{"id":992328,"date":"2025-11-03T00:45:57","date_gmt":"2025-11-02T21:45:57","guid":{"rendered":"https:\/\/gpss.ro\/threat-intelligence\/cyber-brief-25-02-january-2025\/"},"modified":"2025-11-03T00:45:57","modified_gmt":"2025-11-02T21:45:57","slug":"cyber-brief-25-02-january-2025","status":"publish","type":"threat_intelligence","link":"https:\/\/delve.ro\/ro\/threat-intelligence\/cyber-brief-25-02-january-2025\/","title":{"rendered":"Cyber Brief 25-02 &#8211; January 2025"},"content":{"rendered":"<div class=\"gpss-language-switcher\" style=\"margin-bottom: 20px; padding: 15px; background: #f0f9ff; border-left: 4px solid #3b82f6; border-radius: 8px;\">\n            <div style=\"display: flex; align-items: center; justify-content: space-between; flex-wrap: wrap; gap: 10px;\">\n                <div style=\"display: flex; align-items: center; gap: 10px;\">\n                    <span style=\"font-weight: 600; color: #1e40af;\">\ud83c\udf0d Limb\u0103 \/ Language:<\/span>\n                    <button onclick=\"switchLanguage('en')\" id=\"btn-lang-en\" class=\"lang-btn lang-btn-active\" style=\"padding: 8px 16px; background: #3b82f6; color: white; border: none; border-radius: 6px; cursor: pointer; font-weight: 600; transition: all 0.3s;\">\n                        \ud83c\uddec\ud83c\udde7 English (Original)\n                    <\/button>\n                    <button onclick=\"switchLanguage('ro')\" id=\"btn-lang-ro\" class=\"lang-btn\" style=\"padding: 8px 16px; background: #e5e7eb; color: #374151; border: none; border-radius: 6px; cursor: pointer; font-weight: 600; transition: all 0.3s;\">\n                        \ud83c\uddf7\ud83c\uddf4 Rom\u00e2n\u0103\n                    <\/button>\n                <\/div>\n                <small style=\"color: #6b7280; font-style: italic;\">Traducere automat\u0103 \/ Automatic translation<\/small>\n            <\/div>\n        <\/div>\n\n        <div id=\"content-en\" class=\"lang-content\" style=\"display: block;\">\n            <div class=\"article-content\"><h2 id=\"cyber-brief-january-2025\">Cyber Brief (January 2025)<\/h2><p>February 3, 2025 - Version: 1<\/p><p class=\"tlp-type clear\">TLP:CLEAR<\/p><h2 id=\"executive-summary\">Executive summary<\/h2><ul><li><p>We analysed 262 open source reports for this Cyber Brief<sup class=\"footnote-ref\" id=\"fnref-1\"><a href=\"#fn-1\">1<\/a><\/sup>.<\/p><\/li><li><p><strong>Policy, cooperation, and law enforcement<\/strong>. Lithuania inaugurates its Cyber Defence Command, Turkey establishes a new Cybersecurity Directorate, while the US hits back at cyber threats with offensive operations. The EU and US impose sanctions on Russian, Iranian, Chinese, and North Korean entities for cyberattacks, election interference, and espionage, targeting individuals, companies, and state-linked groups. Russia and Iran as well as Japan and Cambodia strengthen cybersecurity cooperation. The UN Security Council discussed commercial spyware threats for the first time.<\/p><\/li><li><p><strong>Cyberespionage<\/strong>. Hackers from China, Iran, and North Korea use AI tools as a research assistant to enhance cyberattacks. Chinese threat actors exploit new zero-days and target US infrastructure &amp; global telecoms in cyber warfare operations. Russian hackers target WhatsApp accounts of high-profile officials while North Korean attempt to infiltrate the technology sector. <\/p><\/li><li><p><strong>Cybercrime<\/strong>. Cybercriminals use AI tool GhostGPT to assist in creating malware, developing exploits, and crafting convincing phishing e-mails. They also develop and share new tools to bypass multi-factor authentication.<\/p><\/li><li><p><strong>Information operations<\/strong>. New pro-Kremlin disinformation campaigns target elections in Croatia, Germany, and Poland, spreading false narratives to sway public opinion. Russian-linked actors used AI-generated fake news to discredit politicians.<\/p><\/li><li><p><strong>Data exposure and breaches<\/strong>. Data breach incidents affect several sectors including transportation (car makers), telecommunications, a government database, and cybersecurity vendors.<\/p><\/li><li><p><strong>Disruption &amp; destruction<\/strong>. Several incidents of various origins (cybercriminal or likely state-sponsored) cause disruptions in the education, financial, and telecommunication sectors. <\/p><\/li><li><p><strong>Telecommunications<\/strong>. Telecom providers remain prime targets for espionage and disruption, with attacks ranging from Chinese state-backed breaches of US and European networks to Ukraine-linked cyberattacks on Russian ISPs and sabotage of undersea cables.<\/p><\/li><li><p><strong>Inteligen\u021b\u0103 Artificial\u0103<\/strong>. In January, AI-related events focus on security risks and geopolitical tensions, including cybercriminals using AI tools like GhostGPT for phishing and malware, state-backed hackers from China, Iran, and North Korea leveraging AI for cyberattacks, regulatory scrutiny over DeepSeek\u2019s data practices, and the US imposing sanctions on AI-driven election interference from Russia and Iran.<\/p><\/li><\/ul><h2 id=\"europe\">Europe<\/h2><h3 id=\"cyber-policy-and-law-enforcement\">Cyber policy and law enforcement<\/h3><p><strong>EU imposes sanctions on Russian individuals for cyberattacks on Estonia<\/strong><br> On January 27, the EU sanctioned three Russian individuals linked to GRU Unit 29155 for 2020 cyberattacks on Estonia, targeting ministries and stealing sensitive data. The sanctions include asset freezes and travel bans. This action reflects the EU\u2019s commitment to countering cybercrime and promoting cybersecurity, with 17 individuals now under its cyber sanctions regime. Relevant acts are published in the EU\u2019s Official Journal. <code>sanctions<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.consilium.europa.eu\/en\/press\/press-releases\/2025\/01\/27\/cyber-attacks-three-individuals-added-to-eu-sanctions-list-for-malicious-cyber-activities-against-estonia\/\">link<\/a> <\/p><p><strong>Lithuania launches its own cyber defence command<\/strong><br> On January 1, Lithuania inaugurated its Cyber Defence Command (LTCYBERCOM), a new unit within the Armed Forces responsible for planning and executing cyber operations, as well as managing strategic and operational communications and information systems. This initiative aims to enhance interoperability with NATO and other institutions, strengthening Lithuania's cyber defence capabilities. <code>capacity<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/kam.lt\/en\/lithuanian-cyber-defence-command-opened\/\">link<\/a> <\/p><p><strong>Spain approves cybersecurity law<\/strong><br> On January 14, Spain's Council of Ministers approved a draft Law on Coordination and Governance of Cybersecurity to strengthen protection against cyber threats, creating the National Cybersecurity Center and incorporating EU's NIS-2 directive into law, enhancing critical network security. <code>legislation<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.interior.gob.es\/opencms\/ca\/detalle\/articulo\/El-Consejo-de-Ministros-aprueba-el-anteproyecto-de-Ley-de-Coordinacion-y-Gobernanza-de-la-Ciberseguridad\/\">link<\/a> <\/p><p><strong>DeepSeek AI app blocked in Italy and investigated in Ireland<\/strong><br> On January 29, DeepSeek's AI Assistant app was removed from Apple and Google stores in Italy due to data privacy concerns. Italy\u2019s data protection authority requested more details, while Ireland\u2019s Data Protection Commission launched a GDPR investigation. Meanwhile, the US National Security Council announced a national security review of the app, raising further scrutiny over its data collection and privacy practices. <code>artificial intelligence<\/code> <code>china<\/code> <code>privacy<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/technology\/deepseek-app-unavailable-apple-google-app-stores-italy-2025-01-29\/\">link<\/a> <\/p><p><strong>TikTok, AliExpress, SHEIN &amp; Co surrender Europeans\u2019 data to authoritarian China<\/strong><br> On January 16, the Austrian advocacy group noyb filed GDPR complaints against six Chinese companies\u2014TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi\u2014for unlawfully transferring EU user data to China. These actions violate EU regulations, as China lacks adequate data protection standards. Noyb urges immediate suspension of these data transfers and potential fines up to 4% of global revenue. <code>china<\/code> <code>privacy<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/noyb.eu\/en\/tiktok-aliexpress-shein-co-surrender-europeans-data-authoritarian-china\">link<\/a> <\/p><p><strong>Europol dismantles major cybercrime forums<\/strong><br> Between January 28 and January 30, a Europol-backed operation led by Germany shut down Cracked and Nulled, the world's largest cybercrime forums, with over 10 million users. Authorities arrested two suspects, seized 17 servers, 50 devices, and 300.000 euros in cash and cryptocurrency. The platforms enabled cybercrime-as-a-service, including stolen data and malware. Europol coordinated cross-border efforts involving eight countries. <code>takedown<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/law-enforcement-takes-down-two-largest-cybercrime-forums-in-world\">link<\/a> <\/p><h3 id=\"cyberespionage\">Cyberespionage<\/h3><h3 id=\"cybercrime\">Cybercrime<\/h3><p><strong>Financially motivated threat actor delivering new TorNet backdoor<\/strong><br> On January 28, Cisco Talos published a report about a malicious ongoing campaign targeting users in Poland and Germany since at least July 2024, delivering payloads including Agent Tesla and a new backdoor called TorNet. The threat actor is financially motivated and uses techniques such as scheduled tasks and network disconnections to evade detection and maintain persistence on victim machines, also using the TOR network for stealthy communication. <code>backdoor<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.talosintelligence.com\/new-tornet-backdoor-campaign\/\">link<\/a> <\/p><p><strong>Ransomware attack on EuroCert compromises personal data<\/strong><br> On January 15, EuroCert, a Poland-based provider of qualified electronic signature services, announced that on January 12, 2025, a ransomware attack compromised personal data, including identification details, contact information, PESEL numbers, and ID card numbers of clients, contractors, and employees. The company has notified law enforcement and cybersecurity authorities and is working to restore its IT systems. <code>ransomware<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/eurocert.pl\/en\/atak-na-eurocert-oswiadczenie\/\">link<\/a> <\/p><p><strong>Slovakia's Land Registry hit by major ransomware attack<\/strong><br> On January 9, The Slovak Spectator reported that Slovakia's Office of Geodesy, Cartography, and Land Registry (UGKK) suffered a large-scale ransomware attack, rendering its systems and services unavailable. Hackers are reportedly demanding millions of euros for decryption. The UGKK has disconnected from external networks and is working to restore services. The Security Council is scheduled to convene on January 10 to address the incident. <code>ransomware<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/spectator.sme.sk\/politics-and-society\/c\/news-digest-quite-possibly-the-worst-cyber-attack-in-history-of-slovakia\">link<\/a> <\/p><h3 id=\"disruption\">Disruption<\/h3><p><strong>Eindhoven University of Technology suspends classes following cyberattack disruption<\/strong><br> On January 12, Eindhoven University of Technology (TU\/e) revealed it had identified a cyberattack on January 11, by unknown actors. In response, the university took its network offline, causing class disruptions and exam delays. Although the campus remains open, e-mail and various educational and collaboration systems became unavailable. <code>education<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/nltimes.nl\/2025\/01\/13\/tu-eindhoven-continues-cancel-classes-following-cyberattack\">link<\/a> <\/p><p><strong>Ukraine\u2019s Intel disrupts Lukoil and sparks payment failures and holiday chaos in Russia<\/strong><br> On January 1, Kyiv Post reported that Ukraine's Main Intelligence Directorate (HUR) conducted a cyberattack on Russia's Lukoil, targeting its digital payment systems. The operation disrupted payment platforms, rendering mobile app purchases impossible and causing significant financial losses for Lukoil during the busy holiday period. <code>energy<\/code> <code>russia<\/code> <code>ukraine<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.kyivpost.com\/post\/44778\">link<\/a> <\/p><p><strong>Russian ISP confirms Ukrainian hackers \"destroyed\" its network<\/strong><br> On January 8, the Russian internet provider Nodex confirmed its network was \"destroyed\" following a cyberattack claimed by Ukrainian hackers. The attack disrupted Nodex's services, and the company said it was working to restore systems from backups. The Ukrainian Cyber Alliance group claimed responsibility for the attack, stating they had \"completely looted and wiped\" Nodex's data. <code>russia<\/code> <code>telecommunications<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/therecord.media\/russian-internet-provider-says-network-destroyed-cyberattack\">link<\/a> <\/p><p><strong>Sweden opens sabotage probe into Baltic undersea cable damage<\/strong><br> On January 26, a vessel was seized on suspicion of damaging an undersea internet cable between Latvia and Sweden. Swedish authorities have initiated a sabotage investigation, with suspicions targeting a vessel. The damaged cable belongs to the Latvian State Radio and Television Centre (LVRTC) and was cut near the Swedish island of Gotland. Latvia has also started a criminal investigation, attributing the damage to external influences. <code>telecommunications<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/world\/europe\/baltic-undersea-cable-damaged-by-external-influence-sunday-latvian-broadcaster-2025-01-26\/\">link<\/a> <\/p><h3 id=\"information-operations\">Information operations<\/h3><p><strong>Poland identifies GRU-linked threat group targeting upcoming presidential election in May 2025<\/strong><br> On January 10, the Polish government announced the identification of a threat group linked to the Russian military intelligence agency (GRU), which reportedly aims to influence Poland's upcoming presidential elections scheduled for May 18 through disinformation and recruitment campaigns to disrupt political cohesion. In response Poland intends to release a comprehensive election protection plan later in January 2025. <code>election<\/code> <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.pap.pl\/aktualnosci\/gawkowski-zidentyfikowano-kolejna-grupe-inspirowana-przez-gru-majaca-wplywac-na-polskie\">link<\/a> <\/p><p><strong>Pro-Kremlin disinformation campaign targets Croatian presidential run-off<\/strong><br> On January 