Latest News Articles



--- TLP:WHITE ---

News

− EU warns of Russian cyberattack spillover, escalation risks

The Council of the European Union (EU) said today that Russian hackers and hacker groups increasingly attacking "essential" organizations worldwide could lead to spillover risks and potential escalation.

https://www.consilium.europa.eu/en/press/press-releases/2022/07/19/declaration-by-the-high-representative-on-behalf-of-the-european-union-on-malicious-cyber-activities-conducted-by-hackers-and-hacker-groups-in-the-context-of-russia-s-aggression-against-ukraine/

− Belgium Says Chinese APTs Targeted Interior, Defense Ministries

Belgium on Monday accused Chinese state-sponsored hackers of launching cyberattacks against its interior and defense ministries. Belgium noted in a statement that it has detected cyber intrusions from hacking groups tracked as APT27, APT30, APT31, and Gallium.

https://diplomatie.belgium.be/en/news/declaration-minister-foreign-affairs-malicious-cyber-activities

− Google catches Turla hackers deploying Android malware in Ukraine

Google's Threat Analysis Group (TAG), whose primary goal is to defend Google users from state-sponsored attacks, said today that Russian-backed threat groups are still focusing their attacks on Ukrainian organizations.

https://www.bleepingcomputer.com/news/security/google-catches-turla-hackers-deploying-android-malware-in-ukraine/

− Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022

Ransomware actors became more fluid in Q2 2022 as attribution becomes harder, and fewer victims succumb to paying cyber criminals.

https://www.coveware.com/blog/2022/7/27/fewer-ransomware-victims-pay-as-medium-ransom-falls-in-q2-2022

Vulnerabilities

− Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive

The latest campaigns conducted by an advanced persistent threat (APT) that we track as Cloaked Ursa (also known as APT29, Nobelium or Cozy Bear) demonstrate sophistication and the ability to rapidly integrate popular cloud storage services to avoid detection.

https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/

− Microsoft resumes default blocking of Office macros after updating docs

Microsoft announced today that it resumed the rollout of VBA macro auto-blocking in downloaded Office documents after temporarily rolling it back earlier this month following user feedback.

https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-default-blocking-of-office-macros-after-updating-docs/
NCSC Alert
Changing Tactics in Response to Microsoft’s Blocking of Internet Macros

Community News

− US Cybersecurity Agency CISA to Open London Office

The US Cybersecurity and Infrastructure Security Agency (CISA) announced on Monday that it’s set to open an office in the United Kingdom in an effort to boost international cooperation and collaboration. r

https://www.cisa.gov/news/2022/07/18/cisa-announces-opening-attache-office-london-uk

--- TLP:WHITE ---