The Romanian presidential election was annulled following allegations of Russian interference, involving 25,000 fake accounts and 85,000 cyberattacks on election systems. The interference involved coordinated disinformation campaigns and social media manipulation. The EU is tightening its control over TikTok as a consequence of this event. The incident highlights the increasing risk of foreign interference in democratic processes using digital platforms and cyberattacks. This shows how election systems can be manipulated to affect the outcome of elections.
The Russian state-sponsored APT group BlueAlpha is using Cloudflare Tunnels to distribute custom malware, such as GammaDrop and GammaLoad. They employ spearphishing with malicious HTML attachments to evade detection and maintain persistent access to compromised networks. This activity highlights the abuse of trusted infrastructure for malicious purposes.
Blue Yonder, a supply chain software company, suffered a ransomware attack on November 21, 2024. The Termite ransomware group claimed responsibility for the breach, threatening to publish stolen data. The attack impacted several major clients, including Starbucks, BIC, and Morrisons, causing disruptions. Blue Yonder is investigating the incident, and the full extent of the data breach and its impact is still being assessed. This is a significant incident in the supply chain due to the number of large companies impacted.
Multiple critical vulnerabilities have been disclosed impacting various Industrial Control Systems (ICS) products. These vulnerabilities, identified in AutomationDirect’s C-More EA9 Programming Software, Planet Technology’s industrial switch WGS-804HPT, and other products, could enable remote code execution (RCE) and other serious security compromises if exploited. The vulnerabilities highlight the ongoing challenge of securing critical infrastructure against sophisticated cyberattacks. Organizations are urged to apply the necessary mitigations and keep their ICS software updated to prevent attacks and minimize the risk to their operations.
This cluster reports on findings by iVerify regarding the widespread use of Pegasus spyware. The research indicates a broader impact than previously known, affecting not just high-profile individuals but also ordinary users. This underscores the ongoing threat of sophisticated spyware and the need for robust mobile security.
ESET researchers discovered Bootkitty, the first UEFI bootkit designed for Linux systems. While appearing to be a proof-of-concept, its existence signals a concerning shift in the UEFI threat landscape, expanding threats beyond traditionally targeted Windows systems. Further research is needed to determine its potential for active exploitation and the extent of its capabilities.
The Tor Project is seeking volunteers to establish 200 WebTunnel bridges to counter increased online censorship in Russia, which is actively blocking access to Tor and other circumvention tools. This highlights the ongoing struggle for internet freedom and the need for resilient anonymity tools.
A malicious PyPI package, ‘aiocpa’, disguised as a legitimate cryptocurrency client, was used to steal cryptocurrency wallet information. Attackers used a stealthy approach, publishing their own package instead of typosquatting. The malicious code was obfuscated using Base64 encoding and zlib compression; it exfiltrated sensitive data to a Telegram bot. This highlights the risk of malicious packages in software supply chains.
A cyberattack caused a major incident at the UK’s Wirral University Teaching Hospital (WUTH), resulting in postponed appointments and procedures and a system outage. The hospital moved to paper-based methods and continues to experience disruptions. This highlights the vulnerability of healthcare systems to cyberattacks and the potential for serious disruption to patient care.
A data broker, SL Data Services, exposed 644,869 sensitive files, including background checks, in a publicly accessible cloud storage container. The files contained personal information like names, addresses, phone numbers, and criminal histories. This highlights the risks of data brokers and the need for individuals to protect their personal information.
The FSB, Russian Federal Security Service, allegedly used a trojanized application to monitor a Russian programmer accused of supporting Ukraine. This highlights the use of sophisticated surveillance techniques by state actors against individuals perceived as threats. The incident underscores the importance of digital security and privacy, especially in high-risk environments. The spyware was hidden in an app that the programmer downloaded.
A Chinese commercial vessel, Yi Peng 3, is suspected of intentionally dragging its anchor across the Baltic seabed, severing two critical undersea telecommunications cables between Lithuania, Sweden, Finland, and Germany. Western officials believe that Russia likely orchestrated the incident as an act of sabotage against EU maritime infrastructure. The incident disrupted communications and raised concerns about the vulnerability of undersea cables. The Chinese ship’s actions, involving extended anchor dragging while its transponder was disabled, point to deliberate actions.
The Brain Cipher ransomware group claimed responsibility for a data breach at Deloitte UK, allegedly exfiltrating over 1 terabyte of sensitive data. The group publicized the breach, highlighting what they deemed elementary security flaws. Deloitte has not yet confirmed the incident or the extent of the data exfiltration.
The SmokeLoader malware has been observed in a new campaign targeting Taiwanese companies across various sectors, including manufacturing, healthcare, and IT. Unlike previous campaigns where SmokeLoader acted as a downloader for other malware, this campaign directly executes the attack by downloading and executing malicious plugins from its C2 server. This approach enhances its capability and evasiveness. The malware utilizes social engineering techniques, such as personalized emails with generic content, to enhance its success rate.
The Russian state-sponsored group Secret Blizzard has been found to have hijacked the infrastructure of other hacking groups for its operations, with a recent campaign targeting the Pakistan-based espionage cluster Storm-0156 (also known as SideCopy, Transparent Tribe, or APT36). Secret Blizzard’s actions involved installing backdoors, collecting intelligence, and compromising target devices in regions like South Asia and Ukraine. This sophisticated espionage operation highlights the increasing complexity of cyber threats and the ability of nation-state actors to leverage the resources of other groups for their malicious activities.
Check Point Research discovered a new malware delivery technique using the Godot game engine. Malicious GDScript code within .pck files is used to execute commands and deliver malware, evading detection by most antivirus engines. The GodLoader malware is distributed through a GitHub network, legitimized by ghost accounts. This multi-platform vulnerability affects Windows, macOS, Linux, Android, and iOS and poses a risk to millions of users. This is a new and innovative way to spread malware.