8, the Centre for Information Resilience (CIR) - an independent organisation dedicated to exposing human rights abuses, countering disinformation - reported that researchers uncovered a pro-Kremlin disinformation campaign ahead of Croatia's presidential run-off. A bot network spread pro-Russian, anti-EU, and anti-NATO narratives, amplifying support for incumbent President Zoran Milanovi\u0107. The campaign escalated following Milanovi\u0107's first-round lead and his statements opposing Croatian involvement in the Ukraine conflict. <code>election<\/code> <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.info-res.org\/cir\/articles\/disinformation-campaign-uncovered-by-researchers-ahead-of-croatian-presidential-run-off\/\">link<\/a> <\/p><p><strong>Russian disinformation campaign targeting German election exposed<\/strong><br> On January 24, German nonprofit investigative Correctiv exposed a Russian disinformation campaign, attributed to the Russia-linked Storm-1516 threat actor, targeting Germany's February general election. Over 100 fake websites spread AI-generated false claims against politicians, including Green party candidate Robert Habeck and Foreign Minister Annalena Baerbock. <code>election<\/code> <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/correctiv.org\/en\/fact-checking-en\/2025\/01\/24\/disinformation-operation-russian-meddling-in-german-election-campaign-exposed\/\">link<\/a> <\/p><p><strong>Think-tank warns of Russian meddling in German election<\/strong><br> On January 20, Reuters reported that the German think-tank CeMAS found that Russia is conducting a disinformation campaign on social media to influence Germany's upcoming election, aiming to boost the far-right Alternative for Germany (AfD) party and undermine mainstream parties. The campaign, which has typical patterns of Russia's Doppelgaenger and has reached over 2.8 million views, spreads false information and has been amplified by fake accounts. <code>election<\/code> <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/world\/europe\/russian-disinformation-targets-german-election-campaign-says-think-tank-2025-01-20\/\">link<\/a> <\/p><h3 id=\"data-exposure-and-leaks\">Data exposure and leaks<\/h3><p><strong>Entire Georgian country population exposed in a massive data leak<\/strong><br> On January 27, cybersecurity researcher Bob Dyachenko and the Cybernews team discovered an unprotected Elasticsearch index hosted by a Germany-based cloud service provider, containing nearly five million personal data records of Georgian citizens, including ID numbers, full names, birth dates, genders, and phone numbers. The database was taken offline shortly after the discovery, but the exposure poses significant risks for the affected individuals. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cybernews.com\/security\/entire-georgian-country-population-exposed\/\">link<\/a> <\/p><p><strong>Spanish Telecommunications company Telef\u00f3nica confirms ticketing system breach<\/strong><br> On January 10, Telef\u00f3nica, Spain's largest telecom company, confirmed a breach of its internal ticketing system after stolen data appeared on a hacking forum. The company, operating in 12 countries, is investigating the incident and has taken steps to block further unauthorised access. <code>telecommunications<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/telefonica-confirms-internal-ticketing-system-breach-after-data-leak\/\">link<\/a> <\/p><p><strong>Customer data from 800.000 electric cars and owners exposed online<\/strong><br> On December 27, 2024, Der Spiegel reported that Cariad, Volkswagen's software subsidiary, exposed terabytes of data from around 800.000 electric cars due to IT misconfigurations. The data, linked to drivers and vehicle locations, included Volkswagen, Audi, Seat, and Skoda models. A whistleblower alerted the Chaos Computer Club, which informed Cariad in November. Access was closed on the same day, and Cariad found no evidence of misuse beyond ethical hacking by the CCC. <code>transport<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.spiegel.de\/netzwelt\/web\/volkswagen-konzern-datenleck-wir-wissen-wo-dein-auto-steht-a-e12d33d0-97bc-493c-96d1-aa5892861027\">link<\/a> <\/p><h3 id=\"hacktivism\">Hacktivism<\/h3><p><strong>NoName057(16) claims DDoS attacks against Italy- and Germany-based entities<\/strong><br> On January 13, pro-Russia hacktivist group NoName057(16) claimed responsibility for DDoS attacks targeting 14 Italy-based and 4 Germany-based defence, energy, financial, government, technology, and transportation entities. The group cited Ukraine's ongoing military support from Italy and Germany as motivation. Italy\u2019s cyber agency is assisting affected entities, with several Italian websites still inaccessible. Germany\u2019s recent blocked military aid proposal for Ukraine also featured as a justification for the attacks. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/t.me\/nnm057_16\">link<\/a> <\/p><h2 id=\"world\">World<\/h2><h3 id=\"cyber-policy-and-law-enforcement-2\">Cyber policy and law enforcement<\/h3><p><strong>UN Security Council members meet on spyware for first time<\/strong><br> On January 14, the UN Security Council discussed commercial spyware threats for the first time. US Ambassador Dorothy Camille Shea urged stricter export controls and justice for victims. Google\u2019s Shane Huntley tracked 40 surveillance vendors, noting misuse by authoritarian regimes. Citizen Lab\u2019s John Scott-Railton emphasised Europe\u2019s role in spyware abuses. China and Russia opposed the meeting, prioritising other cybersecurity issues. <code>cooperation<\/code> <code>psoa<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/therecord.media\/commercial-spyware-meeting-un-security-council-members\">link<\/a> <\/p><p><strong>Japan and Cambodia sign agreement for election equipment and cybersecurity<\/strong><br> On January 23, Japan and Cambodia signed an agreement in Phnom Penh for a grant aid project worth 750 million yen. This initiative aims to provide Cambodia with updated election-related equipment, including servers and cybersecurity tools, to enhance fair election processes and strengthen cybersecurity measures. This cooperation aligns with Japan's commitment to developing social infrastructure and supports Cambodia's digital economy and societal advancement. <code>cooperation<\/code> <code>japan<\/code> <code>election<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.mofa.go.jp\/press\/release\/pressite_000001_00940.html\">link<\/a> <\/p><p><strong>Iran and Russia strengthen cybersecurity cooperation with new agreement<\/strong><br> On January 17, Iran and Russia signed an agreement to deepen military, security, and technological ties, with a focus on cybersecurity and internet regulation. The deal formalises existing cooperation between the two countries, including expertise-sharing on national internet control and cybercrime prevention, reflecting their broader efforts to assert greater control over digital spaces. <code>cooperation<\/code> <code>iran<\/code> <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"http:\/\/kremlin.ru\/supplement\/6258\">link<\/a> <\/p><p><strong>Leaked documents reveal Microsoft's deepened ties with Israeli military during Gaza war<\/strong><br> On January 23, the Guardian revealed that Microsoft expanded its collaboration with Israel's military after October 2023, providing cloud computing, AI tools, and technical support worth at least 10 million US dollars to aid the country's war effort in Gaza. The investigation highlights the increasing reliance of the Israel Defense Forces (IDF) on US tech giants, including Microsoft, Amazon, and Google, for data processing, intelligence analysis, and combat-related digital infrastructure. <code>cooperation<\/code> <code>defence<\/code> <code>israel<\/code> <code>technology<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.theguardian.com\/world\/2025\/jan\/23\/israeli-military-gaza-war-microsoft\">link<\/a> <\/p><p><strong>Turkey establishes cybersecurity directorate to boost national defence<\/strong><br> On January 8, Turkey established a new Cybersecurity Directorate, which will report directly to President Recep Tayyip Erdo\u011fan and be responsible for protecting the country's IT infrastructure and developing national cybersecurity policies. On January 15, the Turkish Parliament also passed a new cybersecurity bill that outlines the directorate's powers and aims to reduce Turkey's reliance on foreign products and increase its technological sovereignty. <code>capacities<\/code> <code>turkey<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.resmigazete.gov.tr\/eskiler\/2025\/01\/20250108.pdf\">link<\/a> <\/p><p><strong>US sanctions entities in Iran and Russia over AI-generated election disinformation<\/strong><br> On December 31, 2024, the US Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned entities in Iran and Russia for attempting to interfere in the 2024 US election. Designated groups include Iran's Cognitive Design Production Center, linked to the Islamic Revolutionary Guard Corps, and Russia's Center for Geopolitical Expertise, associated with the Main Intelligence Directorate. These actions aim to counter foreign malign influence undermining US democratic processes. <code>artificial intelligence<\/code> <code>election<\/code> <code>iran<\/code> <code>russia<\/code> <code>sanctions<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2766\">link<\/a> <\/p><p><strong>US sanctions Chinese company aiding Flax Typhoon threat actor<\/strong><br> On January 3, the US Department of the Treasury sanctioned Beijing-based Integrity Technology Group, Incorporated (Integrity Tech) for supporting the Chinese state-sponsored cyber group Flax Typhoon. Active since at least 2021, Flax Typhoon has targeted US critical infrastructure sectors. <code>china<\/code> <code>sanctions<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2769\">link<\/a> <\/p><p><strong>US imposes sanctions on China-based hacker and firm linked to telecom and treasury breaches<\/strong><br> On January 17, the US Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned Yin Kecheng, a Shanghai-based hacker, and Sichuan Juxinhe Network Technology Co., a Chinese cybersecurity firm, for cyberattacks on the US Treasury and telecom companies. The sanctions block US assets, holding accountable those responsible for breaches attributed to Chinese state-backed hackers, with a 10 million US dollars reward offered for information on similar threats. <code>sanctions<\/code> <code>china<\/code> <code>telecommunications<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2792\">link<\/a> <\/p><p><strong>US Treasury Department sanctions North Korea for using remote IT workers to fund weapons programs<\/strong><br> On January 16, the US Treasury Department imposed sanctions on two individuals and four entities allegedly involved in North Korea's illicit remote IT workforce operations, which funnel money back into the country's weapons programs. The scheme involves sending thousands of skilled IT professionals abroad to secure freelance jobs under false pretences, with the government taking up to 90%. <code>north korea<\/code> <code>sanctions<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/ofac.treasury.gov\/recent-actions\/20250116\">link<\/a> <\/p><p><strong>Trump repeals Biden's AI safety order, citing innovation concerns<\/strong><br> On January 20, US President Donald Trump revoked a 2023 executive order signed by his predecessor Joe Biden, which aimed to reduce the risks associated with artificial intelligence (AI). The revoked order required developers to share safety test results with the government before releasing AI systems, but Trump's administration has argued that such regulations hinder AI innovation and instead supports AI development rooted in free speech and human flourishing. <code>artificial intelligence<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/technology\/artificial-intelligence\/trump-revokes-biden-executive-order-addressing-ai-risks-2025-01-21\/\">link<\/a> <\/p><p><strong>US Justice Department and FBI conduct international operation to delete malware used by China-backed hackers<\/strong><br> On January 14, the US Department of Justice and FBI announced the successful removal of PlugX malware from over 4\u202f200 computers worldwide. This malware, allegedly deployed by China-backed hackers Mustang Panda and Twill Typhoon, was used for cyberespionage since at least 2014. The operation involved collaboration with French law enforcement and private cybersecurity firm Sekoia.io. <code>china<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed\">link<\/a> <\/p><p><strong>TikTok returned online after Trump vowed to reinstate it<\/strong><br> On January 20, TikTok was back online in the US just hours after shutting down, following president-elect Donald Trump\u2019s pledge to delay the enforcement of a law banning the app and work on a long-term solution. While this move provided temporary relief, TikTok\u2019s long-term future remains uncertain amid legal and political challenges, with potential solutions including a forced sale or legislative reversal. <code>social media<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/edition.cnn.com\/2025\/01\/19\/tech\/tiktok-ban\/index.html\">link<\/a> <\/p><p><strong>US hits back at cyber threats with offensive operations<\/strong><br> On January 17, Politico reported on statements by Anne Neuberger, a senior Biden administration cyber official, who disclosed that the US had carried out secret offensive cyber operations against foreign adversaries targeting critical infrastructure. These classified measures aim to disrupt malicious networks and strengthen cybersecurity. Neuberger also emphasised the administration\u2019s initiatives to address vulnerabilities, including a recent executive order requiring secure software for federal agencies. <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/subscriber.politicopro.com\/article\/2025\/01\/biden-admin-quietly-hit-back-at-nations-that-targeted-the-u-s-with-cyberattacks-top-official-says-00198876\">link<\/a> <\/p><p><strong>US FTC sues GoDaddy for years of poor hosting security practices<\/strong><br> On January 15, the US Federal Trade Commission sued GoDaddy for years of poor hosting security practices, alleging failure to protect customer data and implement adequate security measures. The lawsuit seeks penalties and requires GoDaddy to improve its cybersecurity protocols to safeguard user information. <code>prosecution<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2025\/01\/ftc-takes-action-against-godaddy-alleged-lax-data-security-its-website-hosting-services\">link<\/a> <\/p><p><strong>The US launches cybersecurity safety labels for smart devices<\/strong><br> On January 7, the US government introduced the US Cyber Trust Mark, a cybersecurity labelling