#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
AI Security

national security | Breaking Cybersecurity News | The Hacker News

Australian Defence Force Private and Husband Charged with Espionage for Russia

Australian Defence Force Private and Husband Charged with Espionage for Russia

Jul 12, 2024 Cyber Crime / Online Safety
Two Russian-born Australian citizens have been arrested and charged in the country for spying on behalf of Russia as part of a "complex" law enforcement operation codenamed BURGAZADA . This includes a 40-year-old woman, an Australian Defence Force (ADF) Army Private, and her husband, a 62-year-old self-employed laborer. Media reports have identified them as Kira Korolev and Igor Korolev, respectively, noting that they had been in Australia for over a decade. The married couple were arrested at their home in the Brisbane suburb of Everton Park on July 11, 2024, the Australian Federal Police (AFP) said in a statement. They have been charged with one count each of preparing for an espionage offense, which carries a maximum penalty of 15 years' imprisonment. "It is the first time an espionage offense has been laid in Australia since new laws were introduced by the Commonwealth in 2018," the AFP said . The federal law enforcement agency has alleged the pair
U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation

U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation

Jul 12, 2024 Disinformation / Artificial Intelligence
The U.S. Department of Justice (DoJ) said it seized two internet domains and searched nearly 1,000 social media accounts that Russian threat actors allegedly used to covertly spread pro-Kremlin disinformation in the country and abroad on a large scale. "The social media bot farm used elements of AI to create fictitious social media profiles — often purporting to belong to individuals in the United States — which the operators then used to promote messages in support of Russian government objectives," the DoJ said . The bot network, comprising 968 accounts on X, is said to be part of an elaborate scheme hatched by an employee of Russian state-owned media outlet RT (formerly Russia Today), sponsored by the Kremlin, and aided by an officer of Russia's Federal Security Service (FSB), who created and led an unnamed private intelligence organization. The developmental efforts for the bot farm began in April 2022 when the individuals procured online infrastructure while anon
HUMINT: Diving Deep into the Dark Web

HUMINT: Diving Deep into the Dark Web

Jul 09, 2024Cybercrime / Dark Web
Discover how cybercriminals behave in Dark Web forums- what services they buy and sell, what motivates them, and even how they scam each other. Clear Web vs. Deep Web vs. Dark Web Threat intelligence professionals divide the internet into three main components: Clear Web - Web assets that can be viewed through public search engines, including media, blogs, and other pages and sites. Deep Web - Websites and forums that are unindexed by search engines. For example, webmail, online banking, corporate intranets, walled gardens, etc. Some of the hacker forums exist in the Deep Web, requiring credentials to enter. Dark Web - Web sources that require specific software to gain access. These sources are anonymous and closed, and include Telegram groups and invite-only forums. The Dark Web contains Tor, P2P, hacker forums, criminal marketplaces, etc. According to Etay Maor, Chief Security Strategist at Cato Networks , "We've been seeing a shift in how criminals communicate and co
WikiLeaks' Julian Assange Released from U.K. Prison, Heads to Australia

WikiLeaks' Julian Assange Released from U.K. Prison, Heads to Australia

Jun 25, 2024 National Security / Wikileak
WikiLeaks founder Julian Assange has been freed in the U.K. and has departed the country after serving more than five years in a maximum security prison at Belmarsh for what was described by the U.S. government as the "largest compromises of classified information" in its history. Capping off a 14-year legal saga, Assange, 52, pleaded guilty to one criminal count of conspiring to obtain and disclose classified U.S. national defense documents. He is due to be sentenced to 62 months of time already served in the Pacific island of Saipan later this week. According to the Associated Press , the hearing is taking place there because of Assange's "opposition to traveling to the continental U.S. and the court's proximity to Australia." "This is the result of a global campaign that spanned grass-roots organizers, press freedom campaigners, legislators and leaders from across the political spectrum, all the way to the United Nations," WikiLeaks said in a
cyber security

Top 4 Security Risks of GenAI

websiteWizGenAI Security / Technology
Gain a competitive edge and unlock the top 4 major emerging risks within GenAI. This report from Gartner provides insights and recommended actions for security and product leaders.
U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban

U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban

Jun 22, 2024 National Security / Cyber Espionage
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department. The move "underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber threats," Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson, said. "The United States will take action where necessary to hold accountable those who would seek to facilitate or otherwise enable these activities." The sanctions, however, do not extend to Kaspersky Lab, its parent or subsidiary companies, nor the company's founder and chief executive officer (CEO), Eugene Kaspersky, OFAC noted. The 12 C-suite and senior-level executives sanctioned are listed below - Andrei Gennadyevich Tikhonov, Chief Operating Officer (COO) and
U.S. Bans Kaspersky Software, Citing National Security Risks

