Defence and Aerospace


  • Suspected Chinese state hackers target Russian submarine designer

    April 30, 2021

    Hackers suspected to work for the Chinese government have used a new malware called PortDoor to infiltrate the systems of an engineering company that designs submarines for the Russian Navy. They used a spear-phishing email specifically crafted to lure the general director of the company into opening a malicious document. The threat actor targeted Rubin Central Design ...

  • Cyberspies target military organizations with new Nebulae backdoor

    April 28, 2021

    A Chinese-speaking threat actor has deployed a new backdoor in multiple cyber-espionage operations spanning roughly two years and targeting military organizations from Southeast Asia. For at least a decade, the hacking group known as Naikon has actively spied on organizations in countries around the South China Sea, including the Philippines, Malaysia, Indonesia, Singapore, and Thailand, for ...

  • Ghostwriter Update: Cyber Espionage Group UNC1151 Likely Conducts Ghostwriter Influence Activity

    April 28, 2021

    In July 2020, Mandiant Threat Intelligence released a public report detailing an ongoing influence campaign we named “Ghostwriter.” Ghostwriter is a cyber-enabled influence campaign which primarily targets audiences in Lithuania, Latvia and Poland and promotes narratives critical of the North Atlantic Treaty Organization’s (NATO) presence in Eastern Europe. Since releasing our public report, we have ...

  • The big Pentagon internet mystery now partially solved

    April 24, 2021

    A very strange thing happened on the internet the day President Joe Biden was sworn in. A shadowy company residing at a shared workspace above a Florida bank announced to the world’s computer networks that it was now managing a colossal, previously idle chunk of the internet owned by the U.S. Department of Defense. That real ...

  • Passwordstate password manager hacked in supply chain attack

    April 23, 2021

    Click Studios, the company behind the Passwordstate enterprise password manager, notified customers that attackers compromised the app’s update mechanism to deliver malware in a supply-chain attack after breaching its networks. Passwordstate is an on-premises password management solution used by over 370,000 security and IT professionals at 29,000 companies worldwide, as the company claims. Its customer list includes ...

  • Pulse Secure VPN zero-day used to hack defense firms, govt orgs

    April 20, 2021

    Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base (DIB) networks. To mitigate the vulnerability tracked as CVE-2021-22893 (with a maximum 10/10 severity score), Pulse Secure advises customers with gateways ...

  • The Security dilemma of smart factories [Part 3] Fundamental security risks in robot languages

    April 19, 2021

    Industrial robots are the core of the automation of manufacturing processes in smart factories, and are the most important components as they support the manufacture of all kinds of products such as automobiles, aircraft, processed foods, and pharmaceuticals. In addition, as equipment that realizes unmanned manufacturing in the post-COVID-19 world where minimal or no contact ...

  • NATO prepares for world’s largest cyber war game

    April 13, 2021

    Military cyber security specialists are preparing for the largest cyber war game in the world, which kicks off tomorrow as the fictional NATO member state of Berylia comes under attack. The real-time NATO exercise will include defenders practising the protection of critical civilian and military infrastructure, including water treatment facilities and energy plants. Amid the increasing risk ...

  • Indian defense chief admits China’s cyber-weapons would ‘disrupt large number of systems’ whenever Beijing presses the button

    April 9, 2021

    The highest-ranked officer in India’s armed forces has admitted that China has cyber-war capabilities that can overwhelm his nation’s defenses and suggested that only cross-forces collaboration will get India to parity with its giant neighbor. General Bipin Rawat, a four-star general and since 2020 the first to hold a new role of chief of defense staff, ...

  • US adds seven Chinese supercomputing organisations onto Entity List

    April 9, 2021

    In another move aimed at restricting the development of Chinese technology, the US Commerce Department has added seven Chinese supercomputing entities to its Entity List for allegedly supporting China’s military efforts. The newly added entities that are companies include the Shanghai High-Performance Integrated Circuit Design Center, Sunway Microelectronics, Tianjin Phytium Information Technology. The remaining organisations are ...

  • Crossing the Line: When Cyberattacks Become Acts of War

    April 7, 2021

    The Cold War concept isn’t outdated. In the decades since the fall of the Soviet Union, the battleground has simply shifted from conflicts between ideological proxy governments to cyberspace. And the opponents have grown from a few primary nations into a broad range of sovereign threat actors. The question is, when does a cyberattack cross the ...

  • USB threats to ICS systems have nearly doubled

    April 1, 2021

    The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period. Let’s face it. Critical infrastructure operators in manufacturing, aerospace, energy, shipping, chemical, ...

  • China takes aim at ‘spying’ Tesla cars, bans military staff use

    March 22, 2021

    Elon Musk has said Tesla would be “shut down” if accusations that the firm’s cars could be used for spying purposes were true. Last week, the Wall Street Journal reported that the Chinese government has restricted the use of Tesla vehicles in military and key, state-owned company settings. Military and government staff are reportedly not permitted to ...

  • SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests

    March 18, 2021

    Cyberattackers involved in worldwide hacking campaigns are using the compromised systems of high-profile victims as playgrounds to test out malicious tool detection rates. On Thursday, Swiss cybersecurity firm Prodaft said that SilverFish (.PDF), an “extremely skilled” threat group, has been responsible for intrusions at over 4,720 private and government organizations including “Fortune 500 companies, ministries, airlines, ...

  • Intel joins DARPA in search of encryption ‘holy grail’

    March 9, 2021

    Intel has signed an agreement with Defense Advanced Research Projects Agency (DARPA) to take part in its Data Protection in Virtual Environments (DPRIVE) program, which is aiming to develop an accelerator for fully homomorphic encryption (FHE). “Fully homomorphic encryption remains the holy grail in the quest to keep data secure while in use,” Intel Labs principal ...

  • GAO report finds DOD’s weapons programs lack clear cybersecurity guidelines

    March 4, 2021

    In a new report released Thursday, the U.S. Government Accountability Office (GAO) said the Department of Defense fails to communicate clear cybersecurity guidelines to contractors tasked with building systems for its weapons programs. As part of its so called congressional watchdog duties, the GAO found that Defense Department weapons programs are failing to consistently incorporate cybersecurity ...

  • Lazarus targets defense industry with ThreatNeedle

    February 25, 2021

    We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. After taking a closer look, we identified the malware ...

  • Airplane maker Bombardier data posted on ransomware leak site following FTA hack

    February 23, 2021

    Canadian airplane manufacturer Bombardier has disclosed today a security breach after some of its data was published on a dark web portal operated by the Clop ransomware gang. “An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated ...

  • Australian Department of Defence lists cyber mitigation as key factor for building ethical AI

    February 17, 2021

    The Australian Department of Defence has released a new report on its findings for how to reduce the ethical risk of artificial intelligence projects, noting that cyber mitigation will be key to maintaining the trust and integrity of autonomous systems. The report was drafted following concerns from Defence that failure to adopt emerging technologies in a ...

  • Android spyware strains linked to state-sponsored Confucius threat group

    February 11, 2021

    Two variants of Android spyware connected to pro-India, state-sponsored hacking campaigns have been discovered. On Tuesday, cybersecurity firm Lookout said that two malware strains, dubbed Hornbill and SunBird, have been linked to Confucius, an advanced persistent threat (APT) group thought to be state-sponsored and to have pro-India ties. First detected in 2013, Confucius has been linked to ...