roles and salary information.""
https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html
#CyberSecurity #Gemini #AI #GenerativeAI #Google #NorthKorea #OSINT #StateHacking
-
"A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.
The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.
The development comes shortly after Notepad++ maintainer Don Ho said that a compromise at the hosting provider level allowed threat actors to hijack update traffic starting June 2025 and selectively redirect such requests from certain users to malicious servers to serve a tampered update by exploiting insufficient update verification controls that existed in older versions of the utility.
The weakness was plugged in December 2025 with the release of version 8.8.9. It has since emerged that the hosting provider for the software was breached to perform targeted traffic redirections until December 2, 2025, when the attacker's access was terminated. Notepad++ has since migrated to a new hosting provider with stronger security and rotated all credentials."
https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html
-
"A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.
The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.
The development comes shortly after Notepad++ maintainer Don Ho said that a compromise at the hosting provider level allowed threat actors to hijack update traffic starting June 2025 and selectively redirect such requests from certain users to malicious servers to serve a tampered update by exploiting insufficient update verification controls that existed in older versions of the utility.
The weakness was plugged in December 2025 with the release of version 8.8.9. It has since emerged that the hosting provider for the software was breached to perform targeted traffic redirections until December 2, 2025, when the attacker's access was terminated. Notepad++ has since migrated to a new hosting provider with stronger security and rotated all credentials."
https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html
-
"A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.
The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.
The development comes shortly after Notepad++ maintainer Don Ho said that a compromise at the hosting provider level allowed threat actors to hijack update traffic starting June 2025 and selectively redirect such requests from certain users to malicious servers to serve a tampered update by exploiting insufficient update verification controls that existed in older versions of the utility.
The weakness was plugged in December 2025 with the release of version 8.8.9. It has since emerged that the hosting provider for the software was breached to perform targeted traffic redirections until December 2, 2025, when the attacker's access was terminated. Notepad++ has since migrated to a new hosting provider with stronger security and rotated all credentials."
https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html
-
"A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++.
The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7.
The development comes shortly after Notepad++ maintainer Don Ho said that a compromise at the hosting provider level allowed threat actors to hijack update traffic starting June 2025 and selectively redirect such requests from certain users to malicious servers to serve a tampered update by exploiting insufficient update verification controls that existed in older versions of the utility.
The weakness was plugged in December 2025 with the release of version 8.8.9. It has since emerged that the hosting provider for the software was breached to perform targeted traffic redirections until December 2, 2025, when the attacker's access was terminated. Notepad++ has since migrated to a new hosting provider with stronger security and rotated all credentials."
https://thehackernews.com/2026/02/notepad-hosting-breach-attributed-to.html
-
"The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of the country.
The hackers succeeded in disabling the communication systems, known as remote terminal units or RTUs, that are used to monitor and control other equipment, and they were able to render the RTUs inoperable and beyond repair. But they did not cause an outage or otherwise have an impact on generation and transmission equipment at these nearly three dozens sites, according to Dragos, a US-based company that participated in the forensic investigation of one of the entities that was hit in the attack.
Most of the devices they targeted were not directly part of control infrastructure, Dragos says, but were instead systems related to grid safety and stability monitoring rather than active generation control. Nonetheless, the systems the attackers targeted do play a role in monitoring functions and maintaining grid stability, and had the attackers gained full operational control of these systems, could have created an impact that would have been "significantly different,” Dragos notes. Dragos also says the attack appears to have been "opportunistic" rather than fully targeted and well planned.
The sites that were impacted are managed by several energy entities, including two combined-heat-and-power plants and a number of facilities used to manage the dispatch of renewable energy from wind and solar sites. Dragos did not identify which entity was part of its investigation."
#CyberSecurity #CyberWarfare #Poland #StateHacking #GridInfrastructure #Energy
-
"The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of the country.
The hackers succeeded in disabling the communication systems, known as remote terminal units or RTUs, that are used to monitor and control other equipment, and they were able to render the RTUs inoperable and beyond repair. But they did not cause an outage or otherwise have an impact on generation and transmission equipment at these nearly three dozens sites, according to Dragos, a US-based company that participated in the forensic investigation of one of the entities that was hit in the attack.
Most of the devices they targeted were not directly part of control infrastructure, Dragos says, but were instead systems related to grid safety and stability monitoring rather than active generation control. Nonetheless, the systems the attackers targeted do play a role in monitoring functions and maintaining grid stability, and had the attackers gained full operational control of these systems, could have created an impact that would have been "significantly different,” Dragos notes. Dragos also says the attack appears to have been "opportunistic" rather than fully targeted and well planned.
