UPDATES
3
4
3
4
threat
UPDATES
3
RUSSIA
The UK and allied nations have exposed a Russian military intelligence cyber campaign targeting Western logistics and technology organisations, including those involved in aid delivery to Ukraine. The National Cyber Security Centre( NCSC), part of GCHQ, issued an advisory detailing the activity of GRU Unit 26165( APT 28) since 2022. Techniques employed include credential guessing, spearphishing and exploiting Microsoft Exchange vulnerabilities.
The unit also targeted internet-connected cameras at Ukrainian border crossings and military sites. The NCSC urges UK organisations in sectors like defence, IT services, maritime and transport to familiarise themselves with the threat and implement recommended mitigation measures to bolster their cyber defences. This revelation coincides with the UK’ s ongoing support for Ukraine and increased sanctions against Russia.
Paul Chichester, NCSC Director of Operations, said:“ This malicious campaign by Russia’ s military intelligence service presents a serious risk to targeted organisations, including those involved in the delivery of assistance to Ukraine. The UK and partners are committed to raising awareness of the tactics being deployed.”
4
NORTH KOREA
The Belgian cybersecurity firm, Aikido, recently observed
North Korean state-sponsored hackers, known as the Lazarus Group, making surprisingly basic errors while working on their malicious software. The researchers watched in real-time as the group, notorious for stealing US $ 1.5 billion from ByBit, struggled with fundamental JavaScript.
Aikido documented the hackers repeatedly failing simple coding tasks, like using basic debugging commands and forgetting essential code instructions. A video shows this unusual situation: highly skilled hackers making amateur mistakes while trying to update their harmful software through four increasingly desperate attempts, all while being monitored.
This rare look into a nation-state hacking operation highlights both their advanced methods, such as hiding code in unusual ways and their unexpected human errors. This discovery was made through Aikido’ s new, freely available threat detection system.
He added:“ We strongly encourage organisations to familiarise themselves with the threat and mitigation advice included in the advisory to help defend their networks.”
3
4
WWW. INTELLIGENTCISO. COM 25