Pierluigi Paganini May 26, 2023
New CosmicEnergy ICS malware threatens energy grid assets

Experts detailed a new piece of malware, named CosmicEnergy, that is linked to Russia and targets industrial control systems (ICS).  Researchers from Mandiant discovered a new malware, named CosmicEnergy, designed to target operational technology (OT) / industrial control system (ICS) systems. The malicious code was first uploaded to a public malware scanning service in December 2021 by […]

Pierluigi Paganini February 24, 2023
UK won the Military Cyberwarfare exercise Defence Cyber Marvel 2 (DCM2)

Defence Cyber Marvel 2 (DCM2) is the largest Western Europe-led cyber exercise that took place in Tallinn with 34 teams from 11 countries. The Defence Cyber Marvel 2 (DCM2) is the largest training exercise organised by the Army Cyber Association to allow personnel from across the Armed Forces to build their skills within the cyber […]

Pierluigi Paganini January 31, 2023
Pro-Palestine hackers threaten Israeli chemical companies

Threat actors are targeting Israeli chemical companies operating in the occupied territories, security experts warn. Threat actors have launched a massive hacking campaign aimed at Israeli chemical companies operating in the occupied territories. A group, named Electronic Quds Force, is threatening companies’ engineers and workers and are inviting them to resign from their positions. The […]

Pierluigi Paganini September 13, 2022
Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel

The hacktivist collective GhostSec claimed to have compromised 55 Berghof PLCs used by Israeli organizations. Pro-Palestinian Hacking Group GhostSec claimed to have compromised 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a Free Palestine campaign. On September, 4th, 2022, GhostSec announced on social media and its Telegram channel that it has compromised […]

Pierluigi Paganini August 16, 2022
Clop gang targeted UK drinking water supplier South Staffordshire Water

A cyber attack disrupted the IT operations of South Staffordshire Water, a company supplying drinking water to 1.6M consumers daily. South Staffordshire Water has issued a statement confirming the security breach, the company pointed out that the attack did not impact the safety and water distribution systems. South Staffordshire Water plc known as South Staffs […]

Pierluigi Paganini August 15, 2022
VNC instances exposed to Internet pose critical infrastructures at risk

Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC). Virtual Network Computing (VNC) is a graphical desktop-sharing system that leverages the Remote Frame Buffer (RFB) protocol to control another machine remotely. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a […]

Pierluigi Paganini July 15, 2022
Tainted password-cracking software for industrial systems used to spread P2P Sality bot

Dragos researchers uncovered a small-scale campaign targeting industrial engineers and operators with Sality malware. During a routine vulnerability assessment, Dragos researchers discovered a campaign targeting industrial engineers and operators with Sality malware. Threat actors behind the campaign used multiple accounts across several social media platforms to advertise password-cracking software for Programmable Logic Controller (PLC), Human-Machine […]

Pierluigi Paganini June 06, 2022
Microsoft seized 41 domains used by Iran-linked Bohrium APT

Microsoft’s Digital Crimes Unit (DCU) announced the seizure of domains used by Iran-linked APT Bohrium in spear-phishing campaigns. Microsoft’s Digital Crimes Unit (DCU) announced to have taken legal action to disrupt a spear-phishing operation linked to Iran-linked APT Bohrium. The IT giant has seized the domains used by the threat actors employed in its attacks aimed […]

Pierluigi Paganini April 14, 2022
US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

The US government agencies warned of threat actors that are targeting ICS and SCADA systems from various vendors. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) published a joint Cybersecurity Advisory (CSA) to warn of offensive capabilities developed by […]

Pierluigi Paganini April 12, 2022
Russia-linked Sandworm APT targets energy facilities in Ukraine with wipers

Russia-linked Sandworm APT group targeted energy facilities in Ukraine with INDUSTROYER2 and CADDYWIPER wipers. Russia-linked Sandworm threat actors targeted energy facilities in Ukraine with a new strain of the Industroyer ICS malware (INDUSTROYER2) and a new version of the CaddyWiper wiper. According to the CERT-UA, nation-state actors targeted high-voltage electrical substations with INDUSTROYER2, the variant analyzed by […]