The government detected cyber attacks against the FPS Home Affairs and Defence. They "significantly affected our sovereignty, democracy, security and society," according to the press release. According to the Ministry of Foreign Affairs, both attacks can be linked to Chinese hacker groups. The hackers had access to the network at the Interior for two years. The Center for Cybersecurity (CCB) had previously suggested that the attack appeared to be the work of an intelligence agency. Due to the cyber attack at Defense, the network was cut off from the internet for weeks and mail traffic with the outside world was interrupted.  Read more about it: here

La cyberattaque lancée contre le groupe Caisse Centrale de Réassurance vient d’être publiquement revendiquée par un groupe inconnu à ce jour, dit « Lilith ». Il menace de divulguer plus de 1 To de données. Read more about it: here

Germany's Green political party was the victim to a large-scale cyberattack last week. The attackers gained access to the party's IT infrastructure and the party's internal platform called "Green network". The members of the political party use this platform to exchange about the ongoing negotiations within the coalition. Members’ email accounts were impacted as well as some of the party’s leaders. During the attack, several emails were allegedly forwarded to an external server. No malicious actor has yet claimed responsibility for the attack. However, without having technical details of the attack, it could be that a state-sponsored malicious actor was behind the attack. An investigation was conducted by the Federal Office for It Security (BSI) and a private company specializing in cybersecurity to obtain more information about the attack. Read more about it: here

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched Follina vulnerability. According to researchers at Proofpoint, statesponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-based exploit at U.S. and E.U. Proofpoint researchers spotted the attacks and believe the adversaries have ties to a government, which it did not identify. The malicious attachment targets the remote code execution bug CVE-2022-30190 , dubbed Follina. Read more about it: here

While tracking the mobile banking trojan FluBot, F5 Labs recently discovered a new strain of Android malware which we have dubbed “MaliBot”. While its main targets are online banking customers in Spain and Italy, its ability to steal credentials, cookies, and bypass multi-factor authentication (MFA) codes, means that Android users all over the world must be vigilant. Some of MaliBot’s key characteristics include: ... Read more about it: here

The Ukraine’s computer emergency response team (CERTUA), in collaboration with researchers from ESET and Microsoft, last week foiled a cyberattack on an energy company that would have disconnected several high-voltage substations from a section of the country’s electric grid on April 8. The attack, by Russia’s infamous Sandworm group, involved the use of a new, more customized version of Industroyer, a malware tool that the threat actor first used in Dec. 2016 to cause a temporary power outage in Ukraine’s capital Kyiv. In addition to the ICS-capable malware, the latest attack also featured destructive disk-wiping tools for the energy company’s Windows, Linux, and Solaris operating system environments that were designed to complicate recovery efforts.   Read more about it: here

Iberdrola, a Spanish energy provider, has suffered a data breach affecting over one million customers, local reports suggest. The company is headquartered in Bilbao and is the parent company of Scottish Power. They have reported that the attack took place on March 15 this year. The breach reportedly resulted in the theft of customer ID numbers, phone numbers and home and email addresses. Fortunately, it does not seem as if financial information was stolen. Read more about it here.

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerability. Read more about it here.

An international law enforcement operation has seized the servers of VPNLab.net, a virtual private network provider that advertised its services on the criminal underground and catered to various cybercrime groups, including ransomware gangs. CYBER THREAT INTELLIGENCE –NEWSLETTER – 2021/01/19 Europol said it seized 15 servers operated by the VPNLab team in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US, and the UK. No arrests were announced, but the company’s services were rendered inoperable, and its main website now shows a Europol seizure banner.   Read more about it here.

Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks. "This new malware erases user data and partition information from attached drives," ESET Research Labs explained. "ESET telemetry shows that it was seen on a few dozen systems in a limited number of organizations." While designed to wipe data across Windows domains it's deployed on, CaddyWiper will use the DsRoleGetPrimaryDomainInformation() function to check if a device is a domain controller. If so, the data on the domain controller will not be deleted.  Read more about it here.