12 December 2023

7 min read

UK and US sanction Russian FSB cyber operatives | Cyber Intelligence Briefing: 12 December

December 2023
Cyber Briefing News

 

Top news stories this week

  1. I spy. UK and US sanction Russian FSB hackers over espionage campaign.
  2. Out of date. Hackers compromise US government servers through unpatched software.  
  3. Microsoft security shake-up. Microsoft appoints new CISO. 
  4. Nissan notifications. Nissan proactively warns customers of potential data breach.
  5. Hold the phone. FBI issues guidance on how to request delay for SEC incident disclosure.
  6. Appear offline? Law enforcement rumored to have taken ALPHV/BlackCat’s leak site offline. 

Listen to the Cyber Intelligence Briefing

New call-to-action New call-to-action New call-to-action New call-to-action

1. UK and US sanction Russian FSB cyber operatives

Two Russian nationals have been sanctioned for their roles in carrying out espionage operations on behalf of Russia’s foreign intelligence service. The individuals are part of a group known as Star Blizzard, which has conducted spear phishing campaigns against high profile political figures and government officials, as well as executives in civil society organisations and critical infrastructure facilities, using the open-source EvilGinx framework. Often, the group gains access through personal email addresses.

So what?

High risk individuals should be extremely vigilant to unsolicited email approaches and avoid correspondence over private email accounts which may have less protection than corporate accounts.

[Researcher: Adelaide Parker] 


2. Hackers use Adobe ColdFusion exploit to gain access to US government systems  

Two US federal systems were breached after threat actors exploited the Adobe ColdFusion (CVE-2023-26360) vulnerability to perform reconnaissance. A patch for the vulnerability had been published in March but, in both instances, unpatched versions of the software were still running on public facing web servers. CISA has also released an advisory warning of its continued exploitation by threat actors.

So what?

Hackers frequently look to exploit older, overlooked vulnerabilities to gain initial entry into a victim’s environment. It is crucial to upgrade vulnerable software and prioritise the patching of web facing systems.

[Researcher: Adelaide Parker]


3. Microsoft announces new CISO as part of security shake-up

In an overhaul of its security team, Microsoft has replaced its Chief Information Security Officer (CISO) and deputy CISO. The decision to restructure comes in the wake of recent security breaches, such as the GitHub data exposure and a Chinese government-backed hack which compromised US government email accounts.

So what?

This organisational shift comes as Microsoft looks to incorporate AI for advanced threat modelling and automation.

[Researcher: Amy Gregan]

 

Download now

 

4. Nissan proactively notifies customers of breach as 23andMe fallout continues

Carmaker Nissan is investigating a cyber incident impacting its operations in Australia and New Zealand. The auto manufacturer has cautioned customers about potential scams and is providing updates through its website.

Separately, the impact of the data breach at genetic testing company 23andMe continues to expand. In October, the company reported an impact to 14,000 customers, but after further investigation, the company confirmed that the breach affected 6.9 million users, representing half of the organisation’s customers.

So what?

Effective and prompt communication in the face of a cyber incident helps to minimise reputational risk. The impact can be even worse for organisations hosting high-value sensitive information.

[Researcher: Amy Gregan]


5. FBI issues guidance on requesting delay to SEC incident disclosures 

The FBI has issued guidance on how companies can request delays to reporting on the grounds of national security or public safety for reporting cyber incidents. Under the controversial new SEC regulations which come into effect on 18 December, listed companies will be required to report “material” cyber security incidents within four business days.

So what?

Organisations should ensure they are aware of their varying reporting requirements across all the jurisdictions in which they operate and consider engaging external legal counsel in the event of a breach.

[Researcher: Aditya Ganjam Mahesh]


6. ALPHV/BlackCat’s leak site offline amid rumours of law enforcement operation

S-RM has observed that the ALPHV/BlackCat leak site has been offline since Thursday morning, disrupting aspects of the threat actor's operations and ongoing negotiations. Rumors among researchers suggest that a law enforcement operation has caused this interruption in the ransomware gang's activities, whose infrastructure remains disrupted at the time of writing.

So what?

When law enforcement succeeds in takedowns, they might be able to develop decryption keys to share with recent victims. However, it's crucial for affected organisations to still pursue alternative recovery plans, especially when threat actors are offline.

[Researcher: Aditya Ganjam Mahesh]

SUBSCRIBE TO RECEIVE OUR WEEKLY CYBER THREAT INTELLIGENCE BRIEFING VIA EMAIL

The S-RM Cyber Intelligence Briefing is a weekly round-up of the latest cyber security news, trends, and indicators, curated by our intelligence specialists.

To discuss this briefing or other industry developments, please reach out to one of our experts.

Editors

Share this post

Subscribe to our insights

Get industry news and expert insights straight to your inbox.