program for smart devices. This voluntary initiative allows manufacturers to display a shield logo on IoT (Internet of Things) devices that meet federal cybersecurity standards. The label includes a QR code providing detailed security information. The program aims to help consumers identify secure internet-connected devices and encourage manufacturers to enhance cybersecurity measures. <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2025\/01\/07\/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure\/\">link<\/a> <\/p><h3 id=\"cyberespionage-2\">Cyberespionage<\/h3><p><strong>Hackers from China, Iran, and North Korea use AI tools to enhance cyberattacks<\/strong><br> On January 29, The Wall Street Journal reported that hackers from China, Iran, and North Korea are using US AI products, including Google's Gemini, to enhance their cyberattacks. They appear to treat the platform more as a research assistant than a strategic asset, relying on it for tasks that boost productivity rather than developing new, advanced hacking techniques. These tools assist in tasks like reconnaissance and anomaly detection evasion. <code>artificial intelligence<\/code> <code>china<\/code> <code>iran<\/code> <code>north korea<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/tech\/ai\/chinese-and-iranian-hackers-are-using-u-s-ai-products-to-bolster-cyberattacks-ff3c5884?mod=tech_lead_pos1\">link<\/a> <\/p><p><strong>Ivanti Connect Secure VPN targeted in new zero-day exploitation<\/strong><br> On January 8, Google detailed active exploitation of CVE-2025-0282, a zero-day in Ivanti Connect Secure VPNs. Attackers used reconnaissance, buffer overflow exploitation, and malware like PHASEJAM for persistence and remote access. Post-exploitation, they modified logs and disabled defences to maintain control. Linked to UNC5337, part of suspected China-nexus UNC5221, the attackers demonstrated advanced tactics, targeting ICS appliances with customised malware for espionage and prolonged network compromise. <code>china<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/ivanti-connect-secure-vpn-zero-day\/?hl=en\">link<\/a> <\/p><p><strong>China targets US infrastructure and telecoms in cyber warfare operations<\/strong><br> On January 4, The Wall Street Journal reported on China\u2019s advanced cyberattacks on US infrastructure and telecom networks, signalling a shift from corporate espionage to military strategy. Hackers infiltrated ports, utilities, and telecom systems, collecting intelligence and preparing to disrupt operations during potential conflicts, such as over Taiwan. The attacks highlighted vulnerabilities in US cybersecurity and raised concerns about China\u2019s growing cyber capabilities. <code>china<\/code> <code>critical infrastructure<\/code> <code>telecommunications<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/typhoon-china-hackers-military-weapons-97d4ef95\">link<\/a> <\/p><p><strong>China-linked MirrorFace threat actor target Japanese government and politicians since 2019<\/strong><br> On January 9, the Japanese National Police Agency (NPA) reported that the Chinese state-backed hacking group MirrorFace has been conducting cyberespionage campaigns against the Japanese government and politicians since 2019. The group employs spearphishing e-mails to deploy malware such MirrorStealer, aiming to steal sensitive information related to national security and advanced technology. <code>china<\/code> <code>japan<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/mirrorface-hackers-targeting-japanese-govt-politicians-since-2019\/\">link<\/a> <\/p><p><strong>APT32 poisoning GitHub, targeting Chinese cybersecurity professionals and specific large enterprises<\/strong><br> On January 9, ThreatBook CTI reported that the Vietnam-linked APT group OceanLotus (APT32) had targeted Chinese cybersecurity professionals and specific large enterprises by poisoning a GitHub repository with a Cobalt Strike exploit plugin containing a trojan. The attack used a novel method of embedding malicious code in a Visual Studio .suo file. <code>china<\/code> <code>technology<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/threatbook.io\/blog\/id\/1100\">link<\/a> <\/p><p><strong>New backdoor targets governments and ISPs in the Middle East<\/strong><br> On January 6, Kaspersky reported on updated backdoor dubbed EAGERBEE, which was deployed at ISPs and government entities in the Middle East. The researchers link with a moderate confidence to the Chinese threat actor they call CaughingDown, based on code similarities and IP address overlaps. This news highlights the global reach of Chinese operations in the telecommunications sector. <code>china<\/code> <code>telecommunications<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/securelist.com\/eagerbee-backdoor\/115175\/\">link<\/a> <\/p><p><strong>Salt Typhoon also breached 3 more telecommunications provider networks in recent wave of attacks<\/strong><br> On January 6, the Wall Street Journal revealed new victims of the Chinese state-backed Salt Typhoon telecom hacks: Charter Communications, Consolidated Communications, and Windstream, The hackers gained access to sensitive customer data and communications. In response, the US government is considering banning China Telecom's operations and TP-Link routers. <code>china<\/code> <code>telecommunications<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/typhoon-china-hackers-military-weapons-97d4ef95?utm_source=chatgpt.com\">link<\/a> <\/p><p><strong>US Treasury breach attributed to China-aligned Silk Typhoon<\/strong><br> According to a report by Bloomberg from January 8, the US Treasury breach disclosed in December has been linked to the Chinese state-backed group Silk Typhoon (aka Hafnium). The group exploited a compromised BeyondTrust API key to access the network, focusing on the Office of Foreign Assets Control. Investigations suggest the breach aimed to gather intelligence on potential US sanctions. Treasury officials, CISA, and the FBI continue their inquiry, with BeyondTrust supporting mitigation efforts. <code>china<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bloomberg.com\/news\/articles\/2025-01-08\/white-house-rushes-to-finish-cyber-order-after-china-hacks\">link<\/a> <\/p><p><strong>US CISA warns of backdoor in Contec patient monitors sending data to China<\/strong><br> On January 30, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that the Contec CMS8000, a multi-parameter patient monitor used in healthcare, contains a backdoor transmitting patient data to a hard-coded IP address linked to a Chinese university. This backdoor enables remote code execution, allowing full device takeover. The activity is unlogged, leaving administrators unaware. Contec has not responded to CISA\u2019s requests to address these vulnerabilities. <code>china<\/code> <code>health<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2025-01\/fact-sheet-contec-cms8000-contains-a-backdoor-508c.pdf\">link<\/a> <\/p><p><strong>Russia-nexus APT possibly related to APT28 conducts cyberespionage on Central Asia and Kazakhstan diplomatic relations<\/strong><br> On January 13, Sekoia reported that a Russia-linked group, UAC-0063, possibly associated with APT28, conducted cyberespionage against Central Asian diplomatic entities, notably in Kazakhstan. The attackers used legitimate documents from Kazakhstan's Ministry of Foreign Affairs, embedding malware like HATVIBE and CHERRYSPY to gather intelligence on Kazakhstan's diplomatic and economic relations. <code>diplomacy<\/code> <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.sekoia.io\/double-tap-campaign-russia-nexus-apt-possibly-related-to-apt28-conducts-cyber-espionage-on-central-asia-and-kazakhstan-diplomatic-relations\/\">link<\/a> <\/p><p><strong>New Star Blizzard spearphishing campaign targets WhatsApp accounts<\/strong><br> On January 16, Microsoft reported that the Russian-linked hacking group Star Blizzard launched a spearphishing campaign targeting WhatsApp accounts of government officials, diplomats, defence policy experts, and individuals assisting Ukraine. The attackers sent e-mails impersonating US government officials, containing QR codes that, when scanned, granted unauthorised access to victims' WhatsApp messages. <code>russia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/01\/16\/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts\/\">link<\/a> <\/p><p><strong>FBI warns of North Korean IT workers stealing source code for extortion<\/strong><br> On January 23, the FBI warned that North Korean IT workers are infiltrating US companies, stealing source code, and extorting employers by threatening to leak sensitive data. To mitigate these threats, organisations are urged to enforce strict access controls, monitor remote connections for suspicious activity, and strengthen hiring practices to detect fraudulent applicants using AI and identity-masking techniques. <code>north korea<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.ic3.gov\/PSA\/2025\/PSA250123\">link<\/a> <\/p><h3 id=\"cybercrime-2\">Cybercrime<\/h3><p><strong>Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service<\/strong><br> On January 16, cybersecurity company Sekoia exposed \"Sneaky 2FA,\" an Adversary-in-the-Middle phishing kit sold as Phishing-as-a-Service via a Telegram bot. Active since at least October 2024, it bypasses multi-factor authentication to compromise Microsoft 365 accounts. The kit employs obfuscated code, anti-analysis techniques, and pre-fills phishing pages with victims' e-mail addresses to enhance credibility. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.sekoia.io\/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service\/\">link<\/a> <\/p><p><strong>Ransomware groups employ e-mail bombing and Teams vishing in attacks<\/strong><br> On January 21, Sophos reported that they responded to two ransomware campaigns utilising \"e-mail bombing\" and Microsoft Teams \"vishing\" tactics. The threat clusters, identified as STAC5143 and STAC5777, exploit Office 365 functionalities to overwhelm targets with spam and impersonate tech support via Teams. These methods aim to deploy malware and facilitate data theft. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/news.sophos.com\/en-us\/2025\/01\/21\/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing\/\">link<\/a> <\/p><p><strong>Unknown threat actor attempts to brute force Microsoft 365 accounts globally using FastHTTP<\/strong><br> On January 13, US-based cybersecurity company SpearTip revealed a global campaign using the fasthttp Go library to launch high-speed brute-force attacks on Azure Active Directory via the Graph API. Adversaries targeted Microsoft\u00a0365 accounts, with 9.7% of attempts achieving unauthorised access. Most traffic originated from Brazil. Attacks included MFA spamming to exploit MFA fatigue. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.speartip.com\/fasthttp-used-in-new-bruteforce-campaign\/\">link<\/a> <\/p><p><strong>Malicious VS Code extension impersonates Zoom to target Chrome cookies<\/strong><br> On January 21, researchers at Hunt.io identified a malicious Visual Studio Code extension impersonating Zoom to steal Google Chrome cookies. Active since November 30, 2024, it exploited the VS Code Marketplace and used obfuscated JavaScript to access cookie data via SQLite queries. The extension linked to legitimate repositories to build trust, exposing critical security risks in development environments. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/hunt.io\/blog\/malicious-vs-code-extension-impersonating-zoom-steals-chrome-cookies\">link<\/a> <\/p><p><strong>Threat actors exploit .gov domains for phishing campaigns<\/strong><br> On January 29, Cofense reported that threat actors have exploited vulnerabilities in government (.gov) domains for phishing campaigns from November 2022 to November 2024. They mainly used open redirects to bypass secure e-mail gateways (SEGs), often leveraging CVE-2024-25608. US government domains ranked third in abuse, mostly redirecting victims to credential phishing pages disguised as Microsoft login portals. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cofense.com\/blog\/threat-actors-exploit-government-website-vulnerabilities-for-phishing-campaigns\">link<\/a> <\/p><p><strong>Over 4000 backdoors hijacked by registering expired domains<\/strong><br> On January 8, WatchTowr reported that over 4000 abandoned but active web backdoors were hijacked by registering expired domains used for commanding them. The researchers found backdoors on government and university systems, and sinkholed the traffic to prevent malicious actors from taking control. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/labs.watchtowr.com\/more-governments-backdoors-in-your-backdoors\/\">link<\/a> <\/p><p><strong>Cyberattackers use GhostGPT to write malicious code<\/strong><br> On January 27, reports highlighted the emergence of GhostGPT, an uncensored AI chatbot marketed to cybercriminals for 50 US dollars per week. Unlike mainstream AI models with ethical safeguards, GhostGPT assists in creating malware, developing exploits, and crafting convincing phishing e-mails, thereby lowering the barrier for malicious activities. Its availability via Telegram and absence of user activity logs make it particularly appealing to attackers. <code>artificial intelligence<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cloud-security\/cyberattackers-ghostgpt-write-malicious-code\">link<\/a> <\/p><p><strong>Operation 99: Lazarus group's targeting of Web3 and cryptocurrency developers<\/strong><br> On January 9, SecurityScorecard revealed Operation 99, a Lazarus Group campaign exploiting Web3 and cryptocurrency developers through fake recruiters. Malicious GitLab repositories inject modular malware, like Main99 and MCLIP, to steal credentials, cryptocurrency, and intellectual property. Enhanced obfuscation and persistence highlight North Korea's financial motives. Developers must verify recruiters, scrutinise repositories, and adopt robust endpoint security to mitigate such advanced threats. <code>north korea<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/securityscorecard.com\/blog\/operation-99-north-koreas-cyber-assault-on-software-developers\/\">link<\/a> <\/p><p><strong>Malicious Chrome extensions: a new supply chain attack uncovered<\/strong><br> On January 22, Sekoia reported about a targeted supply chain attack on Chrome browser extensions, where attackers used phishing e-mails to compromise developers and upload malicious versions of their extensions. The attack, which began in December 2024, affected dozens of extensions and potentially hundreds of thousands of users, enabling the theft of sensitive data such as API keys and authentication tokens from platforms like ChatGPT and Facebook for Business. <code>technology<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.sekoia.io\/targeted-supply-chain-attack-against-chrome-browser-extensions\/\">link<\/a> <\/p><h3 