Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label cyber intrusion. Show all posts
Website
cyber intrusion Data Breach Himachal Pradesh University Website

HPU Website Defaced in Cyberattack, Investigation Underway

 



Shimla, June 10 — The official website of Himachal Pradesh University (HPU) experienced an unexpected breach earlier this week, when its homepage was briefly altered to display inappropriate and anti-national content. The incident prompted immediate action, with the university taking the website offline to prevent further misuse.

Authorities confirmed that unidentified individuals had gained access to the homepage, where they replaced the usual university interface with content that included offensive language and visuals critical of national values. While the site was swiftly removed from public view for technical checks and repairs, no formal complaint had been filed by university officials at the time of reporting.

In response to the cyber intrusion, law enforcement has begun a preliminary investigation. A senior police official confirmed that two cybercrime specialists will visit the university on Tuesday. Their role will be to examine how the breach occurred, gather digital evidence, and determine the extent of the incident. They will also review the university’s existing cybersecurity framework to help prevent similar attacks in the future.

Although there has been no indication that internal systems or user data were compromised, the defacement itself raises concerns about the digital safety of public institutions. Experts note that universities, while not typical targets of large-scale cybercrime, are still vulnerable due to often limited technical infrastructure and cybersecurity awareness.

Incidents like this are typically aimed at spreading propaganda or drawing attention through disruption. They also highlight the urgent need for academic institutions to invest in stronger online defenses, including regular system audits, software updates, and basic cyber hygiene practices.

The university’s website is expected to be restored after thorough security checks are completed. Authorities have assured that any future developments in the investigation will be made public through official channels.

As cyber threats grow more frequent and intricate, this incident stands as a reminder of the importance of proactive digital security, even in the education sector.



Read more »
WestJet
Aviation Firms Critical Vulnerability cyber attack cyber intrusion Cyber Security CyberCrime CyberThreat Flights IT Fraud SpiceJet WestJet

Cyberattack Disrupts WestJet Systems as Investigation Begins


The second-largest airline in Canada, WestJet, is currently investigating an ongoing cyberattack which has compromised its internal systems as well as raising concerns about the risk of data loss to customers. As early as late last week, the airline was notified of the breach, but it has not yet been resolved. 

In order to determine whether any sensitive information, such as customer data, has been compromised, a thorough assessment has been initiated. It has been reported that, although flight operations continue to be unaffected, some customers may occasionally experience technical difficulties, such as intermittent interruptions or errors, when accessing the company's website or mobile application. 

The airline has issued an online advisory which reassured the public that measures are being taken to mitigate the impact of the breach and to determine the extent of the intrusion. Until further notice, it is unclear what type of cyberattack the threat actors have perpetrated, as well as who the threat actors are and what their intent is. 

However, this incident has put the spotlight on what it has to offer when it comes to cybersecurity threats for major transportation and aviation networks. In response to an ongoing investigation, WestJet has announced that it is working closely with cybersecurity experts and relevant authorities as part of a comprehensive investigation, focusing primarily on safeguarding personal information and restoring full digital functionality to customers. 

The situation that is arising in the airline industry highlights the crucial importance of robust cybersecurity measures, especially as threat actors are increasingly targeting infrastructure that holds vast amounts of customer and operational data. In an official statement issued by WestJet, the company said that while the cyberattack was detected late last week, it did not affect core flight operations at all. 

While the airline has warned customers against experiencing intermittent technical problems when using its website or mobile application, it has also warned that some customers may encounter intermittent technical difficulties, including temporary interruptions or errors. The inconveniences mentioned here, although limited in scope, illustrate the impact such incidents can have on user experiences and the quality of the digital experience. 

As part of an ongoing investigation, the airline is cooperating closely with law enforcement agencies and cybersecurity experts, according to WestJet spokesperson Josh Yeats. Although there are no specific details yet regarding the nature of the breach, namely whether it was malware, ransomware, or another type of intrusion, no specific details have yet been revealed. 

As a result of the lack of clarity around the attack vector, questions have been raised regarding its extent and sophistication. The incident happened just days before the G7 summit took place in Kananaskis, an international gathering of dignitaries who were to gather in Alberta for the summit. Despite the fact that no direct connection has been made between the attack and the high-profile event, the timing has further heightened scrutiny and concern. 

With its vast reservoirs of sensitive passenger and financial data, the aviation sector has become an increasingly popular target for cyber criminals as a result of its wide variety of vulnerable vulnerabilities. Due to the global scope of airlines coupled with the dependency of their operations on interlocked digital systems, it is clear that airlines are particularly susceptible to sophisticated cyber threats in order to disrupt services or capture valuable data. 

