CyberSecurity news

FlagThis - #cyberwarfare

@cyble.com //

India-Pakistan Cyber Conflict: Hacktivist Activity Surges - Cyble reports a surge in hacktivist activity targeting Indian digital infrastructure by Pakistan-aligned groups after the Pahalgam terror attack, retaliated by India’s Operation Sindoor with minimal impact.
In May 2025, cybersecurity experts reported a significant surge in hacktivist activity targeting Indian digital infrastructure. This wave of attacks followed the terror attack in Pahalgam, located in the Indian state of Jammu and Kashmir on April 22nd, and India’s retaliatory strikes across the border. A coordinated effort by more than 40 hacktivist groups sought to disrupt and deface numerous Indian websites, leading to widespread alarm across media and social networks as many claimed significant breaches of government, educational, and critical infrastructure websites.

However, detailed technical investigations revealed that the actual impact of these attacks on Indian cyber assets was minimal. Claims of major data breaches, such as a supposed 247 GB breach of the National Informatics Centre (NIC), were largely unfounded as the data was publicly available or fabricated. Website defacements and Distributed Denial of Service (DDoS) attacks, while numerous, were short-lived and ineffective.

Despite the relatively low impact, the cyberattacks highlighted the ongoing tensions in cyberspace between India and Pakistan. Technisanct identified 36 pro-Pakistan hacktivist groups involved in the digital assaults, countered by 14 Indian groups retaliating. The escalation in hacktivist activity serves as a reminder of the persistent and evolving cyber threats facing both nations, even amidst military tensions.

Recommended read:
References :
  • cyble.com: More than 40 hacktivist groups conducted coordinated cyberattacks against India following the April 22 terror attack in Pahalgam in the Indian state of Jammu and Kashmir, which in turn prompted India to respond with targeted strikes aimed at alleged terrorist infrastructure across the border and the Pakistan-Occupied Kashmir region (PoK).
  • thecyberexpress.com: Over 40 Hacktivist Groups Target India in Coordinated Cyber Campaign: High Noise, Low Impact
  • Secure Bulletin: Tactical reality behind the India-Pakistan hacktivist surge
  • securebulletin.com: Tactical reality behind the India-Pakistan hacktivist surge
  • cyble.com: India Experiences Surge in Hacktivist Group Activity Amid Military Tensions
  • thecyberexpress.com: No Ceasefire in the Cyberspace Between India and Pakistan
  • www.cysecurity.news: Cyber War Escalates Between Indian and Pakistani Hacktivists After Pahalgam Attack
Pierluigi Paganini@Security Affairs //

Pro-Russia Hacktivists Target Dutch Organizations - Pro-Russian hacktivist group NoName057(16) is targeting Dutch organizations with large-scale DDoS attacks, causing access problems and service disruptions.
Pro-Russia hacktivist group NoName057(16) is actively targeting Dutch organizations with large-scale distributed denial of service (DDoS) attacks. These attacks are causing significant access problems and service disruptions for targeted entities across both the public and private sectors in the Netherlands. The country's National Cyber Security Center (NCSC) has issued a warning about these ongoing cyber activities. The NCSC confirmed that the attacks also affect European organizations alongside Dutch ones.

The attacks are part of a broader campaign of cyber-attacks claimed by the hacktivist group. These persistent DDoS attacks aim to overwhelm the targeted organizations' systems with malicious traffic, rendering them inaccessible to legitimate users. The goal of these attacks appears to be the disruption of services and potentially the undermining of confidence in the targeted organizations. BleepingComputer reported on this campaign, highlighting the severity and widespread impact of these attacks.

The National Cyber Security Center (NCSC), part of the Dutch Ministry of Justice, released a statement acknowledging the situation. The statement mentioned that both public and private entities within the Netherlands are being targeted by these large-scale DDoS attacks. The NCSC continues to monitor the situation and is working to mitigate the impact of these attacks.

