Geopolitics | Breaking Cybersecurity News | The Hacker News

A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE , has also targeted the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, Check Point said in an analysis. "The [Israel-Hamas] conflict has not disrupted the WIRTE's activity, and they continue to leverage recent events in the region in their espionage operations," the company said . "In addition to espionage, the threat actor recently engaged in at least two waves of disruptive attacks against Israel." WIRTE is the moniker assigned to a Middle Eastern advanced persistent threat (APT) that has been active since at least August 2018, targeting a broad spectrum of entities across the region. It was first documented by Spanish cybersecurity company S2 Grupo. The hacking crew is assessed to be part of a politically motivated group ca...

Polish government institutions have been targeted as part of a large-scale malware campaign orchestrated by a Russia-linked nation-state actor called  APT28 . "The campaign sent emails with content intended to arouse the recipient's interest and persuade him to click on the link," the computer emergency response team, CERT Polska,  said  in a Wednesday bulletin. Clicking on the link redirects the victim to the domain run.mocky[.]io, which, in turn, is used to redirect to another legitimate site named webhook[.]site, a  free service  that allows developers to inspect data that's being sent via a webhook, in an effort to evade detection. The next step involves the download of a ZIP archive file from webhook[.]site, which contains the Windows Calculator binary that masquerades as a JPG image file ("IMG-238279780.jpg.exe"), a hidden batch script file, and another hidden DLL file ("WindowsCodecs.dll"). Should a victim run the application, the mali...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

The data wiping malware called  AcidPour  may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show. The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence. "AcidPour's expanded capabilities would enable it to better disable embedded devices including networking, IoT, large storage (RAIDs), and possibly ICS devices running Linux x86 distributions," security researchers Juan Andres Guerrero-Saade and Tom Hegel  said . AcidPour is a variant of  AcidRain , a wiper that was used to render Viasat KA-SAT modems operable at the onset of the Russo-Ukrainian war in early 2022 and cripple Ukraine's military communications. It also builds upon the latter's features, while targeting Linux systems running on x86 architecture. AcidRain, on the other hand, is compiled for MIPS architecture. Where AcidRain w...

Ukraine's biggest telecom operator Kyivstar has  become  the victim of a " powerful hacker attack ," disrupting customer access to mobile and internet services. "The cyberattack on Ukraine's #Kyivstar telecoms operator has impacted all regions of the country with high impact to the capital, metrics show, with knock-on impacts reported to air raid alert network and banking sector as work continues to restore connectivity," NetBlocks  said  in a series of posts on X (formerly Twitter). Kyivstar, which is owned by Dutch-domiciled multinational telecommunication services company VEON,  serves  nearly 25 million mobile subscribers and more than 1 million home internet customers. The company said the attack was "a result of" the war with Russia and that it has notified law enforcement and special state services. While Kyivstar is working to restore the services, the internet watchdog noted that the telco is largely offline. That said, Kyivstar has yet ...