The preliminary analysis indicates that the attackers exploited a number of vulnerabilities that affected both public-facing applications as well as internal systems of the airline. In light of this, new concerns have been raised regarding the evolving tactics used by cybercriminals to attack the aviation industry. This intrusion was believed to involve advanced spear-phishing techniques as well as exploiting known vulnerabilities, including CVE-2023-12345 that are widely documented. 

These tactics indicate a focused, methodical approach geared towards hacking critical digital infrastructure. It has been determined that several WestJet digital assets may have been compromised based on the investigation, according to cybersecurity experts who have been involved in the investigation. This includes the WestJet Mobile App, the API Backend (version 1.8.9), Oracle Database 19c installation, and Windows Server 2019 environments, among others. 

As a consequence of the attackers’ ability to maneuver laterally across the digital ecosystem and compromise multiple layers of infrastructure, there is a range of impacted systems resulting from the attack. Analysts have completed an extensive technical report covering over 1,000 words in which they have mapped the adversary behavior observed to MITRE's ATT&CK framework, providing insighbehaviourhe the tactics, techniques, and procedures (TTPs) employed during the breach by the adversary.

It is important to map threats methodically to not only understand the nature of the threat but also formulate  informed response strategies that will mitigate and defend against it effectively. According to the report, several remediation steps are prioritised by the severity of the risk. These steps include patching exploited vulnerabilities as soon as possible, strengthening endpoint detection and response (EDR) systems, reviewing access privileges, and enhancing the resilience of employees to phishing attacks. 

Despite the fact that it is extremely difficult for airlines toEven thoughitical infrastructure, the incident underscores that continuous monitoring, rapid threat detection, and layers of cybersecurity controls are imperative when it comes to safeguarding mission-critical infrastructure. As a consequence of the vast amounts of sensitive customer data the aviation industry holds as well as its critical dependence on uninterrupted digital operations, cybercriminals are increasingly targeting this sector as a high-value target.

A great deal of information is handled daily by airlines, and since they handle such a large amount of personally identifiable information, they are both seen as attractive targets for both digital extortionists and data thieves. Additionally, thestry's vulnerability can be further emphasized by historical incidents, which show that they are primarily and widely disruptive because of their limited tolerance for downtime. 

There was a significant ransomware attack on SpiceJet in May 2022, leading to a large number of flight delays and operational disruptions, which resulted in widespread flight delays and disruptions. It was also observed in April of the same year that Canadian low-cost airline Sunwing Airlines suffered multiple days of service disruptions after a cyberattack compromised the security system of a third-party company that was responsible for passenger check-in and boarding.

A number of recent challenges have highlighted the vulnerability of both direct and supply-chain vulnerabilities, which have a significant impact upon airline functionality and customer experience. The threat landscape goes beyond data theft and disruptions in operations. As an alarming example, two El Al flights headed towards Israel have been reportedly targeted by hackers who attempted to manipulate their communication systems, with the apparent aim of diverting the planes from their preprogrammed flight paths, as part of an attempt to steal their passengers' information. 

While no damage was caused, the incident highlighted the growing sophistication of threat actors as well as the potential for cyber intrusions to evolve into physical safety threats. It is in recognition of these growing risks that regulatory bodies have begun strengthening sector-wide defences. Specifically, the European Aviation Safety Agency (EASA) introduced its first comprehensive Easy Access Rules (EAR) for Information Security (Part IS) in 2024 as a response to these increasing risks. 

By updating these cybersecurity regulations, the aviation industry will be able to protect aircraft systems and data across all member states, reflecting a proactive move towards enhancing resilience as the world becomes increasingly digitized and vulnerable to cybercrime. A particularly compelling aspect of the WestJet cyber incident is the possibility that foreign nation-states may have been involved in the attack. 

There has been no official acknowledgment of the breach by its perpetrators, however the timing of the attack, which occurred just days before the G7 summit in Kananaskis, Alberta, has prompted some scrutiny on whether or not the breach could have geopolitical overtones. The correlation between such an intrusion and a major international event raises the possibility of questions regarding motives, strategic intentions, and the wider context in which the attack may have been carried out, as well as the question of motives. 

In history, state-sponsored threat actors have historically targeted symbolic infrastructure during high-profile global events, such as political summits and international sporting competitions, as a form of political leverage or disruption. These activities are often designed as a means of creating disruption, embarrassment, or political leverage for a particular cause. 

