....

TITLE: Iran’s nuclear energy agency’s email got hacked from a foreign country

CONTENT: Iran's atomic energy organization announced on Sunday that an e-mail server belonging to one of its subsidiaries had been hacked from a foreign country and material had been published online.

Black Reward, an Iranian hacker collective, claimed in a statement posted on Twitter that it has made leaked information about Iranian nuclear programs, calling the move a gesture of support for Iranian protesters.

According to Black Reward, the documents released included atomic development contracts and agreements with domestic and foreign partners, management and operational schedules of different parts of the Bushehr power plant, and passports and visas of Iranian and Russian specialists working there.

In a statement made on October 21, Black Reward threatened to reveal hacked data within 24 hours if the government did not free political prisoners and those detained during the uprising.

EXCERPT: An e-mail server belonging to Iran's atomic energy organization was hacked from a foreign country. Black Reward, an Iranian hacker collective, claims it has made leaked information about Iran's nuclear programs public. Documents include atomic development contracts, management and operational schedules of different parts of Bushehr power plant.

TOPIC: Cybercrime, Cyberconflict and warfare

DATE: 23.10.

LINK: https://www.reuters.com/world/middle-east/irans-atomic-energy-organization-says-e-mail-was-hacked-state-media-says-2022-10-23/

TITLE: Saudi government’s service site becomes a target of a new phishing campaign

CONTENT: Multiple phishing domains imitating Absher, the Saudi government service site, have been set up to supply citizens with fake services and steal their passwords.

CloudSEK cybersecurity researchers made the finding and published an advisory about the threat on Thursday.

Government services in the Saudi region have reportedly recently been a top target for cybercriminals looking to steal user credentials and exploit them in other cyberattacks, according to CloudSEK.

In order to lessen the effects of these assaults, CloudSEK urged government agencies to keep an eye on phishing attempts that target citizens and warn and educate them about the risks, such as by advising them not to click on questionable links.

EXCERPT: Saudi citizens are being targeted by phishing websites that mimic Absher, the Saudi government service site. Cybercriminals are looking to steal user credentials and exploit them in other cyberattacks, researchers say. Government services in the Saudi region have reportedly been a top target for cybercriminals.

LINK: https://www.infosecurity-magazine.com/news/phishing-campaign-saudi-government/

DATE: 21.10.

TOPIC: Cybercrime, Cybersecurity, Cyberconflict and warfare

TITLE: Ivanti’s Ransomware Index Report Q2–Q3 2022: Ransomware leads to physical war

CONTENT: Since 2019, ransomware has expanded by 466%, and it is increasingly being utilized as a precursor to actual combat.

The findings came from Ivanti's Ransomware Index Report Q2-Q3 2022, which the company released earlier today to Infosecurity.

The data also suggests that ransomware groups are becoming more sophisticated and widespread, with 35 vulnerabilities becoming related with ransomware in the first three quarters of 2022 and 159 trending active exploits. Based on the report, 47.4% of ransomware vulnerabilities threaten healthcare systems, 31.6% damage energy systems, and 21.1% affect key manufacturing.

The Ivanti research claims that hostile nations are increasingly using state-sponsored threat groups to infiltrate, destabilize, and disrupt operations in their target countries. As shown in the recent Russia-Ukraine war, ransomware is being utilized as a precursor to physical warfare in many of these operations.

Ivanti executive also noted that IT and security teams need to work on employing automation technology that can not only correlate data from disparate sources, but also quantify risk, provide early warning of weaponization, predict assaults, and prioritize remedial actions.

TOPIC: Cyberconflict and warfare, Cybercrime, Critical infrastructure

DATE: 20.10.

LINK: https://www.infosecurity-magazine.com/news/ransomware-precursor-to-physical/

EXCERPT: Ivanti's Ransomware Index Report Q2-Q3 2022 states that ransomware is being utilized as a precursor to physical warfare. The report shows percentage of ransomware expansion since 2019, as well as ransomware vulnerabilities that threaten some of the most critical infrastructure. It is suggested that IT and security teams work on quantifying risk, providing early warning of weaponization, predicting assaults, and prioritizing remedial actions.

TITLE: Hong Kong’s government org’s network compromised by hackers for a year

CONTENT: Cyberattacks on government institutions in Hong Kong by the China-linked espionage actor APT41 (also known as Winnti), which compromised them, went unnoticed for up to a year in certain cases, have been discovered by Symantec researchers.

The threat actor has been employing a piece of customized malware known as Spyder Loader that has previously been linked to the organization.

The newly detected Hong Kong activity appears to be a component of the same operation, according to Symantec's research, and the targets of Winnti are local governments in the special administrative area.

Although Symantec was unable to recover the full malware, it appears that the objective of APT41's most recent effort was to gather intelligence from significant Hong Kong institutions.

EXCERPT: Symantec has discovered a year long China-linked cyberattacks, coming from espionage actor known as Winnti. They have been compromising government institutions in Hong Kong. The full malware was not yet found, but their most recent object is local governments special administrative area.

LINK: https://www.bleepingcomputer.com/news/security/hackers-compromised-hong-kong-govt-orgs-network-for-a-year/

DATE: 18.10.

TOPIC: Cybercrime, Cyberconflict and warfare

TITLE: Bulgarian government attacked with DDoS by pro-Russian hackers

CONTENT: Over the weekend, the Bulgarian government was subject to a wave of DDoS attacks, with Russia being the main suspect, according to sources.

According to various local reports, traffic flooded the websites of the Bulgarian President, the National Revenue Agency, and the departments of internal affairs, defense, and justice.

The campaign on October 15 also targeted telecom businesses, airports, banks, and a few media outlets, Sofia Globe reported.

The suspects were recognized as being from the Russian city of Magnitogorsk by the authorities, according to Borislav Sarafov, the director of Bulgaria's National Investigation Service.

However, according to some reports, the notorious Russian cybercrime group Killnet had already taken responsibility for the said DDoS attack.

LINK: https://www.infosecurity-magazine.com/news/prorussia-hackers-ddos-bulgarian/

DATE: 18.10.

TOPIC: Cyberconflict and warfare, cybercrime

EXCERPT: The Bulgarian government was subject to a wave of DDoS attacks, with Russia being the main suspect. Traffic flooded the websites of the Bulgarian President, National Revenue Agency, and departments of internal affairs, defense, and justice. Some reports claim Russian cybercrime group Killnet had already taken responsibility for the attack.

TITLE: Colombian data leak exposes personal information of Australian Federal Police

CONTENT: Following the release of data taken from the Colombian government by hackers, the identities of covert agents for the Australian Federal Police (AFP) have been made public.

More than five terabytes of sensitive information, including emails, documents, and strategies AFP agents were employing to prevent drug cartels from conducting business in Australia, were leaked by the hacktivist collective Guacamaya.

Details exposed this way come from 35 AFP operations, some of them still active, and also contain surveillance reports from agents, phone tap recordings, and salary data for Colombian personnel.

LINK: https://www.bleepingcomputer.com/news/security/australian-police-secret-agents-exposed-in-colombian-data-leak/

DATE: 14.10.

TOPIC: Cyberconflict and warfare, Cybercrime

EXCERPT: The identities of covert agents for the Australian Federal Police (AFP) have been made public. This follows the release of data taken from the Colombian government by hackers. More than five terabytes of sensitive information were leaked by the hacktivist collective Guacamaya.

TITLE: Education sector recorded a 44% increase in cyberattacks since last year

CONTENT: According to Check Point's 2022 Mid-Year Report, the education sector saw a 44% increase in cyberattacks from 2021 to 2022, with an average of 2297 attacks against organizations every week.

The research illustrates that a factor in the attraction is the enormous amount of personal information that threat actors can amass by picking on businesses in this industry.

According to the monthly threat index produced by the research team, the education sector will be most negatively affected in 2022. It is obvious that cybercriminals are finding success with these operations, and schools and colleges should be planning for a rise in the frequency of these attacks.

In contrast to most businesses, which only have employees, academic institutions also have students. This makes the sector's networks much larger, more accessible, and harder to secure.

TOPIC: Cyberconflict and warfare, Cybercrime, Cybersecurity

LINK: https://www.infosecurity-magazine.com/news/education-experienced-44-increase/

DATE: 14.10.

EXCERPT: The education sector saw a 44% increase in cyberattacks from 2021 to 2022, with an average of 2297 attacks against organizations every week. Cybercriminals are finding success with these operations, and schools and colleges should be planning for a rise in the frequency of these attacks.

TITLE: Microsoft discovers new novel ransomware attack on Ukraine and Poland

CONTENT: According to a blog post by Microsoft on Friday, a recently identified hacker group has used a novel kind of ransomware to assault logistics and transportation firms in Poland and Ukraine.

In less than an hour on Tuesday, the attackers targeted a variety of computers, according to Microsoft, which added that it had not yet been able to connect the attacks to any known group.

Researchers discovered that the cyberattacks, however, closely resembled past assaults by a cyber team connected to the Russian government that had affected Ukrainian government services.

LINK: https://www.reuters.com/technology/microsoft-says-ukraine-poland-targetted-with-novel-ransomware-attack-2022-10-14/

TOPIC: Cyberconflict and warfare, Cybercrime

EXCERPT: A hacker group has used a novel kind of ransomware to attack logistics and transportation firms in Poland and Ukraine. In less than an hour on Tuesday, the attackers targeted a variety of computers. Microsoft has not yet been able to connect the attacks to any known group.

DATE: 15.10.

TITLE: Turkey’s new disinformation law imposes threats to domestic journalism and social media

CONTENT: A comprehensive new rule that could result in up to three years in prison for people suspected of disinformation spreading has been approved by the Turkish parliament.

Wide-ranging clauses of the contentious bill, put out by the government's Justice and Development party (AKP), are designed to control domestic journalism as well as social media.

The bill provides a framework for extensive censorship of online information and the criminalization of journalism, which will enable the government to further subdue and control public debate in the run-up to Turkey's general elections in 2023, according to a coalition of 22 press freedom organizations.

Additionally, the new law mandates that messaging services like WhatsApp, which is also owned by Meta, submit user information to the government upon request from the nation's Information and Communication Technologies Authority.

EXCERPT: Turkey's parliament has approved a bill that could result in up to three years in prison for people suspected of spreading disinformation online. The bill, put out by the government's Justice and Development party (AKP), is designed to control domestic journalism as well as social media.

LINK: https://www.theguardian.com/world/2022/oct/13/turkey-new-disinformation-law-could-jail-journalists-for-3-years

DATE: 13.10.

TOPIC: Freedom of the press, Freedom of expression, Content policy

TITLE: Report documents China's use of cyberattacks over the past ten years

CONTENT: According to a report released on October 12, by consultancy firm Booz Allen Hamilton, Chinese state-sponsored cyberattacks pose a growing threat to US national security.

‘Same Cloak, More Dagger: Decoding How the People's Republic of China (PRC) Uses Cyber Attacks’ is a report aimed at CISOs of American companies and their allies, as well as threat analysts. It provides a thorough examination of more than 13 case studies of Chinese-sponsored cyberattacks over the last decade.

According to their results, China is creating and using cyberattack capabilities to further its 'core interests' at home. These cyberattacks are a supplement to China's more well-known and varied efforts to use legal, financial, cultural, political, and technical tools to further its objectives online.

Booz Allen did clarify that the report's main source of research was open-source. It is likely impossible to properly determine the exact extent of China's cyberattack capabilities from open sources. It's probable that China decided not to use all of its resources or that it did so secretly, based on the study.

LINK: https://www.infosecurity-magazine.com/news/report-china-cyberattacks-past/

DATE: 14.10.

TOPIC: Cyberconflict and warfare

EXCERPT: 'Same Cloak, More Dagger: Decoding How the People's Republic of China Uses Cyber Attacks' is a report aimed at CISOs of American companies and their allies. It provides a thorough examination of more than 13 case studies of Chinese-sponsored cyberattacks over the last decade. It is shown that Chinese state-sponsored cyberattacks pose a growing threat to US national security.

TITLE: Kazakh media outlet Orda’s staff suffer from months of cyberattacks and online harassment

CONTENT: The Committee to Protect Journalists said on Wednesday that Kazakhstani authorities should fully examine recent threats against independent news website Orda and its head editor Gulnara Bazhkenova and safeguard the safety of the publication and its personnel.

Following the publishing by the outlet of an investigation into suspected lobbying methods by a corporation apparently related to Kazakhstan's former president, Nursultan Nazarbayev, there have been several internet harassments and cyberattacks against Bazhkenova, her family, and Orda.