Recommended read:
References :
  • bsky.app: Pro-Russia hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.
  • securityaffairs.com: Pro-Russia hacktivist group NoName057(16) is targeting Dutch organizations
  • www.bleepingcomputer.com: Pro-Russia hacktivists bombard Dutch public orgs with DDoS attacks
  • BleepingComputer: Pro-Russian hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.
  • bsky.app: Russian group NoName launched DDoS attacks and took down the public websites of several Dutch provinces.
  • www.bleepingcomputer.com: Russia-aligned hacktivists persistently target key public and private organizations in the Netherlands with distributed denial of service (DDoS) attacks, causing access problems and service disruptions.
  • DataBreaches.Net: A large-scale cyberattack hit multiple Dutch municipalities and provinces on Monday morning, rendering the websites of more than twenty local governments inaccessible for several hours.
  • The DefendOps Diaries: Pro-Russian Hacktivists Target Dutch Public Organizations with DDoS Attacks
  • gbhackers.com: Multiple Dutch organizations have experienced significant service disruptions this week due to a series of coordinated Distributed Denial-of-Service (DDoS) attacks.
  • industrialcyber.co: Forescout reports rise of state-sponsored hacktivism, as geopolitics rewrites cyber threat landscape
Dissent@DataBreaches.Net //

China's Alleged Cyberattacks on US Infrastructure - China accuses the U.S. NSA of cyberattacks during the Asian Winter Games in February 2025, targeting essential industries and placing three alleged NSA agents on a wanted list.
China has accused the United States National Security Agency (NSA) of launching "advanced" cyberattacks during the Asian Winter Games in February 2025, targeting essential industries. Police in the northeastern city of Harbin have placed three alleged NSA agents on a wanted list, accusing them of attacking the Winter Games' event information system and key information infrastructure in Heilongjiang province, where Harbin is located. The named NSA agents are Katheryn A. Wilson, Robert J. Snelling, and Stephen W. Johnson, all allegedly members of the NSA's Tailored Access Operations (TAO) offensive cyber unit.

China Daily reports the TAO targeted systems used for registration, timekeeping, and competition entry at the Games, systems which store "vast amounts of sensitive personal data." The publication also stated the TAO appeared to be trying to implant backdoors and used multiple front organizations to purchase servers in Europe and Asia to conceal its tracks and acquire the tools used to breach Chinese systems. A joint report from China's computer emergency response centers (CERTs) stated that over 270,000 attacks on the Asian Winter Games were detected, with 170,000 allegedly launched by the US.

Chinese foreign ministry spokesperson Lin Jian condemned the alleged cyber activity, urging the U.S. to take a responsible attitude on cybersecurity issues and stop any attacks and "groundless vilification against China." Xinhua reported the agents repeatedly carried out cyber attacks on China’s critical information infrastructure and participated in cyber attacks on Huawei and other enterprises. Chinese law enforcement agencies are seeking information that could lead to the arrest of the three NSA operatives, though rewards were not disclosed.

Recommended read:
References :
  • The Register - Security: China names alleged US snoops over Asian Winter Games attacks
  • www.cybersecurity-insiders.com: China accuses US of launching advanced Cyber Attacks on its infrastructure
  • CyberScoop: Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks
  • DataBreaches.Net: China accuses US of launching ‘advanced’ cyberattacks, names alleged NSA agents
  • www.scworld.com: China's allegation that NSA hacked Asian Winter Games draws suspicion
  • cyberscoop.com: Chinese law enforcement places NSA operatives on wanted list over alleged cyberattacks
  • PCMag UK security: Police in the Chinese city of Harbin say three NSA operatives disrupted the 2025 Asian Winter Games and hacked Huawei.
  • www.csoonline.com: China accused the United States National Security Agency (NSA) on Tuesday of launching “advanced†cyberattacks during the Asian Winter Games in February, targeting essential industries.
  • Metacurity: China accuses NSA of 'advanced cyberattacks' during the Asian Winter Games
  • www.metacurity.com: China accuses NSA of 'advanced cyberattacks' during the Asian Winter Games
  • www.dailymail.co.uk: China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents
  • sysdig.com: UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell
  • aboutdfir.com: China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure
@www.wsj.com //

China Admits to US Infrastructure Cyberattacks, Trade War - China has reportedly acknowledged its role in cyberattacks against U.S. critical infrastructure, specifically Volt Typhoon, during a secret meeting with U.S. officials.
References: Sam Bent , DataBreaches.Net , WIRED ...
China has reportedly acknowledged its role in cyberattacks against U.S. critical infrastructure, specifically those attributed to the Volt Typhoon campaign. This admission occurred during a secret meeting with U.S. officials in December, according to SecurityWeek. U.S. officials noted that Volt Typhoon's actions, which involved infiltrating various industries' systems through zero-day exploits and other advanced tactics, were an attempt to deter U.S. support for Taiwan. Furthermore, cyberespionage by the Chinese state-backed Salt Typhoon group against U.S. telecommunications firms was also discussed, revealing the compromise of U.S. officials' communications.