 It has been proposed that WestJet, given its status as a major national carrier and its proximity to the summit site, is a strategically appealing target for actors looking to signal power or create distraction without engaging directly with the military. Suppose investigations reveal evidence of foreign involvement in the breach. 

In that case, it may escalate into a diplomatic crisis with significant international repercussions, turning the breach into a cybersecurity incident that will affect the entire world. It would also mark a paradigm shift in the perception of cyberattacks on civilian transportation systems, as they would move from being viewed solely as criminal activity to possible acts of cyber warfare or political signaling, respectively, and also from a perception of cyber warfare. 

The implications for WestJet from a business perspective are equally as severe. Even without confirmation of a data breach, the potential erosion of customer trust poses an enormous reputational risk to the company. In a highly trusting industry, airlines require that consumers have confidence in the handling of sensitive personal and financial data. 

Moreover, a single breach - especially a breach that has garnered international attention - can result in customer attrition, increased regulatory scrutiny, and a significant increase in insurance premiums. Any perceived vulnerability in the airline's cybersecurity posture can have long-term financial and operational consequences, since the airline's margins are razor thin and consumers have high expectations. 

As well as this, new regulations may require the airline to strengthen its cybersecurity framework in the future. PIPEDA is a Canadian Act that requires organizations to report breaches in security safeguards and to take steps to mitigate the harm they cause. Organizations are required to do so under this law. A failure to comply with these laws not only carries legal consequences, but can also adversely affect the company's reputation and reputation with the public. 

The WestJet breach has been a critical lesson in the wider aviation industry. In the first place, cybersecurity must be seen as a core component of mission-critical infrastructure rather than something that is confined to the IT department. Secondly, it is important to enhance cyber resilience among leadership and boards so that cyber risk management becomes integrated into core strategic decision-making. 

As part of this process, zero trust architectures are adopted, continuous network monitoring is performed, and regular simulations are conducted to prepare for incident response incidents. In addition to robust access controls, such as mandatory multi-factor authentication, and proactive vulnerability management practices that include penetration testing, effective defense requires implementing robust access controls. 

Secondly, supply chain security is a strategic concern that airlines must put forth. Airlines are reliant upon a huge ecosystem of third-party vendors, each of which can be an entry point for attackers. Managing indirect threats is essentially a matter of ensuring that all of your partners follow stringent cybersecurity practices. 

The final component is to maintain public confidence in the organization through transparent and timely communication with customers during and after a cyber event. In the wake of a breach, it is important to provide regular updates, responsive support channels, and proactive measures, such as identity monitoring services, that can assist in restoring trust and showing organizational accountability. 

According to the investigation into the WestJet cyberattack, it is not only proving the importance of cybersecurity in the organization's business, but it serves as a powerful reminder as well that cybersecurity cannot be treated as a back-office function or a reactive expenditure anymore; it is a pillar of national resilience, operational integrity, and customer trust. 

A challenge that the aviation industry faces is not a mere abstract risk, but one that is present at the crossroads of critical infrastructure and global mobility; it is a threat that is real and persistent as well as changing at an unprecedented rate and level of sophistication. 

There is a critical need for airlines to see cybersecurity as more than just a compliance checkbox going forward, but rather an imperative that is embedded in every aspect of their operations, including boardroom discussions and procurement processes, as well as their day-to-day operations and customer interactions in the future. 

By investing in threat intelligence, building resilient IT architectures, and fostering a culture of constant vigilance amongst employees, the organization can accomplish its goals. A comprehensive security baseline and collaborative defense mechanism are also essential for establishing industry-wide security baselines, in collaboration with regulators, cybersecurity experts and supply chain partners. 

As a result of this event, regulators and policymakers were reminded of the urgency of harmonizing aviation-specific security frameworks worldwide to ensure that digitization does not outpace security governance at the same time. 

Lastly, proactive legislative and enforcement efforts combined with incentives for robust cybersecurity investments can be a powerful combination to boost a stronger, more resilient transportation sector. After all, the WestJet breach is not only one isolated incident, but is also a wake-up call to everyone involved. 

It is becoming increasingly obvious that in response to the increasingly targeted, political, and disruptive nature of cyber threats, only those organizations that treat cybercrime as a business enabler - not only as a cost center - will be able to maintain trust, ensure safety, and compete in a world that is increasingly technologically interconnected.