While Orda has improved its cybersecurity, Bazhkenova claims that DDoS and other types of cyberattacks have been ongoing since July, with perpetrators constantly looking for ‘weak spots’ that cause the site to go offline for brief periods.

In addition to the website cyberattacks, she claims that unidentified users have flooded Orda's Telegram chat with derogatory images and insults aimed at Bazhkenova and Orda staff. However, most recently, the online insults have been replaced by threats against her and her 7-year-old son. LINK: https://cpj.org/2022/10/kazakh-outlet-orda-staff-subjected-to-months-of-threats-online-harassme nt-cyberattacks/

EXCERPT: Cyberattacks against independent news outlet Orda have been ongoing since July, with perpetrators constantly looking for 'weak spots' that cause the site to go offline for brief periods. The Committee to Protect Journalists said on Wednesday that Kazakhstani authorities should fully examine recent online threats.

DATE: 12.10.2022.

TOPIC: Freedom of the press, Cybercrime

TITLE: Greek government promises ban on spyware of journalists at the meeting with RSF

CONTENT: At their meeting on October 10th, the representative of RSF requested that the Deputy Minister to the Prime Minister and Government Spokesperson, Ioannis Oikonomou, initiate discussions for a complete reform of the legal safeguards against the arbitrary surveillance of journalists.

The recent revelations of the intelligence agency's surveillance of reporters using spyware have increased the gap of mistrust between Greek journalists and the authorities, according to Pavol Szalai, head of RSF's European Union and Balkans desk. He further stated that the new legal framework the government promised must be both ambitious and properly consult with the main stakeholders: journalists.

The government ‘will soon submit a bill to make the use of spyware illegal,’ according to Ioannis Oikonomou, who also reiterated that the Greek authorities did not acquire or use Predator, in response to Pavol Szalai's call for legislation on spywares.

LINK: https://rsf.org/en/greece-meeting-rsf-government-commits-ban-use-spyware

EXCERPT: Reporters Without Borders (RSF) has called for a complete reform of the legal safeguards against the arbitrary surveillance of journalists in Greece. The government 'will soon submit a bill to make the use of spyware illegal,' according to Ioannis Oikonomou, who also reiterated that the Greek authorities did not acquire or use Predator.

TOPIC: Freedom of the press

DATE: 12.10.

TITLE: Ukraine tightens collaboration with EU cybersecurity agencies

CONTENT: Recently, representatives from the European Union Agency for Cybersecurity (ENISA) and the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) met to explore enhancing networking and collaboration.

The working meeting took place as part of the Cybersecurity East Project trip to the ENISA headquarters in Athens.

After the conference, Viktor Zhora, the deputy head of the SSSCIP, stated: ‘Cooperation with the European partners includes two key vectors for our country. On the one hand, Ukrainian experience in cyber-war, confronting cyber-threats from Russia would definitely be beneficial for other democracies.’

The SSSCIP claimed that the meeting was essential for European integration as well, with ENISA special partner status being a key step in that direction since the Ukrainian conflict has pushed the country even further toward its Western peers.

According to SSSCIP, achieving this accreditation is a crucial step in the process of aligning national cybersecurity laws with EU law.

DATE: 10.10.

TOPIC: Cybersecurity, Cyberconflict and warfare

EXCERPT: Ukraine and the European Union have met to discuss enhancing networking and collaboration. The meeting took place as part of the Cybersecurity East Project trip to the ENISA headquarters in Athens. SSSCIP claimed that the meeting was essential for European integration as well, with ENISA special partner status being a key step in that direction. This will also push the country's aligning of national cybersecurity laws with EU law.

LINK: https://www.infosecurity-magazine.com/news/ukraine-cooperation-with-eu/

TITLE: US airports’ hit with DDoS by pro-Russian hackers

CONTENT: The websites of numerous major airports in the United States have allegedly been subjected to widespread distributed denial-of-service (DDoS) attacks, according to the pro-Russian hacktivist organization 'KillNet.'

Travelers are unable to login and receive information about their booked flights or make reservations for airport services because the servers hosting these sites are being overloaded by trash requests as a result of the DDoS attacks.

The Hartsfield-Jackson Atlanta International Airport (ATL), one of the nation's major air traffic hubs, and the Los Angeles International Airport (LAX), which is occasionally offline or very slow to reply, are notable examples of airport websites that are now inaccessible.

DATE: 10.10.

LINK: https://www.bleepingcomputer.com/news/security/us-airports-sites-taken-down-in-ddos-attacks-by-pro-russian-hackers/

TOPIC: Cyberconflict and warfare, Cybercrime

EXCERPT: The websites of numerous major airports in the U.S. have allegedly been subjected to widespread distributed denial-of-service attacks caused by pro-Russian hackers. The Hartsfield-Jackson Atlanta International Airport (ATL), and the Los Angeles International Airport are notable examples of airport websites that are now inaccessible.

TITLE: Expansion of cyberfeminism in the Middle East and South Asia

CONTENT: Feminist activists in Iraq started a social media campaign in September last week to call for the Ministry of Education to issue a formal resolution that will forbid ‘the imposition of the veil as a condition for academic enrollment.’

The online campaign, which emphasized the value of women's personal freedom, provided another illustration of how cyberfeminism is taking a dynamic shape in the Middle East and South Asian countries through the hashtag #No_for_forced_veiling on Iraqi social media networks.

LINK: https://www.outlookindia.com/national/how-cyberfeminism-is-helping-women-forge-solidarities-in-conservative-societies-news-228660

DATE: 09.10.

TOPIC: Gender rights online

EXCERPT: Feminist activists in Iraq started a social media campaign to call for the Ministry of Education to issue a formal resolution that will forbid 'the imposition of the veil as a condition for academic enrollment'. The online campaign, which emphasized the value of women's personal freedom, generated #No_for_forced_veiling on Iraqi social media networks.

TITLE: Germany's cybersecurity chief may be dismissed

CONTENT: Due to potential interactions with individuals associated with Russian security services, German Interior Minister Nancy Faeser wants to fire the nation's cybersecurity director, according to late-Sunday reports in German media that cited official sources.

According to numerous sites, Arne Schoenbohm, the head of the federal information security organization BSI, may have had these contacts through the German Cyber Security Council.

Schoenbohm founded the organization, which includes a German firm that is a subsidiary of a Russian cybersecurity firm founded by a former KGB employee.

EXCERPT: Germany's interior minister reportedly wants to fire the nation's cybersecurity director. Arne Schoenbohm may have had contacts with individuals associated with Russian security services. His organization, BSI, is a subsidiary of a Russian cybersecurity firm founded by a former KGB employee.

LINK: https://www.reuters.com/world/europe/germanys-cybersecurity-chief-faces-dismissal-reports-2022-10-09/

TOPIC: Cybersecurity

DATE: 10.10.

TITLE: Taliban deactivate two news websites due to ‘false propaganda’ in Afghanistan

CONTENT: According to a tweet from the ministry's spokesperson Anayatullah Alokozay and a report by the London-based independent Afghanistan International TV station, the Taliban's Ministry of Telecommunications and Information Technology shut down the websites of Hasht-e Subh Daily and Zawia News on Monday, October 3, due to 'false propaganda' against the Taliban.

In separate statements on Monday, the Hasht-e Subh daily and Zawia News sites, which are run by Afghan journalists who have been reporting from exile since the August 2021 Taliban takeover, said the Taliban had deactivated their website domain names.

Since then, Hasht-e Subh Daily has resumed its online presence under a new domain. According to Zawia News, it will keep publishing news on the website of Zawia Media, its parent firm.

LINK: https://cpj.org/2022/10/taliban-shuts-down-two-news-websites-in-afghanistan/

EXCERPT: Afghanistan's Ministry of Telecommunications and Information Technology shut down the websites of Hasht-e Subh Daily and Zawia News on Monday, October 3. The sites are run by Afghan journalists who have been reporting from exile since the August 2021 Taliban takeover.

DATE: 04.10.

TOPIC: Freedom of the press

TITLE: FBI and CISA joined in a public announcement on malicious cyber activities against election infrastructure

CONTENT: An official public service announcement about hostile cyber activity intended to compromise election infrastructure has been released by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA).

The agencies stated in the letter made public on Tuesday that it is unlikely that attempts to breach election infrastructure will result in widespread disruptions or stop voting.

The notice also made clear that authorities employ a range of safeguards to lessen the possibility of hostile cyber activity compromising the security, reliability, or accessibility of election infrastructure systems.

The Election Security Group (ESG), a body created at the end of August by the US Cyber Command (USCYBERCOM) and the National Security Agency (NSA), was created to safeguard electoral processes from hacking and disinformation before and during the November elections.

EXCERPT: An official public service announcement about hostile cyber activity intended to compromise election infrastructure has been released by the FBI and CISA. The agencies stated that it is unlikely that attempts to breach election infrastructure will result in widespread disruptions or stop voting. Election Security Group (ESG) was created to safeguard electoral processes from hacking and disinformation.

LINK: https://www.infosecurity-magazine.com/news/fbi-cisa-advisory-cyber-activity/

DATE: 06.10.

TOPIC: Cyberconflict and warfare, Cybersecurity, Cybercrime

TITLE: US government agencies reveal top weak points exploited by Chinese hackers since 2020

CONTENT: In order to attack government and critical infrastructure networks, hackers supported by the People's Republic of China (PRC) most frequently use certain security flaws, according to information released today by the NSA, CISA, and the FBI.

In a combined alert, the three government agencies claimed that Chinese-sponsored hackers are targeting tech businesses and networks in the United States and its allies in order to enter private networks and steal intellectual property.

The report also includes suggestions for addressing each of the security holes that Chinese threat actors use the most, as well as detecting techniques and weak technologies to aid defenses in identifying and thwarting incoming attacks.

TOPIC: Cyberconflict and warfare, Cybercrime

LINK: https://www.bleepingcomputer.com/news/security/us-govt-shares-top-flaws-exploited-by-chinese-hackers-since-2020/

DATE: 06.10.

EXCERPT: NSA, CISA, and FBI warn that Chinese-sponsored hackers are targeting tech businesses and networks in the U.S. and its allies to steal intellectual property. Report also includes suggestions for addressing each of the security holes that Chinese threat actors use the most.

TITLE: Spyware still used by Mexico against activists

CONTENT: Despite a commitment by President Andrés Manuel López Obrador to halt such activities, it is reported that the Mexican government or army has continued to utilize spyware meant to hack into the cellphones of activists.

Press freedom advocacy organizations reported on Monday that they had discovered proof of recent attempts to target activists looking into Mexican army human rights violations using the Israeli spyware tool Pegasus. The University of Toronto group Citizen Lab conducted a forensic study to confirm the Pegasus virus.

The targets included rights campaigner Raymundo Ramos, according to a report by the press freedom organization Article 19, The Network for the Defense of Digital Rights, and Mexican media outlets.

TOPIC: Cybercrime, Freedom of expression

LINK: https://apnews.com/article/technology-mexico-caribbean-hacking-cd4e4a0bcf13705072af19b2d97bbf63

EXCERPT: Despite a commitment by President Andrés Manuel López Obrador to halt such activities, it is reported that the Mexican government or army has continued to utilize spyware. Targets included rights campaigner Raymundo Ramos, according to a report by the press freedom organization Article 19.

DATE: 03.10.

TITLE: Election campaign and online attacks pose threat to Brazilian press freedom

CONTENT: The image of the media by President Bolsonaro as an enemy of the state that must be stopped has always resonated strongly with his support base, which is well-organized on social media, but especially during this election campaign.

Since the campaign's launch on August 16th, RSF has carefully tracked (put this link on ‘carefully tracked’: https://rsf.org/en/press-under-pressure-brazil-rsf-analyzes-online-attacks-against-journalists-during-presidential ) these online attacks and has recorded no less than 2.8 million posts that target and degrade journalists.

In terms of direct assaults, 86% of victims were female journalists. The president's family and government officials, who have millions of followers on social media, have shared the vast majority of this offensive material.

LINK: https://rsf.org/en/bolsonaro-reelection-poses-biggest-threat-brazilian-press-freedom-says-rsf

EXCERPT: RSF has recorded more than 2.8 million posts that target and degrade journalists in Brazil since the beginning of election campaign.

TOPIC: Freedom of the press

DATE: 30.09.

TITLE: Lazarus hacker group weaponize open-source software against several countries

CONTENT: Legitimate open-source software has been weaponized by threat actors connected to North Korea and is now being used to target personnel in businesses from a variety of industries.

