Infosec.Pub

cross-posted from: https://scribe.disroot.org/post/4877381

Archived version

Asahi Group Holdings, Japan’s largest brewing company, has suspended ordering, shipping, and customer service functions after a cyberattack disrupted its domestic operations. The company, best known for its Asahi Super Dry beer, also produces soft drinks and other beverages, with a strong footprint across Europe and Asia.

“At this time, there has been no confirmed leakage of personal information or customer data to external parties,” Asahi wrote in a notice on its website. “However, due to the system failure, the following operations have been suspended – order and shipment operations at group companies in Japan and call center operations, including customer service desks."

The company added that it is actively investigating the cause and working to restore operations; however, there is currently no estimated timeline for recovery. “The system failure is limited to our operations within Japan. We sincerely apologize for any inconvenience caused to our customers and business partners.”

...

Market research specialist Teikoku Databank conducted an online survey into cyberattacks at Japanese firms from March 11 to 14, 2022. It found that, of 1,547 businesses responding, 36.1% of companies had experienced a cyberattack in the past year. Around 80% of these, or 28.4% overall, faced a cyberattack in the past month.

In May, Japan’s National Parliament passed the Active Cyber Defense Law, marking a pivotal shift in the country’s cybersecurity strategy. The scope of the legislation extends significantly beyond its title, encompassing a range of provisions aimed at modernizing government institutions and enhancing Japan’s overall cybersecurity framework. The law requires operators of critical infrastructure, designated under the 2022 Economic Security Promotion Act, to report cybersecurity incidents to the government, though the scope and timing of those reports remain undefined.

...

[The Asahi case is another one in a line of cyber attacks against supply chains. For example, UK's Bridgestone or Jaguar Land Rover, along with many others, suffered similar incidents forcing them to halt production.]

cross-posted from: https://scribe.disroot.org/post/4876841

Canada is confronting an expanding and complex cyber threat landscape with a growing cast of malicious and unpredictable state and non-state cyber threat actors, from cybercriminals to hacktivists, that are targeting our critical infrastructure and endangering our national security, the Canadian Centre for Cyber Security (Cyber Centre) says in its National Cyber Threat Assessment 2025-2026. The threat assessment is based on information available as of September 20, 2024.

Key judgements:

• Canada’s state adversaries are using cyber operations to disrupt and divide. State-sponsored cyber threat actors are almost certainly combining disruptive computer network attacks with online information campaigns to intimidate and shape public opinion. State-sponsored cyber threat actors are very likely targeting critical infrastructure networks in Canada and allied countries to pre-position for possible future disruptive or destructive cyber operations.
• The People’s Republic of China’s (PRC) expansive and aggressive cyber program presents the most sophisticated and active state cyber threat to Canada today. The PRC conducts cyber operations against Canadian interests to serve high-level political and commercial objectives, including espionage, intellectual property (IP) theft, malign influence, and transnational repression. Among our adversaries,** the PRC cyber program’s scale, tradecraft, and ambitions in cyberspace are second to none**.
• Russia’s cyber program furthers Moscow’s ambitions to confront and destabilize Canada and our allies. Canada is very likely a valuable espionage target for Russian state-sponsored cyber threat actors, including through supply chain compromises, given Canada’s membership in the North Atlantic Treaty Organization, support for Ukraine against Russian aggression, and presence in the Arctic. Pro-Russia non-state actors, some of which we assess likely have links to the Russian government, are targeting Canada in an attempt to influence our foreign policy.
• Iran uses its cyber program to coerce, harass, and repress its opponents, while managing escalation risks. Iran’s increasing willingness to conduct disruptive cyber attacks beyond the Middle East and its persistent efforts to track and monitor regime opponents through cyberspace present a growing cyber security challenge for Canada and our allies.
• The Cybercrime-as-a-Service (CaaS) business model is almost certainly contributing to the continued resilience of cybercrime in Canada and around the world. The CaaS ecosystem is underpinned by flourishing online marketplaces where specialized cyber threat actors sell stolen and leaked data and ready-to-use malicious tools to other cybercriminals. This has almost certainly enabled a growing number of actors with a range of capabilities and expertise to carry out cybercrime attacks and evade law enforcement detection.
• Ransomware is the top cybercrime threat facing Canada’s critical infrastructure. Ransomware directly disrupts critical infrastructure entities’ ability to deliver critical services, which can put the physical and emotional wellbeing of victims in jeopardy. In the next two years, ransomware actors will almost certainly escalate their extortion tactics and refine their capabilities to increase pressure on victims to pay ransoms and evade law enforcement detection.___

From Input Output via this RSS feed

From Input Output via this RSS feed

From Input Output via this RSS feed

From Input Output via this RSS feed

From Input Output via this RSS feed

From Input Output via this RSS feed

cross-posted from: https://lemmy.sdf.org/post/43404420

Archived

[...]

