Articles tagged with "hacking"
Russian hackers breached Polish power grid thanks to bad security, report says
A recent report from Poland’s Computer Emergency Response Team (CERT) revealed that Russian government hackers breached parts of Poland’s energy grid infrastructure, specifically targeting wind and solar farms as well as a heat-and-power plant. The attackers exploited poor security practices, including the use of default usernames and passwords and the absence of multi-factor authentication, which allowed them relatively easy access. Once inside, the hackers attempted to deploy wiper malware aimed at destroying system data and potentially disrupting power supply, though their exact intent remains unclear. While the malware attacks were halted at the heat-and-power plant, the wind and solar farms suffered operational disruptions due to the malware rendering their monitoring and control systems inoperable. Despite these intrusions, no actual power outages occurred, and the report emphasized that even a successful attack would not have compromised the overall stability of Poland’s power grid. Additionally, Poland’s CERT attributed the incident to a known Russian hacking group typically associated with cyberespionage rather than destructive cyberattacks, highlighting a concerning
energycybersecuritypower-gridhackingrenewable-energymalwareinfrastructure-securityChina demo shows one whispered command could let hackers seize robots
Chinese cybersecurity researchers have demonstrated that commercial robots, including humanoid and quadruped models, are significantly more vulnerable to hacking than commonly perceived. At the GEEKCon event in Shanghai, experts showed that attackers could seize full control of robots through voice commands or wireless connections, exploiting flaws in AI-driven control systems. A key example involved a Unitree robot, costing about US$14,200, which was hijacked via a vulnerability in its embedded AI agent. Once compromised, the robot was used to spread attacks to other nearby robots through short-range wireless communication, forming a cascading chain of control breaches. The demonstration included a hostile command that caused the robot to physically strike a mannequin, highlighting the potential for robots to be weaponized and cause physical harm. This research challenges the assumption that keeping robots offline ensures safety, emphasizing the risks posed by interconnected robot clusters in public and industrial environments. Unlike traditional cyberattacks that mainly cause data or financial damage, breaches in intelligent robots carry the added danger of physical injury
robotcybersecurityhackingAIvoice-commandwireless-communicationindustrial-robotsCisco says Chinese hackers are exploiting its customers with a new zero-day
Cisco has disclosed that Chinese hackers are actively exploiting a critical zero-day vulnerability in several of its widely used products, including Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager running on AsyncOS software. This flaw allows attackers to fully take over affected devices, and currently, no patches are available to fix the issue. The vulnerability specifically impacts devices with the “Spam Quarantine” feature enabled and accessible from the internet, although this feature is not enabled by default nor required to be internet-facing, which somewhat limits the attack surface. Cisco discovered the hacking campaign on December 10 and has linked the attackers to Chinese government-affiliated groups, according to its Talos threat intelligence team. The company has not disclosed the number of affected customers or detailed which organizations were targeted. Cisco’s interim mitigation advice is to wipe and rebuild the affected appliances’ software to remove any persistent backdoors, as no other remediation options exist at this time. Security experts note the severity of the campaign due to the widespread use of the
IoTcybersecurityCiscozero-day-vulnerabilitynetwork-securityhackingthreat-intelligenceAustralian spy chief warns Chinese hackers are ‘probing’ critical networks for espionage and sabotage
Australia’s intelligence chief Mike Burgess has issued a warning that China-backed hacker groups are actively probing and, in some cases, infiltrating the country’s critical infrastructure networks. Burgess, head of the Australian Security Intelligence Organisation, identified at least two Chinese government-backed groups—Volt Typhoon and Salt Typhoon—engaged in espionage and pre-positioning for potential sabotage. Volt Typhoon is targeting essential systems such as power, water, and transportation, with the capability to cause widespread outages and disrupt energy and water supplies. This aligns with U.S. intelligence assessments that Chinese hackers have implanted malware in critical infrastructure to enable disruptive cyberattacks, particularly aimed at undermining responses to a possible future invasion of Taiwan. Additionally, Salt Typhoon has focused on telecommunications infrastructure, hacking into over 200 phone and internet companies, as well as cloud and data center providers, to steal sensitive data like call records. The FBI has issued warnings to prevent compromised communications, and similar breaches have been reported in Canada.
energycybersecuritycritical-infrastructurehackingespionagesabotagepower-systemsVenezuela’s president thinks American spies can’t hack Huawei phones
Venezuelan President Nicolás Maduro recently showcased a Huawei foldable smartphone gifted by China’s President Xi Jinping, claiming it to be “the best phone in the world” and asserting that American intelligence agencies cannot hack it. However, cybersecurity experts and evidence suggest otherwise. A U.S.-based vulnerability researcher noted that Huawei’s devices, running on its proprietary HarmonyOS and hardware, may actually be easier to hack due to the relative newness and immaturity of its code compared to established platforms like iOS and Android. Huawei devices, including the Mate X6 model, require regular security updates, and the company has acknowledged vulnerabilities and malware infections on its products. Historically, U.S. government agencies have targeted Huawei for espionage. In 2014, the NSA reportedly hacked Huawei’s servers and implanted backdoors, gaining access to the company’s internal communications and product information. Documents revealed that the NSA aimed to exploit Huawei products to infiltrate networks worldwide. Given this history, it is highly likely that
IoTcybersecurityHuaweismartphonesmobile-operating-systemshackingespionageFBI says China’s Salt Typhoon hacked at least 200 US companies
The FBI has confirmed that a Chinese-backed hacking campaign known as Salt Typhoon has compromised at least 200 American companies, marking a significant escalation in Chinese cyber espionage efforts. FBI Assistant Director Brett Leatherman revealed that the campaign not only targeted U.S. businesses but also involved spying on senior American politicians and officials by accessing call records. This allowed hackers to map communication networks and identify who was under U.S. surveillance through legal orders. The severity of the threat led some officials to take extraordinary measures to protect their communications. Salt Typhoon primarily targets company routers to siphon sensitive network traffic, posing an ongoing threat according to the FBI. The agency, in coordination with nearly two dozen international partners, has provided technical guidance to help organizations detect and mitigate these intrusions. Although specific victim companies were not named by Leatherman, some have since been publicly identified. This campaign underscores the persistent and global nature of Chinese cyber espionage activities against U.S. interests.
