Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Government. Show all posts
Software
cyber espionage Cyber Phishing Cyber Security Government Linux Kernel organisations Software

Dozens of Government and Infrastructure Networks Breached in Global Espionage Campaign



Security researchers have identified a previously undocumented cyber espionage group that infiltrated at least 70 government and critical infrastructure organizations across 37 countries within the past year. The same activity cluster also conducted wide-scale scanning and probing of government-related systems connected to 155 countries between November and December 2025, indicating a broad intelligence collection effort rather than isolated attacks.

The group is tracked as TGR-STA-1030, a temporary designation used for actors assessed to operate with state-backed intent. Investigators report evidence of activity dating back to January 2024. While no specific country has been publicly confirmed as the sponsor, technical indicators suggest an Asian operational footprint. These indicators include the services and tools used, language and configuration preferences, targeting patterns tied to regional interests, and working hours consistent with the GMT+8 time zone.


Who was targeted and what was taken

Confirmed victims include national law enforcement and border agencies, finance ministries, and departments responsible for trade, natural resources, and diplomatic affairs. In several intrusions, attackers maintained access for months. During these periods, sensitive data was taken from compromised email servers, including financial negotiations, contract material, banking information, and operational details linked to military or security functions.


How the intrusions worked

The initial entry point commonly involved phishing messages that led recipients to download files hosted on a legitimate cloud storage service. The downloaded archive contained a custom loader and a decoy file. The malware was engineered to avoid automated analysis by refusing to run unless specific environmental conditions were met, including a required screen resolution and the presence of the decoy file. It also checked for the presence of selected security products before proceeding.

Once active, the loader retrieved additional components disguised as image files from a public code repository. These components were used to deploy a well known command and control framework to manage compromised systems. The repository linked to this activity has since been taken down.

Beyond phishing, the group relied on known vulnerabilities in widely used enterprise and network software to gain initial access. There is no indication that previously unknown flaws were used. After entry, the attackers employed a mix of command and control tools, web shells for remote access, and tunneling utilities to move traffic through intermediary servers.

Researchers also observed a Linux kernel level implant that hides processes, files, and network activity by manipulating low level system functions. This tool concealed directories with a specific name to avoid detection. To mask their operations, the attackers rented infrastructure from legitimate hosting providers and routed traffic through additional relay servers.

Analysts assess that the campaign focuses on countries with active or emerging economic partnerships of interest to the attackers. The scale, persistence, and technical depth of these operations highlight ongoing risks to national security and essential public services, and reinforce the need for timely patching, email security controls, and continuous monitoring across government networks. 

Read more »
TridentLocker ransomware
contractor breach Cyber Attacks Government ransomware data theft Sedgwick cyberattack TridentLocker ransomware

Sedgwick Confirms Cyberattack on Government Services Unit After TridentLocker Data Theft Claim

 

Sedgwick Claims Management Services Inc. has disclosed that a cyber incident affected one of its subsidiaries in late December, following claims by the TridentLocker ransomware group that it had exfiltrated sensitive company data.

The breach took place on Dec. 30 and involved Sedgwick Government Solutions Inc., a unit that delivers technology-driven claims and risk administration services to U.S. federal agencies.

In response, Sedgwick implemented standard incident containment measures, including isolating impacted systems, engaging external cybersecurity specialists to conduct forensic investigations, and notifying law enforcement authorities and relevant stakeholders.

According to the company, early findings suggest the intrusion was confined to a standalone file transfer system used by the subsidiary. Sedgwick emphasized that there is currently no indication that its primary corporate network or core claims management platforms were compromised.

Sedgwick Government Solutions works closely with several U.S. federal bodies, including the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency. As the investigation progresses, Sedgwick has begun alerting individuals and organizations that may have been affected—a process expected to continue for several weeks as forensic analysis advances.

The company’s confirmation follows assertions from the TridentLocker ransomware group, which claims to have obtained roughly 3.4 gigabytes of data and has threatened to release the information publicly if its demands are not satisfied.

TridentLocker operates using a data extortion strategy that prioritizes stealing and leaking data instead of encrypting victims’ systems.

