Search Results for “Cyberscoop”

March 10, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
IT Network of European Electricity Markets Coordinating Organization Was Hacked, Breach Did Not Affect Operational Systems

The European Network of Transmission System Operators for Electricity (ENTSO-E), an organization that ensures coordination of European electricity markets and whose members include sizeable electric transmission operators across the continent, said its IT network had been compromised in a cyber intrusion. The affected office network is not connected to any operational electric transmission system, ENTSO-E said, meaning the attack was confined to IT systems and did not impact critical control systems. Some ENTSO-E members say they are investigating the breach.

Related: ENTSO-E

Tweets:@snlyngaas @tuomorusila @malwarejake

April 21, 2020
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
Supreme Court Agrees to Take Case That Could Clarify What Constitutes Unauthorized Computer Access Under CFAA

The Supreme Court agreed to take up a case that may finally clarify the uncertainty surrounding the 1986 Computer Fraud and Abuse Act, legislation that has been interpreted differently across the various judicial circuits, confusing what constitutes unauthorized access to a computer. The case the Court agreed to hear involves a police sergeant Nathan Van Buren who was convicted of violating the CFAA by searching police records on behalf of an acquaintance who offered him cash – the acquaintance turned out to be part of a police sting. Yet as a police officer, Van Buren had every legal right to access the police records and was not engaging in “unauthorized” access of the computer, his attorneys argue.

Related: iTnews – Security, The Seattle Times, Fifth Domain | CyberLaw360, iTnews – Security, The Register – Security, Reason


May 29, 2020
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
Magistrate Judge Rules That Capitol One Must Turn Over Mandiant’s Forensic Report Related to 2019 Breach

U.S. Magistrate Judge John Anderson n the U.S. District Court for the Eastern District of Virginia ruled that Capital One must allow plaintiffs to review Mandiant’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. Anderson said the report, prepared by Mandiant, was the result of a business agreement, and that the legal doctrine argument was “unpersuasive.” The report is expected to detail “engagement activities, results, and recommendations for remediation” stemming from the breach announced in July 2019.

May 14, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
UK Electricity Load Balancing Company Elexon Said Cyberattack Hit Internal Computers Cutting Off Employee Email Access

UK electricity load balancing company Elexon said that a cyberattack had hit its internal computers, cutting off email access for employees. The attack hit Elexon’s corporate IT network and didn’t hit the industrial control part of its infrastructure. The electricity supply was not affected, and the company said it had identified the root cause of the attack and is taking steps to restore affected internal systems.

Related: Elexon, ZDNet Security, The State of Security, Forbes, IT Pro, CyberSecurity Help s.r.o., Verdict, TechNadu, CISO MAG, SecurityWeek, The Guardian

Tweets:@emilygosden @ELEXONUK @ELEXONUK @shah_sheikh @markaorlando @ng_eso

Elexon: BSC Bulletin 336 – ELEXON’s internal IT systems have been impacted by a cyber attack
ZDNet Security: UK electricity middleman hit by cyber-attack
The State of Security: UK Power Grid Network Middleman Struck by Digital Attack
Forbes : Cyber Attack On U.K. Electricity Market Confirmed: National Grid Investigates – Forbes
IT Pro: Key UK energy company hit by cyber attack | IT PRO
CyberSecurity Help s.r.o.: UK key energy market player Elexon hit by cyber attack
Verdict: Elexon cyberattack: No blackout but supply chain vulnerability exposed
TechNadu: “ELEXON” Announced Security Incident but Crucial Services Remain Up
CISO MAG: UK’s Electricity Body Elexon Suffers Cyberattack
SecurityWeek: UK Electricity Market Administrator Elexon Targeted by Hackers
The Guardian: Lights stay on despite cyber-attack on UK’s electricity system 