IoTcybersecurityhackingnetwork-securityrouterscyber-espionagedata-breachNorway spy chief blames Russian hackers for hijacking dam
In early April, Russian hackers briefly took control of the Bremanger dam in western Norway, causing the release of millions of gallons of water by opening a floodgate. The cyberattack lasted about four hours and resulted in the discharge of water equivalent to roughly three Olympic-sized swimming pools before Norwegian authorities regained control. Beate Gangaas, head of Norway’s security police, publicly attributed the attack to Russian hackers during a recent speech. The Russian embassy has denied any involvement in the incident. This event adds to a series of alleged cyberattacks by Russian-backed hackers targeting Western energy infrastructure, including previous attacks on Ukraine’s power grid in 2015 and 2016 that caused widespread blackouts. The article does not provide further details on the hackers’ motives or the full extent of the damage caused by the dam breach.
energycyberattackdam-securitywater-managementinfrastructure-protectionhackingNorwaySecurity flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere
A security researcher, Eaton Zveare from Harness, discovered critical security flaws in a major carmaker’s online dealership portal that exposed private customer information and vehicle data. The vulnerabilities allowed the creation of an unauthorized “national admin” account, granting full access to the centralized portal used by over 1,000 dealers across the U.S. This access enabled a hacker to view sensitive personal and financial data, track vehicles, and enroll customers in features that remotely control car functions, such as unlocking doors via a mobile app. The flaws stemmed from buggy code loaded in users’ browsers on the login page, which Zveare exploited to bypass authentication entirely. Zveare demonstrated how the portal’s national consumer lookup tool could identify vehicle owners using minimal information, such as a vehicle identification number seen in public or just a customer’s name. He also showed that transferring vehicle control to a different mobile account required only a simple attestation, making unauthorized takeovers feasible. Although he did not test driving the vehicles,
IoTcybersecurityconnected-carsremote-vehicle-accessautomotive-securityhackingvehicle-telematicsChinese hackers hit US nuclear agency using Microsoft software flaw
Microsoft has issued a critical warning that Chinese state-backed hacking groups have exploited security vulnerabilities in its SharePoint software, primarily affecting organizations using on-premises servers rather than cloud-based services. The identified groups—Linen Typhoon, Violet Typhoon, and Storm-2603—have compromised a wide range of government agencies and private organizations globally since early July. Microsoft emphasized the increasing sophistication and scale of these cyber threats and expects these vulnerabilities to be further integrated into future attacks. Among the most significant breaches is the infiltration of the US National Nuclear Security Administration (NNSA), responsible for the nation’s nuclear weapons design and maintenance, although no classified information was reportedly taken. Other affected entities include various branches of the US Department of Energy, the Department of Education, Florida’s Department of Revenue, and the Rhode Island General Assembly. Cybersecurity experts have detected breaches on over 100 servers spanning 60 organizations, including energy firms, consulting companies, and universities, with investigations ongoing. The campaign’s reach also extends internationally
energycybersecuritynuclear-securityhackingMicrosoft-SharePointcyber-threatsgovernment-agenciesHackers exploiting SharePoint zero-day seen targeting government agencies, say researchers
Researchers have identified hackers exploiting a previously unknown zero-day vulnerability in Microsoft SharePoint, primarily targeting government organizations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the active exploitation of this flaw, which affects on-premises SharePoint servers but not the cloud versions. Initial attacks have focused on a limited set of targets, including U.S. federal and state agencies, universities, and energy companies, suggesting the involvement of a government-affiliated threat actor. Experts note that while the initial exploitation has been relatively contained, the vulnerability remains unpatched across many organizations, with estimates of 9,000 to 10,000 vulnerable SharePoint instances accessible online. This exposure raises concerns that other malicious actors, beyond the original government-linked hackers, may begin exploiting the flaw more broadly. Microsoft advises organizations to either apply the patch promptly or disconnect their SharePoint servers from the internet to mitigate the risk. Security researchers continue to monitor the situation as the campaign evolves.
energycybersecuritySharePointgovernment-agencieszero-day-vulnerabilityhackingMicrosoftUkrainian hackers claim to have destroyed servers of Russian drone maker
Ukrainian hacktivist group BO Team, in collaboration with the Ukrainian Cyber Alliance and Ukraine’s military intelligence, claimed to have successfully hacked into and disrupted the network of the Russian drone manufacturer Gaskar Group. According to their announcement, the cyberattack involved seizing the entire network and server infrastructure, collecting sensitive information on current and future unmanned aerial vehicles (UAVs), and subsequently destroying data and disabling the company’s systems. The group reported destroying over 250 systems, including 46 virtual servers and more than 200 workstations, while wiping 47 terabytes of company data and 10 terabytes of backups. Additionally, the hackers stated they stole personal data of Gaskar Group employees, such as home addresses and family information. This attack is significant given the extensive use of drones by both Ukrainian and Russian forces since the full-scale invasion of Ukraine in 2022, highlighting the strategic importance of drone technology in the conflict. Gaskar Group had not responded to requests for comment
robotdronescybersecurityunmanned-aerial-vehiclesmilitary-technologycyberattackhacking