Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label National Cyber Security. Show all posts
Pakistan Hacker
Cyber Attacks Cyber Crew Cyber Hacking Cyberhackers CyberThreat Dark Web Digitl war Hacktivist group India National Cyber Security Pahalgam Attack Pakistan Hacker

Cybersecurity Agencies on High Alert as Attacks Spike After Pahalgam Incident



A rising tension between India and Pakistan has resulted in an intensified digital war, whose hacktivist groups have launched coordinated cyber offensives targeting government systems and critical infrastructure as a result of increasing tensions between the two countries. The attacks, which are fueled by geopolitical conflict, have expanded beyond the immediate region. 

A report suggests that hacktivist collectives from Asia, the Middle East, and North Africa (MENA) have united to disrupt the Indian cyber ecosystem, according to the report. There was a tragic incident on April 22, when armed terrorists shot a group of tourists in Pahalgam, the serene hill town in Kashmir administered by the Indian government, which was the trigger for this wave of activity. 

According to researchers from NSFOCUS, there had been an immediate and significant surge in cyber activity, which shook the nation. In the aftermath of the attack, cyber activity on both sides of the border intensified. It appears that the initial wave of cyberattacks has stabilised, however, cybersecurity threats persist. India witnessed an increase of 500% in targeted cyber intrusions, and Pakistan faced a rise of 700%. It was reported recently that several Pakistani hacker groups have attempted to breach Indian websites as part of an ongoing digital aggression campaign. 

The Indian cybersecurity agencies have responded robustly to these attempts, which have successfully detected and neutralised most of these threats, despite their efforts to undermine this. According to the reports, hacker collectives such as 'Cyber Group HOAX1337' and 'National Cyber Crew' have targeted websites belonging to the Army Public Schools in Jammu in the past. 

In their attempt to deface the websites, the attackers mocked the victims of the Pahalgam terror attack, which was widely condemned as both distasteful and inflammatory. As a result of the rise in cyber hostilities, we have seen the importance of digital warfare in modern geopolitical conflicts grow. This highlights the need for enhanced cyber vigilance and cross-border security collaboration that must be enhanced. 

The cyber threat landscape has intensified further since India launched Operation Sindoor in retaliation for a military operation targeting suspected terror camps across the border. It has been estimated that the launch of Operation Sindoor on May 7 has resulted in a sharp increase in malicious cyber activity as a result of these attacks, as reported by cybersecurity researchers at Radware and Cyble. 

As a result of the coordinated attacks conducted by hacktivist groups from across the eastern hemisphere, a substantial surge in cyber attacks was recorded on that day alone, with dozens of hacktivist groups actively participating. The Indian government, already dealing with the aftermath of the Pahalgam terror attack, which took place on April 22, has become the primary target of these attacks. Several threats have been launched against Indian institutions by groups aligned with pro-Pakistan and Bangladeshi interests, as well as with groups aligned with pro-Bangladeshi interests.

Technisanct, a cybersecurity firm based in Kochi, released a report recently in which they noted that there has been a steady increase in offensive operations against government infrastructure, educational platforms, and public services. In various online forums and dark web communities, this wave of cyber aggression has been informally referred to as #OpIndia. 

In many ways, the campaign resembles past hacktivist movements which targeted nations like Israel and the United States, usually motivated by ideological motives, but not necessarily sophisticated enough to threaten the nation's security. The current attacks, experts caution, however, demonstrate a coordinated approach to threats, where threat actors are using both denial-of-service DosS) and defacement attacks to spread propaganda and disrupt networks. 

A sustained cyber battle has been waged between India and Pakistan, marked by both nationalist fervour and geopolitical tension as part of the India-Pakistan conflict, which has clearly evolved into a digital dimension of the conflict. Indian cybersecurity agencies must remain vigilant as they attempt to counter these persistent threats through proactive monitoring and rapid incident response, along with strengthened defensive protocols. 

It was decided by Prime Minister Narendra Modi to convene a cabinet committee on security (CCS) on April 30, 2025, to assess the evolving security situation in Jammu and Kashmir amid rising tensions in the region. During the high-level meeting, which took place at the Prime Minister's official residence on Lok Kalyan Marg, members of the national security apparatus, including Rajnath Singh, Amit Shah, and S. Jaishankar, were present, as well as key national security officials. 

In the discussion, Jaishankar discussed the recent wave of violence in the Kashmir Valley, concerns about cross-border security, and the threat of cyberattacks from hostile actors, as well as the threat of cyberterrorism. The Pakistani government has issued a provocative statement warning of a possible Indian military attack within a 24 to 36-hour window, which is similar to the one issued by Pakistan in a provocative statement. 

