September News Recap:
Audio format will be available on both the Steady and Spotify/general publication RSS feed within a week or two of this email. If you’re reading the archived version of this post after 15 October, 2024, the audio version may be attached at the bottom of this (opens in a new window):
🦉 September’s Note:
Hey Everyone! Just catching up on the news you might have missed in September. This is the second half of the most recent newsletter. Apologies for the delay on this one.
Before we get started: I wanted to draw attention to another organization that has recently worked in both Gaza and Ukraine, and continue to put themselves in danger: CADUS, who specialize in medical aid and infrastructure (Opens in a new window).
What’s In The News? - What I’ve Been Reading (Sorry for the delay!)
A lot has already happened, just over a week into October. Here are the most relevant stories from September before we dive into October's developments later this month.
🦉 Rysidia Ransomwares Port of Seattle & Seattle-Tacoma Intl. Airport (Opens in a new window)
By Connor Jones for The Register
The Port of Seattle experienced a ransomware attack carried out by the Rhysida ransomware group, which targeted its IT systems, causing disruptions in services like baggage handling and ticketing. The port refused to pay the ransom, prompting the attackers to threaten the release of stolen data.
🦉 IRLeaks Reaps $3 Mil Ransom After More Attacks On Iranian Companies (Opens in a new window)
By Matthew Karnitschnig for Politico
A massive cyberattack on Iran's banking sector forced the regime to pay a $3 million ransom to the threat actor, IRLeaks to prevent the release of sensitive personal data from 20 banks. The breach, facilitated through an IT service provider, caused banks to shut down cash machines and disrupted financial services across the country. The Iranian government did not publicly acknowledge the attack, fearing it could destabilize the country’s already fragile banking system. As a threat actor, IRLeaks remains extremely capable and elusive.
🦉 Microsoft and DOJ Dismantle Russian Hacking Infrastructure (Opens in a new window)
By Sergiu Gatlan for BLEEPING COMPUTER
Microsoft and the US Department of Justice successfully dismantled over 100 domains used by a threat actor linked to the Russian Federal Security Service (FSB). These domains were primarily used for spear-phishing campaigns targeting US and European entities.
🦉 Entire Dutch National Police Contact Roster Leaked (Opens in a new window)
for DutchNews
A 26/9 data leak exposed the work-related contact information of all 62,000 officers in the Dutch National Police force, including names, email addresses, and phone numbers. The breach occurred through a compromised office account, though the exact method of access is still unknown. While there is no evidence yet that the stolen data has been circulated online, the incident has caused significant concern, particularly for officers involved in covert operations and non-uniformed officers who fear harassment. The most recent coverage of the event says that the police suspect a state-backed threat actor.
🦉 Unauthorized Starlink Gets Navy Chief Court-martialed (Opens in a new window)
By Diana Stancy for MilitaryTimes
Senior enlisted leadership on the USS Manchester secretly installed an unauthorized Starlink Wi-Fi network named “STINKY” for their exclusive use during deployment. Led by then-Command Senior Chief Grisel Marrero, the network allowed the Chiefs to access the internet while regular sailors were restricted. The unauthorized setup posed severe security risks and was concealed using falsified documents. Marrero was court-martialed and reduced in rank for her involvement. Over 15 chiefs faced disciplinary actions for participating in or concealing the network.
🦉 Tenet Media Shut Down In Wake Of Russian Information Campaign Scandal (Opens in a new window)
By Anna Merlan for Mother Jones
Tenet Media abruptly shut down following the widely-reported on Department of Justice indictment that accused it of being secretly funded by Russian state-controlled media employees. Prominent contributors like Tim Pool and Lauren Southern claimed ignorance of the funding source, with Pool stating that the FBI contacted him for a voluntary interview. YouTube deleted Tenet’s channel and related ones operated by co-founder Lauren Chen, claiming it was in efforts to combat coordinated influence operations. Chen’s contract with Blaze TV was also terminated, and her content was removed from Spotify. Tenet’s social media pages remain online but inactive since the indictment.
🦉 Russian APT “Cadet Blizzard” Now Firmly Attributed To GRU (Opens in a new window)
By Andy Greenberg for Wired
The Russian GRU’s Unit 29155, known for physical sabotage and assassinations, has now been confirmed to have integrated cyber warfare into its operations. A relatively recently identified APT, “Cadet Blizzard”, is linked to Unit 29155 and has launched cyber attacks targeting Ukraine, the US, and other countries. The US DOJ indicted five group members, while the State Department offered a $10 million reward for information.
🦉 1 Million NHS Patients’ Data Leaked Online By Qilin Ransomware (Opens in a new window)
By Alexander Martin for Recorded Future
A ransomware attack on NHS hospitals in London exposed the personal data of nearly 1 million patients, including sensitive medical information. The Qilin ransomware group published the stolen data, which includes pathology forms describing intimate health conditions. The attack also disrupted blood testing services in the UK. Synnovis, the service provider responsible for protecting this data, continues to investigate the incident, and legal actions have been taken to limit the dissemination of the stolen information.
🦉 Chinese State-Backed Threat Actors Extend “Salt Typhoon” Campaign to US Telecoms (Opens in a new window)
By Ravie Lakshmanan for The Hacker News
Chinese state-backed hackers infiltrated major U.S. internet service providers and telecommunications companies, targeting critical infrastructure systems through unpatched vulnerabilities. These breaches are part of a broader espionage campaign aimed at accessing sensitive data and potentially disrupting communications, particularly within the defense sector. The attackers sought to establish long-term access to critical networks, which could be exploited in future conflicts or for ongoing intelligence gathering. The operation reflects China's strategic goal of undermining U.S. cybersecurity defenses and gathering critical intelligence.
🦉 Arkansas City Water Treatment Utilities Shut Down In Cyber Attack (Opens in a new window)
By Pierluigi Paganini for Security Affairs
A recent cyberattack targeted a water treatment facility in Arkansas City, disrupting its operations. The attack compromised systems that manage water treatment processes, potentially affecting the safety and supply of water to residents. While city officials responded quickly to contain the breach and investigate its origins, the incident shows the US’ ongoing struggle with cybersecurity vulnerabilities in critical infrastructure.
🦉 Ukraine Bans Telegram For Government And Military Personnel (Opens in a new window)
By Ravie Lakshmanan for The Hacker News
Ukraine has banned the use of Telegram for government employees, military personnel, and critical infrastructure workers due to security concerns over Russian surveillance and cyber espionage. The decision came after intelligence reports indicated that Russian state actors were exploiting the platform to monitor communications and conduct cyber operations. This move is part of broader cybersecurity measures to protect sensitive communications in the face of ongoing threats from Russian hackers.
🦉 US Proposes Ban On Chinese IoT Software And “Connected” Cars (Opens in a new window)
By David Shepardson for Reuters
The U.S. is preparing to propose a ban on Chinese-made software and hardware in connected vehicles, citing national security concerns. This move is aimed at preventing potential cyber threats from Chinese technology embedded in American transportation systems. The proposal follows rising tensions between the U.S. and China over technological and economic dominance, as well as growing worries about data privacy and cybersecurity risks in the automotive industry.
Before I go guys, I just wanted to thank you again for your patience! I have taken a lot of steps towards changing the workflow that I hope will become more apparent as 2024 starts to close out.
I’ll always welcome you to check out some of what I have going on with the other platforms. (Opens in a new window) There is a new push to develop content on them, particularly audio and video content that I’ll be excited to share with you.
As always, stay safe! And 🦉Hail Moloch!🦉