Tag Archive for: denies

China denies hacking Philippines websites

/in


MANILA, Philippines — The Chinese embassy has denied Beijing’s involvement in hacking attempts on the websites of Philippine government agencies including the Philippine Coast Guard (PCG).

“Some Filipino officials and media maliciously speculated about and groundlessly accused China of engaging in cyberattacks against the Philippines, even went as far as connecting these cyberattacks with the South China Sea disputes. Such remarks are highly irresponsible,” the embassy said in a statement on Monday.

The Chinese government, it said, firmly opposes and cracks down on cyberattacks and does not allow illegal activities on Chinese soil or using Chinese infrastructure.

The statement was issued days after the Department of Information and Communications Technology (DICT) revealed that cybersecurity experts successfully blocked hacking attempts from China that targeted government websites and emails.

PCG spokesman Rear Admiral Armand Balilo said he is not discounting the possibility that the cyberattack attempt on its website could be connected to the ongoing conflict in the West Philippine Sea.

Based on the DICT investigation, the hackers were reportedly from China Unicom, a state-owned telecommunications firm.

Cybersecurity center

A cybersecurity center would prevent the occurrence of cybercrimes as the country’s cybercrime laws only focus on investigations, according to the Philippine National Police Anti-Cybercrime Group (PNP-ACG).

“It means it already happened and there is a probe to charge the persons responsible,” ACG director Maj. Gen. Sidney Hernia said at a news briefing.

Police officers in cybercrime investigations, he noted, need to improve their skills to remain at par with foreign counterparts.

Over the weekend, the DICT revealed that China-based hackers committed cyberattacks against government websites and emails.

Hernia said law enforcement agencies should beef up security to protect the country’s cyberspace.

The ACG is collaborating with financial institutions and e-wallet services to strengthen their security against online scams.

Online abuse of children

Stronger community-based measures for digital protection and internet safety are being pushed as…

Source…

Operator of Sellafield nuclear facility denies hacking claims

/in


Sellafield Ltd, the Nuclear Decomissioning Authority (NDA)-backed organisation responsible for winding up the controversial Sellafield facility in Cumbria – the scene of the UK’s worst ever nuclear accident in 1957 – has denied allegations that its IT networks have been comprehensively compromised by both Chinese and Russian threat actors, deploying so-called sleeper malware that lay undetected on its systems for years to conduct espionage.

Earlier this week, the Guardian newspaper published the results of a lengthy investigation in which it accused the organisation’s senior management of having “consistently covered up” the scale of the intrusions, which it is claimed date back to 2015.

The report alleged that the extent of the supposed breach only came to light when workers at other sites found they were able to access Sellafield’s systems remotely and escalated to the Office for Nuclear Regulation (ONR). It said an insider had described Sellafield’s server network as “fundamentally insecure”, and highlighted other concerns including outside contractors using USB memory sticks at the site and an incident in which user credentials were inadvertently filmed and broadcast by a BBC camera crew.

A spokesperson for Sellafield Ltd said: “We have no records or evidence to suggest that Sellafield Ltd networks have been successfully attacked by state-actors in the way described by the Guardian. Our monitoring systems are robust and we have a high degree of confidence that no such malware exists on our system.

“We take cyber security extremely seriously at Sellafield. All of our systems and servers have multiple layers of protection…Critical networks that enable us to operate safely are isolated from our general IT network, meaning an attack on our IT system would not penetrate these,” they added.

However, this is not the first time that evidence of cyber intrusions affecting Sellafield have come to light. In 2021, for example, the Information Commissioner’s Office (ICO) ruled against the organisation over data breach offences, although these related to an employment tribunal and not critical information on the facility, while Private Eye has…

Source…

Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group

/in


Earlier today, the RANSOMEDVC ransomware group claimed to have breached Colonial Pipeline company and also leaked 5GB worth of data including internal files and photos.

The infamous RANSOMEDVC ransomware group has declared that they successfully infiltrated Colonial Pipeline, the American company operating a significant pipeline system that transports over 100 million gallons of various petroleum products, including gasoline, diesel fuel, and jet fuel, on a daily basis.

Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group
What the RANSOMEDVC ransomware group published on their dark web blog (Image credit: Hackread.com)

These latest claims from the RANSOMEDVC group surfaced through posts on their dark web blog. The group also shared their claims via their recently launched Telegram channel and their X (previously Twitter) account. It’s worth noting that RANSOMEDVC is the same group that claimed to have breached Sony Corporation in September 2024.

In correspondence with Hackread.com, the group disclosed that apparently, Colonial Pipeline had refused to pay any ransom. However, they did not disclose the size of the alleged stolen data or the ransom amount demanded from the company.

Additionally, RANSOMEDVC publicly shared a file containing 5GB of data, claiming it belongs to Colonial Pipeline. Hackread.com has examined and analyzed this data. While it’s premature to draw definitive conclusions, the files and folders appear to contain a wealth of information, including diagrams, internal documents, leak detection policies, ICS and SCADA-related presentations, as well as photos of employees handling electronic equipment, among other things.

Notably, the photos of employees reveal that their desks feature a “Weekly Status Report” with the Colonial Pipeline logo.

Colonial Pipeline Denies Breach by RANSOMEDVC Ransomware Group
From the leaked files (Image credit: Hackread.com)

However, in an exclusive statement to Hackread.com, Colonial Pipeline has rejected the claims made by the RANSOMEDVC ransomware group and linked the leaked files to “a third-party data breach unrelated to Colonial Pipeline.”

Colonial Pipeline is aware of unsubstantiated claims posted to an online forum that its system has been compromised by an unknown party. After working with our…

Source…

Darktrace Denies Getting Hacked After Ransomware Group Names Company on Leak Site

/in


Cybersecurity company Darktrace issued a statement on Thursday after it was named on the leak website of the LockBit ransomware group.

“Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise,” Darktrace said.

“None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected,” it added.

The statement was issued after a post on LockBit’s leak website seemed to suggest that the ransomware group had targeted Darktrace. The post suggested that data was stolen from Darktrace and that the cybercriminals were asking for a $1 million ransom.

However, it appears that Darktrace was not hacked — or even targeted — by LockBit. Instead, the entry on the LockBit leak website apparently comes in response to a recent Twitter post from Singapore-based threat intelligence firm DarkTracer, which is not related in any way to Darktrace.

“The reliability of the RaaS service operated by LockBit ransomware gang seems to have declined,” DarkTracer said on Wednesday, referring to junk data being posted on the LockBit leak website. 

The fake data on the LockBit site was apparently test data posted by the hackers while doing maintenance. 

The cybercriminals were not happy with DarkTracer’s allegations, but confused it with UK-based Darktrace and published a post suggesting that they had hacked Darktrace. These types of mistakes are not uncommon for ransomware groups. 

It’s worth noting that there is also no evidence that LockBit targeted DarkTracer either. 

LockBit last year claimed to have stolen hundreds of gigabytes of data from cybersecurity firm Entrust. The company confirmed that some systems used for internal operations had been breached and that some files had been stolen, but has still not publicly shared additional information on the…

Source…