According to what Islamabad called credible intelligence, New Delhi is preparing to launch retaliatory strikes. The allegations of Pakistan's involvement in the Pahalgam terror attack of April 22 are supposedly based on unsubstantiated accusations. There has been public criticism of India's fabrication of an offensive narrative by Pakistan's Federal Minister for Information, Attaullah Tarar, cautioning that any such move would result in serious consequences if followed. 

It has been revealed that diplomatic and military signals have increased the level of tension in the existing volatile situation, with both sides locked in a tense standoff that spans both physical and virtual borders. There has been news that threat actors have attempted to deface the official website of Armoured Vehicle Nigam Ltd, which is another indication of the intensification of cyberhostility. It is a public sector company operated by the Ministry of Defence. 

It was reported that the attackers defaced the website by showing images associated with Pakistan, including the national flag and images of the 'Al Khalid' battle tank, an act that was seen as both provocative and symbolic by officials. This development has spurred the Indian cybersecurity agencies and expert teams to increase their real-time monitoring of the digital landscape, as a result of which they are concentrating their efforts on identifying threats that have been linked to Pakistani state-sponsored or affiliated groups. 

The authorities have confirmed that this increased surveillance is part of a greater effort to avert further attacks as well as neutralise any new threats that may arise. To counter the increasing wave of cyberattacks, a series of robust countermeasures is being put in place to strengthen the nation's digital security posture in response. For example, fortifying critical infrastructure, strengthening incident response protocols, and increasing online platform resilience across key industries are all examples of strengthening the nation's digital security posture. 

There was no doubt that the authorities were concerned that these proactive actions were aimed at ensuring India's defence and civilian systems were protected as well as that India's digital frontline was prepared to repel and withstand future cyberattacks as well. It has become increasingly apparent that cyberwarfare has become a central theatre of geopolitical rivalry in the modern world as the contours of contemporary conflict continue to evolve. 

Digital infrastructure, in the same way that physical borders play a crucial role in national security, has recently been heightened by several recent developments, and this serves as a reminder to all of us. Because of this, India needs to enhance its investments in advanced cybersecurity capabilities, establish strong public-private partnerships, and establish a comprehensive national cyber defence strategy that is both responsive and flexible. 

To isolate and neutralise transnational cyber threat actors, it is not only necessary to implement technical fortification but also to conduct strategic diplomacy, share intelligence, and engage in international cooperation. It will be crucial to cultivate a culture of resilience, both at the institutional and individual levels, by cultivating cyber awareness. 

With the increasingly contested digital frontier, India must remain proactive, unified, and forward-thinking at all times if it is to ensure that it is secured, sovereign, and fully “digitally self-reliant” as the threat of hybrid threats rises.
Read more »
Russian Hackers
Cyber Crime Cyber Crime Report Hackers Arrested National Cyber Security Russian Hackers

Russian hacker arrested in US who may have information about Russian interference in American elections

According to Bloomberg sources in the Russian and American security and intelligence agencies, Klyushin is a Kremlin insider and even a year and a half ago received a state award from Putin, the Order of Honor.

They added that Klyushin has access to documents that relate to the Russian campaign to hack the servers of the Democratic Party during the US elections in 2016. According to them, these documents confirm that the hacking was carried out by a group of hackers from the GRU, which is known under the names Fancy Bear and APT28. In addition, some sources expressed the opinion that Klyushin has access to secret records of other high-ranking GRU operations abroad. All this can make Klyushin a useful source of information for the US authorities, especially if he asks the court for leniency.

Another argument that Klyushin has this valuable information for the U.S. is that his subordinate at M13 was former ex-GRU operative Ivan Yermakov. In 2018, he was one of the defendants accused of hacking into the computer systems of the Democratic Party.

Recall that on December 19, Switzerland extradited Klyushin to the United States. He is suspected of illegal trading in securities worth tens of millions of dollars. Klyushin is the head of the M13 company, which has developed the Katyusha media monitoring system for the Ministry of Defense and the Presidential Administration.

In 2017, The Insider managed to prove that the Fancy Bear group consists of employees of the military unit 26165 GRU. A year later, this data was confirmed by the US Department of Justice, officially bringing charges against a group of hackers. The most famous operation APT28 was the hacking of the servers of the Democratic Party in 2016, designed to help Donald Trump defeat Hillary Clinton in the presidential election.

Read more »
United States Cyber Security
China Cyber Security Cyber Security National Cyber Security Russian Cyber Security United States Cyber Security

The US did not invite Russia and China to an online conference on combating cybercrime

The US National Security Council organized virtual meetings this week to discuss countering ransomware operators. In total, 30 countries were invited to the conference, including Ukraine, Mexico, Israel, Germany, and the UK, however, Russia and China were not invited to the discussion.

The cyber threat posed by ransomware is increasingly worrying people at the highest level. The ransoms have already reached over $400 million in 2020 and $81 million in the first quarter of 2021.