U.S. Bans Kaspersky Software, Citing National Security Risks

Jun 21, 2024 Software Security / Threat Intelligence
The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's affiliates, subsidiaries and parent companies, the department said, adding the action is based on the fact that its operations in the U.S. posed a national security risk. News of the ban was first reported by Reuters. "The company's continued operations in the United States presented a national security risk — due to the Russian Government's offensive cyber capabilities and capacity to influence or direct Kaspersky's operations — that could not be addressed through mitigation measures short of a total prohibition," the BIS said . It further said Kaspersky is subject to the jurisdiction and control of the Russian government and that its software pro
Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs

Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs

Jun 05, 2024 Cyber Attack / Online Security
Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform. The development was first reported by Semafor and Forbes , which detailed a zero-click account takeover campaign that allows malware propagated via direct messages to compromise brand and celebrity accounts without having to click or interact with it. The exploit has been found to take advantage of a zero-day vulnerability in the messaging component that allows malicious code to be executed as soon as the message is opened. It's currently unclear how many users have been affected, although a TikTok spokesperson said that the company has taken preventive measures to stop the attack and stop it from happening again in the future. The company further said that it's working directly with impacted account holders to restore access and that the attack only managed to compromise a "very small" number
Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors

Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors

May 30, 2024 Cyber Espionage / Threat Intelligence
A previously undocumented cyber espionage-focused threat actor named LilacSquid has been linked to targeted attacks spanning various sectors in the United States (U.S.), Europe, and Asia as part of a data theft campaign since at least 2021. "The campaign is geared toward establishing long-term access to compromised victim organizations to enable LilacSquid to siphon data of interest to attacker-controlled servers," Cisco Talos researcher Asheer Malhotra said in a new technical report published today. Targets include information technology organizations building software for the research and industrial sectors in the U.S, energy companies in Europe, and the pharmaceutical sector in Asia, indicating a broad victimology footprint. Attack chains are known to exploit either publicly known vulnerabilities to breach internet-facing application servers or make use of compromised remote desktop protocol (RDP) credentials to deliver a mix of open-source tools and custom malware.
Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed

Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed

May 23, 2024 Cyber Espionage / Network Security
Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed  Operation Diplomatic Specter  since at least late 2022. "An analysis of this threat actor's activity reveals long-term espionage operations against at least seven governmental entities," Palo Alto Networks Unit 42 researchers Lior Rochberger and Daniel Frank  said  in a report shared with The Hacker News. "The threat actor performed intelligence collection efforts at a large scale, leveraging rare email exfiltration techniques against compromised servers." The cybersecurity firm, which previously tracked the activity cluster under the name CL-STA-0043, said it's graduating it to a temporary actor group codenamed TGR-STA-0043 owing to its assessment that the intrusion set is the work of a single actor operating on behalf of Chinese state-aligned interests. Targets of the attacks i
Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia

May 01, 2024 National Security / Insider Threat
A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. "This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust,"  said  FBI Director Christopher Wray. Jareh Sebastian Dalke, 32, of Colorado Springs was employed as an Information Systems Security Designer between June 6 to July 1, 2022, during which time he had access to sensitive information. Despite his short tenure at the intelligence agency, Dalke is said to have made contact with a person he thought was a Russian agent sometime between August and September of that year. In reality, the person was an undercover agent working for the Federal Bureau of Investigation (FBI). To demonstrate his "legitimate access and willingness to share," he then emailed the purported Russian ag
U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

U.S. Government Releases New AI Security Guidelines for Critical Infrastructure

Apr 30, 2024 Machine Learning / National Security
The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department of Homeland Security (DHS)  said  Monday. In addition, the agency said it's working to facilitate safe, responsible, and trustworthy use of the technology in a manner that does not infringe on individuals' privacy, civil rights, and civil liberties. The new guidance concerns the use of AI to augment and scale attacks on critical infrastructure, adversarial manipulation of AI systems, and shortcomings in such tools that could result in unintended consequences, necessitating the need for transparency and secure by design practices to evaluate and mitigate AI risks. Specifically, this spans four diffe
German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