The sites that were impacted are managed by several energy entities, including two combined-heat-and-power plants and a number of facilities used to manage the dispatch of renewable energy from wind and solar sites. Dragos did not identify which entity was part of its investigation."
#CyberSecurity #CyberWarfare #Poland #StateHacking #GridInfrastructure #Energy
-
"The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of the country.
The hackers succeeded in disabling the communication systems, known as remote terminal units or RTUs, that are used to monitor and control other equipment, and they were able to render the RTUs inoperable and beyond repair. But they did not cause an outage or otherwise have an impact on generation and transmission equipment at these nearly three dozens sites, according to Dragos, a US-based company that participated in the forensic investigation of one of the entities that was hit in the attack.
Most of the devices they targeted were not directly part of control infrastructure, Dragos says, but were instead systems related to grid safety and stability monitoring rather than active generation control. Nonetheless, the systems the attackers targeted do play a role in monitoring functions and maintaining grid stability, and had the attackers gained full operational control of these systems, could have created an impact that would have been "significantly different,” Dragos notes. Dragos also says the attack appears to have been "opportunistic" rather than fully targeted and well planned.
The sites that were impacted are managed by several energy entities, including two combined-heat-and-power plants and a number of facilities used to manage the dispatch of renewable energy from wind and solar sites. Dragos did not identify which entity was part of its investigation."
#CyberSecurity #CyberWarfare #Poland #StateHacking #GridInfrastructure #Energy
-
"The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of the country.
The hackers succeeded in disabling the communication systems, known as remote terminal units or RTUs, that are used to monitor and control other equipment, and they were able to render the RTUs inoperable and beyond repair. But they did not cause an outage or otherwise have an impact on generation and transmission equipment at these nearly three dozens sites, according to Dragos, a US-based company that participated in the forensic investigation of one of the entities that was hit in the attack.
Most of the devices they targeted were not directly part of control infrastructure, Dragos says, but were instead systems related to grid safety and stability monitoring rather than active generation control. Nonetheless, the systems the attackers targeted do play a role in monitoring functions and maintaining grid stability, and had the attackers gained full operational control of these systems, could have created an impact that would have been "significantly different,” Dragos notes. Dragos also says the attack appears to have been "opportunistic" rather than fully targeted and well planned.
The sites that were impacted are managed by several energy entities, including two combined-heat-and-power plants and a number of facilities used to manage the dispatch of renewable energy from wind and solar sites. Dragos did not identify which entity was part of its investigation."
#CyberSecurity #CyberWarfare #Poland #StateHacking #GridInfrastructure #Energy
-
"A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and in an operation that was intended to cause a power outage and other disruption to services, says European security firm ESET, which obtained a copy of the malware used in the attack.
Wipers are designed to delete or overwrite critical files on a computer in order to render them inoperable. They have been used extensively by Russia against targets in Ukraine before and during its current war with that country.
Robert Lipovsky, principal threat intelligence researcher for the Slovakian firm, whose team has examined the malware – which they're calling DynoWiper – says the operation is “unprecedented” in Poland, since past cyberattacks targeting that country were not disruptive in nature or intent.
“Pulling off a disruptive cyberattack against the Polish energy sector is a big deal,” he told Zero Day.
Although the attack was thwarted, Polish authorities have stated that if successful it could have taken out power to 500,000 people in Poland. Polish officials haven't revealed how the hackers pulled off the attack or how officials determined the intent was to be disruptive or destructive, but the use of a wiper supports a conclusion that this was the intent of the attack.
Officials there have attributed the attack to Russia, and Lipovsky says his team concurs."
https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/
#CyberWarfare #CyberSecurity #Poland #Russia #StateHacking #EnergyGrid
-
"A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and in an operation that was intended to cause a power outage and other disruption to services, says European security firm ESET, which obtained a copy of the malware used in the attack.
Wipers are designed to delete or overwrite critical files on a computer in order to render them inoperable. They have been used extensively by Russia against targets in Ukraine before and during its current war with that country.
Robert Lipovsky, principal threat intelligence researcher for the Slovakian firm, whose team has examined the malware – which they're calling DynoWiper – says the operation is “unprecedented” in Poland, since past cyberattacks targeting that country were not disruptive in nature or intent.
“Pulling off a disruptive cyberattack against the Polish energy sector is a big deal,” he told Zero Day.
Although the attack was thwarted, Polish authorities have stated that if successful it could have taken out power to 500,000 people in Poland. Polish officials haven't revealed how the hackers pulled off the attack or how officials determined the intent was to be disruptive or destructive, but the use of a wiper supports a conclusion that this was the intent of the attack.
