NATO | Breaking Cybersecurity News | The Hacker News

The U.S. government and a coalition of international partners have officially attributed a Russian hacking group tracked as Cadet Blizzard to the General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center ( Unit 29155 ). "These cyber actors are responsible for computer network operations against global targets for the purposes of espionage, sabotage, and reputational harm since at least 2020," the agencies said . "Since early 2022, the primary focus of the cyber actors appears to be targeting and disrupting efforts to provide aid to Ukraine." Targets of the attacks have focused on critical infrastructure and key resource sectors, including the government services, financial services, transportation systems, energy, and healthcare sectors of North Atlantic Treaty Organization (NATO) members, the European Union, Central American, and Asian countries. The joint advisory, released last week as part of a coordinated exercise dubbed Operatio

The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the  upcoming NATO Summit  in Vilnius as well as an identified organization supporting Ukraine abroad. The findings come from the BlackBerry Threat Research and Intelligence team, which  found  two malicious documents submitted from a Hungarian IP address on July 4, 2023. RomCom, also tracked under the names Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed staging cyber attacks against politicians in Ukraine who are working closely with Western countries and a U.S.-based healthcare organization involved with aiding refugees fleeing the war-torn country. Attack chains mounted by the group are geopolitically motivated and have employed spear-phishing emails to point victims to cloned websites hosting trojanized versions of popular software. Targets include militaries, food supply chains, and IT companies. The latest lure documents identified by BlackBerry impersonate Ukraini

For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,

The Russia-linked  APT29  (aka Cozy Bear) threat actor has been attributed to an ongoing cyber espionage campaign targeting foreign ministries and diplomatic entities located in NATO member states, the European Union, and Africa. According to Poland's Military Counterintelligence Service and the CERT Polska team, the observed activity shares tactical overlaps with a cluster tracked by Microsoft as  Nobelium , which is known for its high-profile  attack on SolarWinds  in 2020. Nobelium's operations have been attributed to Russia's Foreign Intelligence Service ( SVR ), an organization that's tasked with protecting "individuals, society, and the state from foreign threats." That said, the campaign represents an evolution of the Kremlin-backed hacking group's tactics, indicating  persistent attempts  at improving its cyber weaponry to infiltrate victim systems for intelligence gathering. "New tools were used at the same time and independently of eac

A year back, Security Researchers from the Antivirus firm Kaspersky found a sophisticated piece of malware which they dubbed as ' MiniDuke ', designed specifically to collect and steal strategic insights and highly protected political information, which is a subject to states' security. Now, once again the MiniDuke virus is spreading in wild via an innocent looking but fake PDF documents related to Ukraine , while the researcher at F-Secure were browsing the set of extracted decoy documents from a large batch of potential MiniDuke Samples. " This is interesting considering the current crisis in the area ," Mikko Hypponen, the CTO of security research firm F-Secure, wrote on Tuesday. The Hacker News reported a year ago about the malicious malware that uses an exploit ( CVE-2013-0640 ) of the famous and actively used Adobe Reader . MiniDuke malware written in assembly language with its tiny file size (20KB), and uses hijacked Twitter accounts for Command &a

Inj3ct0r Team found cross site scripting vulnerability in  4shared , a file sharing site. Vulnerability link is exposed in a note  available at their website.  In general, cross-site scripting refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim. Also same hackers claiming to get access over a private server of NATO Library and expose the links online. Website titled " NATO Multimedia Library Online Catalog ". Inj3ct0r member told The Hacker News , " We found another secret NATO server. We received a root on the server and gave the world the hidden database to NATO personnel. Now everyone can look for a secret document ." These three servers are available online without authorization, but its not confirm that servers got hacked or not.