Adam Kacor’s Post

⛓️💥 Defenseless Defense Chinese hackers have compromised over 20,000 FortiGate systems worldwide, exploiting a critical vulnerability in FortiOS/FortiProxy (CVE-2022-42475). This sophisticated attack used a remote access trojan (RAT), "Coathanger," to maintain persistent access, which could survive after system reboots and firmware upgrades. Targets included governments, international organizations, and defense industries. CVE-2022-42475 was also exploited as a zero-day to target government organizations and related entities, as disclosed by Fortinet in January 2023. ⛑️ Fortinet advised customers to immediately upgrade to a patched version of FortiOS to block attack attempts and reach out to Fortinet support if they find indicators of compromise. ❗️This incident shows that even security solutions can be hacked, and the only way to resist sophisticated attacks is to use a comprehensive approach while securing digital assets. A layered security strategy includes: ✅ Risk assessment ✅ Robust access controls ✅ Vulnerability management ✅ Network segmentation ✅ Continuous monitoring with incident response ✅ User education #infosec #cybersecurity #cybertex #cybertexsecurity #0day #ZeroDay #cyberattack #fortinet https://lnkd.in/diamk6N5

🚨Rising Threats in Cybersecurity: Kapeka & Fuxnet Malware Target Critical Infrastructure🚨 Recent findings from Google's Mandiant and Finland-based WithSecure have revealed alarming developments in cybersecurity threats targeting critical infrastructure within Europe. Dubbed "Kapeka" and "Fuxnet," these malware tools are wreaking havoc in industrial control systems (ICS) and operating technology (OT) environments, demonstrating the escalating cyber warfare associated with the Ukraine conflict. Kapeka, potentially linked to Russia's Sandworm group, was utilized in recent attacks, including those against an Estonian logistics firm. Meanwhile, Fuxnet, associated with the Ukrainian threat group Blackjack, disabled over 87,000 sensors in a Moscow-based company's sewage monitoring system. These incidents underscore the vital need for robust cybersecurity measures, including stringent password policies and network segmentation, to prevent such destructive attacks. Organizations must remain vigilant, ensuring their cybersecurity frameworks can withstand and adapt to the evolving threat landscape. #S247 #Cybersecurity #ICS #Kapeka #Fuxnet #IndustrialSecurity

FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions The U.S. Federal Bureau of Investigation (FBI) has asked for the public's help in an investigation into the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed to exfiltrate sensitive data from firewalls worldwide," the agency said. "The FBI is seeking information regarding the identities of the individuals responsible for these cyber intrusions." The development follows a series of reports published by cybersecurity vendor Sophos chronicling campaigns between 2018 and 2023 that exploited its edge infrastructure appliances to deploy custom malware or repurpose them as proxies to fly under the radar. For more details, see the full article below ⬇ #cybersecurity #cyberthreat #malicious #threat #cyberespionage #attackers #hacker #ransomeware https://lnkd.in/gqbeD5Wi

“A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a recently patched critical security flaw impacting OSGeo GeoServer GeoTools.    The intrusion activity, which was detected by Trend Micro in July 2024, has been attributed to a threat actor dubbed Earth Baxia.    "Based on the collected phishing emails, decoy documents, and observations from incidents, it appears that the targets are primarily government agencies, telecommunication businesses, and the energy industry in the Philippines, South Korea, Vietnam, Taiwan, and Thailand," researchers Ted Lee, Cyris Tseng, Pierre Lee, Sunny Lu, and Philip Chen said.”    The discovery of documents in Simplified Chinese suggests that China may be one of the countries affected by this cyberattack campaign as well, but the cybersecurity company have yet to figure out which sectors in China have been targeted. It’s ironic that Chinese hackers may have ended up attacking China.     The attackers use a sophisticated process that includes phishing emails and exploiting a critical software vulnerability (CVE-2024-36401). This allows them to deliver malicious tools like Cobalt Strike and a newly discovered backdoor called EAGLEDOOR, which is used for spying and launching additional attacks.    The exploitation of a critical vulnerability (CVE-2024-36401) in this attack emphasizes the importance of regularly updating and patching software. Failure to address such flaws in time can leave systems wide open to sophisticated cyber threats. https://lnkd.in/gii49k-6     #cybertronium #cybertroniummalaysia #cyberespionage #malware 