id=\"data-exposure-and-leaks-2\">Data exposure and leaks<\/h3><p><strong>Threat actor leaks sensitive data of 15.000 FortiGate devices worldwide on BreachForum<\/strong><br> On January 14, a threat actor called Belsen Groups leaked sensitive data of approximately 15.000 FortiGate devices worldwide on BreachForum underground forum. The leaked data, which includes IP addresses, passwords, and configurations, has been released for free on the underground forum as a way to enhance their reputation during their first official operation. <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/x.com\/BelsenGroup\/status\/1879217666067730671\">link<\/a> <\/p><p><strong>Exposed DeepSeek database leaking sensitive information, including chat history<\/strong><br> On January 29, Wiz Research uncovered a publicly accessible ClickHouse database linked to DeepSeek, exposing over a million log entries containing sensitive data like chat history, API keys, and backend details. This unsecured database allowed full control over operations and posed significant security risks. Wiz promptly notified DeepSeek, who secured the exposure. The incident highlights the critical need for robust security in rapidly adopted AI services. <code>artificial intelligence<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wiz.io\/blog\/wiz-research-uncovers-exposed-deepseek-database-leak\">link<\/a> <\/p><p><strong>Thousands of security vendor credentials found on Dark Web<\/strong><br> On January 22, Cyble reported that credentials from major cybersecurity vendors, including internal and customer accounts, were found on the dark web. These credentials, likely extracted by infostealer malware, were available for as little as 10 US dollars and encompassed access to platforms like Okta, Jira, GitHub, AWS, and Microsoft Online. The affected vendors include CrowdStrike, Palo Alto Networks, Fortinet, and others. <code>technology<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cyble.com\/blog\/thousands-of-security-vendor-credentials-found-on-dark-web\/\">link<\/a> <\/p><p><strong>HPE investigates potential security breach following source code theft claim<\/strong><br> On January 16, Hewlett Packard Enterprise (HPE) became aware of claims being made by a group called IntelBroker, saying that they had stolen documents from the company's developer environments. HPE is investigating these breach claims, which include accessing API, GitHub, and source code, but has found no evidence of a breach so far. <code>technology<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hewlett-packard-enterprise-investigates-new-breach-claims\/\">link<\/a> <\/p><p><strong>Subaru STARLINK flaw exposed vehicles to remote control and data access<\/strong><br> On November 20, 2024, researchers Sam Curry and Shubham Shah found a flaw in Subaru\u2019s STARLINK admin panel allowing unauthorised access to vehicles and customer data across the US, Canada, and Japan. Exploitation required minimal details and enabled remote control, PII access, and location tracking. Subaru patched the issue within 24 hours following the disclosure. The detailed report was published on January 23, 2025, highlighting systemic challenges in connected vehicle platforms. <code>transport<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/samcurry.net\/hacking-subaru\">link<\/a> <\/p><p><strong>UN ICAO investigates potential recruitment data breach<\/strong><br> On January 7, the International Civil Aviation Organization (ICAO) reported a potential breach of 42.000 recruitment records from 2016\u20132024, claimed by threat actor Natohub. Exposed data includes names, e-mail addresses, dates of birth, and employment histories. ICAO stated no financial, passwords, or aviation systems were impacted. The organisation is investigating, enhancing security measures, and notifying affected individuals. <code>transport<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.icao.int\/Newsroom\/Pages\/ICAO-statement-on-reported-security-incident.aspx\">link<\/a> <\/p><h3 id=\"disruption-2\">Disruption<\/h3><p><strong>DeepSeek reports cyberattack amid surge in AI model demand<\/strong><br> On January 27, Chinese AI startup DeepSeek reported large-scale malicious attacks on its servers, disrupting new registrations and website access amid high demand for its DeepSeek-R1 model. Media speculated a DDoS attack on its API and web-chat platform. On January 28, China Central Television (CCTV) cited Qi An Xin researchers, who claimed the attacks originated solely from US IP addresses. <code>artificial intelligence<\/code> <code>china<\/code> <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/news.cctv.com\/2025\/01\/28\/ARTIYG1xE3cXhvCPUxTISr8X250128.shtml\">link<\/a> <\/p><p><strong>Taiwan-Matsu undersea cables cut, suspected Chinese involvement raises concerns<\/strong><br> On January 22, two undersea cables connecting Taiwan and the Matsu Islands were reported broken, with initial faults occurring on January 15. Chunghwa Telecom, Taiwan's largest integrated telecommunications operator, announced that communication between Taiwan and the Matsu Islands was restored on January 24. Authorities suspect that Chinese vessels may have been involved in damaging these cables, raising concerns about potential \"gray zone operations\" by China to disrupt Taiwan's communications. <code>china<\/code> <code>telecommunications<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.ntd.com\/taiwan-undersea-internet-cable-cut-by-chinese-ship_1040437.html\">link<\/a> <\/p><p><strong>Conduent confirms cybersecurity incident behind widespread service outage<\/strong><br> On January 22, Conduent, a major American business services provider and government contractor, confirmed that a recent outage affecting multiple US agencies was caused by a cybersecurity incident. While the company stated that the issue was contained and systems were restored, it has not disclosed details on the scope of the attack, potential data theft, or whether a ransom demand was made. <code>united states<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/conduent-confirms-cybersecurity-incident-behind-recent-outage\/\">link<\/a> <\/p><div class=\"footnotes\"><hr><ol><li id=\"fn-1\"><p>Conclusions or attributions made in this document merely reflect what publicly available sources report. They do not reflect our stance.&#160;<a href=\"#fnref-1\" class=\"footnoteBackLink\" title=\"Jump back to footnote 1 in the text.\">&#8617;<\/a><\/p><\/li><\/ol><\/div><\/div>\n        <\/div>\n\n        <div id=\"content-ro\" class=\"lang-content\" style=\"display: none;\">\n            <div class=\"article-content\"><?xml encoding=\"UTF-8\"><h2 id=\"cyber-brief-january-2025\">Cyber &#8203;&#8203;Brief (ianuarie 2025)<\/h2><p>3 februarie 2025 - Versiunea: 1<\/p><p class=\"tlp-type clear\">TLP:CLEAR<\/p><h2 id=\"executive-summary\">Rezumat<\/h2><ul><li><p>Am analizat 262 de rapoarte open source pentru acest Cyber &#8203;&#8203;Brief<sup class=\"footnote-ref\" id=\"fnref-1\"><a href=\"#fn-1\">1<\/a><\/sup>.<\/p><\/li><li><p><strong>Politic&#259;, cooperare &#537;i aplicarea legii<\/strong>. Lituania &icirc;&#537;i inaugureaz&#259; Comandamentul de ap&#259;rare cibernetic&#259;, Turcia &icirc;nfiin&#539;eaz&#259; o nou&#259; Direc&#539;ie de securitate cibernetic&#259;, &icirc;n timp ce SUA r&#259;spunde la amenin&#539;&#259;rile cibernetice cu opera&#539;iuni ofensive. UE &#537;i SUA impun sanc&#539;iuni entit&#259;&#539;ilor ruse, iraniene, chineze &#537;i nord-coreene pentru atacuri cibernetice, interferen&#539;e electorale &#537;i spionaj, viz&acirc;nd indivizi, companii &#537;i grupuri legate de stat. Rusia &#537;i Iran, precum &#537;i Japonia &#537;i Cambodgia consolideaz&#259; cooperarea &icirc;n domeniul securit&#259;&#539;ii cibernetice. Consiliul de Securitate al ONU a discutat pentru prima dat&#259; despre amenin&#539;&#259;rile comerciale de tip spyware.<\/p><\/li><li><p><strong>Spionajul cibernetic<\/strong>. Hackerii din China, Iran &#537;i Coreea de Nord folosesc instrumente AI ca asistent de cercetare pentru a &icirc;mbun&#259;t&#259;&#539;i atacurile cibernetice. Actorii de amenin&#539;&#259;ri chinezi exploateaz&#259; noile zile zero &#537;i vizeaz&#259; infrastructura SUA &#537;i telecomunica&#539;iile globale &icirc;n opera&#539;iuni de r&#259;zboi cibernetic. Hackerii ru&#537;i vizeaz&#259; conturile WhatsApp ale oficialilor de rang &icirc;nalt, &icirc;n timp ce Coreea de Nord &icirc;ncearc&#259; s&#259; se infiltreze &icirc;n sectorul tehnologiei.<\/p><\/li><li><p><strong>Crima cibernetic&#259;<\/strong>. Criminalii cibernetici folosesc instrumentul AI GhostGPT pentru a ajuta la crearea de programe malware, dezvoltarea exploit-urilor &#537;i crearea de e-mailuri conving&#259;toare de phishing. De asemenea, dezvolt&#259; &#537;i partajeaz&#259; noi instrumente pentru a ocoli autentificarea cu mai mul&#539;i factori.<\/p><\/li><li><p><strong>Opera&#539;iuni de informare<\/strong>. Noile campanii de dezinformare pro-Kremlin vizeaz&#259; alegerile din Croa&#539;ia, Germania &#537;i Polonia, r&#259;sp&acirc;ndind nara&#539;iuni false pentru a influen&#539;a opinia public&#259;. Actorii lega&#539;i de Rusia au folosit &#537;tirile false generate de inteligen&#539;&#259; artificial&#259; pentru a discredita politicienii.<\/p><\/li><li><p><strong>Expunerea datelor &#537;i &icirc;nc&#259;lc&#259;ri<\/strong>. Incidentele de &icirc;nc&#259;lcare a datelor afecteaz&#259; mai multe sectoare, inclusiv transportul (produc&#259;torii de ma&#537;ini), telecomunica&#539;iile, o baz&#259; de date guvernamental&#259; &#537;i furnizorii de securitate cibernetic&#259;.<\/p><\/li><li><p><strong>Perturbare &#537;i distrugere<\/strong>. Mai multe incidente de diferite origini (infrac&#539;ionale cibernetice sau probabil sponsorizate de stat) provoac&#259; perturb&#259;ri &icirc;n sectorul educa&#539;iei, financiar &#537;i al telecomunica&#539;iilor.<\/p><\/li><li><p><strong>Telecomunica&#539;ii<\/strong>. Furnizorii de telecomunica&#539;ii r&#259;m&acirc;n &#539;inte principale pentru spionaj &#537;i &icirc;ntrerupere, cu atacuri variind de la &icirc;nc&#259;lc&#259;ri sus&#539;inute de statul chinez ale re&#539;elelor americane &#537;i europene p&acirc;n&#259; la atacuri cibernetice legate de Ucraina asupra ISP-urilor ru&#537;i &#537;i sabotarea cablurilor submarine.<\/p><\/li><li><p><strong>Inteligen&#539;a artificial&#259;<\/strong>. &Icirc;n ianuarie, evenimentele legate de inteligen&#539;a artificial&#259; se concentreaz&#259; pe riscurile de securitate &#537;i tensiunile geopolitice, inclusiv infractorii cibernetici care folosesc instrumente de inteligen&#539;&#259; artificial&#259; precum GhostGPT pentru phishing &#537;i malware, hackeri sus&#539;inu&#539;i de stat din China, Iran &#537;i Coreea de Nord care folosesc inteligen&#539;a artificial&#259; pentru atacuri cibernetice, controlul de reglementare asupra practicilor de date DeepSeek &#537;i sanc&#539;iunile impuse de Rusia &#537;i interven&#539;ia AI din partea Rusiei.<\/p><\/li><\/ul><h2 id=\"europe\">Europa<\/h2><h3 id=\"cyber-policy-and-law-enforcement\">Politica cibernetic&#259; &#537;i aplicarea legii<\/h3><p><strong>UE impune sanc&#539;iuni persoanelor ru&#537;i pentru atacuri cibernetice asupra Estoniei<\/strong><br>Pe 27 ianuarie, UE a sanc&#539;ionat trei indivizi ru&#537;i lega&#539;i de Unitatea 29155 GRU pentru atacuri cibernetice din 2020 asupra Estoniei, viz&acirc;nd ministere &#537;i fur&acirc;nd date sensibile. Sanc&#539;iunile includ &icirc;nghe&#539;area activelor &#537;i interdic&#539;iile de c&#259;l&#259;torie. Aceast&#259; ac&#539;iune reflect&#259; angajamentul UE de a combate criminalitatea cibernetic&#259; &#537;i de a promova securitatea cibernetic&#259;, 17 persoane fiind acum sub regimul s&#259;u de sanc&#539;iuni cibernetice. Actele relevante sunt publicate &icirc;n Jurnalul Oficial al UE.<code>sanc&#539;iuni<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.consilium.europa.eu\/en\/press\/press-releases\/2025\/01\/27\/cyber-attacks-three-individuals-added-to-eu-sanctions-list-for-malicious-cyber-activities-against-estonia\/\">link<\/a> <\/p><p><strong>Lituania &icirc;&#537;i lanseaz&#259; propriul comandament de ap&#259;rare cibernetic&#259;<\/strong><br>La 1 ianuarie, Lituania &#537;i-a inaugurat Comandamentul de Ap&#259;rare Cibernetic&#259; (LTCYBERCOM), o nou&#259; unitate din cadrul For&#539;elor Armate responsabil&#259; cu planificarea &#537;i executarea opera&#539;iunilor cibernetice, precum &#537;i cu gestionarea sistemelor de comunica&#539;ii &#537;i informa&#539;ii strategice &#537;i opera&#539;ionale. Aceast&#259; ini&#539;iativ&#259; &icirc;&#537;i propune s&#259; &icirc;mbun&#259;t&#259;&#539;easc&#259; interoperabilitatea cu NATO &#537;i alte institu&#539;ii, consolid&acirc;nd capacit&#259;&#539;ile de ap&#259;rare cibernetic&#259; ale Lituaniei.<code>capacitate<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/kam.lt\/en\/lithuanian-cyber-defence-command-opened\/\">link<\/a> <\/p><p><strong>Spania aprob&#259; legea securit&#259;&#539;ii cibernetice<\/strong><br>Pe 14 ianuarie, Consiliul de Mini&#537;tri din Spania a aprobat un proiect de lege privind coordonarea &#537;i guvernarea securit&#259;&#539;ii cibernetice pentru a consolida protec&#539;ia &icirc;mpotriva amenin&#539;&#259;rilor cibernetice, cre&acirc;nd Centrul na&#539;ional de securitate cibernetic&#259; &#537;i &icirc;ncorpor&acirc;nd directiva UE NIS-2 &icirc;n lege, sporind securitatea re&#539;elei critice.<code>legislatie<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.interior.gob.es\/opencms\/ca\/detalle\/articulo\/El-Consejo-de-Ministros-aprueba-el-anteproyecto-de-Ley-de-Coordinacion-y-Gobernanza-de-la-Ciberseguridad\/\">link<\/a> <\/p><p><strong>Aplica&#539;ia DeepSeek AI blocat&#259; &icirc;n Italia &#537;i investigat&#259; &icirc;n Irlanda<\/strong><br>Pe 29 ianuarie, aplica&#539;ia AI Assistant de la DeepSeek a fost eliminat&#259; din magazinele Apple &#537;i Google din Italia din cauza problemelor legate de confiden&#539;ialitatea datelor. Autoritatea italian&#259; pentru protec&#539;ia datelor a solicitat mai multe detalii, &icirc;n timp ce Comisia pentru protec&#539;ia datelor din Irlanda a lansat o investiga&#539;ie GDPR. &Icirc;ntre timp, Consiliul Na&#539;ional de Securitate al SUA a anun&#539;at o revizuire a securit&#259;&#539;ii na&#539;ionale a aplica&#539;iei, ridic&acirc;nd un control suplimentar asupra practicilor sale de colectare a datelor &#537;i de confiden&#539;ialitate.