Officials there have attributed the attack to Russia, and Lipovsky says his team concurs."
https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/
#CyberWarfare #CyberSecurity #Poland #Russia #StateHacking #EnergyGrid
-
"A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and in an operation that was intended to cause a power outage and other disruption to services, says European security firm ESET, which obtained a copy of the malware used in the attack.
Wipers are designed to delete or overwrite critical files on a computer in order to render them inoperable. They have been used extensively by Russia against targets in Ukraine before and during its current war with that country.
Robert Lipovsky, principal threat intelligence researcher for the Slovakian firm, whose team has examined the malware – which they're calling DynoWiper – says the operation is “unprecedented” in Poland, since past cyberattacks targeting that country were not disruptive in nature or intent.
“Pulling off a disruptive cyberattack against the Polish energy sector is a big deal,” he told Zero Day.
Although the attack was thwarted, Polish authorities have stated that if successful it could have taken out power to 500,000 people in Poland. Polish officials haven't revealed how the hackers pulled off the attack or how officials determined the intent was to be disruptive or destructive, but the use of a wiper supports a conclusion that this was the intent of the attack.
Officials there have attributed the attack to Russia, and Lipovsky says his team concurs."
https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/
#CyberWarfare #CyberSecurity #Poland #Russia #StateHacking #EnergyGrid
-
"A cyberattack that targeted power plants and other energy producers in Poland at the end of December used malware known as a “wiper” that was intended to erase computers and in an operation that was intended to cause a power outage and other disruption to services, says European security firm ESET, which obtained a copy of the malware used in the attack.
Wipers are designed to delete or overwrite critical files on a computer in order to render them inoperable. They have been used extensively by Russia against targets in Ukraine before and during its current war with that country.
Robert Lipovsky, principal threat intelligence researcher for the Slovakian firm, whose team has examined the malware – which they're calling DynoWiper – says the operation is “unprecedented” in Poland, since past cyberattacks targeting that country were not disruptive in nature or intent.
“Pulling off a disruptive cyberattack against the Polish energy sector is a big deal,” he told Zero Day.
Although the attack was thwarted, Polish authorities have stated that if successful it could have taken out power to 500,000 people in Poland. Polish officials haven't revealed how the hackers pulled off the attack or how officials determined the intent was to be disruptive or destructive, but the use of a wiper supports a conclusion that this was the intent of the attack.
Officials there have attributed the attack to Russia, and Lipovsky says his team concurs."
https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/
#CyberWarfare #CyberSecurity #Poland #Russia #StateHacking #EnergyGrid
-
"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.
A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.
At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.
For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.
Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.
The proposed legal reform would overturn those restrictions.
The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."
https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking
#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking
-
"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.
A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.
At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.
For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.
Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.
The proposed legal reform would overturn those restrictions.
The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."
https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking
#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking
-
"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.
A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.
At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.
For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.
Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.
The proposed legal reform would overturn those restrictions.
The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."
https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking
#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking
-
"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.
A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.
At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.
For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.
Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.
The proposed legal reform would overturn those restrictions.
The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."
https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking
#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking
-
"Germany’s government is preparing to give its foreign intelligence service, the Bundesnachrichtendienst (BND), far broader powers over online surveillance and hacking than it has ever had before.
A draft amendment to the BND Act, circulating by German media, would transform the agency’s reach by authorizing it to break into foreign digital systems, collect and store large portions of internet traffic, and analyze those communications retroactively.
At the core of this plan is Frankfurt’s DE-CIX internet exchange, one of the largest data junctions on the planet.
For thirty years, global traffic has passed through this node, and for just as long, the BND has quietly operated there under government supervision, scanning international data streams for intelligence clues.
Until now, this monitoring has been limited. The agency could capture metadata such as connection records, but not the full content of messages, and any data collected had to be reviewed and filtered quickly.
The proposed legal reform would overturn those restrictions.
The BND would be permitted to copy and retain not only metadata but also entire online conversations, including emails, chats, and other content, for up to six months."
https://reclaimthenet.org/germany-bnd-surveillance-law-expansion-de-cix-data-retention-hacking
#Germany #EU #Surveillance #Metadata #DataRetention #StateHacking
-
"Cisco’s Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: “We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era,” reads the first line on its website.
That laudable statement, however, reads a bit differently when the “destiny” of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West—and many of Cisco's own products.
That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon. That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans’ real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others."
#CyberSecurity #China #SaltTyphoon #StateHacking #Cisco #CiscoAcademy
-
"Cisco’s Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: “We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era,” reads the first line on its website.
That laudable statement, however, reads a bit differently when the “destiny” of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West—and many of Cisco's own products.
