Sumit C.’s Post

𝐂𝐡𝐢𝐧𝐞𝐬𝐞 𝐁𝐨𝐭𝐧𝐞𝐭 ‘𝐑𝐚𝐩𝐭𝐨𝐫 𝐓𝐫𝐚𝐢𝐧’ 𝐈𝐧𝐟𝐞𝐜𝐭𝐬 𝟐𝟔𝟎,𝟎𝟎𝟎 𝐃𝐞𝐯𝐢𝐜𝐞𝐬, 𝐓𝐚𝐫𝐠𝐞𝐭𝐢𝐧𝐠 𝐂𝐫𝐢𝐭𝐢𝐜𝐚𝐥 𝐈𝐧𝐟𝐫𝐚𝐬𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 A new cybersecurity alert highlights a Chinese state-sponsored botnet, “Raptor Train,” infecting over 260,000 devices, including routers, IP cameras, and NAS systems. This sophisticated botnet targets critical infrastructure, with a focus on military, government, and industrial sectors in the US, Taiwan, and beyond. The botnet, active since May 2020, is linked to the Flax Typhoon hacking group and uses a Mirai malware variant, “Nosedive.” Although equipped for DDoS attacks, its operators have shown no such activity, suggesting other malicious objectives. The FBI, in collaboration with cybersecurity experts, disrupted the botnet by removing malware from thousands of devices. 𝐊𝐞𝐲 𝐃𝐞𝐟𝐞𝐧𝐬𝐢𝐯𝐞 𝐒𝐭𝐞𝐩𝐬: - Regularly reboot and update routers - Monitor for suspicious outbound traffic - Replace outdated devices lacking security patches The global reach and complexity of Raptor Train underline the growing threat of state-sponsored botnets. Stay vigilant! #Cybersecurity #Botnet #CriticalInfrastructure #RaptorTrain #Infosec #StateSponsoredHackers #CyberThreats

Chinese hackers use new data theft malware in govt attacks   A recent report highlights the emergence of new malware variants, FDMTP and PTSOCKET, deployed by the cyber espionage group Mustang Panda. These tools have been utilised in sophisticated attacks aimed at government networks, emphasising the need for robust security measures and threat intelligence.   The tactics employed by Mustang Panda include spear-phishing campaigns and worm-based attacks, targeting sensitive data within military, police, foreign affairs, and educational sectors. The group's ability to adapt and refine their strategies serves as a reminder of the persistent threats facing our digital infrastructures.   As professionals in the tech and cybersecurity fields, it's imperative that we share knowledge and collaborate to defend against such advanced threats. Let's continue to foster a community of awareness and resilience in the face of these challenges.   #Cybersecurity #DataProtection #ThreatIntelligence #DigitalResilience   https://lnkd.in/eE6Q_8Rp

As geopolitical tensions rise, so does the frequency of cyberattacks. The recent Homeland Threat Assessment report highlights that cyber actors, particularly from Russia and China, are targeting U.S. critical infrastructure with AI-driven malware and ransomware. These attacks aim to disrupt essential services and gain unauthorized access to sensitive information. Vigilance and advanced cybersecurity measures are more important than ever. #CyberThreats #NationalSecurity #AI Learn more: Industrial Cyber News

Have I got this right? Earlier the detection; quicker the response. What is the earliest an attack can be detected to mount a meaningful response? The cyber kill chain is how we get attacked. Which step should be the focus of our detection capabilities? Reconnaissance - scanning is a given. Very easy to detect but impossible to respond to. Weaponisation - happens out of sight. Probably undetectable. Delivery - that’s when the malicious code gets injected into our environment. The best opportunity to detect and best point in time to prevent an attack. Also the best test of protection and detection controls. The steps that follow - exploitation, installation, command and control and finally actions on objectives - all leave signs that can lead to the detection of an attack in progress. However the later we try to detect more the chances that something continues to lurk in our environment. What do you think? #haveigotthisright #cybersecurity #detection