<code>inteligen&#539;&#259; artificial&#259;<\/code> <code>China<\/code> <code>intimitate<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/technology\/deepseek-app-unavailable-apple-google-app-stores-italy-2025-01-29\/\">link<\/a> <\/p><p><strong>TikTok, AliExpress, SHEIN &amp; Co predau datele europenilor Chinei autoritare<\/strong><br>Pe 16 ianuarie, grupul austriac de advocacy noyb a depus pl&acirc;ngeri GDPR &icirc;mpotriva a &#537;ase companii chineze &mdash; TikTok, AliExpress, SHEIN, Temu, WeChat &#537;i Xiaomi &mdash; pentru transferul ilegal de date ale utilizatorilor din UE &icirc;n China. Aceste ac&#539;iuni &icirc;ncalc&#259; reglement&#259;rile UE, deoarece China nu are standarde adecvate de protec&#539;ie a datelor. Noyb solicit&#259; suspendarea imediat&#259; a acestor transferuri de date &#537;i amenzi poten&#539;iale de p&acirc;n&#259; la 4% din veniturile globale.<code>China<\/code> <code>intimitate<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/noyb.eu\/en\/tiktok-aliexpress-shein-co-surrender-europeans-data-authoritarian-china\">link<\/a> <\/p><p><strong>Europol desfiin&#539;eaz&#259; forumuri majore de criminalitate cibernetic&#259;<\/strong><br>&Icirc;ntre 28 &#537;i 30 ianuarie, o opera&#539;iune sus&#539;inut&#259; de Europol condus&#259; de Germania a &icirc;nchis Cracked and Nulled, cele mai mari forumuri de criminalitate cibernetic&#259; din lume, cu peste 10 milioane de utilizatori. Autorit&#259;&#539;ile au arestat doi suspec&#539;i, au confiscat 17 servere, 50 de dispozitive &#537;i 300.000 de euro &icirc;n numerar &#537;i criptomonede. Platformele au activat criminalitatea cibernetic&#259; ca serviciu, inclusiv datele furate &#537;i programele malware. Europol a coordonat eforturile transfrontaliere care au implicat opt &#8203;&#8203;&#539;&#259;ri.<code>eliminare<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/law-enforcement-takes-down-two-largest-cybercrime-forums-in-world\">link<\/a> <\/p><h3 id=\"cyberespionage\">Spionajul cibernetic<\/h3><h3 id=\"cybercrime\">Crima cibernetic&#259;<\/h3><p><strong>Un actor de amenin&#539;&#259;ri motivat financiar care ofer&#259; o nou&#259; u&#537;&#259; &icirc;n spate TorNet<\/strong><br>Pe 28 ianuarie, Cisco Talos a publicat un raport despre o campanie r&#259;u inten&#539;ionat&#259; &icirc;n curs de desf&#259;&#537;urare care vizeaz&#259; utilizatorii din Polonia &#537;i Germania &icirc;ncep&acirc;nd cu cel pu&#539;in iulie 2024, livr&acirc;nd sarcini utile, inclusiv agentul Tesla &#537;i o nou&#259; u&#537;&#259; din spate numit&#259; TorNet. Actorul amenin&#539;&#259;rii este motivat financiar &#537;i folose&#537;te tehnici precum sarcini programate &#537;i deconect&#259;ri de re&#539;ea pentru a evita detectarea &#537;i pentru a men&#539;ine persisten&#539;a pe ma&#537;inile victimei, folosind &#537;i re&#539;eaua TOR pentru comunicarea ascuns&#259;.<code>u&#537;a din spate<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.talosintelligence.com\/new-tornet-backdoor-campaign\/\">link<\/a> <\/p><p><strong>Atacul ransomware asupra EuroCert compromite datele personale<\/strong><br>Pe 15 ianuarie, EuroCert, un furnizor de servicii de semn&#259;tur&#259; electronic&#259; calificat&#259; din Polonia, a anun&#539;at c&#259; pe 12 ianuarie 2025, un atac ransomware a compromis datele personale, inclusiv detaliile de identificare, informa&#539;iile de contact, numerele PESEL &#537;i numerele c&#259;r&#539;ilor de identitate ale clien&#539;ilor, contractan&#539;ilor &#537;i angaja&#539;ilor. Compania a notificat autorit&#259;&#539;ile de aplicare a legii &#537;i de securitate cibernetic&#259; &#537;i lucreaz&#259; pentru a-&#537;i restabili sistemele IT.<code>ransomware<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/eurocert.pl\/en\/atak-na-eurocert-oswiadczenie\/\">link<\/a> <\/p><p><strong>Registrul funciar al Slovaciei a fost lovit de un atac ransomware major<\/strong><br>Pe 9 ianuarie, The Slovak Spectator a raportat c&#259; Biroul de Geodezie, Cartografie &#537;i Registrul Funciar al Slovaciei (UGKK) a suferit un atac ransomware pe scar&#259; larg&#259;, f&#259;c&acirc;nd sistemele &#537;i serviciile sale indisponibile. Hackerii cer milioane de euro pentru decriptare. UGKK sa deconectat de la re&#539;elele externe &#537;i lucreaz&#259; la restabilirea serviciilor. Consiliul de Securitate este programat s&#259; se &icirc;ntruneasc&#259; pe 10 ianuarie pentru a aborda incidentul.<code>ransomware<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/spectator.sme.sk\/politics-and-society\/c\/news-digest-quite-possibly-the-worst-cyber-attack-in-history-of-slovakia\">link<\/a> <\/p><h3 id=\"disruption\">Perturbare<\/h3><p><strong>Universitatea de Tehnologie Eindhoven suspend&#259; cursurile &icirc;n urma unui atac cibernetic<\/strong><br>Pe 12 ianuarie, Universitatea de Tehnologie Eindhoven (TU\/e) a dezv&#259;luit c&#259; a identificat un atac cibernetic pe 11 ianuarie, de c&#259;tre actori necunoscu&#539;i. Ca r&#259;spuns, universitatea &#537;i-a luat re&#539;eaua offline, provoc&acirc;nd &icirc;ntreruperi ale cursurilor &#537;i &icirc;nt&acirc;rzieri ale examenelor. De&#537;i campusul r&#259;m&acirc;ne deschis, e-mailul &#537;i diverse sisteme educa&#539;ionale &#537;i de colaborare au devenit indisponibile.<code>educa&#539;ie<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/nltimes.nl\/2025\/01\/13\/tu-eindhoven-continues-cancel-classes-following-cyberattack\">leg&#259;tur&#259;<\/a> <\/p><p><strong>Intel ucrainean perturb&#259; Lukoil &#537;i provoac&#259; e&#537;ecuri de plat&#259; &#537;i haos de vacan&#539;&#259; &icirc;n Rusia<\/strong><br>La 1 ianuarie, Kyiv Post a raportat c&#259; Direc&#539;ia Principal&#259; de Informa&#539;ii (HUR) a Ucrainei a efectuat un atac cibernetic asupra Lukoil din Rusia, viz&acirc;nd sistemele sale de pl&#259;&#539;i digitale. Opera&#539;iunea a perturbat platformele de plat&#259;, f&#259;c&acirc;nd imposibile achizi&#539;iile de aplica&#539;ii mobile &#537;i provoc&acirc;nd pierderi financiare semnificative pentru Lukoil &icirc;n perioada aglomerat&#259; de vacan&#539;&#259;.<code>energie<\/code> <code>rusia<\/code> <code>Ucraina<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.kyivpost.com\/post\/44778\">link<\/a> <\/p><p><strong>ISP-ul rus confirm&#259; c&#259; hackerii ucraineni i-au &bdquo;distrus&rdquo; re&#539;eaua<\/strong><br>Pe 8 ianuarie, furnizorul de internet rus Nodex a confirmat c&#259; re&#539;eaua sa a fost &bdquo;distrus&#259;&rdquo; &icirc;n urma unui atac cibernetic revendicat de hackerii ucraineni. Atacul a perturbat serviciile Nodex, iar compania a spus c&#259; lucreaz&#259; la restaurarea sistemelor din backup. Grupul Ucrainean Cyber &#8203;&#8203;Alliance a revendicat atacul, declar&acirc;nd c&#259; &bdquo;au jefuit &#537;i a &#537;ters complet&rdquo; datele Nodex.<code>rusia<\/code> <code>telecomunica&#539;ii<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/therecord.media\/russian-internet-provider-says-network-destroyed-cyberattack\">link<\/a> <\/p><p><strong>Suedia deschide o sond&#259; de sabotaj asupra daunelor cablurilor submarine din Marea Baltic&#259;<\/strong><br>Pe 26 ianuarie, o nav&#259; a fost sechestrat&#259;, fiind suspectat&#259; c&#259; a deteriorat un cablu de internet submarin &icirc;ntre Letonia &#537;i Suedia. Autorit&#259;&#539;ile suedeze au ini&#539;iat o anchet&#259; pentru sabotaj, cu suspiciuni care vizeaz&#259; o nav&#259;. Cablul avariat apar&#539;ine Centrului de Radio &#537;i Televiziune de Stat din Letonia (LVRTC) &#537;i a fost t&#259;iat &icirc;n apropiere de insula suedez&#259; Gotland. Letonia a demarat &#537;i o anchet&#259; penal&#259;, atribuind prejudiciul unor influen&#539;e externe.<code>telecomunica&#539;ii<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/world\/europe\/baltic-undersea-cable-damaged-by-external-influence-sunday-latvian-broadcaster-2025-01-26\/\">link<\/a> <\/p><h3 id=\"information-operations\">Opera&#539;iuni de informare<\/h3><p><strong>Polonia identific&#259; un grup de amenin&#539;are legat de GRU care vizeaz&#259; viitoarele alegeri preziden&#539;iale din mai 2025<\/strong><br>Pe 10 ianuarie, guvernul polonez a anun&#539;at identificarea unui grup de amenin&#539;are legat de agen&#539;ia rus&#259; de informa&#539;ii militare (GRU), care ar urma s&#259; influen&#539;eze viitoarele alegeri preziden&#539;iale din Polonia, programate pentru 18 mai, prin campanii de dezinformare &#537;i recrutare pentru a perturba coeziunea politic&#259;. Ca r&#259;spuns, Polonia inten&#539;ioneaz&#259; s&#259; elibereze un plan cuprinz&#259;tor de protec&#539;ie a alegerilor mai t&acirc;rziu &icirc;n ianuarie 2025.<code>alegeri<\/code> <code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.pap.pl\/aktualnosci\/gawkowski-zidentyfikowano-kolejna-grupe-inspirowana-przez-gru-majaca-wplywac-na-polskie\">link<\/a> <\/p><p><strong>Campania de dezinformare pro-Kremlin vizeaz&#259; runda preziden&#539;ial&#259; croat&#259;<\/strong><br>Pe 8 ianuarie, Centrul pentru Rezilien&#539;&#259; Informa&#539;ional&#259; (CIR) - o organiza&#539;ie independent&#259; dedicat&#259; dezv&#259;luirii abuzurilor drepturilor omului, combaterii dezinformarii - a raportat c&#259; cercet&#259;torii au descoperit o campanie de dezinformare pro-Kremlin &icirc;naintea turului preziden&#539;ial al Croa&#539;iei. O re&#539;ea de bot a r&#259;sp&acirc;ndit nara&#539;iuni pro-ruse, anti-UE &#537;i anti-NATO, amplific&acirc;nd sprijinul pentru pre&#537;edintele &icirc;n exerci&#539;iu Zoran Milanovi&#263;. Campania a escaladat dup&#259; conducerea lui Milanovi&#263; &icirc;n primul tur &#537;i declara&#539;iile sale &icirc;mpotriva implic&#259;rii Croa&#539;iei &icirc;n conflictul din Ucraina.<code>alegeri<\/code> <code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.info-res.org\/cir\/articles\/disinformation-campaign-uncovered-by-researchers-ahead-of-croatian-presidential-run-off\/\">link<\/a> <\/p><p><strong>Campania rus&#259; de dezinformare care vizeaz&#259; alegerile germane a fost expus&#259;<\/strong><br>Pe 24 ianuarie, investiga&#539;ia nonprofit german&#259; Correctiv a dezv&#259;luit o campanie rus&#259; de dezinformare, atribuit&#259; actorului de amenin&#539;are Storm-1516 legat de Rusia, care vizeaz&#259; alegerile generale din februarie din Germania. Peste 100 de site-uri web false r&#259;sp&acirc;ndesc afirma&#539;ii false generate de inteligen&#539;&#259; artificial&#259; &icirc;mpotriva politicienilor, inclusiv a candidatului Partidului Verzilor, Robert Habeck, &#537;i a ministrului de externe Annalena Baerbock.<code>alegeri<\/code> <code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/correctiv.org\/en\/fact-checking-en\/2025\/01\/24\/disinformation-operation-russian-meddling-in-german-election-campaign-exposed\/\">link<\/a> <\/p><p><strong>Un think-tank avertizeaz&#259; asupra amestecului Rusiei &icirc;n alegerile germane<\/strong><br>Pe 20 ianuarie, Reuters a raportat c&#259; grupul de g&acirc;ndire german CeMAS a descoperit c&#259; Rusia desf&#259;&#537;oar&#259; o campanie de dezinformare pe re&#539;elele de socializare pentru a influen&#539;a viitoarele alegeri din Germania, cu scopul de a stimula partidul de extrem&#259; dreapta Alternativa pentru Germania (AfD) &#537;i de a submina partidele principale. Campania, care are modele tipice pentru Doppelgaenger din Rusia &#537;i a atins peste 2,8 milioane de vizualiz&#259;ri, r&#259;sp&acirc;nde&#537;te informa&#539;ii false &#537;i a fost amplificat&#259; de conturi false.<code>alegeri<\/code> <code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/world\/europe\/russian-disinformation-targets-german-election-campaign-says-think-tank-2025-01-20\/\">link<\/a> <\/p><h3 id=\"data-exposure-and-leaks\">Expunerea datelor &#537;i scurgerile<\/h3><p><strong>&Icirc;ntreaga popula&#539;ie a &#539;&#259;rii georgiane a fost expus&#259; &icirc;ntr-o scurgere masiv&#259; de date<\/strong><br>Pe 27 ianuarie, cercet&#259;torul &icirc;n domeniul securit&#259;&#539;ii cibernetice Bob Dyachenko &#537;i echipa Cybernews au descoperit un index Elasticsearch neprotejat g&#259;zduit de un furnizor de servicii cloud din Germania, care con&#539;ine aproape cinci milioane de &icirc;nregistr&#259;ri de date personale ale cet&#259;&#539;enilor georgieni, inclusiv numere de identitate, nume complete, date de na&#537;tere, sex &#537;i numere de telefon. Baza de date a fost scoas&#259; offline la scurt timp dup&#259; descoperire, dar expunerea prezint&#259; riscuri semnificative pentru persoanele afectate.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cybernews.com\/security\/entire-georgian-country-population-exposed\/\">link<\/a> <\/p><p><strong>Compania spaniol&#259; de telecomunica&#539;ii Telef&oacute;nica confirm&#259; &icirc;nc&#259;lcarea sistemului de ticketing<\/strong><br>Pe 10 ianuarie, Telef&oacute;nica, cea mai mare companie de telecomunica&#539;ii din Spania, a confirmat o &icirc;nc&#259;lcare a sistemului s&#259;u intern de ticketing dup&#259; ce date furate au ap&#259;rut pe un forum de hacking. Compania, care opereaz&#259; &icirc;n 12 &#539;&#259;ri, investigheaz&#259; incidentul &#537;i a luat m&#259;suri pentru a bloca accesul neautorizat &icirc;n continuare.<code>telecomunica&#539;ii<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/telefonica-confirms-internal-ticketing-system-breach-after-data-leak\/\">link<\/a> <\/p><p><strong>Datele clien&#539;ilor de la 800.000 de ma&#537;ini electrice &#537;i proprietari expu&#537;i online<\/strong><br>Pe 27 decembrie 2024, Der Spiegel a raportat c&#259; Cariad, filiala de software a Volkswagen, a expus terabytes de date de la aproximativ 800.000 de ma&#537;ini electrice din cauza unor configur&#259;ri gre&#537;ite ale IT. Datele, legate de &#537;oferi &#537;i loca&#539;iile vehiculelor, au inclus modelele Volkswagen, Audi, Seat &#537;i Skoda. Un denun&#539;&#259;tor a alertat Chaos Computer Club, care a informat-o pe Cariad &icirc;n noiembrie. Accesul a fost &icirc;nchis &icirc;n aceea&#537;i zi, iar Cariad nu a g&#259;sit nicio dovad&#259; de utilizare abuziv&#259; &icirc;n afar&#259; de hackingul etic de c&#259;tre CCC.<code>transport<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.spiegel.de\/netzwelt\/web\/volkswagen-konzern-datenleck-wir-wissen-wo-dein-auto-steht-a-e12d33d0-97bc-493c-96d1-aa5892861027\">link<\/a> <\/p><h3 id=\"hacktivism\">Hacktivism<\/h3><p><strong>NoName057(16) sus&#539;ine atacuri DDoS &icirc;mpotriva entit&#259;&#539;ilor cu sediul &icirc;n Italia &#537;i Germania<\/strong><br>Pe 13 ianuarie, grupul hacktivist pro-rus NoName057(16) &#537;i-a revendicat responsabilitatea pentru atacurile DDoS care vizeaz&#259; 14 entit&#259;&#539;i din Italia &#537;i 4 din Germania de ap&#259;rare, energie, financiare, guvernamentale, tehnologice &#537;i de transport. Grupul a citat ca motiva&#539;ie sprijinul militar continuu al Ucrainei din partea Italiei &#537;i Germaniei. Agen&#539;ia cibernetic&#259; a Italiei asist&#259; entit&#259;&#539;ile afectate, mai multe site-uri web italiene fiind &icirc;nc&#259; inaccesibile. Recenta propunere de ajutor militar blocat&#259; a Germaniei pentru Ucraina a fost, de asemenea, o justificare pentru atacuri.