Tag: critical | Page 4

Exclusive-US disabled Chinese hacking network targeting critical infrastructure, sources say

February 4, 2024/in Computer Security

By Christopher Bing and Karen Freifeld

(Reuters) – The U.S. government in recent months launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter.

The Justice Department and Federal Bureau of Investigation sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.

Known as Volt Typhoon, the malicious cyber activity has alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities.

Such breaches could enable China, national security experts said, to remotely disrupt important facilities in the Indo-Pacific region that in some form support or service U.S. military operations.

A Justice Department spokesperson declined to comment. A spokesperson for the FBI and the Chinese embassy in Washington did not immediately respond to a request for comment.

When Western nations first warned about Volt Typhoon in May, Chinese foreign ministry spokesperson Mao Ning said the hacking allegations were a “collective disinformation campaign” from the Five Eyes countries, a reference to the intelligence sharing grouping of countries made up of the United States, Canada, New Zealand, Australia and the UK.

(Reporting by Christopher Bing in Washington and Karen Freifeld in New York; Editing by Chris Sanders and Lisa Shumaker)

Source…

US disables hacking network targeting critical infrastructure

January 30, 2024/in Internet Security

The US launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter.

The Justice Department (DoJ) and Federal Bureau of Investigation (FBI) sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.

The Biden administration has increasingly focused on hacking, not only for fear that nation states may try to disrupt the US election in November, but because ransomware wreaked havoc on Corporate America in 2023.

The hacking group at the center of recent activity, Volt Typhoon, has especially alarmed intelligence officials who say it is part of a larger effort to compromise Western critical infrastructure, including naval ports, internet service providers and utilities.

While the Volt Typhoon campaign initially came to light in May 2023, the hackers expanded the scope of their operations late last year and changed some of their techniques, according to three people familiar with the matter.

The widespread nature of the hacks led to a series of meetings between the White House and private technology industry, including several telecommunications and cloud computing companies, where the US government asked for assistance in tracking the activity.

Such breaches could enable China, national security experts said, to remotely disrupt important facilities in the Indo-Pacific region that in some form support or service US military operations. Sources said US officials are concerned the hackers were working to hurt US readiness in case of a Chinese invasion of Taiwan.

China, which claims democratically governed Taiwan as its own territory, has increased its military activities near the island in recent years in response to what Beijing calls “collusion” between Taiwan and the United States.

The Justice Department and FBI declined to comment. The Chinese embassy in Washington did not immediately respond to a request for comment.

When Western nations first warned about Volt Typhoon in May, Chinese foreign ministry spokesperson Mao Ning said the hacking…

Source…

Cyberattack On Finland Intensifies, Hits Critical Sectors

January 10, 2024/in Internet Security

The NoName ransomware group, suspected to have Russian affiliations, has reportedly intensified its cyberattack on Finland. The recent wave of distributed denial-of-service (DDoS) attacks has targeted a wide array of critical sectors in Finland.

The NoName cyberattacks have zeroed in on a variety of critical sectors encompassing the Energy Industry Association, which plays a pivotal role in overseeing the nation’s energy policies.

Additionally, Technical Academic TEK, representing technical professionals and engineers, has become a target, signifying a deliberate assault on key intellectual and technical expertise in the country.

Further intensifying the impact, the cyber onslaught extends to Oikeus.fi, Finland’s legal information portal, underlining the hacker group’s interest in disrupting legal infrastructure.

Click here to follow our WhatsApp channel

The Association of Municipalities, a collaborative body uniting local municipalities, faces the brunt of the attacks, impacting the decentralized governance structure.

Simultaneously, the Consumer Disputes Board, responsible for resolving consumer conflicts, becomes another casualty, illustrating a comprehensive assault on various facets of Finnish society and services.

In Detail: Cyberattack on Finland

The severity of the cyberattack on Finland claim is sensed by the diverse industries targeted, indicating a strategic and widespread campaign. If a cyberattack on Finland is proven true, the impact of this multi-industry attack could be far-reaching.

The situation further intensifies with the hacker group’s message, which reads, “We continue to remind the Finnish government how bad the idea of locating a NATO base near Russia is.”

The Cyber Express team conducted a thorough check of the websites reportedly under attack by NoName and found them operating smoothly. However, attempts to glean more details from the affected organizations proved futile, as there has been no official response from any entity as of the time of writing this report.

Previous Cyberattack on Finland

In the first week of January 2024, NoName, a ransomware group launched a series of cyberattacks on several Finnish…

Source…

Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price

December 19, 2023/in Internet Security

A parked Comcast service van with the — Enlarge / A Comcast Xfinity service van in San Ramon, California on February 25, 2020.

Getty Images | Smith Collection/Gado

Comcast waited 13 days to patch its network against a high-severity vulnerability, a lapse that allowed hackers to make off with password data and other sensitive information belonging to 36 million Xfinity customers.

The breach, which was carried out by exploiting a vulnerability in network hardware sold by Citrix, gave hackers access to usernames and cryptographically hashed passwords for 35.9 million Xfinity customers, the cable TV and Internet provider said in a notification filed Monday with the Maine attorney general’s office. Citrix disclosed the vulnerability and issued a patch on October 10. Eight days later, researchers reported that the vulnerability, tracked as CVE-2023-4966 and by the name Citrix Bleed, had been under active exploitation since August. Comcast didn’t patch its network until October 23, 13 days after a patch became available and five days after the report of the in-the-wild attacks exploiting it.

“However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability,” an accompanying notice stated. “We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.”

Comcast is still investigating precisely what data the attackers obtained. So far, Monday’s disclosure said, information known to have been taken includes usernames and hashed passwords, names, contact information, the last four digits of social security numbers, dates of birth, and/or secret questions and answers. Xfinity is Comcast’s cable television and Internet division.

Citrix Bleed has emerged as one of the year’s most severe and widely exploited vulnerabilities, with a…

Source…

Tag Archive for: critical

In Detail: Cyberattack on Finland

Previous Cyberattack on Finland