T-Mobile Spotted Chinese Salt Typhoon Hackers Attacking Its Routers T-Mobile revealed how it successfully blocked attempts by the Chinese hacking group Salt Typhoon to infiltrate its network. This announcement follows reports from earlier this month about Salt Typhoon’s successful breaches of wiretap systems managed by major U.S. telecom companies, including AT&T, Verizon, and Lumen Technologies. Jeff Simon, T-Mobile’s Chief Security Officer, revealed that the company’s network engineers detected suspicious activities on their network devices. While these actions were not inherently malicious, they were unusual enough to warrant further investigation. The engineers observed unauthorized users executing commands on network devices, probing the network’s structure. The hackers, believed to be backed by the Chinese government, gained initial access through a compromised wireline provider’s network connected to T-Mobile’s systems. However, T-Mobile’s defense mechanisms prevented the attackers from advancing deeper into the network or accessing sensitive customer data. Stay Connected to Sidharth Sharma, CPA, CISA, CISM, CFE, CDPSE for content related to Cyber Security. #CyberSecurity #JPMC #Technology #InfoSec #DataProtection #DataPrivacy #ThreatIntelligence #CyberThreats #NetworkSecurity #CyberDefense #SecurityAwareness #ITSecurity #SecuritySolutions #CyberResilience #DigitalSecurity #SecurityBestPractices #CyberRisk #SecurityOperations 

🚨Federal Bureau of Investigation (FBI) Appeals for Public Assistance in Identifying Chinese Hackers Behind Global Cyber Intrusions 🚨 The FBI recently issued a public appeal for assistance to identify cyber actors behind major intrusions targeting critical infrastructure and government entities worldwide. Allegedly tied to Chinese APT groups – including APT31 (Zirconium), APT41 (Winnti), and Volt Typhoon – these cyber intrusions reveal a complex campaign exploiting vulnerabilities in network devices like Sophos firewalls 🛡️. 🔍 Attack Vectors and Malware Used: 1. Exploited Vulnerabilities: Sophos firewalls were breached via zero-day exploits (e.g., CVE-2022-1040, CVE-2022-22965), enabling attackers to gain unauthorized access 🔓. 2. Deployed Malware: Asnarök: Used to maintain control over infected firewalls and execute commands. Gh0st RAT: For remote access and data exfiltration 👾. Pygmy Goat: A more specialized malware variant for stealth operations. 🌐 Targeted Sectors: Critical infrastructure organizations, including nuclear energy suppliers, airports, military hospitals, and government ministries across South and Southeast Asia, have been affected. Such breaches risk national security and undermine operational stability in essential services. ⚠️ What This Means: These cyber operations highlight the strategic motivations behind espionage activities targeting regional politics and defense frameworks. For organizations managing critical assets, ensuring network devices are up-to-date and deploying multi-layered security is essential 🛠️. 🤝 How You Can Help: The FBI is encouraging those with any relevant information on these intrusions to come forward to aid in identifying the perpetrators. This public appeal emphasizes the need for global collaboration to counteract the growing sophistication of cyber espionage threats. Together, we can safeguard critical infrastructure and protect our digital frontiers 🌐🔒. #CyberSecurity #APT #CriticalInfrastructure #Sophos #FBI #ThreatIntelligence #DigitalSecurity #APT31 #APT41 #VoltTyphoon #LinkedInCommunity