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/t.me\/nnm057_16\">link<\/a> <\/p><h2 id=\"world\">Lumea<\/h2><h3 id=\"cyber-policy-and-law-enforcement-2\">Politica cibernetic&#259; &#537;i aplicarea legii<\/h3><p><strong>Membrii Consiliului de Securitate al ONU se &icirc;nt&acirc;lnesc pentru prima dat&#259; despre programele spion<\/strong><br>Pe 14 ianuarie, Consiliul de Securitate al ONU a discutat pentru prima dat&#259; amenin&#539;&#259;rile comerciale de tip spyware. Ambasadorul SUA Dorothy Camille Shea a cerut un control mai strict la export &#537;i justi&#539;ie pentru victime. Shane Huntley de la Google a urm&#259;rit 40 de furnizori de supraveghere, constat&acirc;nd utilizarea abuziv&#259; de c&#259;tre regimurile autoritare. John Scott-Railton de la Citizen Lab a subliniat rolul Europei &icirc;n abuzurile de spyware. China &#537;i Rusia s-au opus &icirc;nt&acirc;lnirii, acord&acirc;nd prioritate altor probleme de securitate cibernetic&#259;.<code>cooperare<\/code> <code>psoa<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/therecord.media\/commercial-spyware-meeting-un-security-council-members\">link<\/a> <\/p><p><strong>Japonia &#537;i Cambodgia semneaz&#259; un acord pentru echipamentul electoral &#537;i securitatea cibernetic&#259;<\/strong><br>Pe 23 ianuarie, Japonia &#537;i Cambodgia au semnat un acord la Phnom Penh pentru un proiect de ajutor grant &icirc;n valoare de 750 de milioane de yeni. Aceast&#259; ini&#539;iativ&#259; &icirc;&#537;i propune s&#259; ofere Cambodgiei echipamente actualizate legate de alegeri, inclusiv servere &#537;i instrumente de securitate cibernetic&#259;, pentru a &icirc;mbun&#259;t&#259;&#539;i procesele electorale corecte &#537;i pentru a consolida m&#259;surile de securitate cibernetic&#259;. Aceast&#259; cooperare se aliniaz&#259; cu angajamentul Japoniei de a dezvolta infrastructura social&#259; &#537;i sprijin&#259; economia digital&#259; &#537;i progresul societal al Cambodgiei.<code>cooperare<\/code> <code>Japonia<\/code> <code>alegeri<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.mofa.go.jp\/press\/release\/pressite_000001_00940.html\">link<\/a> <\/p><p><strong>Iranul &#537;i Rusia consolideaz&#259; cooperarea &icirc;n domeniul securit&#259;&#539;ii cibernetice printr-un nou acord<\/strong><br>Pe 17 ianuarie, Iranul &#537;i Rusia au semnat un acord pentru aprofundarea leg&#259;turilor militare, de securitate &#537;i tehnologice, cu accent pe securitatea cibernetic&#259; &#537;i reglementarea internetului. Acordul oficializeaz&#259; cooperarea existent&#259; &icirc;ntre cele dou&#259; &#539;&#259;ri, inclusiv schimbul de expertiz&#259; privind controlul na&#539;ional pe internet &#537;i prevenirea criminalit&#259;&#539;ii cibernetice, reflect&acirc;nd eforturile lor mai ample de a afirma un control mai mare asupra spa&#539;iilor digitale.<code>cooperare<\/code> <code>iran<\/code> <code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"http:\/\/kremlin.ru\/supplement\/6258\">link<\/a> <\/p><p><strong>Documentele scurse dezv&#259;luie leg&#259;turile str&acirc;nse ale Microsoft cu armata israelian&#259; &icirc;n timpul r&#259;zboiului din Gaza<\/strong><br>Pe 23 ianuarie, The Guardian a dezv&#259;luit c&#259; Microsoft &#537;i-a extins colaborarea cu armata israelian&#259; dup&#259; octombrie 2023, oferind cloud computing, instrumente AI &#537;i suport tehnic &icirc;n valoare de cel pu&#539;in 10 milioane de dolari SUA pentru a ajuta efortul de r&#259;zboi al &#539;&#259;rii &icirc;n Gaza. Ancheta eviden&#539;iaz&#259; dependen&#539;a tot mai mare a For&#539;elor de Ap&#259;rare Israelului (IDF) de gigan&#539;ii tehnologici americani, inclusiv Microsoft, Amazon &#537;i Google, pentru procesarea datelor, analiza informa&#539;iilor &#537;i infrastructura digital&#259; legat&#259; de lupt&#259;.<code>cooperare<\/code> <code>ap&#259;rare<\/code> <code>israel<\/code> <code>tehnologie<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.theguardian.com\/world\/2025\/jan\/23\/israeli-military-gaza-war-microsoft\">link<\/a> <\/p><p><strong>Turcia &icirc;nfiin&#539;eaz&#259; o direc&#539;ie de securitate cibernetic&#259; pentru a stimula ap&#259;rarea na&#539;ional&#259;<\/strong><br>Pe 8 ianuarie, Turcia a &icirc;nfiin&#539;at o nou&#259; Direc&#539;ie de securitate cibernetic&#259;, care va raporta direct pre&#537;edintelui Recep Tayyip Erdo&#287;an &#537;i va fi responsabil&#259; de protejarea infrastructurii IT a &#539;&#259;rii &#537;i de dezvoltarea politicilor na&#539;ionale de securitate cibernetic&#259;. Pe 15 ianuarie, Parlamentul turc a adoptat, de asemenea, un nou proiect de lege privind securitatea cibernetic&#259; care eviden&#539;iaz&#259; competen&#539;ele directoratului &#537;i vizeaz&#259; reducerea dependen&#539;ei Turciei de produsele str&#259;ine &#537;i cre&#537;terea suveranit&#259;&#539;ii sale tehnologice.<code>capacit&#259;&#539;i<\/code> <code>curcan<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.resmigazete.gov.tr\/eskiler\/2025\/01\/20250108.pdf\">link<\/a> <\/p><p><strong>SUA sanc&#539;ioneaz&#259; entit&#259;&#539;ile din Iran &#537;i Rusia din cauza dezinformarii electorale generat&#259; de inteligen&#539;a artificial&#259;<\/strong><br>La 31 decembrie 2024, Biroul de Control al Activelor Str&#259;ine (OFAC) al Departamentului Trezoreriei SUA a sanc&#539;ionat entit&#259;&#539;i din Iran &#537;i Rusia pentru &icirc;ncercarea de a interveni &icirc;n alegerile din SUA din 2024. Grupurile desemnate includ Centrul de Produc&#539;ie de Design Cognitiv al Iranului, legat de Corpul G&#259;rzilor Revolu&#539;ionare Islamice &#537;i Centrul de Expertiz&#259; Geopolitic&#259; al Rusiei, asociat cu Direc&#539;ia Principal&#259; de Informa&#539;ii. Aceste ac&#539;iuni urm&#259;resc s&#259; contracareze influen&#539;a malign&#259; str&#259;in&#259; care submineaz&#259; procesele democratice din SUA.<code>inteligen&#539;&#259; artificial&#259;<\/code> <code>alegeri<\/code> <code>iran<\/code> <code>rusia<\/code> <code>sanc&#539;iuni<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2766\">link<\/a> <\/p><p><strong>SUA sanc&#539;ioneaz&#259; compania chinez&#259; care &icirc;l ajut&#259; pe actorul de amenin&#539;are Flax Typhoon<\/strong><br>Pe 3 ianuarie, Departamentul Trezoreriei SUA a sanc&#539;ionat Integrity Technology Group, Incorporated (Integrity Tech) din Beijing pentru sprijinirea grupului cibernetic Flax Typhoon, sponsorizat de stat chinez. Activ din 2021 cel pu&#539;in, Flax Typhoon a vizat sectoarele de infrastructur&#259; critic&#259; din SUA.<code>China<\/code> <code>sanc&#539;iuni<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2769\">link<\/a> <\/p><p><strong>SUA impun sanc&#539;iuni hacker-ului &#537;i firmelor din China legate de &icirc;nc&#259;lc&#259;ri ale telecomunica&#539;iilor &#537;i trezoreriei<\/strong><br>Pe 17 ianuarie, Biroul de Control al Activelor Str&#259;ine (OFAC) al Departamentului Trezoreriei SUA a sanc&#539;ionat Yin Kecheng, un hacker din Shanghai, &#537;i Sichuan Juxinhe Network Technology Co., o firm&#259; chinez&#259; de securitate cibernetic&#259;, pentru atacuri cibernetice asupra Trezoreriei SUA &#537;i companiilor de telecomunica&#539;ii. Sanc&#539;iunile blocheaz&#259; activele SUA, trag&acirc;nd la r&#259;spundere pe cei responsabili pentru &icirc;nc&#259;lc&#259;ri atribuite hackerilor sus&#539;inu&#539;i de stat chinezi, cu o recompens&#259; de 10 milioane de dolari SUA oferit&#259; pentru informa&#539;ii despre amenin&#539;&#259;ri similare.<code>sanc&#539;iuni<\/code> <code>China<\/code> <code>telecomunica&#539;ii<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy2792\">link<\/a> <\/p><p><strong>Departamentul de Trezorerie al SUA sanc&#539;ioneaz&#259; Coreea de Nord pentru c&#259; folose&#537;te lucr&#259;tori IT la distan&#539;&#259; pentru a finan&#539;a programe de arme<\/strong><br>Pe 16 ianuarie, Departamentul de Trezorerie al SUA a impus sanc&#539;iuni asupra a dou&#259; persoane &#537;i patru entit&#259;&#539;i presupuse implicate &icirc;n opera&#539;iunile ilicite ale for&#539;ei de munc&#259; IT de la distan&#539;&#259; ale Coreei de Nord, care conduc bani &icirc;napoi &icirc;n programele de arme ale &#539;&#259;rii. Schema implic&#259; trimiterea a mii de profesioni&#537;ti IT califica&#539;i &icirc;n str&#259;in&#259;tate pentru a-&#537;i asigura locuri de munc&#259; independen&#539;i sub preten&#539;ii false, guvernul lu&acirc;nd p&acirc;n&#259; la 90%.<code>coreea de nord<\/code> <code>sanc&#539;iuni<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/ofac.treasury.gov\/recent-actions\/20250116\">link<\/a> <\/p><p><strong>Trump abrog&#259; ordinul de siguran&#539;&#259; al AI al lui Biden, invoc&acirc;nd preocup&#259;ri legate de inovare<\/strong><br>Pe 20 ianuarie, pre&#537;edintele american Donald Trump a revocat un ordin executiv din 2023 semnat de predecesorul s&#259;u Joe Biden, care urm&#259;rea reducerea riscurilor asociate cu inteligen&#539;a artificial&#259; (AI). Ordinul revocat impunea dezvoltatorilor s&#259; partajeze rezultatele testelor de siguran&#539;&#259; cu guvernul &icirc;nainte de a lansa sistemele AI, dar administra&#539;ia lui Trump a sus&#539;inut c&#259; astfel de reglement&#259;ri &icirc;mpiedic&#259; inovarea AI &#537;i, &icirc;n schimb, sprijin&#259; dezvoltarea AI &icirc;nr&#259;d&#259;cinat&#259; &icirc;n libertatea de exprimare &#537;i &icirc;nflorirea uman&#259;.<code>inteligen&#539;&#259; artificial&#259;<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.reuters.com\/technology\/artificial-intelligence\/trump-revokes-biden-executive-order-addressing-ai-risks-2025-01-21\/\">link<\/a> <\/p><p><strong>Departamentul de Justi&#539;ie al SUA &#537;i FBI desf&#259;&#537;oar&#259; opera&#539;iuni interna&#539;ionale pentru a &#537;terge programele malware utilizate de hackerii sus&#539;inu&#539;i de China<\/strong><br>Pe 14 ianuarie, Departamentul de Justi&#539;ie al SUA &#537;i FBI au anun&#539;at eliminarea cu succes a programelor malware PlugX de pe peste 4200 de computere din &icirc;ntreaga lume. Acest malware, despre care se presupune c&#259; a fost implementat de hackerii sus&#539;inu&#539;i de China Mustang Panda &#537;i Twill Typhoon, a fost folosit pentru spionaj cibernetic cel pu&#539;in din 2014. Opera&#539;iunea a implicat colaborarea cu for&#539;ele de ordine franceze &#537;i firma privat&#259; de securitate cibernetic&#259; Sekoia.io.<code>China<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed\">link<\/a> <\/p><p><strong>TikTok a revenit online dup&#259; ce Trump a promis c&#259; &icirc;l va restabili<\/strong><br>Pe 20 ianuarie, TikTok a fost din nou online &icirc;n SUA la doar c&acirc;teva ore dup&#259; &icirc;nchidere, ca urmare a angajamentului pre&#537;edintelui ales Donald Trump de a am&acirc;na aplicarea unei legi care interzice aplica&#539;ia &#537;i de a lucra la o solu&#539;ie pe termen lung. De&#537;i aceast&#259; mi&#537;care a oferit o u&#537;urare temporar&#259;, viitorul pe termen lung al TikTok r&#259;m&acirc;ne incert pe fondul provoc&#259;rilor legale &#537;i politice, cu poten&#539;iale solu&#539;ii, inclusiv o v&acirc;nzare for&#539;at&#259; sau o inversare legislativ&#259;.<code>social media<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/edition.cnn.com\/2025\/01\/19\/tech\/tiktok-ban\/index.html\">link<\/a> <\/p><p><strong>SUA r&#259;spunde la amenin&#539;&#259;rile cibernetice cu opera&#539;iuni ofensive<\/strong><br>Pe 17 ianuarie, Politico a raportat declara&#539;iile lui Anne Neuberger, un &icirc;nalt oficial cibernetic al administra&#539;iei Biden, care a dezv&#259;luit c&#259; SUA au efectuat opera&#539;iuni cibernetice secrete ofensive &icirc;mpotriva adversarilor str&#259;ini care vizeaz&#259; infrastructura critic&#259;. Aceste m&#259;suri clasificate urm&#259;resc s&#259; perturbe re&#539;elele r&#259;u inten&#539;ionate &#537;i s&#259; consolideze securitatea cibernetic&#259;. Neuberger a subliniat, de asemenea, ini&#539;iativele administra&#539;iei de a aborda vulnerabilit&#259;&#539;ile, inclusiv un ordin executiv recent care cere software securizat pentru agen&#539;iile federale.<code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/subscriber.politicopro.com\/article\/2025\/01\/biden-admin-quietly-hit-back-at-nations-that-targeted-the-u-s-with-cyberattacks-top-official-says-00198876\">link<\/a> <\/p><p><strong>FTC din SUA d&#259; &icirc;n judecat&#259; GoDaddy pentru ani de practici de securitate proaste pentru g&#259;zduire<\/strong><br>Pe 15 ianuarie, Comisia Federal&#259; pentru Comer&#539; din SUA l-a dat &icirc;n judecat&#259; pe GoDaddy pentru ani de zile de practici proaste de securitate pentru g&#259;zduire, acuz&acirc;nd c&#259; nu a protejat datele clien&#539;ilor &#537;i nu a implementat m&#259;suri de securitate adecvate. Procesul urm&#259;re&#537;te penalit&#259;&#539;i &#537;i solicit&#259; GoDaddy s&#259; &icirc;&#537;i &icirc;mbun&#259;t&#259;&#539;easc&#259; protocoalele de securitate cibernetic&#259; pentru a proteja informa&#539;iile utilizatorilor.<code>urm&#259;rire penal&#259;<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2025\/01\/ftc-takes-action-against-godaddy-alleged-lax-data-security-its-website-hosting-services\">link<\/a> <\/p><p><strong>SUA lanseaz&#259; etichete de siguran&#539;&#259; cibernetic&#259; pentru dispozitivele inteligente<\/strong><br>Pe 7 ianuarie, guvernul SUA a introdus US Cyber &#8203;&#8203;Trust Mark, un program de etichetare a securit&#259;&#539;ii cibernetice pentru dispozitivele inteligente. Aceast&#259; ini&#539;iativ&#259; voluntar&#259; permite produc&#259;torilor s&#259; afi&#537;eze o sigl&#259; scut pe dispozitivele IoT (Internet of Things) care &icirc;ndeplinesc standardele federale de securitate cibernetic&#259;. Eticheta include un cod QR care ofer&#259; informa&#539;ii detaliate de securitate. Programul &icirc;&#537;i propune s&#259; ajute consumatorii s&#259; identifice dispozitivele securizate conectate la internet &#537;i s&#259; &icirc;ncurajeze produc&#259;torii s&#259; &icirc;mbun&#259;t&#259;&#539;easc&#259; m&#259;surile de securitate cibernetic&#259;.<code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2025\/01\/07\/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure\/\">link<\/a> <\/p><h3 id=\"cyberespionage-2\">Spionajul cibernetic<\/h3><p><strong>Hackerii din China, Iran &#537;i Coreea de Nord folosesc instrumente AI pentru a &icirc;mbun&#259;t&#259;&#539;i atacurile cibernetice<\/strong><br>Pe 29 ianuarie, The Wall Street Journal a raportat c&#259; hackerii din China, Iran &#537;i Coreea de Nord folosesc produse AI din SUA, inclusiv Gemini de la Google, pentru a-&#537;i spori atacurile cibernetice. Ei par s&#259; trateze platforma mai mult ca un asistent de cercetare dec&acirc;t un activ strategic, baz&acirc;ndu-se pe ea pentru sarcini care sporesc productivitatea, mai degrab&#259; dec&acirc;t s&#259; dezvolte noi tehnici avansate de hacking. Aceste instrumente ajut&#259; &icirc;n sarcini precum recunoa&#537;terea &#537;i evaziunea de detectare a anomaliilor.