“TridentLocker hitting a federal contractor serving DHS, ICE, CBP and CISA on New Year’s Eve is a statement,” Michael Bell, founder and chief executive of cybersecurity solutions provider Suzu Labs, told SiliconANGLE via email. “This group only emerged in November and they’re already going after companies that handle sensitive government claims and risk management data. Federal contractors remain high-value targets because attackers know these companies often have less mature security programs than the agencies they serve.”

Bell further noted that Sedgwick’s emphasis on network segmentation is reassuring but cautioned against minimizing the impact. He added that Sedgwick’s response about network segmentation “is what you want to hear, but 3.4 gigabytes from a file transfer system is still meaningful. These systems are designed to move documents between contractors and the agencies they serve and the investigation will determine what was actually in those files.”
Read more »
Technology
Asia Cloud Services Cybersecurity Data protection data sovereignty Europe Geopolitical Cyber Risk Government organisations Technology

Geopolitical Conflict Is Increasing the Risk of Cyber Disruption




Cybersecurity is increasingly shaped by global politics. Armed conflicts, economic sanctions, trade restrictions, and competition over advanced technologies are pushing countries to use digital operations as tools of state power. Cyber activity allows governments to disrupt rivals quietly, without deploying traditional military force, making it an attractive option during periods of heightened tension.

This development has raised serious concerns about infrastructure safety. A large share of technology leaders fear that advanced cyber capabilities developed by governments could escalate into wider cyber conflict. If that happens, systems that support everyday life, such as electricity, water supply, and transport networks, are expected to face the greatest exposure.

Recent events have shown how damaging infrastructure failures can be. A widespread power outage across parts of the Iberian Peninsula was not caused by a cyber incident, but it demonstrated how quickly modern societies are affected when essential services fail. Similar disruptions caused deliberately through cyber means could have even more severe consequences.

There have also been rare public references to cyber tools being used during political or military operations. In one instance, U.S. leadership suggested that cyber capabilities were involved in disrupting electricity in Caracas during an operation targeting Venezuela’s leadership. Such actions raise concerns because disabling utilities affects civilians as much as strategic targets.

Across Europe, multiple incidents have reinforced these fears. Security agencies have reported attempts to interfere with energy infrastructure, including dams and national power grids. In one case, unauthorized control of a water facility allowed water to flow unchecked for several hours before detection. In another, a country narrowly avoided a major blackout after suspicious activity targeted its electricity network. Analysts often view these incidents against the backdrop of Europe’s political and military support for Ukraine, which has been followed by increased tension with Moscow and a rise in hybrid tactics, including cyber activity and disinformation.

Experts remain uncertain about the readiness of smart infrastructure to withstand complex cyber operations. Past attacks on power grids, particularly in Eastern Europe, are frequently cited as warnings. Those incidents showed how coordinated intrusions could interrupt electricity for millions of people within a short period.

Beyond physical systems, the information space has also become a battleground. Disinformation campaigns are evolving rapidly, with artificial intelligence enabling the fast creation of convincing false images and videos. During politically sensitive moments, misleading content can spread online within hours, shaping public perception before facts are confirmed.

Such tactics are used by states, political groups, and other actors to influence opinion, create confusion, and deepen social divisions. From Eastern Europe to East Asia, information manipulation has become a routine feature of modern conflict.

In Iran, ongoing protests have been accompanied by tighter control over internet access. Authorities have restricted connectivity and filtered traffic, limiting access to independent information. While official channels remain active, these measures create conditions where manipulated narratives can circulate more easily. Reports of satellite internet shutdowns were later contradicted by evidence that some services remained available.

Different countries engage in cyber activity in distinct ways. Russia is frequently associated with ransomware ecosystems, though direct state involvement is difficult to prove. Iran has used cyber operations alongside political pressure, targeting institutions and infrastructure. North Korea combines cyber espionage with financially motivated attacks, including cryptocurrency theft. China is most often linked to long-term intelligence gathering and access to sensitive data rather than immediate disruption.

As these threats manifest into serious matters of concern, cybersecurity is increasingly viewed as an issue of national control. Governments and organizations are reassessing reliance on foreign technology and cloud services due to legal, data protection, and supply chain concerns. This shift is already influencing infrastructure decisions and is expected to play a central role in security planning as global instability continues into 2026.