The information was obtained by the Microsoft Threat Intelligence Center (MSTIC), which on Thursday released a warning about the threat.

The Lazarus Group, also known as the actor Microsoft tracks as Zinc, is said to have carried out the attacks, the technical write-up stated.

According to the advisory, Zinc has successfully compromised numerous organizations in the media, defense and aerospace, and information technology sectors in the United States, United Kingdom, India, and Russia.

EXCERPT: Open-source software has been weaponized by threat actors connected to North Korea. The Lazarus Group, also known as the actor Microsoft tracks as Zinc, is said to have carried out the attacks. Targets include media, defense and aerospace, and information technology sectors in the United States, UK, India, and Russia.

LINK: https://www.infosecurity-magazine.com/news/lazarus-group-weaponize-open/

TOPIC: Cyberconflict and warfare, Cybercrime

DATE: 30.09.

TITLE: Vietnam is working on a new set of rules to restrict news posts on social media accounts

CONTENT: According to Reuters, Vietnam is preparing new rules that will restrict which social media accounts can post news-related content, as authorities tighten their grip on the country's news and information sources.

The regulations would create a legal foundation for regulating news distribution on platforms such as Facebook and YouTube.

The sources confirmed that government officials have been holding confidential meetings with popular social media and internet firms to brief them on which types of accounts will be allowed to post news content under the new rules. According to them, authorities will be able to order social media companies to ban accounts that violate the rules.

The rules are anticipated to be announced before the end of the year, with specifics still being worked out.

TOPIC: Freedom of expression

LINK: https://www.reuters.com/technology/exclusive-vietnam-preparing-rules-limit-news-posts-social-media-accounts-sources-2022-09-28/

DATE: 29.09.

EXCERPT: Vietnam is preparing new rules that will restrict which social media accounts can post news-related content, as authorities tighten their grip on the country's news and information sources. If the rules are announced, authorities will be able to order social media companies to ban accounts that violate the rules.

TITLE: HR Council’s annual debate on gender-based barriers to freedom of opinion and expression: online aspects

CONTENT: The Human Rights Council held its annual debate on the incorporation of a gender perspective, with the focus on overcoming gender-based barriers to freedom of opinion and expression.

Gender-based online violence against journalists, according to Julie Posetti of the International Centre for Journalists, is one of the most serious contemporary threats to press freedom and the safety of women journalists worldwide. Individual political actors and parties have been identified as perpetrators, instigators, and amplifiers of online violence against female journalists in many countries.

Irene Khan, Special Rapporteur on freedom of opinion and expression said that states must not use efforts to eradicate online violence, gendered hate speech, and disinformation as an excuse to limit free expression.

During the discussion that followed, speakers stated that online discrimination plays a role in censoring and silencing the voices of women and girls.

TOPIC: Gender rights online, Freedom of expression, Freedom of the press

LINK: https://www.ohchr.org/en/press-releases/2022/09/human-rights-council-holds-annual-discussion-integration-gender-perspective

EXCERPT: Human Rights Council held its annual debate on the incorporation of a gender perspective. The focus was on overcoming gender-based barriers to freedom of opinion and expression. Gender-based online violence against journalists is one of the most serious contemporary threats to press freedom, and states must not use efforts to eradicate online violence, gendered hate speech, and disinformation as an excuse to limit free expression.

DATE: 28.09.

TITLE: Fiji Women’s Rights Movement claims that women are more vulnerable to online violence

CONTENT: Nalini Singh, Executive Director of the Fiji Women's Rights Movement, made remarks on gender rights in cyberspace, while praising the government's intention to join the Convention on Cyber Crime.

According to Singh, cybercrime should not be approached from a gender-neutral standpoint.

She claims that women who have regular access to online spaces are more vulnerable to online violence. Singh also states that dissecting how cybercrime occurs can help the state respond more effectively.

LINK: https://www.fbcnews.com.fj/news/women-more-vulnerable-on-cyber-space-fwrm/

DATE: 28.09.

EXCERPT: Nalini Singh, Executive Director of the Fiji Women's Rights Movement made remarks on gender rights in cyberspace. She claims that women who have regular access to online spaces are more vulnerable to online violence.

TOPIC: Gender rights online

TITLE: Indonesian advocates condemn latest cyberattack on press freedom

CONTENT: Indonesian advocates have condemned a series of widespread and coordinated cyberattacks on journalists and employees of the state’s media company Narasi and urged police to act immediately. This media company is known for its criticism of the government.

The attacks aimed to take control of its employees' Telegram, Instagram, Facebook, and Twitter accounts, states the head of newsroom, Laban Laisila.

Advocates condemned the attack on press freedom and urged law enforcement not to take sides when dealing with cyberattacks.

Discrepancy between the way law treated cyberattacks involving state or government institutions and those involving the press is noticeable.

EXCERPT: Indonesian advocates have condemned a series of widespread and coordinated cyberattacks on journalists and employees of the state's media company Narasi. This media company is known for its criticism of the government. Press freedom is at stake as the country deals with cyberattacks differently depending on whether they occurred against the government than against the press.

LINK: https://asianews.network/indonesian-activists-deplore-latest-cyberattack-as-assault-on-press-freedom/

DATE: 28.09.

TOPIC: Freedom of the press, Cybercrime

TITLE: Meta takes down Russian network spoofing Western news sites

CONTENT: According to Meta, it took down a vast network of Facebook and Instagram profiles spreading misinformation that had been spoofed on more than 60 websites across Europe.

The primarily targeted countries were Germany, France, Italy, Ukraine, and the U.K. Original articles were attacking Ukraine and Ukrainian refugees and suggesting that Western sanctions on Russia will backfire.

Meta said it succeeded to take down around thousands of Facebook and Instagram accounts, while stating that this is ‘the largest and most complex Russian-origin operation that we've disrupted since the beginning of the war in Ukraine.’

EXCERPT: Social media company Meta says it has disrupted 'the largest and most complex Russian-origin operation that we've disrupted since the beginning of the war in Ukraine'. The primarily targeted countries were Germany, France, Italy, Ukraine, and the U.K. Original articles were attacking Ukrainian refugees and suggesting that Western sanctions on Russia will backfire.

LINK: https://www.bleepingcomputer.com/news/security/meta-dismantles-massive-russian-network-spoofing-western-news-sites/

DATE: 27.09.

TOPIC: Cybersecurity, Cybercrime

TITLE: Ukrainian military intelligence warns allies of major upcoming Russian cyber-attacks

CONTENT: The key infrastructure of Ukraine and its allies will be the target of ‘major cyber-attacks,’ according to a warning issued today by the Ukrainian military intelligence service.

According to the Main Directorate of Intelligence of the Ukrainian Ministry of Defence (HUR MO), this upcoming ‘massive’ wave of strikes will likely target disrupting and destroying institutions and facilities related to the energy sector.

The Russian cyberattacks' most likely objective would also be to disrupt the Ukrainian Army's on-going advance and heighten the destruction caused by missile strikes against the country's eastern and southern energy supply facilities.

EXCERPT: 'Major cyber-attacks' will target key infrastructure of Ukraine and its allies, warns Ukrainian military intelligence service. Main objective would be to disrupt the Ukrainian Army's advance and heighten destruction caused by missile strikes against the country's eastern and southern energy supply facilities.

DATE: 26.09.2022.

TREND: Ukraine

TOPIC: Cyberconflict and warfare

LINK: https://www.bleepingcomputer.com/news/security/ukraine-warns-allies-of-russian-plans-to-escalate-cyberattacks/

TITLE: RSF urges Azerbaijan to stop harassing Swedish journalist online

CONTENT: Reporters Without Borders (RSF) demands that supporters of Azerbaijani President Ilham Aliyev stop smearing Swedish freelance journalist Rasmus Canbäck, particularly on Twitter.

Canbäck has been called a ‘Islamophobe,’ a ‘terrorist,’ a ‘spy,’ and ‘funded by the Armenian lobby’ on Twitter as a result of his articles about Azerbaijan, particularly for the online magazine Blankspot. He has been writing about Nagorno-Karabakh, a region with an Armenian majority where a long-running conflict has recently resurfaced, as well as Azerbaijan's alleged use of bribes in its ‘caviar diplomacy’ and lobbying.

According to RSF, Canbäck's account was mentioned in nearly 900 tweets between September 1 and September 21. Therefore, RSF also requests that Swedish Foreign Minister Ann Linde remind Azerbaijan's Ambassador Ahmadov to maintain press freedom and journalistic independence. Nevertheless, Ambassador himself participated in the online harassment.

TOPIC: Freedom of the press

LINK: https://rsf.org/en/rsf-calls-azerbaijan-end-online-harassment-swedish-journalist

DATE: 23.09.2022.

EXCERPT: Reporters Without Borders (RSF) demands that supporters of Azerbaijani President Ilham Aliyev stop smearing Swedish freelance journalist Rasmus Canbäck, highlighting the one on Twitter. His account was mentioned in nearly 900 tweets between September 1 and September 21, and he suffers from online harassment in all of them. RSF also urges Swedish Foreign Minister Ann Linde to remind Azerbaijan's Ambassador Ahmadov to maintain press freedom and journalistic independence.

TITLE: The Security Service of Ukraine dismantles hacker group which stole around 30 mil. accounts

CONTENT: The Security Service of Ukraine (SSU) has dismantled a group of hackers who stole the accounts of nearly 30 million people and sold them on the dark web.

On victim systems in the European Union and Ukraine, the hackers deployed malware to steal login information and other sensitive data. Several hard drives containing stolen personal data, as well as computers, SIM cards, mobile phones, and flash drives, were discovered and confiscated during raids on the perpetrators' homes in Lviv, Ukraine.

Although the number of people detained is still unknown, they are all being prosecuted on criminal accusations related to the illegal sale or dissemination of information with restricted access kept in computers and networks. Sentences for these offenses carry long prison terms.

Since the first days of the Russian invasion, spreading false information about the conflict has become common throughout Ukraine. Misinformation and deception are still flooding the internet.

EXCERPT: The Security Service of Ukraine (SSU) has dismantled a group of hackers. They stole the accounts of nearly 30 million people and sold them on the dark web. Hard drives containing stolen personal data, as well as computers, SIM cards, mobile phones, and flash drives were all discovered and confiscated during raids in Lviv. The number of detained people remains unknown, but sentences for the offenses in question will be quite long.

DATE: 23.09.2022.

LINK: https://www.bleepingcomputer.com/news/security/ukraine-dismantles-hacker-gang-that-stole-30-million-accounts/

TOPIC: Cybercrime, Cyberconflict and warfare

TITLE: Iranians lose access to Instagram and WhatsApp: RSF sees it as an attack on the right to news and information

CONTENT: According to Reporters Without Borders, the Iranian government's decision to restrict access to Instagram and WhatsApp, which had been circulating information about a wave of protests triggered by the death of Mahsa Amini in police custody following her arrest by the morality police on September 16, is an unprecedented attack on the right to news and information in Iran.

Since the beginning of the protests, the Islamic Republic has imposed numerous Internet shutdowns, and the shutdown is now complete in western Iran's Kurdistan province, where Amini was born and where the first protests began. Other major cities, including Tehran, have reported partial Internet restrictions.

The government has made contradictory statements about Internet censorship. ICT Minister Issa Zarepour insisted he had been misquoted after initially saying on September 21 that Internet restrictions could be imposed for security reasons.

However, since 2011, the government has invested in a ‘national Iranian Internet’ project that attempts to force Iranians to connect through a network controlled by the authorities before accessing content located elsewhere.

LINK: https://rsf.org/en/iran-reins-access-instagram-and-whatsapp-last-platforms-available-iranians

EXCERPT: According to Reporters Without Borders, the Iranian government's decision to restrict access to Instagram and WhatsApp is an unprecedented attack on the right to news and information in Iran. Internet shutdowns are complete in some regions - such as Western Iran’s Kurdistan province. These shutdowns follow the beginning of a wave of protests triggered by the death of Mahsa Amini. The Iranian government has started a ‘national Iranian Internet’ project that attempts to force Iranians to connect through a network controlled by the authorities before accessing content located elsewhere. This may seriously affect some basic human rights of the Iranian people.

TOPIC: Freedom of expression

DATE: 22.09.2022.

TITLE: Optus hit by cyberattack which affected around 10 million customers

CONTENT: Optus, the Australian subsidiary of Singapore Telecommunications, announced earlier today that it was investigating unauthorized access to customer data following a cyber-attack.

The company confirmed that the attack was instantly stopped, preventing customers' payment information and account passwords from being compromised. However, Optus confirmed that the attacker may have obtained some home addresses, driver's license numbers, and passport numbers.

Optus, which has 9.7 million subscribers according to publicly available data, said it also notified key financial institutions about the attack and subsequent breach.

Optus customers are now more vulnerable to phishing, with their credentials potentially already on the dark web, according to the executive.

EXCERPT: Optus, the Australian subsidiary of Singapore Telecommunications, was hit by a cyber-attack. Customers' payment information and account passwords were not compromised, but personal details may have been accessed. Optus customers are now more vulnerable to phishing, with their credentials potentially already on the dark web.

LINK: https://www.infosecurity-magazine.com/news/optus-hit-by-cyberattack/

DATE: 22.09.2022.

TOPIC: Cyberconflict and warfare, Cybercrime

TITLE: Insight by UN Women Executive Director on reaching digital gender equality

CONTENT: Ms. Sima Bahous, Broadband Commissioner, UN Under-Secretary-General and UN Women Executive Director has shared her ‘Insight’ regarding digital gender equality.

Sexual harassment, stalking, and zoom bombing are all examples of online and ICT-facilitated violence against women and girls that are expanding. Misogyny and sexual violence are finding new digital homes in virtual reality and the metaverse. Women journalists, politicians, and activists who rely on an online presence for their work are therefore especially impacted. A concerning fact is that more than half of girls and young women surveyed globally have already experienced some form of online violence.

She firstly recommends that governments should establish strong and clear codes of conduct for law enforcement officials dealing with online violence against women and girls, as well as to invest in specialized justice officers to deal with such violence in a human rights and gender-sensitive manner. Secondly, she suggested that internet intermediaries make high-level, clear commitments to ensure the safety of women and girls in online spaces.

You can read more about her recommendations on the topic here (please insert link on ‘here’).

DATE: 18.09.2022.

LINK: https://www.unwomen.org/en/news-stories/op-ed/2022/09/expanding-broadband-safely-and-inclusively-to-reach-digital-gender-equality

TOPIC: Gender rights online

EXCERPT: Sima Bahous, Broadband Commissioner, UN Under-Secretary-General and UN Women Executive Director has shared her 'Insight' regarding digital gender equality. One of her recommendations for achieving online gender equality is that governments establish strong and clear codes of conduct for law enforcement officials dealing with online violence against women and girls.

TITLE: Iranian websites hacked after Mahsa Amini’s death

CONTENT: After a Twitter account connected to the ‘Anonymous’ hacking collective claimed to have conducted cyberattacks on them in support of protests following the tragic death of 22-year-old Mahsa Amini, multiple government and state-affiliated media websites in Iran were taken down.

The attacks appear to have targeted the Iranian government's two main websites. One is the government's ‘smart services’ website, which provides a variety of online services, and another is dedicated to publishing government news and interviews with officials.

‘All databases have been deleted,’ a social media linked to Anonymous claimed. claimed a social media account linked to Anonymous. The Iranian government has yet to issue an official response to the attacks.

LINK: https://www.aljazeera.com/news/2022/9/21/anonymous-hacks-iran-state-websites-after-mahsa-aminis-death

EXCERPT: ‘Anonymous’ hackers have taken down government and state-affiliated media websites in Iran. ‘All databases have been deleted,’ a social media account linked to ‘Anonymous’ claimed. The Iranian government has yet to issue an official response to the attacks.

DATE: 21.09.2022.

TOPIC: Cyberconflict and warfare

TITLE: Microsoft 365 phishing attacks pose as US government agencies

CONTENT: There is an ongoing phishing campaign aimed at the US government contractors that has grown to include higher-quality lures and better-crafted documents. Phishing emails show a request for bids on lucrative government projects, which leads them to phishing pages that look exactly like legitimate federal agency portals.

This appears to be the same operation that INKY reported on in January this year, with the threat actors attaching PDFs with instructions on how to bid on US Department of Labor projects.

This campaign's operatives don't appear to be stopping anytime soon, since they are now expanding their targeting scope while refining their lures.

Given that the emails, PDFs, and websites used in the phishing operation are primarily copies of the actual state’s content, detecting signs of fraud may be difficult.

TOPIC: Cyberconflict and warfare, Cybercrime

DATE: 19.09.2022.

EXCERPT: US government contractors are being targeted by an ongoing phishing campaign that has grown to include higher-quality lures and better-crafted documents. Given that the emails, PDFs, and websites used in the phishing operation are primarily copies of the actual state's content, detecting signs of fraud may be difficult.

LINK: https://www.bleepingcomputer.com/news/security/microsoft-365-phishing-attacks-impersonate-us-govt-agencies/

TITLE: Novaya Gazeta’s online media license revoked

CONTENT: Only 10 days after a Moscow Court revoked Novaya Gazeta’s print license, the Russian Supreme Court has revoked its online media license. This media outlet has been working independently for nearly 30 years, and now it lost its right to exist.

‘You are depriving hundreds of people of jobs. You are depriving readers–there were 27 million in March–of the right to information,’ Novaya Gazeta chief editor Dmitry Muratov stated in court on September 15. He referred to the verdict as ‘media genocide’ outside of court, claiming that it would prevent Novaya Gazeta reporters from contacting authorities, remove their accreditation status, and impose several restrictions on their operations.

LINK: https://cpj.org/2022/09/russian-authorities-revoke-novaya-gazetas-online-media-license/

TOPIC: Freedom of the press

EXCERPT: Only 10 days after a Moscow Court revoked Novaya Gazeta's print license, the Russian Supreme Court has revoked its online media license. This media outlet has been working independently for 30 years. Novaya Gazeta’s chief editor Dmitry Muratov referred to this action as ‘media genocide.’

DATE: 15.09.2022.

TITLE: The second Summit for Information and Democracy will be held on the sidelines of the UNGA

CONTENT: The Second Summit of the Partnership for Information and Democracy will be held on September 22, 2022 on the sidelines of the UN General Assembly. The Partnership is currently supported by 45 countries, and serves as a framework for multilateral reflection on the implementation of democratic guarantees in the global communication and information space.

The Summit's second edition will bring together Foreign Ministers from the Partnership's member countries as well as representatives from civil society. Among other initiatives, the recommendations of the Forum's working group on accountability regimes (please insert this link for ‘accountability regimes’: https://informationdemocracy.org/working-groups/accountability-regimes/) for social networks and their users will be published.

In its 4 years of work, launched by Reporters Without Borders in 2018, one of the International Initiative on Information and Democracy key results is an international coalition of 43 civil society and research organizations formed to promote democratic principles in the digital space. Therefore, the Summit will allow for better coordination of efforts to create a democratic digital space.

EXCERPT: The Second Summit of the Partnership for Information and Democracy will be held on September 22, 2022 on the sidelines of the UN General Assembly. It is currently supported by 45 countries, and serves as a framework for multilateral reflection on the implementation of democratic guarantees in the global communication and information space. The Summit aims for better coordination in creating a safe democratic digital space.

TOPIC: Freedom of expression, Freedom of the press

LINK: https://rsf.org/en/second-summit-information-and-democracy-be-held-new-york-22-september-2022 & https://informationdemocracy.org/working-groups/accountability-regimes/

DATE: 19.09.2022.

TITLE: New Policy Brief: Bridging the Digital Literacy Gender Gap in Developing Countries

CONTENT: An international team worked on a Policy Brief, Bridging the Digital Literacy Gender Gap in Developing Countries to urge the G20 and other countries to address the digital literacy challenges women face.

According to the data, when it comes to women being included in the digital sector, it is clear they are left behind. The gender gap in digital literacy in some economies, cultures, and locations inhibits women from taking advantage of improved educational possibilities and career prospects.

This policy brief assesses the correlation between sociocultural and digital literacy gaps. The article goes on to explain why gaps in digital literacy start developing in young age and how most programs for developing digital skills miss the challenges that women confront in integrating into the digital world. In its conclusion, it identifies solutions to these problems and implores the G20 and other nations to deal with the particular difficulties associated with women's digital literacy.

The main issue with women's access to digital resources is not the technology itself, but rather where women are situated in society. The gender digital gap is widened by elements including lack of autonomy, unequal access to education, and the perception of women as dangerous and unsafe in digital areas. You can read the full policy brief here (please insert this link on ‘here’: https://www.fenews.co.uk/wp-content/uploads/2022/09/Bridging-the-digital-literacy-gender-gap-in-developing-countries-2.pdf).

EXCERPT: An international team worked on a Policy Brief, Bridging the Digital Literacy Gender Gap in Developing Countries. It urges the G20 and other countries to address the digital literacy challenges women face. The main issue with women's access to digital resources is not the technology itself, but rather where women are situated in society.

DATE: 15.09.2022.

LINK: https://www.fenews.co.uk/exclusive/bridging-the-digital-literacy-gender-gap-in-developing-countries/ & https://www.fenews.co.uk/wp-content/uploads/2022/09/Bridging-the-digital-literacy-gender-gap-in-developing-countries-2.pdf

TOPIC: Gender rights online

...

TITLE: Research shows that Meta-owned apps are the most vulnerable to cyberattacks

CONTENT: TechShielder conducted a review of ten popular apps in the social, entertainment, and communication categories to determine which are the most likely to be hacked and what types of user data they store are at risk of being compromised.

According to the study, the average number of Google searches each app receives about being hacked indicates its vulnerability to cybercrime. Facebook ranks first with an average of 550,000 monthly searches for ‘Facebook hacked.’ Following that, there are 246,000 searches for ‘Instagram hacked’ and 135,000 for ‘WhatsApp hacked.’

With 49,500 and 27,100 searches, respectively, Snapchat and Twitch round out the top five. Netflix, YouTube, Telegram, Twitter, and Facebook's Messenger app were also included in the study. All of the apps reviewed by TechShielder store user email addresses and phone numbers, according to the company. Most collect names, credit card information, and cookies, which can provide a "in-depth" look into users' online lives.

The survey also showed that Meta-owned products have the most information on their users when compared to other popular apps, and Telegram has the least.

EXCERPT: TechShielder conducted a review of ten popular apps in the social, entertainment, and communication categories to determine which are most likely to be hacked. The average number of Google searches each app receives about being hacked indicates its vulnerability to cybercrime. Facebook ranks first with an average of 550,000 monthly searches for 'Facebook hacked'.

LINK: https://cybernews.com/security/meta-owned-apps-vulnerable-cyberattacks/

DATE: 14.09.2022.

TOPIC: Cybersecurity, Cybercrime, Network security

TITLE: Increased DDoS attacks on UK companies during Ukraine war

CONTENT: According to new Freedom of Information (FoI) data obtained from the industry regulator, the volume of DDoS attacks against UK financial institutions increased during the first few months of the Ukraine war.

The Financial Conduct Authority (FCA) has given information that 14 DDoS attacks have occurred in 2022, compared to only five in all of 2021.

Picus Security co-founder, Suleyman Ozarslan has explained: ‘UK financial institutions are in the crossfire of the ongoing war between Russia and Ukraine and have become a direct target for nation-state attackers and hacktivists seeking to disrupt Ukraine’s allies.’ With the importance of the finance sector as critical national infrastructure, Picus Security understands these attacks were carried out by state-sponsored and hacktivist operations.

LINK: https://www.infosecurity-magazine.com/news/ddos-attacks-uk-firms-surge-during/

EXCERPT: DDoS attacks against UK financial institutions increased during the Ukraine war. 14 DDoS attacks have occurred in 2022, compared to only five in all of 2021. Picus Security believes these attacks were carried out by state-sponsored and hacktivist operations

DATE: 14.09.2022.

TOPIC: Cyberconflict and warfare, Cybercrime

TITLE: Albania is yet again the target of new Iranian hacker attacks

CONTENT: The office of Albanian Prime Minister Edi Rama tweeted over the weekend that the attacks targeted the Total Information Management System (TIMS), which assists in tracking individuals entering and exiting the country. Following a July 15 ransomware attack that knocked out multiple government services, Tirana decided last week to cut all diplomatic ties with Iran.

The NATO member nation has long been Iran's adversary, providing refuge to tens of thousands of members of the Iranian opposition movement Mujahedeen-e-Khalq (MEK). The attack in July occurred just before the Free Iran World Summit that was scheduled to take place in Albania.

Albania had joined forces with Microsoft and the FBI on attribution in order to ensure that the act was the result of state aggression.

EXCERPT: The office of Albanian Prime Minister Edi Rama tweeted over the weekend that the attacks targeted the Total Information Management System (TIMS), which assists in tracking individuals entering and exiting the country. The FBI and Microsoft worked with the Albanian government to ensure that the act was the result of state aggression.

LINK: https://www.infosecurity-magazine.com/news/iranian-hackers-launch-renewed/

DATE: 13.09.2022.

TOPIC: Cyberconflict and warfare, Cybercrime

TITLE: New infostealer malware dropped on Asian government networks by cyberspies

CONTENT: Security researchers have discovered new cyber-espionage action targeting Asian governments, along with state-owned aerospace and defense companies, telecom companies, and IT organizations.

This activity is being carried out by a distinct threat group previously associated with the "ShadowPad" RAT (remote access trojan). Recently, the threat actor used a much broader set of tools.The most current campaign appears to be almost entirely focused on Asian governments or public entities, such as some of the following: head of government/Prime Minister's office, government-owned aerospace and defense companies, state-owned media companies etc.

Chinese hackers are most likely behind these espionage campaigns, but the evidence isn't credible enough to make a certain conclusion.

EXCERPT: This cyber-espionage activity is being carried out by a distinct threat group previously associated with the "ShadowPad" RAT. The most current campaign appears to be almost entirely focused on Asian governments. Chinese hackers are most likely behind these espionage campaigns, but the evidence isn't credible enough to make a certain conclusion.

DATE: 13.09.2022.

LINK: https://www.bleepingcomputer.com/news/security/cyberspies-drop-new-infostealer-malware-on-govt-networks-in-asia/

TOPIC: Cyberconflict and warfare, Cybercrime, Cybersecurity

TITLE: Vietnamese journalist gets five years of prison for his online criticism

CONTENT: Le Anh Hung, a 49 year old journalist, was given a five-year prison sentence by a Hanoi court on August 30 for "abusing democratic freedoms" and "infringing upon the interests of the state." Hung frequently contributed to the Voice of America website and wrote on politics. He also frequently attacked Hoang Trung Hai, a former deputy prime minister and industry minister, whom he accused of corruption, abuse of authority, and espionage for China in his posts that criticized the ruling party's corruption and dominance.

He published an open letter on his Facebook page that went viral three days prior to his arrest. The letter criticized government actions and demanded that a draft law designating "special economic zones" in three different regions of Vietnam be changed. The planned law had received harsh public criticism and had ignited demonstrations that were ruthlessly put down. Despite Hung's repeated claims that his mental health was excellent, he was detained in a mental institution in Hanoi for the first three years and ten months following his detention.

This five-year prison sentence that Vietnam's authorities secretly handed down to independent journalist Le Anh Hung after imprisoning him for four years in appalling conditions apalls Reporters Without Borders (RSF). According to RSF, the authorities continue to abuse the legal system to impose draconian punishments in an effort to silence any criticism of media.

EXCERPT: Journalist Le Anh Hung was sentenced to five years in a Hanoi court for "abusing democratic freedoms" and "infringing upon the interests of the state". Reporters Without Borders (RSF) says the authorities continue to abuse the legal system to impose draconian punishments in an effort to silence any criticism of media. Despite claims that his mental health was excellent, he was detained in a mental institution for the first three years and ten months following his detention.

LINK: https://rsf.org/en/vietnamese-journalist-gets-five-years-prison-abusing-democratic-freedoms

DATE: 12.09.2022.

TOPIC: Freedom of the press, Freedom of expression

TITLE: Iranian Minister Sanctioned by US Treasury for Hacking Government and Allies

CONTENT: The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury has sanctioned Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for allegations in engaging in cyber-enabled activities against the United States and its allies.

"We will not tolerate Iran's increasingly aggressive cyber activities targeting the United States or our allies and partners," stated Brian E. Nelson, Treasury Undersecretary for Terrorism and Financial Intelligence.

The MOIS would have guided several network connections of cyber threat actors engaged in cyber-espionage and ransomware attacks in assistance of Iran's political goals under Esmail Khatib's leadership.

The MuddyWater ransomware operations against Turkish government entities in November 2021, the APT39 wide - spread theft of personally identifiable information (PII) in 2020, and, most recently, the cyber activity that directly impacted Albanian government websites are examples of these. These sanctions come just weeks after Microsoft revealed details of alleged hacking campaigns linked to MuddyWater that targeted Israeli organizations by exploiting Log4j 2 vulnerabilities in SysAid applications.

EXCERPT: United States Office of Foreign Assets Control has sanctioned Iran's Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for cyber-enabled activities against the U.S. and its allies. "We will not tolerate Iran's increasingly aggressive cyber activities targeting the United States, …" said Brian E. Nelson, Treasury Undersecretary for Terrorism and Financial Intelligence.

LINK: https://www.infosecurity-magazine.com/news/us-sanctions-iranian-ministry/

DATE: 12.09.2022.

TOPIC: Cyberconflict and warfare

TITLE: Energy providers hacked globally by North Korean Lazarus Group

CONTENT: Between February and July 2022, the North Korean threat actor Lazarus Group ran a malicious campaign against energy providers all over the world. The campaign was previously revealed in part by Symantec and AhnLab in April and May, and Cisco Talos is now providing additional details.

The security researchers stated in an advisory on Thursday that the Lazarus campaign involved the exploitation of vulnerabilities in VMWare Horizon to gain initial access to targeted organizations. Cisco Talos states that the recent Lazarus attacks targeted energy providers from various countries, including the United States, Canada, and Japan.

The new Cisco Talos advisory is just the latest in a long line of documents detailing the Lazarus Group's hacking operations this summer. Elliptic, a blockchain analytics company, suggested in June that the threat actor was responsible for the $100 million theft from cryptocurrency firm Harmony. The Block recently linked the group to Axie Infinity's $600 million hack.

LINK: https://www.infosecurity-magazine.com/news/lazarus-group-hacked-energy/

DATE: 12.09.2022.

TOPIC: Cyberconflict and warfare, Cybercrime

EXCERPT: Between February and July 2022, the Lazarus Group ran a malicious campaign against energy providers all over the world. The campaign was previously revealed in part by Symantec and AhnLab in April and May. Cisco Talos is now providing additional details on the North Korean threat actor's operations.

TITLE: Freedom House report on Beijing’s Global Media Influence: cyber aspects

CONTENT: (For the next two paragraphs please use this link: https://www.voanews.com/a/china-s-global-media-influence-campaign-growing-says-freedom-house-/6736696.html) Freedom House report: Beijing's Global Media Influence: Authoritarian Expansion and the Power of Democratic Resilience, showed Beijing’s efforts to influence media in democracies, and their response. According to Freedom House, the Chinese Communist Party (CCP) employs a variety of tactics, including mass distribution of state-produced content, harassment and intimidation of local media outlets, targeted disinformation, and the use of cyberbullying and fake social media accounts.

Sarah Cook, Freedom House's research director for China, Hong Kong, and Taiwan, and one of the report's authors said: ‘The Chinese government is using more sophisticated, more covert and more coercive tactics, like cyberbullying, or cyberattacks, or just phone calls to journalists, to try to pressure and influence coverage in countries around the world.’

(From here on, please use this link: https://freedomhouse.org/report/beijing-global-media-influence/2022/authoritarian-expansion-power-democratic-resilience) Since 2019, more aggressive activities such as targeted harassment of individual reporters, cyberbullying, and cyberattacks against stigmatized media organizations have spread to 24 of the 30 countries under investigation in some form. Also, from 2019, news outlets or journalists from 7 countries have been targeted by cyberattacks that could be traced back to China. These cyberattacks increase the financial burden on media outlets to improve their defenses, and data theft hacking could endanger journalists and their sources.

Nigeria has been identified as the country most vulnerable to Beijing's media influence campaigns.

LINK: https://freedomhouse.org/report/beijing-global-media-influence/2022/authoritarian-expansion-power-democratic-resilience & https://www.voanews.com/a/china-s-global-media-influence-campaign-growing-says-freedom-house-/6736696.html

TOPIC: Freedom of the press, Cybercrime

DATE: 08.09.2022.

EXCERPT: Freedom House report: Beijing's Global Media Influence: Authoritarian Expansion and the Power of Democratic Resilience, showed Beijing's efforts to influence media in democracies. Since 2019, news outlets or journalists from 7 countries have been targeted by cyberattacks that could be traced back to China. More aggressive activities such as targeted harassment of individual reporters, cyberbullying, and cyberattacks against stigmatized media organizations have spread to 24 of the 30 countries under investigation in some form. According to Freedom House, the Chinese Communist Party (CCP) employs a variety of tactics, including mass distribution of state-produced content, harassment and intimidation of local media outlets, targeted disinformation, and the use of cyberbullying and fake social media accounts.

TITLE: Freedom House report on Beijing’s Global Media Influence: cyber aspects

CONTENT: (For the next two paragraphs please use this link: https://www.voanews.com/a/china-s-global-media-influence-campaign-growing-says-freedom-house-/6736696.html) Freedom House report: Beijing's Global Media Influence: Authoritarian Expansion and the Power of Democratic Resilience, showed Beijing’s efforts to influence media in democracies, and their response. According to Freedom House, the Chinese Communist Party (CCP) employs a variety of tactics, including mass distribution of state-produced content, harassment and intimidation of local media outlets, targeted disinformation, and the use of cyberbullying and fake social media accounts.

(From here on, please use this link: https://www.voanews.com/a/china-s-global-media-influence-campaign-growing-says-freedom-house-/6736696.html) Sarah Cook, Freedom House's research director for China, Hong Kong, and Taiwan, and one of the report's authors said: ‘The Chinese government is using more sophisticated, more covert and more coercive tactics, like cyberbullying, or cyberattacks, or just phone calls to journalists, to try to pressure and influence coverage in countries around the world.’

Since 2019, more aggressive activities such as targeted harassment of individual reporters, cyberbullying, and cyberattacks against stigmatized media organizations have spread to 24 of the 30 countries under investigation in some form. Since 2019, news outlets or journalists from 7 countries have been targeted by cyberattacks that could be traced back to China. These cyberattacks increase the financial burden on media outlets to improve their defenses, and data theft hacking could endanger journalists and their sources.

Nigeria has been identified as the country most vulnerable to Beijing's media influence campaigns.

LINK: https://freedomhouse.org/report/beijing-global-media-influence/2022/authoritarian-expansion-power-democratic-resilience & https://www.voanews.com/a/china-s-global-media-influence-campaign-growing-says-freedom-house-/6736696.html

TOPIC: Freedom of the press, Cybercrime

DATE: 08.09.2022.

EXCERPT: Freedom House report: Beijing's Global Media Influence: Authoritarian Expansion and the Power of Democratic Resilience, showed Beijing's efforts to influence media in democracies. Since 2019, news outlets or journalists from 7 countries have been targeted by cyberattacks that could be traced back to China. More aggressive activities such as targeted harassment of individual reporters, cyberbullying, and cyberattacks against stigmatized media organizations have spread to 24 of the 30 countries under investigation in some form. According to Freedom House, the Chinese Communist Party (CCP) employs a variety of tactics, including mass distribution of state-produced content, harassment and intimidation of local media outlets, targeted disinformation, and the use of cyberbullying and fake social media accounts.

TITLE: Increased Mortality Rates as a Result of Cyber-Attacks on Healthcare Organizations

CONTENT: According to new research from Proofpoint's Ponemon Institute, cyber-attacks on healthcare organizations increase mortality rates by more than 20%. The report surveyed 641 healthcare IT and security practitioners, and found out that 89% of them experienced an average of 43 attacks in the previous 12 months, with more than 20% experiencing one of these types of attacks: cloud compromise, ransomware, supply chain, and phishing.

The most common consequences of these attacks, according to Proofpoint, were delayed procedures, which resulted in poor patient outcomes for 57% of healthcare providers and increased complications from medical interventions for approximately half of them.

Ransomware was the most likely type of attack to have a negative impact on patient care, causing procedure or test postponements in 64% of cases and longer patient stays (59%).

LINK: https://www.infosecurity-magazine.com/news/mortality-rates-linked-cyber/

DATE: 11.09.2022.

TOPIC: Cyberconflict and warfare, Cybercrime, Cybersecurity

EXCERPT: Cyber-attacks on healthcare organizations increase mortality rates by more than 20%. 89% of healthcare IT and security practitioners experienced an average of 43 attacks in the previous 12 months. Cloud compromise, ransomware, supply chain, and phishing were the most common types of attacks.

TITLE: Draft EU regulations direct smart devices that pose cybersecurity risks

CONTENT: According to a European Commission document obtained by Reuters on Thursday, smart devices connected to the internet, such as refrigerators and televisions, will have to comply with strict European Union cybersecurity rules or risk being fined or banned from the bloc.

On September 13, the EU executive will unveil its Cyber Resilience Act proposal. Following input from EU countries, it is likely to become law. Companies will be required to notify the EU cybersecurity agency ENISA of incidents within 24 hours of becoming aware of them, and to take corrective action.

The paper states that if companies fail to comply, national surveillance authorities have the authority to ‘prohibit or restrict that product being made available on its national market, to withdraw it from that market or recall it.’

EXCERPT: On September 13, the EU executive will unveil its Cyber Resilience Act proposal. Following input from EU countries, it is likely to become law. Smart devices connected to the internet, such as refrigerators and televisions, will have to comply with strict European Union cybersecurity rules.

LINK: https://www.reuters.com/technology/draft-eu-rules-target-smart-devices-with-cybersecurity-risks-2022-09-08/

DATE: 08.09.2022.

TOPIC: Cybersecurity, Cybercrime

TITLE: Women in China are being silenced online as a result of violence and censorship

CONTENT: When an influential woman in China's #MeToo movement, Ms. Zhou Xiaoxuan, went to court against a famous TV anchor, Mr. Zhu Jun, the justice was not on her side. What happened was not the accuser, but the accused - was portrayed as the victim. Other cases of gender violence and gender related incidents also rapidly went viral. In each case, however, the conversation was quickly censored in order to reduce the ways in which the women had been assaulted. China’s Communist Party has used social media censorship to silence critics while amplifying comments that support the government's chosen narrative of social harmony. After carefully analysing the content, censors then remove popular comments or accounts which express views that deviate too far from the party line. Government censors used Weibo, a popular Chinese social media platform to boost the comments supporting the court’s decision against one of the victims of sexual assault mentioned above, while reducing and deleting messages in her support.

TOPIC: Freedom of expression, Gender rights online

LINK: https://www.nytimes.com/2022/09/06/business/china-women-metoo.html

DATE: 06.09.2022.

EXCERPT: Chinese women are not allowed to post freely about their experiences of gender-related violence. #MeToo movement in China was restricted and censored by the ruling China’s Communist Party. Social media censorship is one of the main tools the government use in order to prevent women to express themselves and point out the unjust situation in the country regarding their mistreatment.

TITLE: Iran is condemned by the United Kingdom for its cyber attack on Albania

CONTENT: On September 7, the United Kingdom officially condemned the Iranian state for a cyber attack against Albania's government which destroyed data and interrupted crucial government services such as paying utilities, booking medical appointments, and enrolling schoolchildren. According to the National Cyber Security Centre (NCSC), Iranian state-linked cyber actors are almost definitely accountable for a number of cyber attacks against Albanian government infrastructure beginning on July 15, 2022.

UK Foreign Secretary James Cleverly declared that ‘The UK is supporting our valuable partner and NATO ally. We join Albania and other allies in exposing Iran’s unacceptable actions.’ The UK has already identified and provided advice on several cyberattacks by Iranian actors, starting with 2018.

TOPIC: Cyberconflict and warfare

LINK: https://www.gov.uk/government/news/uk-condemns-iran-for-reckless-cyber-attack-against-albania

DATE: 07.09.2022.

EXCERPT: This Wednesday, the United Kingdom condemned the Iranian state for a cyber attack against Albania's government which destroyed data and interrupted crucial government services such as paying utilities. The UK has already identified and provided advice on several cyberattacks by Iranian actors, starting with 2018.

TITLE: Ransomware gang’s Cobalt Strike servers receive anti-Russia messages in a series of DDoS

CONTENT: There has been a flood of anti-Russian messages to Cobalt Strike servers run by former Conti ransomware gang members in order to disrupt their operations. Although the operators of Conti ransomware turned off their infrastructure this year in May, its members are now a part of other ransomware groups, including Quantum, Hive, and BlackCat. At the time, TeamServers (C2) used by ransomware actors to control the Cobalt Strike (CS) Beacon payloads on compromised hosts are being tracked by someone, allowing for lateral network movement. When they go inside the CS servers, the usernames they use are ‘Stop Putin!’, or they change their computer name to messages like ‘Be a Russian patriot!’, and ‘Stop the war!’ It is unknown who is sending these messages, as it could be anyone from a security researcher to law enforcement or even a cybercriminal with a grudge for siding with Russia, BleepingComputer reports. In the end, the disruption was only temporary, and the ransomware actor returned to the scene with a more robust infrastructure, allowing them to keep the stolen data accessible even in the face of distributed denial-of-service (DDoS) attacks. LINK: https://www.bleepingcomputer.com/news/security/ransomware-gangs-cobalt-strike-servers-ddosed-with-anti-russia-messages/ EXCERPT: There has been a flood of anti-Russian messages to Cobalt Strike servers run by former Conti ransomware gang members in order to disrupt their operations. At the time, TeamServers (C2) used by ransomware actors to control the Cobalt Strike (CS) Beacon payloads on compromised hosts are being tracked by someone, allowing for lateral network movement. TOPIC: Cybercrime, Cyberconflict and warfare DATE: 07.09.2022.

TITLE: Albania blames Iran for the July cyberattack and suspends diplomatic relations

CONTENT: Albanian Prime Minister, Edi Rama, declared on Wednesday that the entire staff of the Islamic Republic of Iran Embassy in Albania had been asked to leave within 24 hours.

This decision follows the termination of diplomatic relations with Iran following the identification of an Albanian government infrastructure cyberattack to Iranian threat actors in July. Rama said that: ‘The in-depth investigation provided us with indisputable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran through the engagement of four groups that enacted the aggression.’

The U.S. government also officially blamed Iran for the July attack on Albania. The U.S. official said that they condemn this attack and that the Islamic Republic of Iran would be held responsible for endangering the security of a NATO ally. Further actions will be taken to held Iran accountable if another attack towards any of their NATO ally happens in the future. EXCERPT: Albanian Prime Minister, Edi Rama, declared on Wednesday that the entire staff of the Islamic Republic of Iran Embassy in Albania had been asked to leave within 24 hours. The U.S. government also officially blamed Iran for the July attack on Albania. The U.S. official said that they condemn this attack and that the Islamic Republic of Iran would be held responsible for endangering the security of a NATO ally. LINK: https://www.bleepingcomputer.com/news/security/albania-blames-iran-for-july-cyberattack-severs-diplomatic-ties/ TOPIC: Cyberconflict and warfare DATE: 07.09.2022.

TITLE: Japan investigates the potential involvement of a pro-Russian group in cyberattacks

CONTENT: Japan announced on Wednesday that it is looking into the possible role in cyberattacks of a pro-Russian group after numerous government websites were disrupted the day before. The ransomware group in question is ‘Killnet’, which is considered to be responsible for attacks on the government websites, as media quotes.

According to Chief Cabinet Secretary Hirokazu Matsuno, the Japanese government is investigating whether problems accessing more than 20 websites across four government ministries were caused by a denial-of-service (DDoS) attack. Matsuno also explained that the government websites could not be reached on Tuesday evening.

However, services were recovered the same day. He is aware this pro-Russian group is suggesting that they were behind the attack, but the case is still being investigated at the moment.

EXCERPT: Japan announced on Wednesday that it is looking into the possible role in cyberattacks of a pro-Russian group named Killnet after numerous government websites were disrupted the day before. According to Chief Cabinet Secretary Hirokazu Matsuno, the Japanese government is investigating whether problems accessing more than 20 websites across four government ministries were caused by a denial-of-service (DDoS) attack.

LINK: https://www.reuters.com/technology/japan-investigating-possible-involvement-pro-russian-group-cyberattack-nhk-2022-09-06/

DATE: 07.09.2022.

TOPIC: Cyberconflict and warfare, Cybercrime

The new Worok cyber-espionage group is targeting governments and high-profile corporations

Worok, a newly discovered cyber-espionage group, has been using a combination of custom and existing malicious tools to hack governments and high-profile companies in Asia since 2020. ESET security researchers were the first to spot it, and they found out that the group also attacked targets from Middle East and Africa.

Worok has so far been linked to attacks on telecommunications, banking, maritime, and energy companies, along with military, government, and public sector organizations. Although there have been no sightings since February 2022, ESET has linked the group to new attacks against a Central Asian energy company and a public sector institution in Southeast Asia.

TOPIC: Cyberconflict and warfare, Cybercrime

LINK: https://www.bleepingcomputer.com/news/security/new-worok-cyber-espionage-group-targets-governments-high-profile-firms/

DATE: 06.09.2022.

EXCERPT: Worok, a newly discovered cyber-espionage group, has been using a combination of custom and existing malicious tools to hack governments and high-profile companies in Asia since 2020. Although there have been no sightings since February 2022, ESET has linked the group to new attacks against a Central Asian energy company and a public sector institution in Southeast Asia.

TITLE: The JX Fund and Voronezh Mass Media Defence Center launched the information platform Shpargalka | Exile

CONTENT: The JX Fund - European Fund for Journalism in Exile, in collaboration with the Voronezh Mass Media Defense Center, has launched the information platform Shpargalka | Exile (‘cheat sheet’ in Russian) to assist threatened media professionals in Russia in selecting a country of exile that is appropriate for them and their needs. Since the increase in anti-press legislation in Russia starting from 4 March, even the use of the word "war" can result in a 15-year prison sentence, so this type of platform is useful for media workers.

Shpargalka | Exile has now compiled answers to 21 of the most pressing questions, like ‘How do I get a work permit?’, or ‘What do I need to do to register a media company in exile?’ All questions are being answered by lawyers from 12 countries, which currently include: Armenia, Azerbaijan, Bulgaria, Germany, Georgia, Israel, Kazakhstan, Latvia, Montenegro, Poland, Serbia, and Turkey.

The information is regularly updated, as many countries' entry requirements and legal systems constantly change in light of the tense geopolitical situation. In recent months, the JX Fund has helped 14 media outlets rebuild, as well as five start-ups and the creation of a media hub in Tbilisi, Georgia. Since the increase in anti-press legislation in Russia starting from 4 March, even the use of the word "war" can result in a 15-year prison sentence.

EXCERPT: The JX Fund - European Fund for Journalism in Exile, in collaboration with the Voronezh Mass Media Defense Center, has launched the information platform Shpargalka | Exile (‘cheat sheet’ in Russian) to assist threatened media professionals in Russia in selecting a country of exile that is appropriate for them and their needs. The platform gives answers to 21 of the most pressing questions, which are given by lawyers from 12 countries.

LINK: https://rsf.org/en/cheat-sheet-media-workers-under-threat Sharpgalka | Exile: https://shpargalka-exile.web.app/

TOPIC: Freedom of the press

DATE: 05.09.2022.

TITLE: China accused Washington of breaking into computers and spying on university

CONTENT: China accused Washington on Monday of breaking into computers at Northwestern Polytechnical University that US officials say conducts military research. Both governments complained about worrying online spying against one another.

The National Computer Virus Emergency Response Center reported computer break-ins at Northwestern Polytechnical University in June. It stated that the center, in collaboration with a commercial security provider, Qihoo 360 Technology Co., identified the attacks back to the National Security Agency, but did not specify how.

China accuses the US of spying on universities, energy companies, and internet service providers, among other targets. Washington accuses Beijing of stealing commercial secrets and has charged Chinese military officers with crimes.

According to Foreign Ministry spokeswoman Mao Ning, the US actions "seriously endanger China's national security." She also accused Washington of using spyware to eavesdrop on Chinese phone calls and stealing text messages.

As per the security experts, the ruling Communist Party's military wing, the People's Liberation Army, and the Ministry of State Security also fund outside hackers. Alongside with Russia, China and the United States are widely acknowledged as global leaders in cyberwarfare research.

TOPIC: Cyberconflict and warfare, Cybercrime

EXCERPT: Chinese government accused Washington of cyberspying on Monday. Northwestern Polytechnical University in June has suffered computer break-ins, according to The National Computer Virus Emergency Response Center. China also accuses the US of spying on universities, energy companies, and internet service providers, among other targets. It stated that the center, in collaboration with a commercial security provider, Qihoo 360 Technology Co., identified the attacks back to the National Security Agency, but did not specify how.

DATE: 05.09.2022.

LINK: https://abcnews.go.com/Technology/wireStory/china-accuses-washington-cyber-spying-university-89343366

TITLE: In the aftermath of the Roe v. Wade decision, US journalists are wary of online legal threats

CONTENT: The editors of the pro-abortion rights news website Rewire unusually removed reporter biographies from the site in May.

The move was made as a precaution after a draft of a majority Supreme Court opinion in Dobbs v. Jackson Women's Health Organization, which sought to overturn the constitutional right to abortion, was leaked. Rewire reporters were concerned about an increase in online harassment.

Editor-in-chief Galina Espinoza said that: ‘The newsroom has for years kept a repository of harassing messages to track patterns, just in case.’ The current abortion situation in America has some abortion reporters on edge.

In addition to their fears about online harassment, reporters notified Committee to Protect Journalists (CPJ) that they are concerned about real-world violence and how changing laws may expose them and their sources to legal threats in the aftermath of the Supreme Court's decision to overturn Roe v. Wade in June.

EXCERPT: U.S. reporters shared their concerns with Committe to Protect Journalists (CPJ) about online harassment they face. However, it does not ned there. They are now even concerned about real-world violence in the aftermath of the Supreme Court’s decision to overturn Roe v. Wade in June. The current abortion situation in America has some abortion reporters on edge. The Rewire newsroom is keeping a repository of harassing messaged to track patterns.

LINK: https://cpj.org/2022/09/u-s-reporters-wary-of-online-legal-threats-in-the-wake-of-the-overturn-of-roe-v-wade/

DATE: 01.09.2022.

TOPIC: Freedom of the Press, Freedom of expression

TITLE: Ransomware attack hits Windows, Linux servers of Chilean government agency

CONTENT: Chile's national computer security and incident response team (CSIRT) has confirmed that a ransomware attack has affected the country's government agency's operations and online services.

The attack began on Thursday, August 25, and targeted the agency's Microsoft and VMware ESXi servers. The hackers offered Chile’s CSIRT a communication channel through which they could negotiate the payment of a ransom that would prevent the files from being leaked. The malware used in this attack, according to CSIRT, also had functions for stealing credentials from web browsers, listing removable devices for encryption, and evading antivirus detection via execution timeouts.

In their announcement, Chile's CSIRT does not title the ransomware group responsible for the attack, nor does it offer enough information to identify the malware. Because it has been used by multiple threat actors, the extension appended to the encrypted files provides no clue. Very limited information provided by Chile's CSIRT on the malware's behavior points to the 'RedAlert' ransomware (aka "N13V"). Nevertheless, indicators of compromise (IoCs) in the announcement could be associated with Conti.

According to what Chilean threat analyst Germán Fernández told BleepingComputer, the strain appears to be entirely new, and the researchers he spoke with were unable to associate the malware with known families. Based on what BleepingComputer has learned so far about this ransomware, it is a new operation that began in early August.

EXCERPT: BleepingComputer learned about a brand new ransomware operation that started in August, targeting Chile's national computer security and incident response team (CSIRT). The hackers have affected the agency's Microsoft and VMware ESXi servers with their operations. According to CSIRT, the malware used in this operations had functions for stealing credentials from web browsers, listing removable devices for encryption, and evading antivirus detection via execution timeouts.

LINK: https://www.bleepingcomputer.com/news/security/new-ransomware-hits-windows-linux-servers-of-chile-govt-agency/

DATE: 01.09.2022.

TOPIC: Cyberconflict and warfare

COUNTRY: Chile

TITLE: Military tensions between China and Taiwan fuel an active cyberwar

CONTENT: The world was relieved when tensions between China and Taiwan did not escalate into a larger military engagement in August. Nevertheless, both countries are influenced by an active cyberwarfare.

According to researchers at threat intelligence firm Cyberint, cyber activity between China and Taiwan is defined by multi-vector attacks, similar to what experts have observed happening between Russia and Ukraine. Based on a recent report, cyber tensions are high, and the number of national-level cyberattacks targeting China and Taiwan has recently significantly increased. Cyberint Research Team states that the growing number of cyberattacks will encourage more competing hackers organizations, raising the risk of an escalating cyber conflict.

One obvious sign of increased activity, according to the researchers, is the increasing number of comments on Chinese and Taiwanese breaches in cybercriminal leak forums, with the number of comments on Chinese data leaks increasing four times in July compared to June. When it comes to Taiwan, the number of comments under data leaks from its companies also increased during July.

The new tactic may eventually lead to a gradual increase from minor cyberattacks on government websites to more serious crimes involving hacking of critical infrastructure. If the cyber conflict between Taiwan and China resembles what happened in Ukraine, China should prepare its infrastructure to withstand a series of new of distributed denial-of-service (DDoS) attacks.

EXCERPT: Even though military tensions between China and Taiwan have not escalated, there is an ongoing cyber war between them. The engagement in these attacks is similar to the ones in Ukraine and Russia, and there are clear signs that there is an increasing number of comments on Chinese and Taiwanese breaches in cybercriminal leak forums. The new tactic may include a gradual increase from minor cyberattacks on government websites to more serious crimes involving the hacking of critical infrastructure.

DATE: 01.09.2022.

LINK: https://cybernews.com/news/china-taiwan-military-tension-fuels-an-active-cyberwar/

TOPIC: Cyberconflict and warfare

COUNTRY: China, Taiwan

TITLE: Military tensions between China and Taiwan fuel an active cyberwar

CONTENT: The world was relieved when tensions between China and Taiwan did not escalate into a larger military engagement in August. Nevertheless, both countries are influenced by an active cyberwarfare.

According to researchers at threat intelligence firm Cyberint, cyber activity between China and Taiwan is defined by multi-vector attacks, similar to what experts have observed happening between Russia and Ukraine. Based on a recent report, cyber tensions are high, and the number of national-level cyberattacks targeting China and Taiwan has recently significantly increased. Cyberint Research Team states that the growing number of cyberattacks will encourage more competing hackers organizations, raising the risk of an escalating cyber conflict.

One obvious sign of increased activity, according to the researchers, is the increasing number of comments on Chinese and Taiwanese breaches in cybercriminal leak forums, with the number of comments on Chinese data leaks increasing four times in July compared to June. When it comes to Taiwan, the number of comments under data leaks from its companies also increased during July.

The new tactic may eventually lead to a gradual increase from minor cyberattacks on government websites to more serious crimes involving hacking of critical infrastructure. If the cyber conflict between Taiwan and China resembles what happened in Ukraine, China should prepare its infrastructure to withstand a series of new of distributed denial-of-service (DDoS) attacks.

EXCERPT: Even though military tensions between China and Taiwan have not escalated, there is an ongoing cyber war between them. The engagement in these attacks is similar to the ones in Ukraine and Russia, and there are clear signs that there is an increasing number of comments on Chinese and Taiwanese breaches in cybercriminal leak forums. The new tactic may include a gradual increase from minor cyberattacks on government websites to more serious crimes involving the hacking of critical infrastructure.

DATE: 01.09.2022.

LINK: https://cybernews.com/news/china-taiwan-military-tension-fuels-an-active-cyberwar/

TOPIC: Cyberconflict and warfare

COUNTRY: China, Taiwan

TITLE: TAP Air Portugal hit by ransomware: Ragnar Locker claims responsibility

CONTENT: The Ragnar Locker ransomware gang has claimed responsibility for an attack on Portugal's flag carrier, TAP Air Portugal, which was revealed by the airline after its systems were compromised on Thursday night.

The company stated that the attack was stopped and that no evidence suggested that the attackers gained access to the customer data stored on the affected servers. The airline also issued an alert on Monday, stating that its website and app are unavailable due to the Thursday ransomware attack.

TAP has yet to confirm whether this was a ransomware attack. However, the Ragnar Locker ransomware gang posted a new entry on their data leak website today, claiming responsibility for last week's cyberattack on TAP's network.

The ransomware group believes to have "reasons" to assume that hundreds of Gigabytes of data were compromised in the incident and has threatened to provide "irrefutable evidence" to negate TAP's claim that its customers' data was not accessed. Ragnar Locker also shared a screenshot of a spreadsheet that appears to contain customer data stolen from TAP's servers, such as names, dates of birth, emails, and addresses.

DATE: 31.08.2022.

EXCERPT: The Ragnar Locker ransomware gang claims responsibility for the ransomware attack on Portugal’s flag carrier, TAP Air Portugal. The company itself says that the attack was prevented, and customers’ information has been untouched. On the other hand, the ransomware gang states that they can easily provide evidence that the data has been compromised.

LINK: https://www.bleepingcomputer.com/news/security/ragnar-locker-ransomware-claims-attack-on-portugals-flag-airline/

TOPIC: Cyberconflict and warfare, Cybercrime

TITLE: Saudi woman sentenced to 45 years in prison for social media posts

CONTENT: A Saudi Arabian court convicted Nourah bint Saeed al-Qahtani to 45 years of prison time for posts on social media, according to a rights group. According to a Washington-based DAWN organization, she was convicted by the Saudi Specialized Criminal Court on charges of ‘using the internet to tear the (Saudi) social fabric’ and for ‘violating public order by using social media.’

DAWN stated that almost nothing is known about Qahtani or even what her social media posts stated and that the investigation into her case was ongoing. Salma al-Shehab, a mother of two and doctoral candidate at the University of Leeds in the United Kingdom, was sentenced to 35 years in prison for following and retweeting dissidents and activists on Twitter just a few weeks before Qahtani's conviction.

According to Abdullah al-Aoudh, Director of Research for the Gulf Region at DAWN, Saudi authorities used "abusive" laws in both the Shebab and Qahtani cases to target and sanction Saudi citizens for opposing the government on Twitter.

According to what Saudi officials told Reuters last month, the kingdom has no political prisoners, and the thought of it is ridiculous. On the other hand, a request for comment was not responded to by the Saudi government's media office.

LINK: https://www.reuters.com/world/middle-east/saudi-woman-gets-45-year-prison-term-social-media-posts-rights-group-2022-08-30/

DATE: 30.08.2022.

EXCERPT: Saudi Arabian woman, Nourah bint Saeed al-Qahtani, has been sentenced to 45 years in prison for her posts on social media platforms. A few weeks before that, another woman, Salma al-Shehab was sentenced to 35 years in prison for following and retweeting dissidents and activists on Twitter. A Washington-based DAWN organization is still investigating into al-Quahtani’s case, as it is not clearly known what her posts contained. Presumably, she criticized the government. Saudi authorities are using abusive laws to punish citizens who dare to oppose the rulers.

TOPIC: Freedom of expression

COUNTRY: Saudi Arabia

TITLE: UK Spies are funding a new course for female coders

CONTENT: With a new bootcamp course, the UK's main intelligence agency for dealing with cyber-threats hopes to attract more female coders to its workforce. GCHQ is sponsoring one of Code First Girls' 14-week 'nanodegree' courses, which are designed to appeal to women considering a career switch.

According to Jo Cavan, the security agency's director of strategy, policy, and engagement, teams such as counter-terrorism have performed better since becoming more diversified. Cavan claims that one key area where GCHQ needs more diversity is in countering threats from the east. She also added: ‘We have been working hard to increase that number so we have more diverse teams and better get across the threats we need to today.’

According to the certification organization ISC2, women still make up only 25% of cybersecurity roles global level. When it comes to its 2021 industry report, fewer women (38%) than men (50%) came from an IT background, while women have higher rates of entry through self-learning than men (20% vs. 14%). These figures suggest that there may be a sizable group of female job seekers looking to change careers to one that involves cyber.

LINK: https://www.infosecurity-magazine.com/news/uk-spies-fund-new-course-for/

DATE: 30.08.2022.

TOPIC: Gender rights online

EXCERPT: The UK’s main intelligence agency for dealing with cyber-threats is aiming to attract more female workers, in order to increase diversity. Studies have shown that teams such as counter-terrorism have performed better since becoming more diversified. In this article, you can also see the percentage of women in cybersecurity roles and the level of their entry through self-learning compared to men. The information is provided by the certification organization, ISC2.

TITLE: Chinese hackers use ScanBox malware to target the Australian government

CONTENT: Threat actors based in China have been targeting Australian government agencies and wind turbine fleets in the South China Sea by directing select individuals to a fake news media outlet impersonating an Australian news outlet. The sender pretended to be an employee of the hoax media outlet "Australian Morning News," with a link leading to the malicious website. The site included plagiarized content from legitimate news websites.

Victims started arriving at the fraudulent site after receiving phishing emails with appealing lures, and the ScanBox reconnaissance framework delivered a malware payload. From April to June of this year, the campaign targeted individuals at local and federal Australian Government agencies, Australian news media organizations, and global heavy industry manufacturers which provide maintenance to wind turbines in the South Chinese Sea.

Proofpoint and PwC (PricewaterhouseCoopers) security researchers who observed the campaign concluded that the goal was cyberespionage. They attribute the activity with moderate confidence to a Chinese-based threat group known as APT40 (a.k.a. TA423, Leviathan, Red Ladon).