Apr 23, 2024 Counterintelligence / National Security
German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F., and Thomas R. "The suspects are strongly suspected of working for a Chinese secret service since an unspecified date before June 2022," the Generalbundesanwalt  said . Thomas R. is believed to have acted as an agent for China's Ministry of State Security (MSS), gathering information about innovative technologies in Germany that could be used for military purposes. The defendant also sought the help of a married couple, Herwig F. and Ina F., who run a Düsseldorf-based business that established connections with the scientific and research community in Germany. This materialized in the form of an agreement with an unnamed German university to conduct a study for an unnamed Chinese contractor regarding the
U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign

U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign

Mar 21, 2024 National Security / Data Privacy
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sanctions against two 46-year-old Russian nationals and the respective companies they own for engaging in cyber influence operations. Ilya Andreevich Gambashidze (Gambashidze), the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin (Tupikin), the CEO and current owner of Russia-based Company Group Structura LLC (Structura), have been accused of providing services to the Russian government in connection to a "foreign malign influence campaign." The disinformation campaign is tracked by the broader cybersecurity community under the name  Doppelganger , which is known to target audiences in Europe and the U.S. using inauthentic news sites and social media accounts. "SDA and Structura have been identified as key actors of the campaign, responsible for providing [the Government of the Russian Federation] with a variety of servic
President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations

President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations

Feb 29, 2024 Cyber Espionage / Data Protection
U.S. President Joe Biden has  issued  an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House said in a statement. This includes sensitive information such as genomic data, biometric data, personal health data, geolocation data, financial data, and certain kinds of personally identifiable information (PII). The U.S. government said threat actors could weaponize this information to track their citizens and pass that information to  data brokers  and foreign intelligence services, which can then be used for intrusive surveillance, scams, blackmail, and other violations of privacy. "Commercial data brokers and other companies can sell this data to countries of concern, or entities controlled by those countries, and it can land in the hands of foreign intelligenc
U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

Feb 03, 2024 Intelligence Agency / Cyber Security
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The  officials  include Hamid Reza Lashgarian, Mahdi Lashgarian, Hamid Homayunfal, Milad Mansuri, Mohammad Bagher Shirinkar, and Reza Mohammad Amin Saberian, who are part of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). Reza Lashgarian is also the head of the IRGC-CEC and a commander in the IRGC-Qods Force. He is alleged to have been involved in various IRGC cyber and intelligence operations. The Treasury Department  said  it's holding these individuals responsible for carrying out "cyber operations in which they hacked and posted images on the screens of programmable logic controllers manufactured by Unitronics, an Israeli company." In late November 2023, the U.S. Cybersecurity and Infras
Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents

Feb 02, 2024 National Security / Data Breach
A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally charged in June 2018. He was  found guilty  in July 2022. On September 13, 2023, he was  convicted  on charges of receiving, possessing, and transporting child pornography. In addition to the prison term, Schulte has been sentenced to a lifetime of supervised release. "Schulte's theft is the largest data breach in the history of the CIA, and his transmission of that stolen information to WikiLeaks is one of the largest unauthorized disclosures of classified information in the history of the U.S.," the U.S. Department of Justice (DoJ)  said . The sensitive information shared by Schulte included a tranche of  hacking tools and exploits  that were denominated as  Vault 7  and 
China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

Jan 30, 2024 Malware / Cyber Espionage
The China-based threat actor known as  Mustang Panda  is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November 2023 and January 2024 after artifacts in connection with the attacks were uploaded to the VirusTotal platform. "The most prominent of these TTPs are the use of legitimate software including a binary developed by engineering firm Bernecker & Rainer (B&R) and a component of the Windows 10 upgrade assistant to sideload malicious dynamic-link libraries (DLLs)," CSIRT-CTI  said . Mustang Panda, active since at least 2012, is also recognized by the cybersecurity community under the names BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, and TEMP.Hex. In recent months, the adversary has been attributed to attacks targeting
Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Chinese Hackers Launch Covert Espionage Attacks on 24 Cambodian Organizations

Nov 13, 2023 National Security / Cyber Attack
Cybersecurity researchers have discovered what they say is malicious cyber activity orchestrated by two prominent Chinese nation-state hacking groups targeting 24 Cambodian government organizations. "This activity is believed to be part of a long-term espionage campaign," Palo Alto Networks Unit 42 researchers  said  in a report last week. "The observed activity aligns with geopolitical goals of the Chinese government as it seeks to leverage their strong relations with Cambodia to project their power and expand their naval operations in the region." Targeted organizations span defense, election oversight, human rights, national treasury and finance, commerce, politics, natural resources, and telecommunications sectors. The assessment stems from the persistent nature of inbound network connections originating from these entities to a China-linked adversarial infrastructure that masquerades as cloud backup and storage services over a "period of several month
Cybersecurity
Expert Insights
Cybersecurity Resources