While constituting a fraction of total incident volume, their potential for strategic disruption remains a primary concern for the Union, according to the ENISA Threat Landscape report, covering incidents documented between July 2024 and June 2025, to provide actionable intelligence for EU policymakers and defenders.

Key statistics from the analysis reveal a concentrated threat:

• 7.2% of total incidents recorded were identified as cyberespionage campaigns, the primary objective of state-aligned activities.
• 46 distinct state-aligned intrusion sets were observed to be active against targets within the European Union.
• The top five targeted NIS2 sectors were public administration, transport, digital infrastructure, energy, and health, demonstrating a clear focus on sectors vital to national and EU-level functioning.

A persistent challenge in countering these threats is the difficulty of definitive attribution. The source material highlights that "cyberespionage campaigns are typically documented with a delay spanning from 6 months to more than 4 years," meaning defenders operate with a historical, incomplete picture of the threat. This is reflected in a significant attribution gap, with unidentified intrusion sets accounting for 47% of Russia-nexus, 43% of China-nexus, and 36% of DPRK-nexus activities. This gap hinders the development of precise situational awareness and complicates the formulation of effective, tailored defensive strategies.

[...]

Russia-Nexus Adversaries

Intrusion sets aligned with Russia were the most active state-aligned threat actors targeting the EU, conducting sustained cyberespionage campaigns designed to undermine European security and support Moscow's strategic objectives. The most frequently documented groups were APT29, APT28, and Sandworm. Their targeting patterns indicate a concerted intelligence effort to map and disrupt NATO's logistical supply lines to Ukraine and to gauge the political resolve of key Member States like Germany and France.

[...]

China-Nexus Adversaries

China-nexus intrusion sets executed a consistent operational mission to acquire strategic data and intellectual property. This demonstrates a systematic, state-directed campaign of industrial espionage designed to close China's technological gap and erode the EU's competitive advantage in key high-tech sectors. The top five most active groups were UNC5221, Mustang Panda, APT41, Flax Typhoon, and Salt Typhoon.

[...]

DPRK-Nexus Adversaries

DPRK-nexus intrusion sets pursued a dual mission of cyberespionage and illicit revenue generation to fund the regime. The most active groups targeting the EU were Famous Chollima, Lazarus, and Kimsuky. Their campaigns focused on Belgium, Italy, Germany, and France, with a heavy emphasis on private sector organizations in the Human Resources, financial services (including cryptocurrency), and technology sectors.

[...]

Apple’s release of macOS 26 Tahoe introduced a new disk image format and updated an older one, both of which are drawing attention from system testers and forensic examiners. Apple Sparse Image Format (ASIF) The Apple Sparse Image Format (ASIF) is a single-file sparse disk image. Although it can be assigned a large nominal capacity, it only consumes space on the host volume as data is written. ASIF containers can be formatted with the file … More → The post Apple strengthens storage flexibility with new disk image formats appeared first on Help Net Security.

Find alternatives to calling the Los Angeles Police Department.

Typically, people call the police because they are experiencing or perceive an emergency and need immediate assistance. In order to provide the most effective alternatives to calling the police or 911, unless otherwise indicated, the resources included here are limited to those that offer immediate assistance through emergency or crisis services.

From Input Output via this RSS feed

An extortion group calling itself the Crimson Collective claims to have breached Red Hat's private GitHub repositories, stealing nearly 570GB of compressed data across 28,000 internal projects. [...]

ENISA reveals phishing and vulnerability exploitation accounted for majority of intrusions in past year

A new study by Zimperium has revealed serious risks in free VPN apps, exposing users to privacy threats and security flaws

The owners of Novo Nordisk A/S and the Danish government are new anchor investors in what they say will become the world’s largest quantum venture fund, in a bid to boost Europe’s position in technological development.