<code>inteligen&#539;&#259; artificial&#259;<\/code> <code>China<\/code> <code>iran<\/code> <code>coreea de nord<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/tech\/ai\/chinese-and-iranian-hackers-are-using-u-s-ai-products-to-bolster-cyberattacks-ff3c5884?mod=tech_lead_pos1\">link<\/a> <\/p><p><strong>Ivanti Connect Secure VPN vizat &icirc;ntr-o nou&#259; exploatare zero-day<\/strong><br>Pe 8 ianuarie, Google a detaliat exploatarea activ&#259; a CVE-2025-0282, o zi zero &icirc;n VPN-urile Ivanti Connect Secure. Atacatorii au folosit recunoa&#537;terea, exploatarea buffer overflow &#537;i programe malware precum PHASEJAM pentru persisten&#539;&#259; &#537;i acces la distan&#539;&#259;. Dup&#259; exploatare, au modificat jurnalele &#537;i au dezactivat ap&#259;rarea pentru a men&#539;ine controlul. Legat de UNC5337, parte a suspectului China-nexus UNC5221, atacatorii au demonstrat tactici avansate, &#539;intind dispozitivele ICS cu malware personalizat pentru spionaj &#537;i compromis prelungit al re&#539;elei.<code>China<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/ivanti-connect-secure-vpn-zero-day\/?hl=en\">leg&#259;tur&#259;<\/a> <\/p><p><strong>China vizeaz&#259; infrastructura &#537;i telecomunica&#539;iile SUA &icirc;n opera&#539;iuni de r&#259;zboi cibernetic<\/strong><br>Pe 4 ianuarie, The Wall Street Journal a raportat despre atacurile cibernetice avansate ale Chinei asupra infrastructurii &#537;i re&#539;elelor de telecomunica&#539;ii din SUA, semnal&acirc;nd o trecere de la spionajul corporativ la strategia militar&#259;. Hackerii s-au infiltrat &icirc;n porturi, utilit&#259;&#539;i &#537;i sisteme de telecomunica&#539;ii, colect&acirc;nd informa&#539;ii &#537;i preg&#259;tindu-se s&#259; &icirc;ntrerup&#259; opera&#539;iunile &icirc;n timpul unor poten&#539;iale conflicte, cum ar fi cele din Taiwan. Atacurile au eviden&#539;iat vulnerabilit&#259;&#539;i &icirc;n securitatea cibernetic&#259; a SUA &#537;i au ridicat &icirc;ngrijor&#259;ri cu privire la capacit&#259;&#539;ile cibernetice &icirc;n cre&#537;tere ale Chinei.<code>China<\/code> <code>infrastructur&#259; critic&#259;<\/code> <code>telecomunica&#539;ii<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/typhoon-china-hackers-military-weapons-97d4ef95\">link<\/a> <\/p><p><strong>Actorul de amenin&#539;are MirrorFace legat de China vizeaz&#259; guvernul &#537;i politicienii japonezi din 2019<\/strong><br>Pe 9 ianuarie, Agen&#539;ia Na&#539;ional&#259; a Poli&#539;iei din Japonia (NPA) a raportat c&#259; grupul de hacking sus&#539;inut de stat chinez MirrorFace a desf&#259;&#537;urat campanii de spionaj cibernetic &icirc;mpotriva guvernului &#537;i politicienilor japonezi din 2019. Grupul folose&#537;te e-mailuri de tip spearphishing pentru a implementa malware precum MirrorStealer, cu scopul de a fura informa&#539;ii sensibile legate de securitatea na&#539;ional&#259; &#537;i tehnologie avansat&#259;.<code>China<\/code> <code>Japonia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/mirrorface-hackers-targeting-japanese-govt-politicians-since-2019\/\">link<\/a> <\/p><p><strong>APT32 a intoxicat GitHub, care vizeaz&#259; profesioni&#537;tii chinezi din domeniul securit&#259;&#539;ii cibernetice &#537;i anumite &icirc;ntreprinderi mari<\/strong><br>Pe 9 ianuarie, ThreatBook CTI a raportat c&#259; grupul APT OceanLotus (APT32) legat de Vietnam a vizat profesioni&#537;tii chinezi &icirc;n securitate cibernetic&#259; &#537;i anumite &icirc;ntreprinderi mari prin otr&#259;virea unui depozit GitHub cu un plugin de exploatare Cobalt Strike care con&#539;inea un troian. Atacul a folosit o metod&#259; nou&#259; de &icirc;ncorporare a codului r&#259;u inten&#539;ionat &icirc;ntr-un fi&#537;ier Visual Studio .suo.<code>China<\/code> <code>tehnologie<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/threatbook.io\/blog\/id\/1100\">link<\/a> <\/p><p><strong>O nou&#259; u&#537;&#259; din spate vizeaz&#259; guvernele &#537;i ISP-urile din Orientul Mijlociu<\/strong><br>Pe 6 ianuarie, Kaspersky a raportat despre backdoor actualizat denumit EAGERBEE, care a fost implementat la ISP-uri &#537;i entit&#259;&#539;i guvernamentale din Orientul Mijlociu. Cercet&#259;torii se leag&#259; cu o &icirc;ncredere moderat&#259; de actorul chinez al amenin&#539;&#259;rilor pe care &icirc;l numesc CaughingDown, pe baza asem&#259;n&#259;rilor de cod &#537;i a suprapunerilor de adrese IP. Aceast&#259; &#537;tire eviden&#539;iaz&#259; extinderea global&#259; a opera&#539;iunilor chineze &icirc;n sectorul telecomunica&#539;iilor.<code>China<\/code> <code>telecomunica&#539;ii<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/securelist.com\/eagerbee-backdoor\/115175\/\">link<\/a> <\/p><p><strong>Salt Typhoon a &icirc;nc&#259;lcat &icirc;nc&#259; 3 re&#539;ele de furnizori de telecomunica&#539;ii &icirc;n ultimul val de atacuri<\/strong><br>Pe 6 ianuarie, Wall Street Journal a dezv&#259;luit noi victime ale hackurilor de telecomunica&#539;ii Salt Typhoon, sus&#539;inute de stat chinez: Charter Communications, Consolidated Communications &#537;i Windstream. Hackerii au ob&#539;inut acces la date &#537;i comunica&#539;ii sensibile ale clien&#539;ilor. Ca r&#259;spuns, guvernul SUA are &icirc;n vedere interzicerea opera&#539;iunilor China Telecom &#537;i a routerelor TP-Link.<code>China<\/code> <code>telecomunica&#539;ii<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/typhoon-china-hackers-military-weapons-97d4ef95?utm_source=chatgpt.com\">link<\/a> <\/p><p><strong>&Icirc;nc&#259;lcarea Trezoreriei SUA atribuit&#259; Silk Typhoon aliniat&#259; cu China<\/strong><br>Potrivit unui raport al Bloomberg din 8 ianuarie, &icirc;nc&#259;lcarea Trezoreriei SUA dezv&#259;luit&#259; &icirc;n decembrie a fost legat&#259; de grupul sus&#539;inut de stat chinez Silk Typhoon (alias Hafnium). Grupul a exploatat o cheie API BeyondTrust compromis&#259; pentru a accesa re&#539;eaua, concentr&acirc;ndu-se pe Office of Foreign Assets Control. Investiga&#539;iile sugereaz&#259; c&#259; &icirc;nc&#259;lcarea a avut ca scop colectarea informa&#539;iilor privind poten&#539;ialele sanc&#539;iuni ale SUA. Oficialii Trezoreriei, CISA &#537;i FBI &icirc;&#537;i continu&#259; ancheta, BeyondTrust sprijinind eforturile de atenuare.<code>China<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bloomberg.com\/news\/articles\/2025-01-08\/white-house-rushes-to-finish-cyber-order-after-china-hacks\">link<\/a> <\/p><p><strong>CISA din SUA avertizeaz&#259; c&#259; monitoarele pentru pacien&#539;i Contec vor trimite date &icirc;n China<\/strong><br>Pe 30 ianuarie, Agen&#539;ia de Securitate Cibernetic&#259; &#537;i Infrastructur&#259; din SUA (CISA) a avertizat c&#259; Contec CMS8000, un monitor pentru pacient cu mai mul&#539;i parametri utilizat &icirc;n asisten&#539;a medical&#259;, con&#539;ine o u&#537;&#259; din spate care transmite datele pacientului la o adres&#259; IP codificat&#259;, conectat&#259; la o universitate chinez&#259;. Aceast&#259; u&#537;&#259; din spate permite executarea codului de la distan&#539;&#259;, permi&#539;&acirc;nd preluarea complet&#259; a dispozitivului. Activitatea este ne&icirc;nregistrat&#259;, l&#259;s&acirc;nd administratorii ne&#537;tii&#539;i. Contec nu a r&#259;spuns solicit&#259;rilor CISA de a aborda aceste vulnerabilit&#259;&#539;i.<code>China<\/code> <code>s&#259;n&#259;tate<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2025-01\/fact-sheet-contec-cms8000-contains-a-backdoor-508c.pdf\">leg&#259;tur&#259;<\/a> <\/p><p><strong>APT Rusia-nexus, posibil legat de APT28, efectueaz&#259; spionaj cibernetic asupra rela&#539;iilor diplomatice din Asia Central&#259; &#537;i Kazahstan<\/strong><br>Pe 13 ianuarie, Sekoia a raportat c&#259; un grup legat de Rusia, UAC-0063, posibil asociat cu APT28, a efectuat spionaj cibernetic &icirc;mpotriva entit&#259;&#539;ilor diplomatice din Asia Central&#259;, &icirc;n special &icirc;n Kazahstan. Atacatorii au folosit documente legitime de la Ministerul Afacerilor Externe al Kazahstanului, &icirc;ncorpor&acirc;nd programe malware precum HATVIBE &#537;i CHERRYSPY pentru a aduna informa&#539;ii despre rela&#539;iile diplomatice &#537;i economice ale Kazahstanului.<code>diploma&#539;ie<\/code> <code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.sekoia.io\/double-tap-campaign-russia-nexus-apt-possibly-related-to-apt28-conducts-cyber-espionage-on-central-asia-and-kazakhstan-diplomatic-relations\/\">link<\/a> <\/p><p><strong>Noua campanie de spearphishing Star Blizzard vizeaz&#259; conturile WhatsApp<\/strong><br>Pe 16 ianuarie, Microsoft a raportat c&#259; grupul de hacking legat de Rusia Star Blizzard a lansat o campanie de spearphishing care vizeaz&#259; conturile WhatsApp ale oficialilor guvernamentali, diploma&#539;ilor, exper&#539;ilor &icirc;n politica de ap&#259;rare &#537;i persoanelor care asist&#259; Ucraina. Atacatorii au trimis e-mail-uri uzurpandu-se identitatea oficialilor guvernului SUA, con&#539;in&acirc;nd coduri QR care, atunci c&acirc;nd au fost scanate, acordau acces neautorizat la mesajele WhatsApp ale victimelor.<code>rusia<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/01\/16\/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts\/\">link<\/a> <\/p><p><strong>FBI avertizeaz&#259; c&#259; lucr&#259;torii nord-coreeni din IT au furat codul surs&#259; pentru extorcare<\/strong><br>Pe 23 ianuarie, FBI a avertizat c&#259; lucr&#259;torii din domeniul IT din Coreea de Nord se infiltreaz&#259; &icirc;n companii americane, fur&#259; codul surs&#259; &#537;i extorc&#259; angajatorii amenin&#539;&#259;ndu-le c&#259; vor scurge date sensibile. Pentru a atenua aceste amenin&#539;&#259;ri, organiza&#539;iile sunt &icirc;ndemnate s&#259; impun&#259; controale stricte de acces, s&#259; monitorizeze conexiunile de la distan&#539;&#259; pentru activit&#259;&#539;i suspecte &#537;i s&#259; consolideze practicile de angajare pentru a detecta solicitan&#539;ii fraudulen&#539;i folosind AI &#537;i tehnici de mascare a identit&#259;&#539;ii.<code>coreea de nord<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.ic3.gov\/PSA\/2025\/PSA250123\">link<\/a> <\/p><h3 id=\"cybercrime-2\">Crima cibernetic&#259;<\/h3><p><strong>Sneaky 2FA: expunerea unui nou AiTM Phishing-as-a-Service<\/strong><br>Pe 16 ianuarie, compania de securitate cibernetic&#259; Sekoia a expus &bdquo;Sneaky 2FA&rdquo;, un kit de phishing Adversary-in-the-Middle v&acirc;ndut ca Phishing-as-a-Service printr-un bot Telegram. Activ din octombrie 2024, ocole&#537;te autentificarea cu mai mul&#539;i factori pentru a compromite conturile Microsoft 365. Kitul folose&#537;te cod ofuscat, tehnici anti-analiza &#537;i pre-complet&#259; paginile de phishing cu adresele de e-mail ale victimelor pentru a spori credibilitatea.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.sekoia.io\/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service\/\">link<\/a> <\/p><p><strong>Grupurile de ransomware folosesc bombardarea prin e-mail &#537;i echipele vishing &icirc;n atacuri<\/strong><br>Pe 21 ianuarie, Sophos a raportat c&#259; a r&#259;spuns la dou&#259; campanii de ransomware folosind tacticile de &bdquo;bombardare prin e-mail&rdquo; &#537;i &bdquo;vishing&rdquo; ale Microsoft Teams. Clusterele de amenin&#539;&#259;ri, identificate ca STAC5143 &#537;i STAC5777, exploateaz&#259; func&#539;ionalit&#259;&#539;ile Office 365 pentru a cople&#537;i &#539;inte cu spam &#537;i a uzurpa identitatea suportului tehnic prin Teams. Aceste metode urm&#259;resc s&#259; implementeze programe malware &#537;i s&#259; faciliteze furtul de date.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/news.sophos.com\/en-us\/2025\/01\/21\/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing\/\">link<\/a> <\/p><p><strong>Un actor necunoscut de amenin&#539;&#259;ri &icirc;ncearc&#259; s&#259; for&#539;eze conturile Microsoft 365 la nivel global folosind FastHTTP<\/strong><br>Pe 13 ianuarie, compania de securitate cibernetic&#259; din SUA SpearTip a dezv&#259;luit o campanie global&#259; care folose&#537;te biblioteca fasthttp Go pentru a lansa atacuri de mare vitez&#259; cu for&#539;&#259; brut&#259; asupra Azure Active Directory prin API-ul Graph. Adversarii au vizat conturi Microsoft&nbsp;365, 9,7% dintre &icirc;ncerc&#259;ri au ob&#539;inut acces neautorizat. Majoritatea traficului a provenit din Brazilia. Atacurile au inclus spam MFA pentru a exploata oboseala MFA.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.speartip.com\/fasthttp-used-in-new-bruteforce-campaign\/\">link<\/a> <\/p><p><strong>Extensia r&#259;u inten&#539;ionat&#259; VS Code uzurp&#259; identitatea Zoom pentru a viza cookie-urile Chrome<\/strong><br>Pe 21 ianuarie, cercet&#259;torii de la Hunt.io au identificat o extensie r&#259;u inten&#539;ionat&#259; de Visual Studio Code care uzurpa identitatea Zoom pentru a fura cookie-urile Google Chrome. Activ din 30 noiembrie 2024, a exploatat VS Code Marketplace &#537;i a folosit JavaScript obscurcat pentru a accesa datele cookie prin interog&#259;ri SQLite. Extensia este legat&#259; de depozite legitime pentru a construi &icirc;ncredere, expun&acirc;nd riscuri critice de securitate &icirc;n mediile de dezvoltare.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/hunt.io\/blog\/malicious-vs-code-extension-impersonating-zoom-steals-chrome-cookies\">link<\/a> <\/p><p><strong>Actorii amenin&#539;&#259;rilor exploateaz&#259; domeniile .gov pentru campanii de phishing<\/strong><br>Pe 29 ianuarie, Cofense a raportat c&#259; actorii amenin&#539;&#259;rilor au exploatat vulnerabilit&#259;&#539;ile din domeniile guvernamentale (.gov) pentru campanii de phishing din noiembrie 2022 p&acirc;n&#259; &icirc;n noiembrie 2024. Au folosit &icirc;n principal redirec&#539;ion&#259;ri deschise pentru a ocoli gateway-urile securizate de e-mail (SEG), utiliz&acirc;nd adesea CVE-2024-25608. Domeniile guvernamentale SUA s-au clasat pe locul al treilea &icirc;n ceea ce prive&#537;te abuzul, redirec&#539;ion&acirc;nd &icirc;n mare parte victimele c&#259;tre pagini de phishing de acredit&#259;ri deghizate &icirc;n portaluri de conectare Microsoft.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cofense.com\/blog\/threat-actors-exploit-government-website-vulnerabilities-for-phishing-campaigns\">link<\/a> <\/p><p><strong>Peste 4000 de u&#537;i din spate deturnate prin &icirc;nregistrarea unor domenii expirate<\/strong><br>Pe 8 ianuarie, WatchTowr a raportat c&#259; peste 4000 de u&#537;i din spate web abandonate, dar active au fost deturnate prin &icirc;nregistrarea domeniilor expirate folosite pentru a le comanda. Cercet&#259;torii au descoperit u&#537;i &icirc;n spate &icirc;n sistemele guvernamentale &#537;i universitare &#537;i au distrus traficul pentru a preveni ca actorii r&#259;u inten&#539;iona&#539;i s&#259; preia controlul.