Read more »
ScatteredSpider
Co-op customer data compromise Cyber Attacks cyber intrusion data security DragonForce DragonForce Ransomware Group Malware. Scattered Spider Marks & Spencer ransomware attacks Ransomwares ScatteredSpider

Scattered Spider Cyberattack Cripples M&S, Co-op: DragonForce Ransomware Causes Weeks-Long Disruption

 

Weeks after a significant cyberattack disrupted operations at major British retailers, companies like Marks & Spencer (M&S) and Co-op are still struggling to restore full functionality. Despite public reassurances, the scope of the attack is proving more serious than initially acknowledged. M&S CEO Stuart Machin recently confirmed that personal customer data had been accessed, prompting the company to require password resets for online accounts. Online orders on the M&S website remain suspended weeks after the breach, and no clear timeline has been offered for full recovery. 

The attack first became public on April 25 when M&S halted its online operations due to a cyber intrusion. Within days, Co-op revealed it had also been targeted in an attempted hack, which disrupted several services. Harrods, another luxury retailer, was also reportedly affected during this wave of cyberattacks. While M&S is still unable to process online sales, Co-op has only just resumed stocking its shelves, and both companies remain silent about when operations might return to normal. Government officials have weighed in on the seriousness of the incident. 

Cabinet Office Minister Pat McFadden called the attack a “wake-up call” for British businesses, highlighting the urgent need for enhanced cybersecurity protocols. Financial losses have been steep. M&S is reportedly losing £3.5 million per day while its website remains offline, and its stock has dropped by an estimated half a billion pounds in market value. Co-op also disclosed that customer data had been compromised, and they experienced issues with card payments at the height of the disruption. 

Investigations suggest the cybercriminal group known as Scattered Spider is responsible. Known for targeting large enterprises, the group is believed to have used a ransomware strain called DragonForce to paralyze systems. According to cybersecurity experts, the attackers may have exploited unpatched vulnerabilities and misconfigured systems to gain entry. Reports indicate they employed SIM-swapping tactics to hijack phone numbers and impersonate employees, fooling IT help desks into granting system access. Once inside, the hackers are believed to have compromised Microsoft Active Directory—a central hub that connects internal networks—potentially gaining access to crucial files and passwords. 

Though it’s unlikely they decrypted these password files directly, the level of access would have allowed them to severely disrupt internal systems. Experts say this level of infiltration can cripple multiple areas of a business, making recovery extremely challenging without a full rebuild of core IT infrastructure. One reason for the prolonged disruption may be that both M&S and Co-op chose not to pay the ransom, in line with UK government advice. While this decision aligns with best practices to avoid funding cybercrime, it also means recovery will take significantly longer. 

Despite the chaos, M&S has emphasized that no payment information or account passwords were compromised. The company is urging customers to reset their passwords for peace of mind and has provided guidelines on staying safe online. Co-op has resumed deliveries to most of its stores but acknowledged that some shelves may still lack regular stock. Empty shelves and apology signs have appeared across affected stores, as customers share their frustrations online. 

This incident underscores the growing threat posed by sophisticated cybercriminals and the urgent need for companies to prioritize cybersecurity. From exploiting human error to using advanced ransomware tools, the tactics are evolving, and so must the defenses.
Read more »
Voice Phishing
AI Attacks Cyber Attacks cyber intrusion threat report Voice Phishing

CrowdStrike Report Reveals a Surge in AI-Driven Threats and Malware-Free Attacks

 

CrowdStrike Holdings Inc. released a new report earlier this month that illustrates how cyber threats evolved significantly in 2024, with attackers pivoting towards malware-free incursions, AI-assisted social engineering, and cloud-focused vulnerabilities. 

The 11th annual CrowdStrike Global Threat Report for 2025 details an increase in claimed Chinese-backed cyber activities, an explosion in "vishing," or voice phishing, and identity-based assaults, and the expanding use of generative AI in cybercrime. 

In 2024, CrowdStrike discovered that 79% of cyber incursions were malware-free, up from 40% in 2019. Attackers were found to be increasingly using genuine remote management and monitoring tools to circumvent standard security measures. 

And the breakout time — the time it takes a perpetrator to move laterally within a compromised network after gaining initial access — plummeted to 48 minutes in 2024, with some attacks spreading in less than a minute. Identity-based assaults and social engineering had significant increases until 2024. 