@emilygosden: Yikes. National Grid's control room business @ng_eso, which is responsible for keeping the lights on, tells me it's investigating "any potential impact on our own IT networks" after this cyber-attack on Elexon, which ESO technically owns and works with closely...
@ELEXONUK: Our internal IT systems have been impacted by a cyber-attack. BSC Central Systems and EMR are currently unaffected. Please note that we are currently unable to send or receive any emails. See more information here: Apologies for any inconvenience.
@ELEXONUK: Update on our internal IT issues: We have identified the root cause of a cyber attack and are working to resolve the issue. BSC Systems (and their data) and EMR are currently unaffected and working as normal. Please see this notice for more information:
@shah_sheikh: Cyberattack hits internal IT systems of key player in British power market: Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for…
@markaorlando: Cyberattack hits British electricity intermediary Elexon: “While the cyberdefense of utilities that deliver electricity often get public attention, the attack on Elexon is an example of how lesser-known players in the power market also face threats.”
@ng_eso: We’re aware of a cyber attack on ELEXON’s internal IT systems. We’re investigating any potential impact on our own IT networks. Electricity supply is not affected. We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats.

April 17, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Czech Cybersecurity Authorities Issue Advisory Warning About Attacks on Health Care Facilities, Two Czech Hospitals Report Foiled Cyberattacks

The Czech government’s principal cybersecurity agency on Thursday said a recent spearphishing campaign could indicate that “the preparatory phase” of attacks on IT systems and health care facilities. The advisory issued by the cyber agency requires operators of critical infrastructure and major IT systems to heed the warning and take defensive measures. On Friday, two hospitals in the Czech Republic, the university hospital in the eastern Czech city of Ostrava and a hospital in the eastern city of Olomouc, reported attempted unsuccessful attacks on their computer systems.

May 27, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
German Government Warns That Russian State-Backed Hacking Group Berserk Bear Continues to Attack Critical Infrastructure

A hacking group called Berserk Bear, which some analysts believe works on behalf of Russia’s FSB intelligence agency, has continued long-running efforts to target German critical infrastructure companies, according to a confidential German government advisory. The group has been using the supply chain to access the IT systems of German energy, water and power companies, according to the alert from the BSI, BND, and BfV federal agencies. Berserk Bear is best known in the U.S. for a years-long campaign to collect data on U.S. energy companies, which the Trump administration blamed on the Russian government in 2018,

March 30, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
HackerOne Kicks Mobile Voting App Voatz to the Curb Citing Company’s Hostile Relationships With Security Researchers

For the first time in its history, bug bounty facilitator HackerOne has booted a company off its list of participants, kicking mobile voting provider Voatz to the curb, citing its hostile relationships with security researchers. The decision comes after Voatz assailed the motives of MIT researchers who found vulnerabilities in the Voatz app they said could be exploited to “alter, stop, or expose a user’s vote.”

Related: Dark Reading

Tweets:@kimzetter @kimzetter @gregotto @robpegararo @konklone

March 26, 2020
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
In Rare Move, Russian Authorities Bust Cybercriminals Who Allegedly Ran Dark Web Marketplaces, Twenty-Five People Arrested

In a rare Russian law enforcement action against cybercriminals, Russia’s Federal Security Service (FSB), on March 20, arrested 25 people, including Russians and Ukrainian and Lithuanian citizens, for their alleged roles in a digital identity theft ring. The accused criminals were allegedly running a dark web marketplace called BuyBest, or GoldenShop, and dozens of corresponding “mirror” websites, according to an alert from the threat intelligence firm Gemini Advisory. Alexey Stroganov, an accused hacker who went by the name “Flint24,” was among those arrested, according to a court file posted on a Moscow city website.