US President Joe Biden announced in early October that representatives from more than 30 countries will work together to fight back against cybercriminals distributing ransomware. This initiative was the result of very dangerous and large-scale attacks by ransomware operators that recently hit Colonial Pipeline and Kaseya.

It is interesting to note that recently Russian Deputy Foreign Minister Sergei Ryabkov made it clear that Moscow is interested in discussing the problem of ransomware viruses with Washington, but does not want contacts to be limited only to this topic. “American colleagues are still trying to focus all their work on what interests them,” he complained at the time.

Despite the previously announced cooperation in the field of cybersecurity between Moscow and Washington, no one expected Russian official representatives at the meetings. The organizers of the meetings did not invite China and Russia.

Perhaps the reason lies in a misunderstanding that arose at a certain stage. The United States has repeatedly asked Russia to take measures against ransomware operators located in the country. White House Press Secretary Jen Psaki even promised that Washington itself would deal with these cyber groups if the Kremlin could not.

Read more »
Vulnerabilities and Exploits
National Cyber Security Russia Russian Cyber Security Vulnerabilities and Exploits

Half of the Russian websites of small and medium-sized enterprises have vulnerabilities

According to Tinkoff, almost half (46%) of online resources for SMEs in Russia have cybersecurity issues.

The most critical of the most common errors is the weak protection of cloud storage, threatening data leakage (identified in more than a quarter of organizations).

These disappointing statistics are based on the analysis of more than 40 thousand sites and databases of small companies / individual entrepreneurs. The most vulnerable areas in terms of information security were areas such as consulting, retail, and IT (44% of the problems found).

Most often (in 33% of cases) SMEs make domain verification errors. Such mistakes provoke the capture of a resource through data substitution.

The second place in the rating is taken by the threat of confidential information leakage arising from open access to the database or from the use of a weak password (27%). The ability to obtain a key by a simple brute-force attack allows an attacker to obtain personal data of customers and company employees, trade secrets, source codes of programs, etc.

The third most frequent cybersecurity error, according to Tinkoff, is SSL Unknown subject (15%). Such a problem during SSL-certificate verification threatens with interception and disclosure of data (MITM attack).

The researchers also found that the resources of SMEs are poorly protected from attacks by cryptographers (9%).

The top five problems also included another common error — an expired SSL certificate (7%). When the browser shows that the certificate is invalid, the site may fall out of access; as a result, the company loses potential customers.

“Unfortunately, cybersecurity is poorly developed in Russia and business does not realize how important it is to protect data. Firstly, the services of good and competent specialists are very expensive; secondly, after the crisis, companies direct working capital primarily for the purchase of goods and current needs,” comments Pavel Segal, First Vice President of “OPORA Russia”.

Read more »
Russia
Cyber Security Japan Japan Cyber Security National Cyber Security Russia

Japan mentioned Russia in its new cybersecurity strategy

The Japanese government on Tuesday officially approved a new three-year cybersecurity strategy, where Russia, China and North Korea are mentioned for the first time as potential sources of hacker attacks. The document is published on the website of the Cyber Strategic Headquarters of Japan.

Japanese Foreign Minister Toshimitsu Motegi said at a press conference in Tokyo that the sphere related to security guarantees is expanding. The importance of such areas such as cyberspace and space security is growing.

According to him, the security situation around Japan is becoming increasingly severe. It is believed that China, Russia and North Korea are strengthening their potential in cyberspace, and the instability of the world order is also increasing.

He added that Japan, based on the adopted strategy, will increase its capabilities to counter attacks by foreign hackers.

The document claims that China conducts cyber attacks in order to obtain military and other advanced technologies, and Russia allegedly to achieve beneficial military and political goals in other countries. According to the approved strategy, to strengthen the cyber potential, Japan intends to work closely with the participants of the Quadrilateral Security Dialogue, which also includes Australia, India and the United States.

It should be noted that in Japan, more than 4 thousand attempts of illegal penetration into various computer networks and systems are recorded annually. In particular, large electrical engineering corporations NEC and Mitsubishi Electric have become victims of intruders in recent years.

Western countries have repeatedly made allegations that Russia is involved in various cyber attacks, including against US government agencies and companies. The Russian side has consistently denied these accusations. In particular, the press secretary of the President of the Russian Federation Dmitry Peskov said earlier that Moscow is not involved in such hacker attacks.

Read more »
National Cyber Security
Cyber Attacks National Cyber Security

Hackers hacked the accounts of employees of government agencies in Russia and more than ten other neighboring countries

The British company Cyjax discovered a large-scale attack against employees of state agencies in Russia and neighboring countries. Attackers create websites that simulate e-mail access for officials, and this data can be used to further attack agencies or sell access in the shadow market. Experts give different versions of the direction of the attacks, from political provocations to banal data phishing.

