Defence and Aerospace


  • Nigeria: Military Personnel Arrested For Cybercrime In Lagos

    August 17, 2020

    Lance Corporal Ajayi Kayode, a serving military personnel in Lagos State, has been arrested for alleged Internet fraud. Kayode was arrested in the Lekki axis of the state by operatives of the Economic and Financial Crimes Commission. The soldier, who was arrested alongside 26 others, said he was still learning “yahoo yahoo” (Internet fraud) from his friends ...

  • CactusPete APT group’s updated Bisonal backdoor

    August 13, 2020

    CactusPete (also known as Karma Panda or Tonto Team) is an APT group that has been publicly known since at least 2013. Some of the group’s activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this group’s activity for years as well. Historically, their activity has ...

  • CISA, DOD, FBI expose new versions of Chinese malware strain named Taidoor

    August 3, 2020

    Three agencies of the US government have published today a joint alert alerting US private entities about new versions of Taidoor, a malware family previously associated with Chinese state-sponsored hackers. The alert has been authored by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), the Department of Defense’s Cyber Command (CyberCom), and ...

  • US defense and aerospace sectors targeted in new wave of North Korean attacks

    July 30, 2020

    Tracked under the codename of “Operation North Star,” McAfee said these attacks have been linked to infrastructure and TTPs (Techniques, Tactics, and Procedures) previously associated with Hidden Cobra — an umbrella term the US government uses to describe all North Korean state-sponsored hacking groups. As for the attacks themselves, McAfee said they were run-of-the-mill spear-phishing emails ...

  • Cyber experts urge Australia to develop local capability to defend against hackers

    July 12, 2020

    Cyber experts have urged the federal government to become less reliant on overseas businesses, technologies and expertise for its defences against hackers as it puts the finishing touches on the nation’s new cyber security strategy. Foreign providers are responsible for most of the cyber security products and services in Australia, with no local companies among the ...

  • CISA: Nation-State Attackers Likely to Take Aim at Palo Alto Networks Bug

    June 30, 2020

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that foreign hackers are likely to exploit a newly disclosed, critical vulnerability in a raft of Palo Alto Networks firewalls and enterprise VPN appliances, which allows for device takeover without authentication. The Department of Defense (DoD) arm that oversees cyberspace operations has advised all devices affected ...

  • Battling COVID; a cyber Airman’s story

    June 26, 2020

    Tech. Sgt. Brandon Ibanez, a cyber intelligence analyst with the 854th Combat Operations Squadron here, doesn’t wear a helmet to work, nor does he wear a sword or shield. As a Gladiator in the 960th Cyberspace Wing, it’s not a requirement to don the traditional uniform of ancient Roman fighters, and it would be impractical because ...

  • 23 IS conducts virtual PAI training

    June 25, 2020

    Reserve Citizen Airmen from the 23rd Intelligence Squadron organized and executed a first-ever, unit-wide Publicly Available Information (PAI) training session June 6, 2020. The goal of the training was to educate 23 IS Airmen with PAI best practices and highlight the capabilities that PAI brings to intelligence operations. The training was part of the squadron’s ...

  • 13th Signal Regiment: British Army creates new cyber unit to protect forces

    June 5, 2020

    The British Army has created a new military cyber unit to protect forces in the modern era. The 13th Signal Regiment was formally launched on Monday. It will be based at Blandford Forum in Dorset but operate where needed around the world. It was described by a defence source as a “restructuring of existing capabilities”, bringing together ...

  • U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked

    June 4, 2020

    A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information. The company, Westech International, has a range of contracts with the military for everything from ongoing evaluation for the ballistic ...

  • Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments

    May 12, 2020

    Tropic Trooper, a threat actor group that targets government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong, has been active since 2011. The group was reportedly using spear-phishing emails with weaponized attachments to exploit known vulnerabilities. Primarily motivated by information theft and espionage, the group has also been seen adopting different strategies such ...

  • Updated BackConfig Malware Targeting Government and Military Organizations in South Asia

    May 11, 2020

    Unit 42 has observed activity over the last 4 months involving the BackConfig malware used by the Hangover threat group (aka Neon, Viceroy Tiger, MONSOON). Targets of the spear-phishing attacks, using local and topical lures, included government and military organizations in South Asia. The BackConfig custom trojan has a flexible plug-in architecture for components offering various features, including ...

  • Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

    May 4, 2020

    The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and ...

  • UK: £1m innovation funding to predict and counter cyber attacks

    April 27, 2020

    The Defence and Security Accelerator (DASA) can today announce nearly £1m to further develop technology that predicts and counters cyber-attacks. Three lead organisations, in collaboration with three additional organisations, have been awarded funding in Phase 2 of the DASA ‘Predictive Cyber Analytics’ competition. This work will develop, adapt and merge the novel approaches explored in Phase 1 ...

  • Paging A Joint Task Force: Cyber Defense Of Pandemic Medical Infrastructure

    March 24, 2020

    The ongoing global response to COVID-19 infections has become a critical public health, economic, and national security priority. The crisis has been made worse by ransomware and other disruptive intrusion incidents, threatening the continued provision of healthcare services to patients affected by the disease. U.S. Health and Human Services disclosures of known data breaches — even prior ...

  • Chinese hackers use decade-old Bisonal Trojan in cyberespionage campaigns

    March 5, 2020

    Chinese cyberattackers continue to improve and deploy a decade-old Remote Access Trojan (RAT) in ongoing campaigns against Russian, Japanese, and South Korean targets. On Thursday, researchers from Cisco Talos said that the Bisonal RAT is an unusual sample of malware that has been improved, rolled back, and refined over a period of 10 years, an uncommon practice by ...

  • DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

    March 3, 2020

    A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser Precision said it was targeted by a “cyber incident” that involved the attacker accessing and stealing company data after a security ...

  • Israeli soldiers tricked into installing malware by Hamas agents posing as women

    February 17, 2020

    Members of the Hamas Palestinian militant group have posed as young teenage girls to lure Israeli soldiers into installing malware-infected apps on their phones, a spokesperson for the Israeli Defence Force (IDF) said today. Some soldiers fell for the scam, but IDF said they detected the infections, tracked down the malware, and then took down Hamas’ ...

  • Gamaredon APT Improves Toolset to Target Ukraine Government, Military

    February 5, 2020

    The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in Gamaredon cyberattacks on Ukrainian military and security institutions that started in December. ...

  • Mitsubishi Electric discloses security breach, China is main suspect

    January 20, 2020

    In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi ...