cybersecurity

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!

crosspostato da: https://lemmy.sdf.org/post/35753834

Archived

Cipher, the cybersecurity division of Prosegur Group, has reported a 43% increase in cyberattacks against essential service operators in Spain during 2024. Its cyber intelligence division, Unit x63, highlights the focus on the energy sector, as critical infrastructure, which accounted for 9% of the total. This upward trend, continuing into 2025, points to a growing number of threats from espionage, sabotage and the exfiltration of sensitive data, reflecting the increasing sophistication and persistence of cyber attackers.

In early 2025, Cipher’s Unit x63 confirmed that several Spanish energy companies were targeted by ransomware campaigns, hit by data leaks and the subsequent sale of information on underground forums. Globally, geopolitical tensions have intensified attacks on sensitive infrastructure.

[...]

Threat landscape: key types of cyberattack targeting the energy sector.

Cyberespionage in the energy sector aims to covertly obtain critical information such as facility blueprints, proprietary technologies and strategic contracts. These attacks are typically state-sponsored or executed by Advanced Persistent Threat (APT) groups looking to gain geopolitical or economic advantage—or laying the groundwork for future sabotage [...]

Cyber sabotage in the energy sector seeks to disrupt or damage critical operations by targeting industrial systems such as SCADA, ICS, or PLCs. Unlike espionage, these attacks aim for destruction and demand high levels of sophistication, often linked to nation state [...]

Destructive malware has become a frequent weapon in geopolitical conflicts, severely impacting the energy sector, and is designed to erase data, disable systems, or sabotage operations. They can temporarily shut down businesses and cripple key infrastructure [...]

Hacktivist activity in the energy sector is on the rise in 2025, driven by political, social, and ideological motives [...] Pro-Russian collectives like NoName057(16) have launched DDoS campaigns against Western critical infrastructure. In 2024, a new group named “Mr. Hamza” emerged with strong anti-globalist rhetoric [...]

In 2025, disinformation campaigns aimed at the energy sector have intensified, seeking to erode public confidence in both governments and companies. Russian-led operations in Eastern Europe have targeted efforts to diversify away from Russian gas [...]

Cipher’s Unit x63 has identified a growing number of threats to the energy sector from state or para-state actors focused on espionage, sabotage, and strategic control. Russia remains the leading aggressor, with veteran groups such as Sandworm and APT28 expanding their activities across Europe.

[...]

China, Iran and North Korea have also stepped up operations. China's Volt Typhoon, active since 2023, and Iranian groups APT34 and CyberAvengers are behind global campaigns against critical infrastructure. North Korean units such as Lazarus and Kimsuky focus on energy and nuclear information. Additionally, the presence of cyber mercenaries developing tailored malware for state clients further complicates attribution and heightens supply chain risks.

[...]

crosspostato da: https://lemmy.sdf.org/post/35711367

Archived

Chinese efforts to spy on the Dutch are intensifying, with the focus on semiconductors, Dutch Defence Minister Ruben Brekelmans said on Saturday.

"The semiconductor industry, which we are technologically leading, or technology advanced, of course, to get that intellectual property - that's interesting to China," Brekelmans said in an interview on the sidelines of the Shangri-La Dialogue security meeting in Singapore.

[...]

When asked if the spying had stopped, Brekelmans said: "It's continuing. In our newest intelligence reports, our intelligence agency said that the biggest cyber threat is coming from China, and that we do see most cyber activity when it comes to us being as from China. That was the case last year, but that's still the case. So we only see this intensifying."

[...]

Dutch intelligence agencies first publicly attributed cyber espionage to China last year, when they said state-backed cyber spies had gained access to a Dutch military network in 2023.

Brekelmans said security is becoming increasingly important for the Netherlands as China is "using their economic position for geopolitical purposes and also to pressure us".

[...]

The minister said the Netherlands has introduced instruments to protect key industries and vital interests but the country and region also need to reduce their dependency on China for critical raw materials.

"Both on the European Union level, but also on the national level, we need to make bigger steps in order to reduce those dependencies."

The first day of @thotcon 0xD was a total blast! Before the presentations even got started I had the amazing Cliff Stoll sitting next to me imparting his wisdom, his jokes, and being a lot of fun! If you are interested in #CyberSecurity you definitely need to read his book The Cuckoos Egg! @cybersecurity

cross-posted from: https://lemmy.sdf.org/post/35480023

Archived

[...]

Ambassador Peter Mandelson [UK ambassador to the U.S. in Washington] warned of the consequences if China continues to get ahead in AI and other key technologies.

“They will be able to do things which cascade down not just to their own country but everyone else’s across the world,” Mandelson said at an event hosted by the Atlantic Council in Washington on Tuesday.

[...]

Before being appointed ambassador, Lord Mandelson had criticized the Conservative-led government for mismanaging ties with China and called for a thaw in relations. He is a founder of Global Counsel, a firm that’s become one of the most influential advisory groups in the UK and has been expanding its coverage of China.

The Labour government under Prime Minister Keir Starmer has been pursuing closer ties with Beijing despite unease in Washington and other UK allies.

Mandelson said UK-China relations are unlikely to return to where they were a decade ago.

“We’re not going to to back to the ‘Golden Era’ of Cameron,” he said, referring to former Prime Minister David Cameron, whose government hosted Chinese President Xi Jinping in 2015 in a visit hailed as a breakthrough in ties.

Since then, London’s relationship with Beijing has deteriorated over a crackdown on pro-democracy protests in Hong Kong, its support for Russia’s war in Ukraine, and alleged cyberattacks and spying operations in the UK.

Mandelson also cautioned the European Union to be “much more skeptical” about building closer ties with China, even as the two sides step up their engagement to push back against the Trump administration’s tariffs.

The ambassador called for a “reboot” of the trans-Atlantic alliance not only in technology but also defense, pointing to the war in Ukraine as a “brutal wake-up call.” He said European defense needs to step up and become less dependent on the US.

[...]

“We [Europeans] have lived in a fantasy created by the US security guarantee, complacent that a friendly heavyweight across the water would be always there when the going gets tough,” he said.

cross-posted from: https://lemmy.sdf.org/post/35479238

Archived

A previously unknown Russian hacker group that has been given the moniker “Laundry Bear” has spent roughly a year targeting government and commercial entities in the Netherlands and other NATO and EU countries, according to a joint report from the Dutch General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD).

The group, believed to be operating on behalf of the Kremlin, was first detected in September 2024 after stealing sensitive data on approximately 63,000 Dutch police officers. According to Politico, nearly the entire Dutch police force was affected by the breach.

[...]

A technical investigation into the victims indicated that Laundry Bear likely sought sensitive information on the procurement and production of military equipment by Western governments, as well as details on weapons deliveries to Ukraine. Dutch intelligence services observed that the group appears to possess a certain level of insight into the defense production and supply chains involved. Laundry Bear has also targeted companies developing advanced technologies that are difficult for Russia to acquire due to Western sanctions.

[...]

Microsoft is conducting its own investigation into the group, which exploited the company’s Exchange servers. Microsoft has named the threat actor “Void Blizzard.”

[...]

One example cited in the report includes a PDF attachment from Laundry Bear disguised as an invitation to a European Defense and Security Summit and containing a QR code that led to a phishing website.

Laundry Bear employed a variety of hacking techniques, including cookie theft and replacement, password brute-forcing, and phishing (using fake emails or messages to steal login credentials). While these methods are relatively simple, identifying the group behind the attacks is challenging. However, AIVD notes that APT28 (also known as Fancy Bear) — a group linked to Russia’s GRU military intelligence agency — uses similar methods and typically targets the same types of institutions.

This project implements a FastAPI-based local server designed to load one or more pre-trained NLP models during startup and expose them through a clean, RESTful API for inference.

For example, it leverages the Hugging Face transformers library to load the CIRCL/vulnerability-severity-classification-distilbert-base-uncased model, which specializes in classifying vulnerability descriptions according to their severity level. The server initializes this model once at startup, ensuring minimal latency during inference requests.

Clients interact with the server via dedicated HTTP endpoints corresponding to each loaded model. Additionally, the server automatically generates comprehensive OpenAPI documentation that details the available endpoints, their expected input formats, and sample responses—making it easy to explore and integrate the services.

The ultimate goal is to enrich vulnerability data descriptions through the application of a suite of NLP models, providing direct benefits to Vulnerability-Lookup and supporting other related projects.

cross-posted from: https://lemmy.sdf.org/post/35141215

Archived

Here is the German Federal Office for Information Security's original press release (and a link to download the paper, both in German)

[...]

The German Federal Office for Information Security said has for years ranked energy sector at a "high" risk of hacking. Recent shifts including new technologies such as internet-connected solar power inverters and a tense geopolitical situation should nonetheless spark increased concern, the agency said.

[...]

The growth of decentralized energy sector operations make the grid more complex to secure since thousands of smaller players with photovoltaic systems become part of the grid. Solar inverters and grid control technology is additionally at risk of supply chain attacks, the German agency [better known as the BSI for its German acronym] said.

"A successful disturbance of energy supply in Germany or Europe is a horror scenario for citizens, the German economy and the state bodies. Social life would come to a standstill, the economic damage would be enormous," said BSI President Claudia Plattner.

[...]

The agency last year identified a slew of nation-state groups targeting German critical infrastructure, including China's Nylon Typhoon and Russian groups Fancy Bear and Midnight Blizzard.

[...]

cross-posted from: https://lemmy.sdf.org/post/35125971

Archived

Danish firms have found “suspicious” components added to east Asian circuit boards that were supposed to be built into the country’s green energy infrastructure, according to an industry body.

It has raised concerns about the potential for remote disruption of the power supply or digital espionage, coming a week after the US claimed to have identified “kill switches” in a consignment of solar panels and batteries from China.

[...]

Green Power Denmark, an umbrella group for 1,500 Danish renewable technology companies, said the components from “the East” had been found during routine checks on a “development project” that had at no point been connected to the grid.

“It’s a clear warning: threats to energy security can hide in plain sight,” the organisation said. “The real danger isn’t always sabotage. It can also be unlisted components. Hidden functions. That’s why Danish energy companies dismantle and inspect before anything goes live.”

Jorgen Christensen, Green Power Denmark’s technical director, said there was no proof of foul play and it was possible that the mysterious electronics had been included to add some kind of innocent function to the circuit boards.

“It’s possible the supplier had no malicious intent,” he told Reuters. “We can’t say at this point. But that doesn’t change the fact that these components shouldn’t be there.”

Walburga Hemetsberger, head of the lobby group SolarPower Europe, said the discovery was highly concerning and called for an investigation.

[...]

In recent years experts have issued increasingly strident warnings about the security risk posed by China’s stranglehold over the supply of many categories of renewable energy components in Europe, such as batteries, turbines and the inverters used to smooth the voltage of power as it is fed into the grid.

The large-scale blackout that occurred a fortnight ago across much of Spain and Portugal, both of which depend heavily on Chinese-made solar energy infrastructure, has further concentrated minds on the issue.

[...]

cross-posted from: https://lemmy.sdf.org/post/35083943

Archived

Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according to a thorough disclosure from ESET’s APT Activity Report for Q4 2024 to Q1 2025.

The report, covering activities from October 2024 to March 2025, highlights the sophisticated tactics and tools employed by these threat actors to infiltrate sensitive networks.

[...]

These diverse and innovative techniques illustrate the persistent dedication of China-aligned APTs to espionage, often prioritizing long-term access over immediate financial returns.

The ESET report emphasizes that the highlighted operations are merely a snapshot of the broader threat landscape, with intelligence derived from proprietary telemetry data and verified by expert researchers.

The sustained focus on European targets by these APT groups signals a strategic intent to gather sensitive political and industrial intelligence, potentially influencing geopolitical dynamics.

[...]

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

A brief look at all things infostealers for the week 20, 2025 (12.05.2025–18.05.2025). This week observed updates from LummaC2, MonsterV2 and KatzStealer infostealers. Grabbed some numbers from marketplaces and some interesting news/articles.

Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? This is the time and place to ask!