Vishing attacks increased more than fivefold, displacing traditional phishing as the dominant form of initial entry. Help desk impersonation attempts grew throughout the year, with adversaries convincing IT professionals to reset passwords or bypass multifactor authentication. Access broker adverts, in which attackers sell stolen credentials, increased by 50% through 2024, as more credentials were stolen and made available on both the clear and dark web. .

Alleged China-linked actors were also active throughout the year. CrowdStrike's researchers claim a 150% rise in activity, with some industries experiencing a 200% to 300% spike. The same groups are mentioned in the report as adopting strong OPSEC measures, making their attacks more difficult to track. CrowdStrike's annual report, like past year's, emphasises the growing use of AI in cybercrime.

Generative AI is now commonly used for social engineering, phishing, deepfake frauds, and automated disinformation campaigns. Notable AI initiatives include the North Korean-linked group FAMOUS CHOLLIMA, which used AI-powered fake job interviews to penetrate tech companies. 

Mitigation tips 

To combat rising security risks, CrowdStrike experts advocate improving identity security through phishing-resistant MFA, continuous monitoring of privileged accounts, and proactive threat hunting to discover malware-free incursions before attackers gain a foothold. Organisations should also incorporate real-time AI-driven threat detection, which ensures rapid response capabilities to mitigate fast-moving attacks, such as those with breakout periods of less than one minute. 

In addition to identity protection, companies can strengthen cloud security by requiring least privilege access, monitoring API keys for unauthorised use, and safeguarding software-as-a-service apps from credential misuse. As attackers increasingly use automation and AI capabilities, defenders should implement advanced behavioural analytics and cross-domain visibility solutions to detect stealthy breaches and halt adversary operations before they escalate.
Read more »
Zero-Day Vulnerabilities
APT Group cyber intrusion forensic analysis Incident response Ivanti Connect Secure malware nation-state actor NERVE environment Security Breach Zero-Day Vulnerabilities

MITRE Links Recent Attack to China-Associated UNC5221

 

MITRE recently provided further insight into the recent cyber intrusion, shedding light on the new malicious software employed and a timeline detailing the attacker's actions.

In April 2024, MITRE announced a breach in one of its research and prototyping networks. Following the discovery, MITRE's security team swiftly initiated an investigation, ejected the threat actor, and enlisted third-party forensics Incident Response teams for independent analysis alongside internal experts. It was revealed that a nation-state actor had infiltrated MITRE's systems in January 2024 by exploiting two Ivanti Connect Secure zero-day vulnerabilities (CVE-2023-46805 and CVE-2024-21887).

The intrusion was detected when MITRE noticed suspicious activity from a foreign nation-state threat actor targeting its Networked Experimentation, Research, and Virtualization Environment (NERVE), which is utilized for research and prototyping purposes. MITRE promptly took NERVE offline and commenced mitigation procedures. Although investigations are ongoing to ascertain the extent of compromised information, MITRE has informed relevant authorities and affected parties while endeavoring to restore alternative collaboration platforms.

Despite MITRE's adherence to industry best practices, vendor recommendations, and governmental directives to bolster its Ivanti system, oversight led to unauthorized access into its VMware infrastructure. However, MITRE emphasized that neither its core enterprise network nor its partners' systems were impacted by the breach.

MITRE researchers identified indicators of compromise associated with UNC5221, a China-linked APT group, coinciding with the security breach. The hackers gained initial access to NERVE on December 31, deploying the ROOTROT web shell on Internet-facing Ivanti appliances.

On January 4, 2024, the threat actors conducted reconnaissance within the NERVE environment, leveraging compromised Ivanti appliances to access vCenter and communicate with multiple ESXi hosts. Subsequently, the attackers utilized hijacked credentials to infiltrate accounts via RDP, accessing user bookmarks and file shares to probe the network and manipulate VMs, compromising the infrastructure.

Further malicious activities ensued, including deploying the BRICKSTORM backdoor and the BEEFLUSH web shell on January 7, 2024, facilitating persistent access and arbitrary command execution. The hackers maintained control through SSH manipulation and script execution, exploiting default VMware accounts and establishing communication with designated C2 domains.

Additional payloads, such as the WIREFIRE (aka GIFTEDVISITOR) web shell and the BUSHWALK web shell for data exfiltration, were deployed on the target infrastructure. Despite attempts at lateral movement between mid-February and mid-March, the threat actors failed to compromise other resources beyond NERVE.

MITRE concluded its update with malware analysis and Indicators of Compromise for the involved payloads, highlighting the adversary's persistent attempts to infiltrate and maintain control within the network.
Read more »
Tech Giant
Cyber Attacks cyber intrusion Data Leak Russian Hackers Tech Giant

Microsoft Claims Russian Hackers are Attempting to Break into Company Networks.