Unveiling the Latest Malware Threats Targeting Industrial Control Systems in Europe Two dangerous malware tools, Kapeka and Fuxnet, have emerged as the latest cyber threats in Europe following the conflict in Ukraine. Kapeka, linked to the Russian state-backed threat actor Sandworm, was identified in attacks against an Estonian logistics company. WithSecure researchers consider it an active and ongoing threat, with capabilities to infiltrate and persist within victim systems. On the other hand, Fuxnet, deployed by Ukraine government-backed threat group Blackjack, was used to sabotage Moscow's sewage system by bricking sensor gateways and disabling 87,000 sensors. These attacks highlight the growing complexity and impact of cyber warfare on critical infrastructure in the region. How can organizations enhance their cybersecurity measures to safeguard against sophisticated malware threats like Kapeka and Fuxnet? [Collection] #CyberSecurity, #MalwareThreats, #IndustrialControlSystems, #Europe, #Kapeka, #Fuxnet, #CyberWarfare, #SecurityMeasures Source: https://lnkd.in/eFzMkvf4, Jai Vijayan, Contributing Writer

APT28 Russian Cyber Squad Targets High-Profile Organizations with Advanced NTLM Relay Intrusions Between April 2022 and November 2023, Russian state-backed hackers, known as APT28 among other aliases, launched sophisticated NTLM v2 hash relay attacks targeting global entities in sectors such as foreign affairs, energy, defense, transportation, and more. This aggressive group, linked to Russia's GRU military intelligence and active since at least 2009, utilized brute-force techniques and exploited vulnerabilities in systems like Cisco and Microsoft Outlook to infiltrate networks and conduct espionage. Trend Micro highlighted the group's efficiency in compromising thousands of accounts, signaling a broad and cost-effective strategy for unauthorized access. APT28's tactics include spear-phishing, leveraging software flaws, and employing custom malware like HeadLace, alongside strategies for evading detection and maintaining persistence within compromised networks. Their operations demonstrate a continuous evolution of attack methodologies, including the use of anonymization tools and compromised infrastructure to facilitate phishing and credential theft, underscoring the persistent threat they pose to high-profile targets. #cybersecurity #infosec #cyberattack #ntlm #clouddfn

Hello Connections! 🎯 Just finished the Cyber Kill Chain room on TryHackMe! In this room I Learned about each stage: Reconnaissance, Weaponization, Delivery, and Exploitation & Explored Installation, Command & Control, and Actions on Objectives. Gaining a deeper understanding of how attacks are structured to enhance defenses 🛡️ #TryHackMe #CyberKillChain #Cybersecurity #ThreatAnalysis #IncidentResponse

"Unlike the attack on Ukraine, we did not observe a spike in cyber operations against Israeli targets before the attack, and have no indication that cyber activity was integrated into Hamas battlefield operations, or used to enable kinetic events." https://lnkd.in/d3t_rUUq #cybersecurity #criticalinfrastructure #Iran #cyberwarfare #Hamas #Google #security #infosec #threatintelligence #industrialcyber #icssecurity #ics

Operation Celestial Force: A Persistent Cyber Threat Since 2018, a cyber espionage campaign dubbed “Operation Celestial Force” has been actively targeting Indian defense, government, and technology sectors. This sophisticated operation employs two primary tools: the Android-based malware ‘GravityRAT’ and a Windows-based malware loader known as ‘HeavyLift’. The campaign is attributed to the Pakistani threat actor group Cosmic Leopard, which leverages these tools for espionage purposes. GravityRAT, initially developed for Windows, has evolved to affect Android devices, indicating the group’s expanding capabilities. The attackers deploy their malware through social engineering tactics and malicious documents, demonstrating their persistent and evolving threat to cybersecurity. Stay vigilant and stay informed. #CyberSecurity #OperationCelestialForce #Malware

From politically motivated hacking to vulnerabilities in digital infrastructure, this narrative underscores the urgent need for robust cybersecurity measures. As nations navigate the intricate landscape of cyber threats, fortifying defences and fostering collaboration become imperative steps towards safeguarding our digital future. Authored by Gargi Tamboli for Covering China Parent: THE GEOSTRATA #APT #CyberEspionage #SpearPhishing #WateringHole #InfoSec #DigitalInfrastructure #CyberAwareness #GeopoliticalCyberThreats #DigitalIndia #CyberDefense #TechSecurity #China #India #US #modi