Read more »
Internet
AWS Business Cyber Security Global IT Outage Government Internet

The Fragile Internet: How Small Failures Trigger Global Outages






The modern internet, though vast and advanced, remains surprisingly delicate. A minor technical fault or human error can disrupt millions of users worldwide, revealing how dependent our lives have become on digital systems.

On October 20, 2025, a technical error in a database service operated by Amazon Web Services (AWS) caused widespread outages across several online platforms. AWS, one of the largest cloud computing providers globally, hosts the infrastructure behind thousands of popular websites and apps. As a result, users found services such as Roblox, Fortnite, Pokémon Go, Snapchat, Slack, and multiple banking platforms temporarily inaccessible. The incident showed how a single malfunction in a key cloud system can paralyze numerous organizations at once.

Such disruptions are not new. In July 2024, a faulty software update from cybersecurity company CrowdStrike crashed around 8.5 million Windows computers globally, producing the infamous “blue screen of death.” Airlines had to cancel tens of thousands of flights, hospitals postponed surgeries, and emergency services across the United States faced interruptions. Businesses reverted to manual operations, with some even switching to cash transactions. The event became a global lesson in how a single rushed software update can cripple essential infrastructure.

History provides many similar warnings. In 1997, a technical glitch at Network Solutions Inc., a major domain registrar, temporarily disabled every website ending in “.com” and “.net.” Though the number of websites was smaller then, the event marked the first large-scale internet failure, showing how dependent the digital world had already become on centralized systems.

Some outages, however, have stemmed from physical damage. In 2011, an elderly woman in Georgia accidentally cut through a fiber-optic cable while scavenging for copper, disconnecting the entire nation of Armenia from the internet. The incident exposed how a single damaged cable could isolate millions of users. Similarly, in 2017, a construction vehicle in South Africa severed a key line, knocking Zimbabwe offline for hours. Even undersea cables face threats, with sharks and other marine life occasionally biting through them, forcing companies like Google to reinforce cables with protective materials.

In 2022, Canada witnessed one of its largest connectivity failures when telecom provider Rogers Communications experienced a system breakdown that halted internet and phone services for roughly a quarter of the country. Emergency calls, hospital appointments, and digital payments were affected nationwide, highlighting the deep societal consequences of a single network failure.

Experts warn that such events will keep occurring. As networks grow more interconnected, even a small mistake or single-point failure can spread rapidly. Cybersecurity analysts emphasize the need for stronger redundancy, slower software rollouts, and diversified cloud dependencies to prevent global disruptions.

The internet connects nearly every part of modern life, yet these incidents remind us that it remains vulnerable. Whether caused by human error, faulty code, or damaged cables, the web’s fragility shows why constant vigilance, better infrastructure planning, and verified information are essential to keeping the world online.



Read more »
Technology
Data Centre data service company Government South Korea Technology

Government Operations in Chaos After South Korea Data Centre Fire




A massive disruption has struck South Korea’s government operations after a fire at a national data centre crippled hundreds of digital services, exposing serious weaknesses in the country’s technology infrastructure.

The incident occurred on Friday at the National Information Resources Service (NIRS) in Daejeon, where a blaze broke out during regular maintenance in a server room. The centre is a critical backbone of South Korea’s digital governance, hosting online platforms used by numerous ministries and agencies. Officials confirmed that out of 647 affected government systems, only 62 had been restored as of Monday.


Disruption Across Core Agencies

The outage has impacted major institutions, including Korea Customs, the National Police Agency, and the National Fire Agency, while even the Ministry of the Interior and Safety’s website remained inaccessible at the start of the week. With no clear timeline for complete restoration, authorities continue to work on recovering the systems.

Safety Minister Yun Ho-jung said that services were gradually coming back online, highlighting the return of Government24, the central online portal for public administration, and digital platforms operated by Korea Post. He acknowledged that the outage has caused widespread inconvenience and urged government bodies to cooperate to minimize disruptions as public demand for services increases during the work week.

