Critical Infrastructure Protection

December 10, 2024

The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations. On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to compromise approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos in ...

December 6, 2024

From 27 November to 6 December 2024, Exercise Cyber Coalition took place from the Cyber Range 14 in Tallinn, Estonia. Operating annually since 2008, Cyber Coalition is NATO’s flagship cyber defence exercise and one of the largest in the world. The 2024 edition of the exercise aims to further enhance NATO, Allies and partners’ resilience to ...

December 6, 2024

Storm-0227, a Chinese state-sponsored advanced persistent threat (APT) actor started targeting critical infrastructure organizations, as well as government entities, in the United States. The group abuses software vulnerabilities and engages in spear phishing attacks to gain access to people’s devices. Once they get the access, they deploy different Remote Access Trojans (RAT) and other malware to ...

December 3, 2024

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Signals Directorate’s (ASD’s) Australian Cyber Security Centre (ACSC), Canadian Cyber Security Centre (CCCS), and New Zealand’s National Cyber Security Centre (NCSC-NZ) warn that People’s Republic of China (PRC)-affiliated threat actors compromised networks of major global telecommunications providers to ...

November 19, 2024

In July 2024, the operational technology (OT)-centric malware FrostyGoop/BUSTLEBERM became publicly known, after attackers used it to disrupt critical infrastructure. The outage occurred after the Cyber Security Situation Center (CSSC), affiliated with the Security Service of Ukraine, disclosed details of an attack on a municipal energy company in Ukraine in early 2024. FrostyGoop is the ninth ...

November 15, 2024

More technology is moving onto the cloud – meaning its data is hosted on remote servers rather than on personal devices – and integrating artificial intelligence (AI), which opens it up to new kinds of malicious attacks. To improve Singapore’s ability to counter these emerging threats, soldiers from the Singapore Armed Forces (SAF) and civilians from ...

November 13, 2024

Global Navigation Satellite Systems (GNSS) are collections, or constellations of satellite positioning systems. There are several GNSSs launched by different countries currently in operation: GPS (US), GLONASS (Russia), Galileo (EU), BeiDou Navigation Satellite System (BDS, China), Navigation with Indian Constellation (NavIC, India) and Quazi-Zenith Satellite System (QZSS, Japan). These systems are used for positioning, navigation ...

October 30, 2024

Scientists from China are aiming to create a communication protocol which can help protect traditional encryption methods from quantum computer attacks. Chinese scientists recently presented a draft document at an internal event held in Sweden which showed their attempts at making a ‘quantum-proof’ communication protocol. Once ready, the protocol will help agencies and governments across the ...

October 17, 2024

Most EU member states are set to miss an implementation deadline falling today (17 October) to implement rules to protect critical entities against cyber-attacks and organisations are also concerned about fragmentation of such rules. Euronews reported last week that the European Commission had so far only received confirmations from Belgium and Croatia on transposition of the ...