Seoul police have accused the North Korean hacker group Andariel of stealing sensitive defense secrets from South Korean defense companies and laundering ransomware proceeds back to North Korea. The hackers stole 1.2TB of data, including information on advanced anti-aircraft weapons.
The Australian government says it will mandate ransomware reporting by businesses, boost law enforcement capacity and fund startups with innovative cybersecurity solutions under a strategy unveiled Monday. "We cannot continue as we have," said Cyber Security and Home Affairs Minister Clare O'Neil.
Security company CrowdStrike said it had observed Iranian hacker group Imperial Kitten, also known as TA456, Crimson Sandstorm and Tortoiseshell, conducting web compromise operations between 2022 and 2023 to infiltrate Israeli logistics, transportation and technology companies.
Security researchers say an Iranian state hacking group is likely using spearfishing and a legitimate content hosting service in a cyberespionage campaign targeted against Israel. The hacker group, tracked as MuddyWater, likely mounted a new campaign after the onset of the Israel-Hamas war.
The Australian government is close to introducing standards to shore up the security of the down under country's fast-growing solar market amid reports that Chinese state-sponsored hackers might target internet-connected solar inverters and cause blackouts.
Thousands of North Korean IT workers hid their identities to earn hundreds of millions of dollars in IT contract work from overseas companies to help finance the country's weapons development program, U.S. and South Korean agencies said. Officials said to watch for workers who are camera-shy.
A previously undetected cyberespionage group spied against Taiwanese government agencies and the island-country's manufacturing sector, say cybersecurity researchers. The Symantec Threat Hunter Team says it likely operates "from a region with a strategic interest in Taiwan."
Tens of thousands of knockoff Android products manufactured in China including TV streaming boxes reached consumers infected with malware, say cybersecurity researchers. Human Security says it uncovered a related operation that earned millions per month in an online advertising fraud scheme.
South Korean national intelligence has sounded alarms about North Korean hackers targeting the country's shipbuilding industry to steal naval military secrets. The agency said the hacks are part of North Korean leader Kim Jong Un's strategy to build larger, more advanced warships.
Security researchers linked a surveillance toolkit called LightSpy to Chinese threat group APT41, which has a history of using surveillance malware on iOS and Android devices. The group used spam messages to convince users download a malicious WeChat application.
SentinelOne observed suspected cyberespionage actors of unknown origin using modular backdoors and highly stealthy tactics in August to target telecommunication companies in the Middle East, Western Europe and South Asia. The group, tracked as Sandman, is using the novel backdoor LuaJIT.
China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone and warned that foreign mobile device manufacturers must abide by domestic information security laws.
Cybersecurity researchers at Symantec said a cybercriminal entity with possible ties to the Chinese government used the ShadowPad Trojan to target an Asian country's national power grid earlier this year. The Redfly APT group focused on stealing credentials and compromising multiple computers.
Australia's information commissioner has urged organifzations to quicken the process of notifying those affected by data breaches instead of spending months analyzing each incident. Angelene Falk said it can take anywhere from 20 days to five months to notify breach victims, putting them at risk.
Researchers spotted North Korean state hackers deploying a more compact remote access Trojan through a flaw in IT service management software in a campaign affecting European and U.S. critical infrastructure. Cisco Talos said the Lazarus Group in May started to deploy a Trojan it named QuiteRAT.