President Lee Jae-myung publicly apologized for the breakdown, expressing concern that the government had not developed stronger contingency systems despite similar disruptions in the past. He directed ministries to urgently strengthen cybersecurity and propose emergency budgets for backup and recovery systems to prevent future incidents.

Preliminary findings suggest the fire began after a battery explosion in the facility. The battery, produced by LG Energy Solution and maintained by its affiliate LG CNS, was reportedly over ten years old and beyond its warranty period. According to the safety ministry, LG CNS had recommended replacement during an inspection last year, though the batteries continued to function at the time. The company has not issued further comments while investigations are underway.


Citizens Face Real-World Impact

The shutdown of online systems has forced residents to visit local offices in person for routine tasks such as obtaining ID cards, real estate documents, and school application forms.

A 25-year-old resident, Kim, said she had to delay travel plans to collect documents that were normally accessible online. Similarly, Kim Doo-han, 74, said he had to cancel his morning plans to visit a community service centre after hearing about the outage.

Officials working in these centres were seen noting down which services remained unavailable and manually assisting residents— a scene that highlighted the scale of the disruption and the country’s heavy reliance on digital governance.


Experts Warn of Complacency

Technology experts say the incident reflects insufficient preparedness for large-scale system failures. Lee Seong-yeob, a professor at Korea University, said national agencies should never experience such disruptions and urged the government to implement real-time backup and synchronization systems without delay.

As recovery efforts continue, authorities have cautioned that service interruptions could persist for several days. The government has promised to keep citizens informed as restoration progresses.






Read more »
job seekers
apprenticeships Bank Bengaluru Cyber Crime Government Hackers job seekers

Hackers Tamper Govt Portal, Pocket ₹1.4 Lakh in Apprentice Stipends

 



Bengaluru — A government portal designed to support apprenticeships in India has become the latest target of cybercriminals. Hackers reportedly accessed the site and changed the bank details of several registered candidates, redirecting their stipend payments into unauthorized accounts.

The breach took place on the apprenticeshipindia.gov.in website, which is managed by the Ministry of Skill Development and Entrepreneurship. The platform is used by students and job seekers to apply for apprenticeship programs and receive government-backed financial support. Employers also use the site to onboard trainees and apply for partial stipend reimbursements under the National Apprenticeship Promotion Scheme (NAPS).

The issue came to light after a Bengaluru-based training institute, Cadmaxx Solution Education Trust, filed a complaint with the cybercrime police. According to Arun Kumar D, the organization’s CEO and director, the hacking activity spanned several months between January 3 and July 4, during which the attackers managed to manipulate banking information for six enrolled candidates.

Once the fraudulent bank account numbers were entered into the portal, the stipend funds were transferred to accounts held with HDFC Bank, State Bank of India, Axis Bank, and NSDL Payments Bank. The total amount diverted was ₹1,46,073, according to the complaint.

The cybercrime division in West Bengaluru registered an official case on July 26. Police have charged the unidentified perpetrators under multiple sections of the Information Technology Act, including those related to data tampering, unauthorized system access, and identity theft.

A senior officer involved in the case said investigators are working to trace the flow of funds by gathering account details from the banks involved. They are also reviewing server logs and IP addresses to understand how the portal was accessed whether it was through an external cyberattack or due to internal misuse.

Authorities mentioned that, if necessary, the matter will be escalated to CERT-In (Indian Computer Emergency Response Team), which handles major cybersecurity incidents at the national level.

This incident raises serious concerns about the protection of financial and personal data on public service websites, especially those used by students and job seekers. It also highlights the growing trend of hackers targeting official government platforms to exploit funding systems.

Read more »
Telegram
data breach data access Encryption Government Telegram

Telegram Says It Will Quit Markets That Demand User Data Access

 



Telegram, the popular messaging app, has made it clear that it will never allow anyone to read users’ private chats. Its founder, Pavel Durov, recently said that if any government forces the app to break its privacy rules, Telegram will simply stop operating in that country.

Durov shared this message with users through his official Telegram channel on April 21, 2025. He said that, unlike some other tech companies, Telegram refuses to trade privacy for profit. Since it started 12 years ago, the app has never given out private messages to anyone.

