CyberSecurity news
FlagThis - #cyberwarfare
|
@x.com
//
References:
thecyberexpress.com
, SpiderLabs Blog
,
The ongoing Israel-Iran conflict has expanded into cyberspace, marked by a surge in hacktivist activity and the deployment of new malware campaigns. Pro-Israel and pro-Iranian groups are actively engaging in cyberattacks, including DDoS attacks, website defacements, and data breaches, targeting organizations within each other's territories. This digital warfare mirrors the escalating military tensions between the two nations, turning the internet into a covert combat zone.
Amidst this cyber conflict, a pro-Israel hacktivist group known as Predatory Sparrow has claimed responsibility for hacking Bank Sepah, a major Iranian financial institution. Predatory Sparrow alleges that the bank was used to circumvent international sanctions and finance the Iranian regime's military activities. While independent verification of the attack is pending, reports have emerged of banking disruptions and closed Bank Sepah branches across Iran. The group has targeted Iranian organizations in the past. The intensification of cyber hostilities between Israel and Iran raises concerns about potential spillover effects, with U.S. companies and critical infrastructure facing increased risks. Cybersecurity experts are urging organizations to brace for potential disruptions and enhance their defenses against cyberattacks. The digital conflict highlights the importance of cybersecurity preparedness in a world where geopolitical tensions increasingly manifest in cyberspace. Recommended read:
References :
Ben Weiss@fortune.com
//
A pro-Israel hacktivist group known as Predatory Sparrow has claimed responsibility for a cyberattack on Nobitex, Iran's largest cryptocurrency exchange. The attack resulted in the theft and destruction of approximately $90 million in cryptocurrency. The group stated that Nobitex was targeted for allegedly financing terrorism and evading international sanctions for the Iranian regime. This incident highlights the increasing cyber conflict between Israel and Iran, with hacktivist groups playing a significant role in disruptive operations.
The hackers reportedly sent the stolen funds to inaccessible blockchain addresses, effectively "burning" the cryptocurrency and taking it out of circulation. Blockchain analysis firm Elliptic confirmed the transfer of over $90 million to multiple vanity addresses containing variations of "F--kIRGCterrorists" within their public key. This symbolic act suggests the intention was to send a political message rather than financial gain. It has been noted that Nobitex has over 10 million customers, raising concerns about the potential impact of the breach. The attack on Nobitex follows a recent claim by Predatory Sparrow of hacking Bank Sepah, another major Iranian financial institution. These cyberattacks come amid escalating tensions and exchanges of airstrikes between Israel and Iran. Cybersecurity experts warn of a growing digital conflict unfolding behind the scenes, with the potential for broader spillover effects. The situation emphasizes the vulnerability of cryptocurrency exchanges to sophisticated cyberattacks and the need for enhanced cybersecurity measures. Recommended read:
References :
Jacob Finn@Cisco Talos Blog
//
A new destructive malware, dubbed PathWiper, has been discovered targeting critical infrastructure in Ukraine. Cisco Talos researchers identified the wiper after observing an attack on a Ukrainian entity. The attackers, believed to be a Russia-nexus APT actor, gained access to a legitimate endpoint administration framework and used it to deploy PathWiper across connected endpoints. The malware is designed to overwrite data with random bytes, effectively disrupting the targeted systems. The discovery highlights the continued cyber threat to Ukrainian critical infrastructure amidst the ongoing conflict.
The attack unfolded through a compromised administrative console. Attackers issued commands via the console, which were received by clients running on the endpoints and executed as batch files. These files contained commands to execute a malicious VBScript file named "uacinstall.vbs", which in turn, dropped and executed the PathWiper executable. The filenames and actions used throughout the attack were designed to mimic those of the administrative utility, suggesting the attackers had prior knowledge of the console and its functionality within the targeted environment. Once executed, PathWiper identifies connected storage media and overwrites crucial file system artifacts with random data. It targets physical drives, volume names, network drive paths, and critical files like the Master Boot Record (MBR). The malware creates a thread for each drive and volume, overwriting the contents with randomly generated bytes, effectively destroying data and disrupting system operations. While PathWiper shares some similarities with HermeticWiper, another wiper used in previous attacks against Ukraine, there are notable differences in their data corruption mechanisms. Recommended read:
References :
@cyble.com
//
In May 2025, cybersecurity experts reported a significant surge in hacktivist activity targeting Indian digital infrastructure. This wave of attacks followed the terror attack in Pahalgam, located in the Indian state of Jammu and Kashmir on April 22nd, and India’s retaliatory strikes across the border. A coordinated effort by more than 40 hacktivist groups sought to disrupt and deface numerous Indian websites, leading to widespread alarm across media and social networks as many claimed significant breaches of government, educational, and critical infrastructure websites.