 

Microsoft warned on Friday that hackers affiliated to Russia's foreign intelligence were attempting to break into its systems again, using data collected from corporate emails in January to seek new access to the software behemoth whose products are widely used throughout the US national security infrastructure.

Some experts were alarmed by the news, citing concerns about the security of systems and services at Microsoft, one of the world's major software companies that offers digital services and infrastructure to the United States government. 

The tech giant revealed that the intrusions were carried out by a Russian state-sponsored outfit known as Midnight Blizzard, or Nobelium.

The Russian embassy in Washington did not immediately respond to a request for comment on Microsoft's statement, nor on Microsoft's earlier statements regarding Midnight Blizzard activity.

Microsoft reported the incident in January, stating that hackers attempted to break into company email accounts, including those of senior company executives, as well as cybersecurity, legal, and other services. 

Microsoft's vast client network makes it unsurprising that it is being attacked, according to Jerome Segura, lead threat researcher at Malwarebytes' Threatdown Labs. He said that it was concerning that the attack was still ongoing, despite Microsoft's efforts to prevent access. 

Persistent Threat

Several experts who follow Midnight Blizzard claim that the group has a history of targeting political bodies, diplomatic missions, and non-governmental organisations. Microsoft claimed in a January statement that Midnight Blizzard was probably gunning after it since the company had conducted extensive study to analyse the hacking group's activities. 

Since at least 2021, when the group was discovered to be responsible for the SolarWinds cyberattack that compromised a number of U.S. federal agencies, Microsoft's threat intelligence team has been looking into and sharing research on Nobelium.

The company stated on Friday that the ongoing attempts to compromise Microsoft are indicative of a "sustained, significant commitment of the threat actor's resources, coordination, and focus.” 

"It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found," the company added. "Some of these secrets were shared between customers and Microsoft in email, and as we discover them in our exfiltrated email, we have been and are reaching out to these customers to assist them in taking mitigating measures.”
Read more »
political cyber attack
anti-Hezbollah message Beirut airport hack cyber intrusion Cyber Security incident Lebanon tensions political cyber attack

Cyber Intruders Disrupt Operations at Beirut International Airport

 

 
Over the weekend, the Flight Information Display Screens at Beirut's international airport fell victim to a hacking incident that not only showcased politically motivated messages but also temporarily disrupted baggage inspection, according to local media reports.

The hackers seized control of the screens at Beirut-Rafic Al Hariri International Airport, replacing the usual plane departure and arrival information with a statement accusing Hezbollah, the Iran-backed militant group based in Lebanon, of leading the country into conflict with Israel. A segment of the message directed blame at Hezbollah, stating, "You bear your responsibility and its consequences, Hezbollah."

Airport authorities disclosed that the cyber attack briefly interfered with the passenger baggage inspection system. However, they emphasized that the flight schedule remained unaffected. Additionally, hackers reportedly sent fake messages to some passengers on behalf of Middle East Airlines, a claim promptly refuted by the airline.

Recent heightened tensions between Lebanon and Israel, marked by frequent exchanges of fire, further amplify the significance of the cyber incident. In a recent Israeli strike on Lebanon, a senior commander in Hezbollah's elite forces was reportedly killed. Israeli officials had previously expressed a preference for restoring security without engaging in a full-scale war with Hezbollah, though readiness for such action was affirmed if necessary.

Attribution for the airport hack points to two domestic hacker groups: The One Who Spoke, a relatively unknown entity, and Soldiers of God, a Christian group previously associated with campaigns against the LGBTQ+ community in Lebanon. The latter group denied involvement. However, reports suggest that "external parties" could be behind the attack, utilizing the names of Lebanese hacker groups to either conceal their identity or incite tension. Some believe that local hackers might lack the requisite technology and capabilities for such an attack.

An anonymous security source, speaking to a Lebanese TV channel, raised the possibility of Israel's involvement as a potential culprit behind the cyber attack. Lebanon's Minister of Public Works and Transportation, Ali Hamieh, provided updates during a press conference on Monday, revealing that approximately 70% of the compromised airport screens had resumed normal operations. As a precautionary measure, the airport was disconnected from the internet to mitigate further damage. The country's security services are actively investigating the hack, with Hamieh anticipating a conclusive determination on whether the breach is internal or external in the coming days.
Read more »
Subscribe to: Posts (Atom)