Cybersecurity

An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks.

"Age verification is 100% safe" (!)

A new attack called 'CometJacking' exploits URL parameters to pass to Perplexity's Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar.

cross-posted from: https://scribe.disroot.org/post/4876841

Canada is confronting an expanding and complex cyber threat landscape with a growing cast of malicious and unpredictable state and non-state cyber threat actors, from cybercriminals to hacktivists, that are targeting our critical infrastructure and endangering our national security, the Canadian Centre for Cyber Security (Cyber Centre) says in its National Cyber Threat Assessment 2025-2026. The threat assessment is based on information available as of September 20, 2024.

Key judgements:

• Canada’s state adversaries are using cyber operations to disrupt and divide. State-sponsored cyber threat actors are almost certainly combining disruptive computer network attacks with online information campaigns to intimidate and shape public opinion. State-sponsored cyber threat actors are very likely targeting critical infrastructure networks in Canada and allied countries to pre-position for possible future disruptive or destructive cyber operations.
• The People’s Republic of China’s (PRC) expansive and aggressive cyber program presents the most sophisticated and active state cyber threat to Canada today. The PRC conducts cyber operations against Canadian interests to serve high-level political and commercial objectives, including espionage, intellectual property (IP) theft, malign influence, and transnational repression. Among our adversaries,** the PRC cyber program’s scale, tradecraft, and ambitions in cyberspace are second to none**.
• Russia’s cyber program furthers Moscow’s ambitions to confront and destabilize Canada and our allies. Canada is very likely a valuable espionage target for Russian state-sponsored cyber threat actors, including through supply chain compromises, given Canada’s membership in the North Atlantic Treaty Organization, support for Ukraine against Russian aggression, and presence in the Arctic. Pro-Russia non-state actors, some of which we assess likely have links to the Russian government, are targeting Canada in an attempt to influence our foreign policy.
• Iran uses its cyber program to coerce, harass, and repress its opponents, while managing escalation risks. Iran’s increasing willingness to conduct disruptive cyber attacks beyond the Middle East and its persistent efforts to track and monitor regime opponents through cyberspace present a growing cyber security challenge for Canada and our allies.
• The Cybercrime-as-a-Service (CaaS) business model is almost certainly contributing to the continued resilience of cybercrime in Canada and around the world. The CaaS ecosystem is underpinned by flourishing online marketplaces where specialized cyber threat actors sell stolen and leaked data and ready-to-use malicious tools to other cybercriminals. This has almost certainly enabled a growing number of actors with a range of capabilities and expertise to carry out cybercrime attacks and evade law enforcement detection.
• Ransomware is the top cybercrime threat facing Canada’s critical infrastructure. Ransomware directly disrupts critical infrastructure entities’ ability to deliver critical services, which can put the physical and emotional wellbeing of victims in jeopardy. In the next two years, ransomware actors will almost certainly escalate their extortion tactics and refine their capabilities to increase pressure on victims to pay ransoms and evade law enforcement detection.___

cross-posted from: https://scribe.disroot.org/post/4877381

Archived version

Asahi Group Holdings, Japan’s largest brewing company, has suspended ordering, shipping, and customer service functions after a cyberattack disrupted its domestic operations. The company, best known for its Asahi Super Dry beer, also produces soft drinks and other beverages, with a strong footprint across Europe and Asia.

“At this time, there has been no confirmed leakage of personal information or customer data to external parties,” Asahi wrote in a notice on its website. “However, due to the system failure, the following operations have been suspended – order and shipment operations at group companies in Japan and call center operations, including customer service desks."

The company added that it is actively investigating the cause and working to restore operations; however, there is currently no estimated timeline for recovery. “The system failure is limited to our operations within Japan. We sincerely apologize for any inconvenience caused to our customers and business partners.”

...

Market research specialist Teikoku Databank conducted an online survey into cyberattacks at Japanese firms from March 11 to 14, 2022. It found that, of 1,547 businesses responding, 36.1% of companies had experienced a cyberattack in the past year. Around 80% of these, or 28.4% overall, faced a cyberattack in the past month.

In May, Japan’s National Parliament passed the Active Cyber Defense Law, marking a pivotal shift in the country’s cybersecurity strategy. The scope of the legislation extends significantly beyond its title, encompassing a range of provisions aimed at modernizing government institutions and enhancing Japan’s overall cybersecurity framework. The law requires operators of critical infrastructure, designated under the 2022 Economic Security Promotion Act, to report cybersecurity incidents to the government, though the scope and timing of those reports remain undefined.

...

[The Asahi case is another one in a line of cyber attacks against supply chains. For example, UK's Bridgestone or Jaguar Land Rover, along with many others, suffered similar incidents forcing them to halt production.]

I am a proud member of ENUSEC (Edinburgh Napier University Security Society), which holds an annual cybersecurity conference, called Le Tour du Hack. As the media officer, I have decided to put the society on the fediverse.

As part of this, I have uploaded this year's LTDH talks on our shiny new PeerTube account.

Hope you enjoy watching them!

cross-posted from: https://lemmy.sdf.org/post/43404420

Archived

[...]

While constituting a fraction of total incident volume, their potential for strategic disruption remains a primary concern for the Union, according to the ENISA Threat Landscape report, covering incidents documented between July 2024 and June 2025, to provide actionable intelligence for EU policymakers and defenders.

Key statistics from the analysis reveal a concentrated threat:

• 7.2% of total incidents recorded were identified as cyberespionage campaigns, the primary objective of state-aligned activities.
• 46 distinct state-aligned intrusion sets were observed to be active against targets within the European Union.
• The top five targeted NIS2 sectors were public administration, transport, digital infrastructure, energy, and health, demonstrating a clear focus on sectors vital to national and EU-level functioning.

A persistent challenge in countering these threats is the difficulty of definitive attribution. The source material highlights that "cyberespionage campaigns are typically documented with a delay spanning from 6 months to more than 4 years," meaning defenders operate with a historical, incomplete picture of the threat. This is reflected in a significant attribution gap, with unidentified intrusion sets accounting for 47% of Russia-nexus, 43% of China-nexus, and 36% of DPRK-nexus activities. This gap hinders the development of precise situational awareness and complicates the formulation of effective, tailored defensive strategies.

[...]

Russia-Nexus Adversaries

Intrusion sets aligned with Russia were the most active state-aligned threat actors targeting the EU, conducting sustained cyberespionage campaigns designed to undermine European security and support Moscow's strategic objectives. The most frequently documented groups were APT29, APT28, and Sandworm. Their targeting patterns indicate a concerted intelligence effort to map and disrupt NATO's logistical supply lines to Ukraine and to gauge the political resolve of key Member States like Germany and France.

[...]

China-Nexus Adversaries

China-nexus intrusion sets executed a consistent operational mission to acquire strategic data and intellectual property. This demonstrates a systematic, state-directed campaign of industrial espionage designed to close China's technological gap and erode the EU's competitive advantage in key high-tech sectors. The top five most active groups were UNC5221, Mustang Panda, APT41, Flax Typhoon, and Salt Typhoon.

[...]

DPRK-Nexus Adversaries

DPRK-nexus intrusion sets pursued a dual mission of cyberespionage and illicit revenue generation to fund the regime. The most active groups targeting the EU were Famous Chollima, Lazarus, and Kimsuky. Their campaigns focused on Belgium, Italy, Germany, and France, with a heavy emphasis on private sector organizations in the Human Resources, financial services (including cryptocurrency), and technology sectors.

[...]

org