A part of a network in India’s largest civil nuclear facility, the Kudankulam Nuclear Power Plant (KNPP) in Tamil Nadu was breached. The attacker did not compromise critical systems that were contained in an isolated network but gained access to the plant’s administrative network. Code similarities between malware that were used by the North Korean group ”Lazarus” in the past suggest the group's responsibility in this attack. It is likely that the attack was targeted since the attackers used credentials from the plant in their code. Lazarus used a malware called "DTrack", a remote access trojan, which was identified in late September by Kaspersky Labs. Dtrack malware can record keylogging, retrieve browser history, gather host IP addresses, gather details of running processes and listing out files available on the disk volumes.
Continue reading on Archerint
APT33, an Iranian hackers group uses around a dozen Command and Control (C&C) servers for malware campaigns against the global oil & gas sector. The malware used is rather elementary with limited capabilities, e.g. it is unable to download and run additional malware. Previous attacks using the same infrastructure include a private American company that offers services related to national security, a victim related to the U.S. military, and several victims in the Middle East and Asia. In addition, for at least two years the group used the private website of a high-ranking European politician to send spear-phishing emails to companies that are part of the supply chain of oil products.
Continue reading on Security Week
The FBI Cyber Division warned private industry partners of incoming cyberattacks against the US automotive sector targeting sensitive corporate and enterprise data. The FBI claims that the automotive sector is facing an increased barrage of incoming malicious attacks and threats, seeing that the large quantity of information it collects becomes more valuable for threat actors. Furthermore, according to the FBI, phishing and brute-force attacks against automotive sector entities from the U.S have already successfully compromised several organizations and companies during 2019.
Continue reading on CPO Magazine