Sophos has released “Pacific Rim,” a #report detailing its defensive and counter-offensive operation over the last five years with multiple interlinked nation-state adversaries based in China targeting perimeter devices, including #SophosFirewalls. Ross McKerchar, CISO at Sophos, said, “The reality is that edge devices have become highly attractive targets for Chinese nation-state groups like #VoltTyphoon and others as they look to build operational relay boxes (ORBs) to obfuscate and support their activity. This includes directly targeting an organization for espionage, or indirectly leveraging any weak points for onward attacks – essentially becoming collateral damage. Even organizations that are not targets are getting hit. Network devices designed for businesses are natural targets for these purposes – they are powerful, always on, and have constant connectivity." Jeff Greene, executive assistant director for cybersecurity at Cybersecurity and Infrastructure Security Agency (CISA), added, “Through the JCDC, CISA obtains and shares crucial intelligence on the #cybersecurity challenges we face, including the advanced tactics and techniques used by People’s Republic of China (PRC) state-sponsored #CyberActors. The expertise of partners like Sophos and reports like its Pacific Rim report, provides the global cyber community more insights into the PRC’s evolving behaviors. By working side-by-side, we are helping cyber defenders understand the scale and widespread exploitation of edge network devices and implement mitigation strategies." “Many cybersecurity vendors conduct adversarial research operations, but few are able to successfully do so against such a challenging set of nation-state adversaries for such a long period of time,” said Eric Parizo, managing principal analyst with the cybersecurity research group at Omdia. “Sophos made the most of a highly unique opportunity, and it should be lauded for delivering research and tactical takeaways that will help better defend its customers now and well into the future.” “At NCSC-NL, one of our tasks is to share information and connect organisations. Facilitating communication and cooperation between national and international organisations is of great importance to improve cyber resilience. We are happy to have been able to make a contribution to this investigation with Sophos,” said Hielke Bontius, head of operations, Nationaal Cyber Security Centrum (NCSC-NL). . Read in detail at: https://lnkd.in/gWv42TQh . Anuj Sharma Preeti Palve Nishant Sharma Jatin Motwani Dattatrey Sharma Rajat Aggarwal . Follow us at SmartStateIndia . #smartstateindia #SophosReport #Ransomware #SophosActiveAdversaryReport #sophosPacificRim

𝗩𝗶𝘀𝘁𝗲𝗺 𝗦𝗼𝗹𝘂𝘁𝗶𝗼𝗻𝘀, 𝗜𝗻𝗰. - "Enhancing your business securely through innovation and technology." Vistem Solutions, Inc. is proud to be the exclusive IT Provider for Dispatch and DHA systems to the Ports of Long Beach and Los Angeles, other high-profile manufacturing and engineering networks, and healthcare companies demanding the highest level of service, security, and compliance. We'd like to help you enhance your business.  Partner with us for cutting-edge IT solutions tailored to your specific needs. From comprehensive cybersecurity measures to state-of-the-art network management, our dedicated team ensures your operations run smoothly and securely. #itprovider #security #compliance #vistemsolutions #MSSP Contact us @ sales@vistem.com to learn more about how we can support your business growth and protect your critical infrastructure. Stay informed about the latest cybersecurity threats and defenses. GRU's BlueDelta Targets Key Networks in Europe with Multi-Phase Espionage Camp | Recorded Future. Discover BlueDelta’s (APT28, FANCY BEAR, Forest Blizzard) strategic espionage tactics in Europe. Learn more today and safeguard your business against evolving cyber threats.

The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the breach of edge devices and computer networks belonging to companies and government entities. "An Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed to exfiltrate sensitive data from firewalls worldwide," the agency said. "The FBI is seeking information regarding the identities of the individuals responsible for these cyber intrusions." Stay connected to Aashay Gupta, CISM, GCP for content related to Cybersecurity.  #LinkedIn #Cybersecurity #Cloudsecurity #AWS #GoogleCloud #Trends #informationprotection #Cyberthreats #CEH #ethicalhacker #hacking #cloudsecurity #productmanagement #cybersecurity #appsec #devsecops

Researchers from Sophos disclosed in a ‘Pacific Rim’ report details of its five-year investigation tracking China-based groups targeting Sophos firewalls using botnets, novel exploits, and bespoke #malware. With the collaboration of other #cybersecurity vendors, governments, and law enforcement agencies, specific clusters of observed activity have been attributed, with varying levels of confidence, to #VoltTyphoon, #APT31, and APT41/Winnti. Following the release of the Pacific Rim report, the U.S. Federal Bureau of Investigation (FBI) is asking the public for assistance in an investigation involving the compromise of edge devices and computer networks belonging to companies and government entities. “As described by Sophos Ltd. in a recently released cyber security report, on April 22, 2020, an Advanced Persistent Threat group allegedly created and deployed malware (CVE-2020-12271) as part of a widespread series of indiscriminate computer intrusions designed to exfiltrate sensitive data from firewalls worldwide.” “The first attack was not against a network device, but the only documented attack against a Sophos facility: the headquarters of Cyberoam, an India-based Sophos subsidiary,” Ross McKerchar, CISO at Sophos, wrote in a blog post last week. “On December 4, 2018, analysts on the Sophos SecOps team detected that device performing network scans. A remote access trojan (RAT) was identified on a low-privilege computer used to drive a wall-mounted video display in the Cyberoam offices.” https://lnkd.in/gRYGdPr4