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/labs.watchtowr.com\/more-governments-backdoors-in-your-backdoors\/\">link<\/a> <\/p><p><strong>Atacatorii cibernetici folosesc GhostGPT pentru a scrie cod r&#259;u inten&#539;ionat<\/strong><br>Pe 27 ianuarie, rapoartele au eviden&#539;iat apari&#539;ia GhostGPT, un chatbot AI necenzurat, comercializat infractorilor cibernetici pentru 50 de dolari SUA pe s&#259;pt&#259;m&acirc;n&#259;. Spre deosebire de modelele mainstream AI cu garan&#539;ii etice, GhostGPT ajut&#259; la crearea de programe malware, dezvoltarea exploat&#259;rilor &#537;i crearea de e-mailuri conving&#259;toare de phishing, sc&#259;z&acirc;nd astfel bariera pentru activit&#259;&#539;ile r&#259;u inten&#539;ionate. Disponibilitatea sa prin Telegram &#537;i absen&#539;a jurnalelor de activitate ale utilizatorilor &icirc;l fac deosebit de atr&#259;g&#259;tor pentru atacatori.<code>inteligen&#539;&#259; artificial&#259;<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cloud-security\/cyberattackers-ghostgpt-write-malicious-code\">link<\/a> <\/p><p><strong>Opera&#539;iunea 99: Grupul Lazarus vizeaz&#259; dezvoltatorii Web3 &#537;i criptomonede<\/strong><br>Pe 9 ianuarie, SecurityScorecard a dezv&#259;luit Opera&#539;iunea 99, o campanie a Grupului Lazarus care exploateaz&#259; dezvoltatorii Web3 &#537;i criptomonede prin recrutori fal&#537;i. Arhivele GitLab r&#259;u inten&#539;ionate injecteaz&#259; malware modular, cum ar fi Main99 &#537;i MCLIP, pentru a fura acredit&#259;rile, criptomoneda &#537;i proprietatea intelectual&#259;. O ofuscare sporit&#259; &#537;i persisten&#539;a eviden&#539;iaz&#259; motivele financiare ale Coreei de Nord. Dezvoltatorii trebuie s&#259; verifice recrutorii, s&#259; examineze arhivele &#537;i s&#259; adopte o securitate robust&#259; a punctelor finale pentru a atenua astfel de amenin&#539;&#259;ri avansate.<code>coreea de nord<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/securityscorecard.com\/blog\/operation-99-north-koreas-cyber-assault-on-software-developers\/\">link<\/a> <\/p><p><strong>Extensii r&#259;u inten&#539;ionate Chrome: un nou atac la lan&#539;ul de aprovizionare descoperit<\/strong><br>Pe 22 ianuarie, Sekoia a raportat despre un atac direc&#539;ionat al lan&#539;ului de aprovizionare asupra extensiilor browserului Chrome, &icirc;n care atacatorii au folosit e-mailuri de phishing pentru a compromite dezvoltatorii &#537;i pentru a &icirc;nc&#259;rca versiuni r&#259;u inten&#539;ionate ale extensiilor lor. Atacul, care a &icirc;nceput &icirc;n decembrie 2024, a afectat zeci de extensii &#537;i, poten&#539;ial, sute de mii de utilizatori, permi&#539;&acirc;nd furtul de date sensibile, cum ar fi cheile API &#537;i jetoanele de autentificare de pe platforme precum ChatGPT &#537;i Facebook for Business.<code>tehnologie<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/blog.sekoia.io\/targeted-supply-chain-attack-against-chrome-browser-extensions\/\">link<\/a> <\/p><h3 id=\"data-exposure-and-leaks-2\">Expunerea datelor &#537;i scurgerile<\/h3><p><strong>Actorul de amenin&#539;&#259;ri scurge date sensibile despre 15.000 de dispozitive FortiGate din &icirc;ntreaga lume pe BreachForum<\/strong><br>Pe 14 ianuarie, un actor de amenin&#539;&#259;ri numit Belsen Groups a scurs date sensibile despre aproximativ 15.000 de dispozitive FortiGate din &icirc;ntreaga lume pe forumul subteran BreachForum. Datele scurse, care includ adrese IP, parole &#537;i configura&#539;ii, au fost lansate gratuit pe forumul subteran, ca o modalitate de a le &icirc;mbun&#259;t&#259;&#539;i reputa&#539;ia &icirc;n timpul primei opera&#539;iuni oficiale.<a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/x.com\/BelsenGroup\/status\/1879217666067730671\">link<\/a> <\/p><p><strong>Baza de date DeepSeek a expus&#259; scurgeri de informa&#539;ii sensibile, inclusiv istoricul chat<\/strong><br>Pe 29 ianuarie, Wiz Research a descoperit o baz&#259; de date ClickHouse accesibil&#259; public, legat&#259; de DeepSeek, expun&acirc;nd peste un milion de intr&#259;ri de jurnal care con&#539;in date sensibile precum istoricul chat-ului, cheile API &#537;i detaliile backend. Aceast&#259; baz&#259; de date nesecurizat&#259; a permis controlul deplin asupra opera&#539;iunilor &#537;i a reprezentat riscuri semnificative de securitate. Wiz a notificat prompt DeepSeek, care a asigurat expunerea. Incidentul eviden&#539;iaz&#259; nevoia critic&#259; de securitate robust&#259; &icirc;n serviciile AI adoptate rapid.<code>inteligen&#539;&#259; artificial&#259;<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.wiz.io\/blog\/wiz-research-uncovers-exposed-deepseek-database-leak\">link<\/a> <\/p><p><strong>Mii de acredit&#259;ri ale furnizorilor de securitate g&#259;site pe Dark Web<\/strong><br>Pe 22 ianuarie, Cyble a raportat c&#259; acredit&#259;rile de la principalii furnizori de securitate cibernetic&#259;, inclusiv conturile interne &#537;i ale clien&#539;ilor, au fost g&#259;site pe dark web. Aceste acredit&#259;ri, probabil extrase de malware infostealer, erau disponibile pentru doar 10 dolari SUA &#537;i includeau acces la platforme precum Okta, Jira, GitHub, AWS &#537;i Microsoft Online. Furnizorii afecta&#539;i includ CrowdStrike, Palo Alto Networks, Fortinet &#537;i al&#539;ii.<code>tehnologie<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/cyble.com\/blog\/thousands-of-security-vendor-credentials-found-on-dark-web\/\">link<\/a> <\/p><p><strong>HPE investigheaz&#259; o posibil&#259; &icirc;nc&#259;lcare a securit&#259;&#539;ii &icirc;n urma reclama&#539;iei privind furtul codului surs&#259;<\/strong><br>Pe 16 ianuarie, Hewlett Packard Enterprise (HPE) a aflat de afirma&#539;iile f&#259;cute de un grup numit IntelBroker, spun&acirc;nd c&#259; au furat documente din mediile de dezvoltare ale companiei. HPE investigheaz&#259; aceste afirma&#539;ii de &icirc;nc&#259;lcare, care includ accesarea API, GitHub &#537;i codul surs&#259;, dar nu a g&#259;sit nicio dovad&#259; a unei &icirc;nc&#259;lc&#259;ri p&acirc;n&#259; acum.<code>tehnologie<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hewlett-packard-enterprise-investigates-new-breach-claims\/\">link<\/a> <\/p><p><strong>Defectul Subaru STARLINK a expus vehiculele la telecomand&#259; &#537;i acces la date<\/strong><br>Pe 20 noiembrie 2024, cercet&#259;torii Sam Curry &#537;i Shubham Shah au descoperit o defec&#539;iune &icirc;n panoul de administrare STARLINK al Subaru, care permite accesul neautorizat la vehicule &#537;i la datele clien&#539;ilor din SUA, Canada &#537;i Japonia. Exploatarea a necesitat detalii minime &#537;i a permis controlul de la distan&#539;&#259;, accesul la PII &#537;i urm&#259;rirea loca&#539;iei. Subaru a remediat problema &icirc;n 24 de ore de la dezv&#259;luire. Raportul detaliat a fost publicat pe 23 ianuarie 2025, subliniind provoc&#259;rile sistemice din platformele de vehicule conectate.<code>transport<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/samcurry.net\/hacking-subaru\">link<\/a> <\/p><p><strong>ONU ICAO investigheaz&#259; poten&#539;iala &icirc;nc&#259;lcare a datelor privind recrutarea<\/strong><br>Pe 7 ianuarie, Organiza&#539;ia Avia&#539;iei Civile Interna&#539;ionale (ICAO) a raportat o poten&#539;ial&#259; &icirc;nc&#259;lcare a a 42.000 de dosare de recrutare din 2016-2024, sus&#539;inut&#259; de actorul de amenin&#539;are Natohub. Datele expuse includ numele, adresele de e-mail, datele de na&#537;tere &#537;i istoricul de angajare. ICAO a declarat c&#259; nu au fost afectate sisteme financiare, parole sau avia&#539;ie. Organiza&#539;ia investigheaz&#259;, &icirc;mbun&#259;t&#259;&#539;e&#537;te m&#259;surile de securitate &#537;i informeaz&#259; persoanele afectate.<code>transport<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.icao.int\/Newsroom\/Pages\/ICAO-statement-on-reported-security-incident.aspx\">link<\/a> <\/p><h3 id=\"disruption-2\">Perturbare<\/h3><p><strong>DeepSeek raporteaz&#259; un atac cibernetic pe fondul cre&#537;terii cererii de modele AI<\/strong><br>Pe 27 ianuarie, startup-ul chinezesc de inteligen&#539;&#259; artificial&#259; DeepSeek a raportat atacuri r&#259;u inten&#539;ionate la scar&#259; larg&#259; asupra serverelor sale, care au perturbat noile &icirc;nregistr&#259;ri &#537;i accesul la site-uri pe fondul cererii mari pentru modelul s&#259;u DeepSeek-R1. Media a speculat un atac DDoS asupra API-ului &#537;i platformei sale de chat web. Pe 28 ianuarie, China Central Television (CCTV) a citat cercet&#259;torii Qi An Xin, care au sus&#539;inut c&#259; atacurile provin exclusiv de la adresele IP din SUA.<code>inteligen&#539;&#259; artificial&#259;<\/code> <code>China<\/code> <code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/news.cctv.com\/2025\/01\/28\/ARTIYG1xE3cXhvCPUxTISr8X250128.shtml\">link<\/a> <\/p><p><strong>Cablurile submarine Taiwan-Matsu t&#259;iate, presupusa implicare a Chinei ridic&#259; &icirc;ngrijor&#259;ri<\/strong><br>Pe 22 ianuarie, dou&#259; cabluri submarine care leag&#259; Taiwan &#537;i Insulele Matsu au fost raportate rupte, defec&#539;iunile ini&#539;iale au avut loc pe 15 ianuarie. Chunghwa Telecom, cel mai mare operator de telecomunica&#539;ii integrate din Taiwan, a anun&#539;at c&#259; comunica&#539;ia dintre Taiwan &#537;i Insulele Matsu a fost restabilit&#259; pe 24 ianuarie. perturba comunica&#539;iile Taiwanului.<code>China<\/code> <code>telecomunica&#539;ii<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.ntd.com\/taiwan-undersea-internet-cable-cut-by-chinese-ship_1040437.html\">link<\/a> <\/p><p><strong>Conduent confirm&#259; incidentul de securitate cibernetic&#259; din spatele &icirc;ntreruperii pe scar&#259; larg&#259; a serviciului<\/strong><br>Pe 22 ianuarie, Conduent, un important furnizor american de servicii de afaceri &#537;i contractant guvernamental, a confirmat c&#259; o &icirc;ntrerupere recent&#259; care a afectat mai multe agen&#539;ii din SUA a fost cauzat&#259; de un incident de securitate cibernetic&#259;. De&#537;i compania a declarat c&#259; problema a fost rezolvat&#259; &#537;i sistemele au fost restaurate, nu a dezv&#259;luit detalii despre amploarea atacului, poten&#539;ialul furt de date sau dac&#259; s-a f&#259;cut o cerere de r&#259;scump&#259;rare.<code>state unite<\/code> <a rel=\"noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/conduent-confirms-cybersecurity-incident-behind-recent-outage\/\">link<\/a> <\/p><div class=\"footnotes\"><hr><ol><li id=\"fn-1\"><p>Concluziile sau atribu&#539;iile f&#259;cute &icirc;n acest document reflect&#259; doar ceea ce raporteaz&#259; sursele disponibile public. Ele nu reflect&#259; pozi&#539;ia noastr&#259;.&nbsp;<a href=\"#fnref-1\" class=\"footnoteBackLink\" title=\"Jump back to footnote 1 in the text.\">&#8617;<\/a><\/p><\/li><\/ol><\/div><\/div>\n        <\/div>\n\n        <script>\n        function switchLanguage(lang) {\n            \/\/ Ascunde ambele versiuni\n            document.getElementById(\"content-ro\").style.display = \"none\";\n            document.getElementById(\"content-en\").style.display = \"none\";\n\n            \/\/ Reseteaz\u0103 stilurile butoanelor\n            document.querySelectorAll(\".lang-btn\").forEach(function(btn) {\n                btn.style.background = \"#e5e7eb\";\n                btn.style.color = \"#374151\";\n                btn.classList.remove(\"lang-btn-active\");\n            });\n\n            \/\/ Afi\u0219eaz\u0103 versiunea selectat\u0103\n            if (lang === \"ro\") {\n                document.getElementById(\"content-ro\").style.display = \"block\";\n                document.getElementById(\"btn-lang-ro\").style.background = \"#3b82f6\";\n                document.getElementById(\"btn-lang-ro\").style.color = \"white\";\n                document.getElementById(\"btn-lang-ro\").classList.add(\"lang-btn-active\");\n            } else {\n                document.getElementById(\"content-en\").style.display = \"block\";\n                document.getElementById(\"btn-lang-en\").style.background = \"#3b82f6\";\n                document.getElementById(\"btn-lang-en\").style.color = \"white\";\n                document.getElementById(\"btn-lang-en\").classList.add(\"lang-btn-active\");\n            }\n\n            \/\/ Salveaz\u0103 preferin\u021ba \u00een localStorage\n            localStorage.setItem(\"gpss_preferred_language\", lang);\n        }\n\n        \/\/ Restaureaz\u0103 preferin\u021ba utilizatorului la \u00eenc\u0103rcare\n        document.addEventListener(\"DOMContentLoaded\", function() {\n            var preferredLang = localStorage.getItem(\"gpss_preferred_language\") || \"ro\";\n            switchLanguage(preferredLang);\n        });\n\n        \/\/ Hover effects pentru butoane\n        document.querySelectorAll(\".lang-btn\").forEach(function(btn) {\n            btn.addEventListener(\"mouseenter\", function() {\n                if (!this.classList.contains(\"lang-btn-active\")) {\n                    this.style.background = \"#bfdbfe\";\n                    this.style.color = \"#1e40af\";\n                }\n            });\n            btn.addEventListener(\"mouseleave\", function() {\n                if (!this.classList.contains(\"lang-btn-active\")) {\n                    this.style.background = \"#e5e7eb\";\n                    this.style.color = \"#374151\";\n                }\n            });\n        });\n        <\/script>\n\n        <style>\n        .lang-btn:hover {\n            transform: translateY(-2px);\n            box-shadow: 0 4px 12px rgba(59, 130, 246, 0.3);\n        }\n        .lang-btn-active {\n            box-shadow: 0 4px 12px rgba(59, 130, 246, 0.4);\n        }\n        <\/style>","protected":false},"excerpt":{"rendered":"<p>\ud83c\udf0d Limb\u0103 \/ Language: \ud83c\uddec\ud83c\udde7 English (Original) \ud83c\uddf7\ud83c\uddf4 Rom\u00e2n\u0103 Traducere automat\u0103 \/ Automatic translation Cyber Brief (January 2025)February 3, 2025 &#8211; Version: 1TLP:CLEARExecutive summaryWe analysed 262 open source reports for this Cyber Brief1.Policy, cooperation, and law enforcement. Lithuania inaugurates its Cyber Defence Command, Turkey establishes a new Cybersecurity Directorate, while the US hits back at [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"footnotes":""},"ti_category":[198],"ti_source":[172],"ti_severity":[187],"class_list":["post-992328","threat_intelligence","type-threat_intelligence","status-publish","hentry","ti_category-threat-actor","ti_source-cert-eu","ti_severity-critical"],"_links":{"self":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/threat-intelligence\/992328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/threat-intelligence"}],"about":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/types\/threat_intelligence"}],"version-history":[{"count":0,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/threat-intelligence\/992328\/revisions"}],"wp:attachment":[{"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/media?parent=992328"}],"wp:term":[{"taxonomy":"ti_category","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/ti_category?post=992328"},{"taxonomy":"ti_source","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/ti_source?post=992328"},{"taxonomy":"ti_severity","embeddable":true,"href":"https:\/\/delve.ro\/ro\/wp-json\/wp\/v2\/ti_severity?post=992328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}