However, detailed technical investigations revealed that the actual impact of these attacks on Indian cyber assets was minimal. Claims of major data breaches, such as a supposed 247 GB breach of the National Informatics Centre (NIC), were largely unfounded as the data was publicly available or fabricated. Website defacements and Distributed Denial of Service (DDoS) attacks, while numerous, were short-lived and ineffective. Despite the relatively low impact, the cyberattacks highlighted the ongoing tensions in cyberspace between India and Pakistan. Technisanct identified 36 pro-Pakistan hacktivist groups involved in the digital assaults, countered by 14 Indian groups retaliating. The escalation in hacktivist activity serves as a reminder of the persistent and evolving cyber threats facing both nations, even amidst military tensions. Recommended read:
References :
Pierluigi Paganini@Security Affairs
//
Pro-Russia hacktivist group NoName057(16) is actively targeting Dutch organizations with large-scale distributed denial of service (DDoS) attacks. These attacks are causing significant access problems and service disruptions for targeted entities across both the public and private sectors in the Netherlands. The country's National Cyber Security Center (NCSC) has issued a warning about these ongoing cyber activities. The NCSC confirmed that the attacks also affect European organizations alongside Dutch ones.
The attacks are part of a broader campaign of cyber-attacks claimed by the hacktivist group. These persistent DDoS attacks aim to overwhelm the targeted organizations' systems with malicious traffic, rendering them inaccessible to legitimate users. The goal of these attacks appears to be the disruption of services and potentially the undermining of confidence in the targeted organizations. BleepingComputer reported on this campaign, highlighting the severity and widespread impact of these attacks. The National Cyber Security Center (NCSC), part of the Dutch Ministry of Justice, released a statement acknowledging the situation. The statement mentioned that both public and private entities within the Netherlands are being targeted by these large-scale DDoS attacks. The NCSC continues to monitor the situation and is working to mitigate the impact of these attacks. Recommended read:
References :
Dissent@DataBreaches.Net
//
China has accused the United States National Security Agency (NSA) of launching "advanced" cyberattacks during the Asian Winter Games in February 2025, targeting essential industries. Police in the northeastern city of Harbin have placed three alleged NSA agents on a wanted list, accusing them of attacking the Winter Games' event information system and key information infrastructure in Heilongjiang province, where Harbin is located. The named NSA agents are Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson, all allegedly members of the NSA's Tailored Access Operations (TAO) offensive cyber unit.
China Daily reports the TAO targeted systems used for registration, timekeeping, and competition entry at the Games, systems which store "vast amounts of sensitive personal data." The publication also stated the TAO appeared to be trying to implant backdoors and used multiple front organizations to purchase servers in Europe and Asia to conceal its tracks and acquire the tools used to breach Chinese systems. A joint report from China's computer emergency response centers (CERTs) stated that over 270,000 attacks on the Asian Winter Games were detected, with 170,000 allegedly launched by the US. Chinese foreign ministry spokesperson Lin Jian condemned the alleged cyber activity, urging the U.S. to take a responsible attitude on cybersecurity issues and stop any attacks and "groundless vilification against China." Xinhua reported the agents repeatedly carried out cyber attacks on China’s critical information infrastructure and participated in cyber attacks on Huawei and other enterprises. Chinese law enforcement agencies are seeking information that could lead to the arrest of the three NSA operatives, though rewards were not disclosed. Recommended read:
References :
@www.wsj.com
//
China has reportedly acknowledged its role in cyberattacks against U.S. critical infrastructure, specifically those attributed to the Volt Typhoon campaign. This admission occurred during a secret meeting with U.S. officials in December, according to SecurityWeek. U.S. officials noted that Volt Typhoon's actions, which involved infiltrating various industries' systems through zero-day exploits and other advanced tactics, were an attempt to deter U.S. support for Taiwan. Furthermore, cyberespionage by the Chinese state-backed Salt Typhoon group against U.S. telecommunications firms was also discussed, revealing the compromise of U.S. officials' communications.
These attacks are part of a broader pattern of Chinese state-backed hackers increasing their activity against infrastructure in the U.S., Europe, and the Asia-Pacific region. Recent intelligence indicates groups like Volt Typhoon and Salt Typhoon have infiltrated power grids, telecommunications networks, and transportation systems. Their apparent goal is to preposition for potential wartime disruption or coercive retaliation during periods of geopolitical tension. This approach involves installing dormant "logic bombs" designed to be triggered during a conflict or crisis, maintaining persistent access while minimizing detection risk. The intensified cyber activities are viewed as a component of China's cyber-enabled irregular warfare strategy. Recent incidents include a power grid failure in Taiwan linked to a Volt Typhoon logic bomb, along with similar occurrences reported in European infrastructure. The attacks' sophistication lies in their "Living Off the Land" techniques, blending state-sponsored hacking with proxy groups and disinformation to achieve strategic objectives without triggering conventional military responses. Such actions, as analyzed by IT security professional Simone Kraus, raise concerns due to their potential for devastating real-world consequences if critical infrastructure is compromised. Recommended read:
References :
|