LINK: https://www.bleepingcomputer.com/news/security/chinese-hackers-target-australian-govt-with-scanbox-malware/

EXCERPT: China-based actors have been targeting Australian government agencies and wind turbine fleets by directing individuals to a fake media outlet, pretending to be an Australian media outlet. The site they were led on, contained plagiarized information from legitimate news websites. From April to June 2022, the campaign targeted individuals at local and federal Australian Government agencies, Australian news media organizations, and global heavy industry manufacturers working to maintain wind turbines in the South Chinese Sea.

TOPIC: Cyberconflict and warfare, Cybercrime

TITLE: Acronis’ Mid-year Cyberthreat Report warns that global ransomware damage will exceed $30bn by 2023

CONTENT: Switzerland-based cybersecurity company Acronis reported in its Mid-Year Cyberthreat Report, published on August 24, that almost half of breaches during the first six months of 2022 involved stolen credentials. The primary goal of cybercriminals using these credentials is to launch ransomware attacks, which remain the number one threat to large and medium-sized businesses, including government organizations, the report says.

Acronis found that out of 600 malicious email campaigns in the first half of 2022, 58% were phishing attempts, and 28% featured malware. Unpatched or software vulnerabilities are now also being targeted by cybercriminals in order to extract data, with a recent increase in Linux operating systems and managed service providers (MSPs) and their network of SMB customers.

The Swiss firm is highlighting: ‘Ransomware is worsening, even more so than we predicted.’ They also mentioned Conti and Lapsus gangs as the prime targets for international security services. It is expected that global ransomware damage will exceed up to $30bn by next year.

EXCERPT: Swiss-based cybersecurity company Acronis reports in their Mid-Year Cyberthreat that the first six months of this year involved stolen credentials. With hacking methods in development, like targeting unpatched or software vulnerabilities, and malicious email campaigns, ransomware is worsening. It is excepted that global ransomware will exceed up to $30bn by 2023.

LINK: https://www.infosecurity-magazine.com/news/ransomware-exceed-30bn-dollars-2023/

TOPIC: Cybercrime, Cyberconflict and warfare

DATE: 29.08.2022.

TITLE: Montenegro suspects the cyberattacks are coming from Russia

CONTENT: Cyberattacks are persistent in Montenegro and targets are the main infrastructure objects, such as electricity and water supply systems, transportation services, and online portals citizens use. At the time of writing, Bleeping Computer states that the official website of the government of Montenegro is unreachable.

The country's Defense Minister has blamed Russian actors for the attacks, telling local media on Saturday that there is enough evidence to suspect the attack was "directed by several Russian services."

The country's currently battling polarization which has been impacted by the current government's decision to support sanctions against Russia. This has sparked outrage from certain demographic groups and, in some cases like now, even external attacks.

Montenegro is currently receiving assistance from NATO allies to block the attacks. Most notable efforts come from France. The country has deployed an ANSSI (French Agency for Information Systems Security) team to assist in the defense of critical systems and the restoration of compromised networks.

DATE: 29.08.2022.

TOPIC: Cyberconflict and warfare

LINK: https://www.bleepingcomputer.com/news/security/montenegro-says-russian-cyberattacks-threaten-key-state-functions/

EXCERPT: Montenegro suffers a series of cyberattacks directed toward their vital infrastructure. The country’s Defense Minister is attributing these attacks to Russia, as Montenegro decided to support sanctions against them. Currently, Montenegro receives help from NATO allies, but mainly from France.

TITLE: Montenegro’s digital infrastructure hit by a unprecedented cyberattack

CONTENT: Montenegro's government digital infrastructure has been hit by a ‘unprecedented’ cyber attack, and swift measures have been taken to minimize the impact, officials said on Friday. ‘A persistent and ongoing cyber-attack is in process in Montenegro,’ The U.S. Embassy in Podgorica posted a warning on its website.

‘Certain services were switched off temporarily for security reasons but the security of accounts belonging to citizens and companies and their data have not been jeopardised,’ said Public Administration Minister Maras Dukaj on Twitter.

According to Reuters, in 2016, cyber criminals also targeted Montenegro's state digital infrastructure on election day, and again several months later in 2017, as this small Balkan state prepared to join NATO.

The Western military alliance is aware of reports of cyber attacks in Montenegro and is prepared to assist its authorities if needed, according to an unidentified NATO official quoted by Voice of America.

EXCERPT: Montenegro’s government digital infrastructure has been hit with an unprecedented cyber attack. The hacker’s origin is still not officially known, but it woke concerns among NATO members. This is not the first time the cyber attack of this range happened in Montenegro, but it is considered to be a persistent and ongoing according to the U.S. Embassy in Podgorica.

DATE: 26.08.2022.

LINK: https://www.reuters.com/world/europe/montenegros-state-infrastructure-hit-by-cyber-attack-officials-2022-08-26/

TOPIC: Cyberconflict and warfare, Cybercrime

TITLE: CPJ joins letters urging the U.S. government to hold the NSO Group accountable for spyware that surveilled journalists

CONTENT: In August, the Committee to Protect Journalists joined human rights and press freedom organizations in separate actions demanding the US government to hold NSO Group accountable for providing Pegasus spyware to governments that have secretly surveilled journalists around the world. The Israeli-owned NSO Group claims that it only licenses its Pegasus spyware to government agencies investigating crime and terrorism and that it should be immune from prosecution in US courts because it acted as an agent of foreign governments under the doctrine of sovereign immunity.

Nevertheless, according to the CPJ’s letter it is clear their actions are malicious: ‘The evidence of the use of Pegasus spyware against human rights defenders, journalists, opposition parties, and state officials by repressive regimes continues to mount, contrary to NSO Group’s claim that their spyware is used as a tool for investigating criminal activity and terrorism.’

EXCERPT: Committee to Protect journalists (CPJ) joins the letters of human rights and press freedom organizations in their separate actions urging the U.S. government to hold the Israeli-owned NSO Group accountable for providing Pegasus spyware to governments that have secretly surveilled journalists.

LINK: https://cpj.org/2022/08/cpj-joins-letters-urging-u-s-government-to-hold-nso-group-accountable-on-spyware/

DATE: 25.08.2022.

TOPIC: Freedom of expression, Freedom of the press, Cybercrime

TITLE: RSF’s new investigation on online media attacks throughout the Brazilian election campaign

CONTENT: Throughout Brazil's election campaign, Reporters Without Borders (RSF) will track and analyze internet threats, violence, and attacks against the media as a part of their ongoing project. The election campaign was launched on 16 August and it will end with the election of a new president, members of both houses of the national congress, governors and members of the legislative assemblies in Brazil’s states on 2 or 30 October.

During the campaign, RSF's Latin America bureau will monitor, analyze, and denounce online attacks on journalists in collaboration with the Laboratory for Image and Cyberculture Studies (LABIC), a leading research center specializing in social media analysis and digital trends affiliated with the Federal State University of Espirito Santo.

The results of this research will be collected and posted on the RSF website on a regular basis. Following the elections, a detailed report analyzing the main trends and attacks observed during the project will be published. The project's goal is to better understand the origin, structure, and spread of these online attacks, to expose the main perpetrators, and to find effective and long-term solutions to combat this phenomenon.

RSF published the findings of a survey of Twitter users' behavior in 2021, the platform used for the majority of attacks against the media and journalists in Brazil. Bolsonaro supporters were the primary perpetrators of these attacks, with the main targets being female journalists and media outlets critical of the government.

EXCERPT: RSF is planning to investigate the online attacks on Brazilian media during the ongoing election in their new project. The results will be posted on a regular basis, and after the elections end, a detailed report on main trends and attacks during the project will also be published. The main goals of this analysis are to better understand what caused the spread of these online attacks, as well to expose the main perpetrators whilst finding a solution to combat this phenomenon.

DATE: 23.08.2022.

LINK: https://rsf.org/en/rsf-will-analyse-online-attacks-against-media-during-brazilian-election-campaign

TOPIC: Freedom of the press, Freedom of expression

COUNTRY: Brazil

TITLE: Dominican Republic government agency was disrupted by a quantum ransomware attack

CONTENT: The Quantum ransomware assault that affected the Instituto Agrario Dominicano in the Dominican Republic and encrypted numerous services and workstations, occurred on August 18, local media reports. ‘They ask for more than 600 thousand dollars. We were affected by four physical servers and eight virtual servers; virtually all servers,’ Walixson Amaury Núñez, the IAD's director of technology, told the local press.

As IAD does not have enough money to pay the ransom and with only basic security software systems - the company’s data was completely compromised.

According to the National Cybersecurity Center (CNCS), who has been helping the agency recover from the attack, the attackers' IP addresses came from the United States and Russia.

BleepingComputer investigated the case and found out that the Quantum ransomware operation was the attacker. If IAD did not pay the ransom publicly, the threat actor, who claimed having stolen over 1TB of data, threatened to release it. This ransomware actor is supposedly an offshoot of the Conti ransomware operation which adopted the earlier name of the MountLocker ransomware operation.

EXCERPT: Instituto Agrario Dominicano, Dominican Republic’s government agency, suffered a ransomware attack by the Quantum ransomware operation. They are threatening them with a ransom of around 650.000 dollars. As the agency is not able to afford the ransom, and with only basic software security, their data is at stake. As the National Cybersecurity Center reports, the IP addresses of the attackers come from the U.S. and Russia.

LINK: https://www.bleepingcomputer.com/news/security/quantum-ransomware-attack-disrupts-govt-agency-in-dominican-republic/

TOPIC: Cyberconflict and warfare, Cybercrime

COUNTRY: Dominican Republic

DATE: 24.08.2022.

TITLE: Russia's Yandex sells news and blogging services as state tightens control over online media

CONTENT: In a transaction that would expand direct state control over the news that many Russians view online, the largest internet firm in Russia will sell off its news and blogging services to the state-controlled social media site VK.

Yandex.ru's main page, which was sold together with the news aggregator and blogging platform Zen, is expected to turn into a social media-style news feed managed by Gazprom-owned VK as a result of the transaction, with its chief executive being the son of a Kremlin official tasked with integrating the occupied territories of Ukraine.

News articles on Yandex were already perceived as having been deliberately selected to abstain from controversial subjects in Russia, particularly criticism of the war in Ukraine. By reducing Yandex's exposure to politics, the sale of the company's media holdings is reportedly an effort to protect it from the threat of western sanctions.

LINK: https://www.theguardian.com/world/2022/aug/23/russia-yandex-sell-news-service-state-tightens-grip-online-media

DATE: 23.08.2022.

TOPIC: Freedom of the press

COUNTRY: Russia

EXCERPT: Russia’s Yandex sells its news and blogging services to the state-controlled social media site VK. Yandex.ru’s main page is expected to turn into a social media-style news feed managed by Gazprom-owned VK, as a result of this transaction. The goal was reportedly an effort to loosen up the threats from western sanctions.

TITLE: Greece’s largest natural gas distributor DESFA suffered ransomware-related data breach

CONTENT: Greece’s largest natural gas distributor (DESFA) suffered a limited scope data breach and IT system outage which were followed by a cyberattack, this Saturday.

DESFA shared in a public statement that hackers tried to infiltrate its network, but were faced with a quick response from their IT team. Nevertheless, the attack possibly caused the leakage of some files and data and a network intrusion was definitely made, although limited. DESFA is working on returning to normal operations and is ensuring the customers this incident would not impact the gas supplies.

The attack was confirmed on Friday by Ragnar Locker ransomware operation, a threat actor. It is said in a recent FBI report that Ragnar Locker made 52 intrusions in critical U.S. infrastructure entities since January this year.

This ransomware actor is threatening to publish all files that would victimize DESFA, if they do not answer their demands. The timeline of this attack is tough for European gas suppliers after being cut from Russia’s natural gas.

The upcoming period is believed to be full of shortages, power cuts, and growing energy prices, leaving everyone involved even more vulnerable to ransomware attacks against gas distributors.

EXCERPT: DESFA, Greece’s largest gas distributor was targeted with an ransomware attack. This attack was confirmed to be made by Ragnar Locker - a ransomware operation, familiar to FBI for their previous intrusions. This attack comes at a vulnerable time for European gas suppliers after being cut from Russian gas, and it is believed that the situation will get worse if similar attack should happen in this region again.

LINK: https://www.bleepingcomputer.com/news/security/greek-natural-gas-operator-suffers-ransomware-related-data-breach/

COUNTRY: Greece

TOPIC: Cyberconflict and warfare, Cybercrime

DATE: 22.08.2022.