Among the attacked organizations are the Russian Academy of Sciences (RAS), the mail service Mail.ru as well as state structures of more than a dozen countries, including Armenia, Azerbaijan, China, Kyrgyzstan, Georgia, Belarus, Ukraine, Turkey, Turkmenistan and Uzbekistan.

According to Cyjax, 15 sites are currently active that simulate e-mail login page for employees of the ministries of Foreign Affairs, finance or energy of various countries.

Mail.ru said that they monitor the appearance of phishing sites and fraudulent emails and “respond in a timely manner to such incidents.” They added that they have an anti-spam system that adapts to new spam scenarios, including phishing.

Cyjax believes that the purpose of the attack is to collect usernames and passwords to access the mailboxes of government officials. Moreover, a certain pro-state group may be behind this, since there is no financial benefit from the attack and the Russian Federation and neighboring countries have become targets of attacks.

“The motive of the campaign may be a provocation against Russia on the theme that Russia itself is hacking its neighbors,” says Yuri Drugach, co— founder of the StopPhish project. The provocation is indicated by the fact that some of the domains were registered in July and the servers are hosted in Russia.

Yuri Drugach suggested that several groups of scammers are behind the attacks. For example, the Russian Academy of Sciences has six fake sites where attackers engage in phishing and install malicious add-ons in the browser.

Read more »
United States
Cyber Security National Cyber Security Russia United States

Presidential Press Secretary Said Moscow Not Involved in The Cyber Attacks on the Republican National Committee of US

On Wednesday, the press secretary of the President of the Russian Federation Dmitry Peskov told reporters that the cyber attack on the cloud networks of the US Republican National Committee had nothing to do with Moscow.

"We don't know what exactly was there, but it has nothing to do with Moscow," a Kremlin spokesman told reporters.

He stressed that the Russian side "does not have any detailed information on this matter." At the same time, Peskov noted that recently there have been a lot of publications, which appear literally every day, concerning various cyberattacks and their alleged connection to Russia.

On Tuesday, Bloomberg reported that the cloud networks of the National Committee of the Republican Party of the United States, maintained by Microsoft, were subjected to a cyber attack. As noted by journalists, it was hackers from a cybercriminal group known as APT 29 or Cozy Bear.

On July 6, it became known that expert contacts between Moscow and Washington on cybersecurity were continuing after a meeting between Vladimir Putin and Joe Biden. According to White House spokeswoman Jen Psaki, the U.S. side expects a new meeting of experts next week.

During the summit in Geneva on June 16, Putin and Biden agreed to start consultations on cybersecurity. The Russian leader drew attention to the fact that, even according to American sources, the majority of cyberattacks in the world are committed from the United States, as well as from Canada and the United Kingdom.

Putin stressed that Moscow and Washington can agree on rules of conduct in the areas of strategic stability, cybersecurity and regional conflicts. Biden, on the other hand, said that he gave his Russian colleague a list of 16 types of infrastructure facilities, attacks on which should be stopped immediately in the most effective way.


Read more »
United States
Cyber Security National Cyber Security Russia United States

Russian Foreign Ministry accused the United States of trying to win back the summit agreements on cybersecurity

According to the Russian Foreign Ministry, the words of White House spokesman Jen Psaki that the United States does not intend to warn Moscow about retaliatory cyber attacks are perplexing.

On Monday Psaki said that at the summit in Geneva, the US president Joe Biden mentioned hacking attacks on American facilities, which are blamed on Russia.

As Russian Foreign Ministry spokeswoman Maria Zakharova noted, Psaki's statement is surprising in the context of the Geneva talks, after which the sides announced their intention to begin consultations on cybersecurity.

"It seems that the United States is still trying to retain the right to launch cyber attacks based on fake Russian accusations of cyber attacks," Zakharova stressed at the briefing.

According to her, if Washington commits a cyber attack without warning, it will be an unannounced attack first.

"We really want Washington to take these words seriously," the Foreign Ministry representative added.

Zakharova recalled that before the meeting in Geneva, the United States had made it clear that the topic of international information security had become strategic for them.

"In this context, we hope that the understanding of the need for a direct, professional and responsible conversation with Russia will prevail. We expect Washington to take appropriate steps," the diplomat concluded.

Russia-US summit was held in Geneva on June 16. Summing up the negotiations, Vladimir Putin said that the sides will start consultations on cybersecurity. The president recalled that Moscow had previously provided all the information on the U.S. requests for cyberattacks, but had received nothing in response from the U.S. intelligence agencies. Putin noted that most of the cyber attacks in the world come from the U.S. and that anti-Russian insinuation must be stopped.

Read more »
Subscribe to: Posts (Atom)