That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon. That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans’ real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others."
#CyberSecurity #China #SaltTyphoon #StateHacking #Cisco #CiscoAcademy
-
"Cisco’s Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: “We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era,” reads the first line on its website.
That laudable statement, however, reads a bit differently when the “destiny” of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West—and many of Cisco's own products.
That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon. That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans’ real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others."
#CyberSecurity #China #SaltTyphoon #StateHacking #Cisco #CiscoAcademy
-
"Cisco’s Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: “We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era,” reads the first line on its website.
That laudable statement, however, reads a bit differently when the “destiny” of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West—and many of Cisco's own products.
That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon. That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans’ real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others."
#CyberSecurity #China #SaltTyphoon #StateHacking #Cisco #CiscoAcademy
-
"Cisco’s Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: “We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era,” reads the first line on its website.
That laudable statement, however, reads a bit differently when the “destiny” of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West—and many of Cisco's own products.
That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon. That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans’ real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others."
#CyberSecurity #China #SaltTyphoon #StateHacking #Cisco #CiscoAcademy
-
"The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her role in conducting cyberattacks and computer intrusions against critical infrastructure and other victims around the world, in support of Russia’s geopolitical interests. Dubranova was extradited to the United States earlier this year on an indictment charging her for her actions supporting CyberArmyofRussia_Reborn (CARR). Today, Dubranova was arraigned on a second indictment charging her for her actions supporting NoName057(16) (NoName). Dubranova pleaded not guilty in both cases, and is scheduled to begin trial in the NoName matter on Feb. 3, 2026 and in the CARR matter on April 7, 2026.
As described in the indictments, the Russian government backed CARR and NoName by providing, among other things, financial support. CARR used this financial support to access various cybercriminal services, including subscriptions to distributed denial of service-for-hire services. NoName was a state-sanctioned project administered in part by an information technology organization established by order of the President of Russia in October 2018 that developed, along with other co-conspirators, NoName’s proprietary distributed denial of service (DDoS) program.
“Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad,” said First Assistant U.S. Attorney Bill Essayli for the Central District of California."
#CyberCrime #CyberSecurity #Russia #StateHacking #DDoS #USA #Hacktivism
-
"The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her role in conducting cyberattacks and computer intrusions against critical infrastructure and other victims around the world, in support of Russia’s geopolitical interests. Dubranova was extradited to the United States earlier this year on an indictment charging her for her actions supporting CyberArmyofRussia_Reborn (CARR). Today, Dubranova was arraigned on a second indictment charging her for her actions supporting NoName057(16) (NoName). Dubranova pleaded not guilty in both cases, and is scheduled to begin trial in the NoName matter on Feb. 3, 2026 and in the CARR matter on April 7, 2026.
As described in the indictments, the Russian government backed CARR and NoName by providing, among other things, financial support. CARR used this financial support to access various cybercriminal services, including subscriptions to distributed denial of service-for-hire services. NoName was a state-sanctioned project administered in part by an information technology organization established by order of the President of Russia in October 2018 that developed, along with other co-conspirators, NoName’s proprietary distributed denial of service (DDoS) program.
“Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad,” said First Assistant U.S. Attorney Bill Essayli for the Central District of California."
#CyberCrime #CyberSecurity #Russia #StateHacking #DDoS #USA #Hacktivism
-
"The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her role in conducting cyberattacks and computer intrusions against critical infrastructure and other victims around the world, in support of Russia’s geopolitical interests. Dubranova was extradited to the United States earlier this year on an indictment charging her for her actions supporting CyberArmyofRussia_Reborn (CARR). Today, Dubranova was arraigned on a second indictment charging her for her actions supporting NoName057(16) (NoName). Dubranova pleaded not guilty in both cases, and is scheduled to begin trial in the NoName matter on Feb. 3, 2026 and in the CARR matter on April 7, 2026.
As described in the indictments, the Russian government backed CARR and NoName by providing, among other things, financial support. CARR used this financial support to access various cybercriminal services, including subscriptions to distributed denial of service-for-hire services. NoName was a state-sanctioned project administered in part by an information technology organization established by order of the President of Russia in October 2018 that developed, along with other co-conspirators, NoName’s proprietary distributed denial of service (DDoS) program.
“Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad,” said First Assistant U.S. Attorney Bill Essayli for the Central District of California."