March 25, 2020
Shannon Vavra / Cyberscoop

Shannon Vavra / Cyberscoop  
Sweeping Espionage Campaign by China’s APT41 Targeted 75 Organizations in Nearly Every Economic Sector

A sweeping Chinese cyberespionage campaign launched by the country’s APT41 threat group lasted between January 20 and March 11 and targeted 75 organizations in nearly every economic sector using multiple exploits, researchers at FireEye said. The campaign encompassed organizations in the telecommunications, healthcare, government, defense, finance, petrochemical, manufacturing, and transportation and sectors, targeting targeted nonprofit, legal, real estate, travel, education, and media organizations as well. APT41 identified victims by going after vulnerabilities in Citrix’s Application Delivery Controller (ADC), Cisco’s routers, and Zoho’s ManageEngine Desktop Central. The reason for these attacks is unclear, but the likely explanation for the broad targeting is that APT41 is working to set current and future collection requirements.

Related: Threat Research Blog, Infosecurity Magazine, Reddit, Reuters,, Threatpost, SC Magazine,, NS Tech, Security Affairs, Homeland Security Today, TechTarget, Big News Network, South China Morning Post, The Chosun Ilbo, The Hill: Cybersecurity, Engadget, iTnews – Security, New Statesman, CSO Online

Tweets:@cglyer @bing_chris @bing_chris

Threat Research Blog: This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
Infosecurity Magazine: APT41 Exploited Cisco, Citrix and Zoho Bugs in Wide-Ranging Campaign
Reddit – cybersecurity: This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
Reuters: U.S. cybersecurity experts see recent spike in Chinese digital espionage Chinese Hackers Use Cisco, Citrix, Zoho Exploits In Targeted Attacks
Threatpost: Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign
SC Magazine: APT41 activity down during China COVID-19 quarantines; massive campaign undeterred | SC Media China Suspected In Surge Of US Cyberattacks
NS Tech: Threat group APT41 launches “broadest Chinese campaign in years”
Security Affairs: China-linked APT41 group exploits Citrix, Cisco, Zoho flaws
Homeland Security Today: Chinese Threat Actor APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
TechTarget: China’s APT41 attacks Citrix ADC flaws in cyberespionage campaign
Big News Network: U.S. cybersecurity experts see recent spike in Chinese digital espionage
South China Morning Post: US cybersecurity experts see spike in Chinese digital espionage
The Chosun Ilbo: U.S. Cybersecurity Experts See Recent Spike in Chinese Digital Espionage
The Hill: Cybersecurity: Experts report recent increase in Chinese group’s cyberattacks
Engadget: Chinese digital spying is becoming more aggressive, researchers say
iTnews – Security: US cybersecurity experts see recent spike in Chinese digital espionage
New Statesman : Chinese threat group APT41 launches “broadest campaign in years”
CSO Online: Chinese hacker group APT41 uses recent exploits to target companies worldwide

@cglyer: BREAKING: APT41 initiated a multi-month global campaign at over 75 @FireEye customers attempting to exploit Internet facing systems using recently released exploits for Citrix NetScaler/ADC, Cisco Routers & Zoho ManageEngine.
@bing_chris: Updated - CHINESE GOV STATEMENT:"China is a defender of cybersecurity and a victim of cybercrime and cyberattack. From the case of Snowden, some countries carried out the largest scale and indiscriminate cybercrime activities around the world ... "
@bing_chris: Continued: ... "But it’s confusing that American cyber security companies rarely report them."

May 12, 2020
Shannon Vavra / Cyberscoop

Shannon Vavra / Cyberscoop  
FBI, DHS and Cyber Command Release Reports About North Korean Malware to Help Critical Infrastructure Sectors Ward Off Threats

The FBI, the Department of Homeland Security, and U.S. Cyber Command have released reports about North Korean malware to help companies fend off hackers to boost cyber-defenses in critical infrastructure sectors. Documents released by the government arms contain twenty-six malware analysis reports (MARs), details activity from a North Korean hacking group called Hidden Cobra. Twenty-two of the malware samples are from the same family known as “Manuscrypt,” which have been used to target a variety of payment systems, including the Society for Worldwide Interbank Financial Telecommunication (SWIFT) monetary transfer system.

Related: US-CERT, ZDNet

Tweets:@shanvav @CNMF_VirusAlert @CNMF_VirusAlert @ericgeller @campuscodi