This strong response comes after many European countries, especially France, have been pushing for laws that would give police and other authorities access to encrypted messages. Encrypted chats are protected by special codes that make it difficult for anyone else to read them. Governments want tech companies to build “backdoors” — hidden ways to unlock these messages — so law enforcement can look into criminal activities.

France had even proposed a new rule that would force apps like Telegram to help authorities unlock private data when asked. However, this idea was recently turned down. If it had passed, France would have been the first country to remove such privacy rights from its citizens.

Cybersecurity experts say adding backdoors to messaging apps is dangerous. If one group can access these hidden tools, so can others — including hackers or foreign governments. Once security is weakened, it can’t be limited to just one user or one case.

Durov also mentioned that creating backdoors won’t stop criminals. He explained that people with bad intentions will always find other ways to hide, such as using VPNs or less-known secure apps.

In August 2024, French officials arrested Durov and accused him of providing encrypted services to criminals. That case is still being investigated.

Even though the recent proposal was blocked in France, Durov believes that the fight for digital privacy is not over. Some French officials are still in favor of breaking encryption, and other countries, like Sweden, are thinking about passing similar laws by 2026.

The European Union is also working on a plan called ProtectEU, which aims to give authorities more power to access private data. Outside of Europe, the US state of Florida is considering a rule that would make social media apps used by children include encryption backdoors.

Switzerland, a country known for its strong privacy laws, may also change its rules and allow more surveillance. Apple has already removed end-to-end encryption for its iCloud service in the UK under pressure from the government.

Telegram, however, continues to stand its ground. The company says that if it must choose between following such rules or keeping users safe, it will walk away from that market — no matter the cost.



Read more »
Technologies
Cyber Attacks CyberCrime Cybersecurity CyberThreat Government Netskope Technologies

Cyber Threats by Nation-States Surge Beyond Control

 


In recent years, state-sponsored hacker groups have increased their attacks on critical infrastructure, causing great concern across the globe. It has become increasingly evident that these coordinated and sophisticated cyber threats and attacks are posing serious risks to the security and safety of the country as a whole. 

To protect crucial systems such as power grids, healthcare systems, and water treatment plants, strong cybersecurity measures must be implemented to prevent any disruption or manipulation. This underscores the importance of protecting critical infrastructure that needs to be protected. Currently, two-thirds of all cyberattacks that are attributed to a state-backed actor originate in foreign countries. This information lends credence to the warnings from the US Department of Homeland Security that enterprises and public services alike are facing significant threats. 

Netskope, a security firm that conducts research into state-sponsored attacks, has reported a marked increase in attacks in recent years, with the firm alerting this trend does not appear to be waning anytime soon. It has been estimated that the kind of cyberattacks waged by nation-state actors are now constituting one of the largest forms of quiet warfare on the planet, said Netskope's CEO Sanjay Beri. To understand this worldwide escalation, it is necessary to look beneath the surface of the conflict, which shows a lot of different states employing widely disparate cyberattack strategies. 

It seems that due to the current threat landscape, the U.S. administration has made their national unity of effort a priority to keep a critical infrastructure that is secure, accessible, and reliable. For the above threats and attacks to be addressed effectively, international cooperation, strict regulations, and investments in advanced cybersecurity technologies will be needed. 

It is also imperative that we raise public awareness about cyber threats in addition to improving cyber hygiene practices to minimize the risks of state-sponsored cyberattacks on critical infrastructure that pose a significant threat to the public. Additionally, the European Union Agency for Cybersecurity (ENISA), representing the European Union, released an executive summary of 'Foresight Cybersecurity Threats for 2030' which highlights ten of the most dangerous emerging threats for the next decade. 

A review of previously identified threats and trends is provided in this study, which offers insight into the morphing landscape of cybersecurity. The report, it is details that by addressing issues such as supply chain compromises, skill shortages, digital surveillance, and machine learning abuse, it contributes to developing robust cybersecurity frameworks and best practices for combating emerging threats by 2030 by addressing relevant issues such as supply chain compromises, skill shortages, and digital surveillance. 