These attacks are part of a broader pattern of Chinese state-backed hackers increasing their activity against infrastructure in the U.S., Europe, and the Asia-Pacific region. Recent intelligence indicates groups like Volt Typhoon and Salt Typhoon have infiltrated power grids, telecommunications networks, and transportation systems. Their apparent goal is to preposition for potential wartime disruption or coercive retaliation during periods of geopolitical tension. This approach involves installing dormant "logic bombs" designed to be triggered during a conflict or crisis, maintaining persistent access while minimizing detection risk.

The intensified cyber activities are viewed as a component of China's cyber-enabled irregular warfare strategy. Recent incidents include a power grid failure in Taiwan linked to a Volt Typhoon logic bomb, along with similar occurrences reported in European infrastructure. The attacks' sophistication lies in their "Living Off the Land" techniques, blending state-sponsored hacking with proxy groups and disinformation to achieve strategic objectives without triggering conventional military responses. Such actions, as analyzed by IT security professional Simone Kraus, raise concerns due to their potential for devastating real-world consequences if critical infrastructure is compromised.

Recommended read:
References :
  • Sam Bent: In a closed-door Geneva summit, Chinese officials admitted—albeit indirectly—to orchestrating Volt Typhoon cyberattacks on US infrastructure. The move signals escalating covert conflict over Taiwan and exposes the US grid’s vulnerability to prolonged foreign infiltration.
  • DataBreaches.Net: Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate.
  • www.metacurity.com: China acknowledged US cyberattacks at a secret meeting, report
  • WIRED: China Secretly (and Weirdly) Admits It Hacked US Infrastructure
  • Risky Business Media: China privately admits to hacking American critical infrastructure, the US Treasury was compromised by password spraying, America will sign a global spyware agreement after all, and a Chinese APT is abusing the Windows Sandbox to hide its malware.
  • securityaffairs.com: China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports.
  • The Register - Security: China reportedly admitted directing cyberattacks on US infrastructure at a meeting with their American counterparts, according to The Wall Street Journal.…
  • Schneier on Security: China Sort of Admits to Being Behind Volt Typhoon
  • oodaloop.com: China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure: Report
  • www.scworld.com: US critical infrastructure attacks reportedly acknowledged by China
  • OODAloop: In a secret meeting that took place late last year between Chinese and American officials, the former confirmed that China had conducted cyberattacks against US infrastructure as part of the campaign known as Volt Typhoon, according to The Wall Street Journal.
  • cybersecuritynews.com: Chinese Hackers Attacking Critical Infrastructure to Sabotage Networks
  • Metacurity: China acknowledged US cyberattacks at a secret meeting, report
  • ciso2ciso.com: China Sort of Admits to Being Behind Volt Typhoon – Source: www.schneier.com
  • WIRED: Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows
do son@securityonline.info //

Cybercriminals Exploit Signal Messaging App - Cybercriminals are using the Signal app to spread a Remote Access Trojan (RAT) targeting high-value individuals in Ukraine's defense sector by sending malicious files from compromised accounts.
Cybercriminals are actively exploiting the Signal messaging application to distribute an information-stealing Remote Access Trojan (RAT), raising serious privacy concerns. According to a recently published report, a cybercriminal group identified as UNC-200 is behind the campaign, which involves targeting high-value individuals within Ukraine's defense sector. The Computer Emergency Response Team of Ukraine (CERT-UA) has issued warnings about this campaign, which utilizes the Dark Crystal RAT (aka DCRat) to compromise systems.