#CyberCrime #CyberSecurity #Russia #StateHacking #DDoS #USA #Hacktivism
-
"The Justice Department announced two indictments in the Central District of California charging Ukrainian national Victoria Eduardovna Dubranova, 33, also known as Vika, Tory, and SovaSonya, for her role in conducting cyberattacks and computer intrusions against critical infrastructure and other victims around the world, in support of Russia’s geopolitical interests. Dubranova was extradited to the United States earlier this year on an indictment charging her for her actions supporting CyberArmyofRussia_Reborn (CARR). Today, Dubranova was arraigned on a second indictment charging her for her actions supporting NoName057(16) (NoName). Dubranova pleaded not guilty in both cases, and is scheduled to begin trial in the NoName matter on Feb. 3, 2026 and in the CARR matter on April 7, 2026.
As described in the indictments, the Russian government backed CARR and NoName by providing, among other things, financial support. CARR used this financial support to access various cybercriminal services, including subscriptions to distributed denial of service-for-hire services. NoName was a state-sanctioned project administered in part by an information technology organization established by order of the President of Russia in October 2018 that developed, along with other co-conspirators, NoName’s proprietary distributed denial of service (DDoS) program.
“Politically motivated hacktivist groups, whether state-sponsored like CARR or state-sanctioned like NoName, pose a serious threat to our national security, particularly when foreign intelligence services use civilians to obfuscate their malicious cyber activity targeting American critical infrastructure as well as attacking proponents of NATO and U.S. interests abroad,” said First Assistant U.S. Attorney Bill Essayli for the Central District of California."
#CyberCrime #CyberSecurity #Russia #StateHacking #DDoS #USA #Hacktivism
-
"Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices.
The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the research, development, and sale of electronic data forensics and network information security technology products.
According to a report published by Lookout, Massistant works in conjunction with a corresponding desktop software, allowing for access to the device's GPS location data, SMS messages, images, audio, contacts, and phone services."
https://thehackernews.com/2025/07/chinas-massistant-tool-secretly.html
#China #Surveillance #CyberSecurity #Hacking #StateHacking #PoliceState
-
"Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices.
The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the research, development, and sale of electronic data forensics and network information security technology products.
According to a report published by Lookout, Massistant works in conjunction with a corresponding desktop software, allowing for access to the device's GPS location data, SMS messages, images, audio, contacts, and phone services."
https://thehackernews.com/2025/07/chinas-massistant-tool-secretly.html
#China #Surveillance #CyberSecurity #Hacking #StateHacking #PoliceState
-
"Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices.
The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the research, development, and sale of electronic data forensics and network information security technology products.
According to a report published by Lookout, Massistant works in conjunction with a corresponding desktop software, allowing for access to the device's GPS location data, SMS messages, images, audio, contacts, and phone services."
https://thehackernews.com/2025/07/chinas-massistant-tool-secretly.html
#China #Surveillance #CyberSecurity #Hacking #StateHacking #PoliceState
-
"Cybersecurity researchers have shed light on a mobile forensics tool called Massistant that's used by law enforcement authorities in China to gather information from seized mobile devices.
The hacking tool, believed to be a successor of MFSocket, is developed by a Chinese company named SDIC Intelligence Xiamen Information Co., Ltd., which was formerly known as Meiya Pico. It specializes in the research, development, and sale of electronic data forensics and network information security technology products.
According to a report published by Lookout, Massistant works in conjunction with a corresponding desktop software, allowing for access to the device's GPS location data, SMS messages, images, audio, contacts, and phone services."
https://thehackernews.com/2025/07/chinas-massistant-tool-secretly.html
#China #Surveillance #CyberSecurity #Hacking #StateHacking #PoliceState
-
"China’s state-owned aircraft maker had just announced the Western engine it had chosen for its new aircraft.
One month later, in January 2010, American cyber researchers started to see the “preparatory activity” of a Chinese hacking group focusing on an American turbine company that made a part needed for jet engines.
For years afterwards, a division of China’s intelligence apparatus could be seen trying to steal engine design information from Western companies. By 2017 and 2018, the US government had opened indictments – with convictions to follow – against figures in the US and China trying to steal Western aerospace information.
The subterfuge, now largely forgotten by the public, is an essential chapter in the origin story of the C919, which was developed to compete with two of the world’s most widely used passenger aircraft – the Boeing 737 and the Airbus A320neo. It was also the foundation of establishing the Commercial Aircraft Corporation of China (COMAC) as a serious player in the global commercial aviation market.
The C919 is now in regular production, and it’s taking its first steps in aiding China’s systematic efforts to both develop its aerospace industry and to produce a viable passenger aircraft.
But years after concerns were raised over Chinese intellectual property theft, few of the affected parties are keen to talk openly about the alleged cyber-espionage."#China #Boeing #Airbus #COMAC #C919 #IPTheft #StateHacking #CyberSecurity