As a part of its annual cyber security report, the National Cyber Security Centre (NCSC) of the United Kingdom has released a new report which examines the possible impacts of artificial intelligence (AI) on the global ransomware threat which has been on the rise for some time now. A report published by the CERT indicates that in the future, the frequency and severity of cyberattacks might be exacerbated as Artificial Intelligence (AI) continues to gain importance. NCSC advises individuals and organisations to enhance their cybersecurity measures in a proactive manner in order to prevent security threats. 

It is also discussed in the report how artificial intelligence will impact cyber operations in general, as well as social engineering and malware in particular, highlighting the importance of continuing to be vigilant against these evolving threats as they arise. There was an alert raised earlier this summer by the National Cyber Security Centre (NCSC) of the UK, the US, and South Korean authorities regarding a North Korea-linked threat group known as Andariel that allegedly breached organizations all over the world, stealing sensitive and classified technology as well as intellectual property. 

Despite the fact that it predominantly targeted defense, aerospace, nuclear, and engineering companies, it also harmed smaller organizations in the medical, energy, and knowledge sectors on a lesser scale, stealing information such as contract specifications, design drawings, and project details from these organizations. 

In March 2024, the United Kingdom took a firm stance against Chinese state-sponsored cyber activities targeting parliamentarians and the Electoral Commission, making it clear that such intrusions would not be tolerated. This came after a significant breach linked to Chinese state-affiliated hackers, prompting the UK government to summon the Chinese Ambassador and impose sanctions on a front company and two individuals associated with the APT31 hacking group. This decisive response highlighted the nation's commitment to countering state-sponsored cyber threats. 

The previous year saw similar tensions, as Russian-backed cyber threat actors faced increased scrutiny following a National Cyber Security Centre (NCSC) disclosure. The NCSC had exposed a campaign led by Russian intelligence services aimed at interfering with the UK's political landscape and democratic institutions. These incidents underscore a troubling trend: state-affiliated actors increasingly exploit the tools and expertise of cybercriminals to achieve their objectives. 

Over the past year, this collaboration between nation-state actors and cybercriminal entities has become more pronounced. Microsoft's observations reveal a growing pattern where state-sponsored groups not only pursue financial gain but also enlist cybercriminals to support intelligence collection, particularly concerning the Ukrainian military. These actors have adopted the same malware, command and control frameworks, and other tools commonly used by the wider cybercriminal community. Specific examples illustrate this evolution. 

Russian threat actors, for instance, have outsourced some aspects of their cyber espionage operations to criminal groups, especially in Ukraine. In June 2024, a suspected cybercrime group utilized commodity malware to compromise more than 50 Ukrainian military devices, reflecting a strategic shift toward outsourcing to achieve tactical advantages. Similarly, Iranian state-sponsored actors have turned to ransomware as part of their cyber-influence operations. In one notable case, they marketed stolen data from an Israeli dating website, offering to remove individual profiles from their database for a fee—blending ransomware tactics with influence operations. 

Meanwhile, North Korean cyber actors have also expanded into ransomware, developing a custom variant known as "FakePenny." This ransomware targeted organizations in the aerospace and defence sectors, employing a strategy that combined data exfiltration with subsequent ransom demands, thus aiming at both intelligence gathering and financial gain. The sheer scale of the cyber threat landscape is daunting, with Microsoft reporting over 600 million attacks daily on its customers alone. 

Addressing this challenge requires comprehensive countermeasures that reduce the frequency and impact of these intrusions. Effective deterrence involves two key strategies: preventing unauthorized access and imposing meaningful consequences for malicious behaviour. Microsoft's Secure Future Initiative represents a commitment to strengthening defences and safeguarding its customers from cyber threats. 

However, while the private sector plays a crucial role in thwarting attackers through enhanced cybersecurity, government action is also essential. Imposing consequences on malicious actors is vital to curbing the most damaging cyberattacks and deterring future threats. Despite substantial discussions in recent years about establishing international norms for cyberspace conduct, current frameworks lack enforcement mechanisms, and nation-state cyberattacks have continued to escalate in both scale and sophistication. 

To change this dynamic, a united effort from both the public and private sectors is necessary. Only through a combination of robust defence measures and stringent deterrence policies can the balance shift to favour defenders, creating a more secure and resilient digital environment.
Read more »
Subscribe to: Comments (Atom)