This malicious activity involves distributing messages via Signal that contain what appears to be meeting minutes. These messages are sent from compromised accounts to enhance credibility, enticing unsuspecting users to download malicious archive files. The archives contain a decoy PDF and an executable that deploys the DCRat malware, giving attackers remote access and control, stealing valuable information and executing arbitrary commands. CERT-UA attributes this activity to UAC-0200, active since summer 2024, who noted that the use of popular messengers increases the attack surface, including due to the creation of uncontrolled information exchange channels.

Recommended read:
References :
  • cyberinsider.com: Ukraine Warns Signal Used for Spreading RATs on High-Value Targets
  • securityonline.info: CERT-UA Alert: DarkCrystal RAT Deployed via Signal in Ukraine
  • SOC Prime Blog: Detect UAC-0200 Attacks Using DarkCrystal RAT
  • The DefendOps Diaries: Russian Cyber Espionage Targets Ukrainian Military via Signal
  • BleepingComputer: Ukrainian military targeted in new Signal spear-phishing attacks
  • BleepingComputer: Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces.
  • securityaffairs.com: CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
  • The Hacker News: CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
  • BleepingComputer: Ukraine's Computer Emergency Response Team (CERT-UA) is warning about highly targeted attacks employing compromised Signal accounts to send malware to employees of defense industry firms and members of the country's army forces.
  • Sam Bent: Report: Cybercriminals Leverage Signal App to Deploy Info-Stealing RAT, Raising Privacy Concerns
  • bsky.app: CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT
  • www.scworld.com: Attackers, tracked under the UAC-0200 threat cluster, leveraged the Signal messaging app to deliver messages purportedly containing minutes of the meeting reports as archive files.
@csoonline.com //

US Halts Cyber Operations Against Russia? - Reports claimed the US government paused cyber operations against Russia, causing debate, but CISA denied these reports as fake news, highlighting the sensitivity and importance of reliable reporting.
Recent reports have surfaced indicating that the US government ordered a temporary halt to offensive cyber operations against Russia, a decision that has stirred considerable debate and concern within the cybersecurity community. According to an exclusive report, Defense Secretary Pete Hegseth instructed U.S. Cyber Command (CYBERCOM) to suspend all planning against Moscow, including offensive digital actions. The directive, delivered to CYBERCOM chief Gen. Timothy Haugh, appears to be part of a broader effort by the White House to normalize relations with Russia amid ongoing negotiations regarding the war in Ukraine.

The decision to pause cyber operations has been met with skepticism and warnings from cybersecurity professionals, who fear the potential consequences of reducing vigilance against a known digital adversary. Concerns have been raised about potential increases in global cyber threats and a decrease in shared confidence in the U.S. as a defensive partner. However, the Cybersecurity and Infrastructure Security Agency (CISA) has denied these reports, labeling them as fake news and a danger to national security. CISA also noted that Russia has been at the center of numerous cybersecurity concerns for the U.S.

Recommended read:
References :
  • bsky.app: DHS says CISA will not stop monitoring Russian cyber threats
  • The Register - Security: US Cyber Command reportedly pauses cyberattacks on Russia
  • Anonymous ???????? :af:: US Cybersecurity and Infrastructure Security Agency says that media reports about it being directed to no longer follow or report on Russian cyber activity are untrue, and its mission remains unchanged.
  • securityboulevard.com: Security Pros Push Back as Trump Orders Halt to Cyber Ops vs. Russia
  • www.bitdefender.com: Stop targeting Russian hackers, Trump administration orders US Cyber Command
  • www.csoonline.com: US Cybercom, CISA retreat in fight against Russian cyber threats: reports
  • Carly Page: The US has suspended its offensive cyber operations against Russia, according to reports, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
  • Metacurity: US Cybercom, CISA are softening stances on Russia as a cyber foe: reports
  • Zack Whittaker: The U.S. has reportedly suspended its offensive cyber operations against Russia, per multiple news outlets, amid efforts by the Trump administration to grant Moscow concessions to end the war in Ukraine.
  • securityaffairs.com: CISA maintains stance on Russian cyber threats despite policy shift
  • CyberInsider: CISA Denies Reports That It Has Halted Cyber Operations Against Russian Threats
  • iHLS: U.S. Pauses Cyber Operations Against Russia

Posts

Blogs

Research Tools