Israeli influence group exposed
The Guardian published a report looking at an Israeli hacking group known as Team Jorge, which purports to have manipulated over 30 elections over the last two decades. The unit is apparently run by Tal Hanan, a former Israeli special forces operative, who operated a private service to influence elections across Africa, South and Central America, the US and Europe. Part of this operation used a software suite called Advanced Impact Media Solutions, which controlled thousands of fake social media profiles across different platforms. The group’s tactics also included planting material for news outlets, and hacking into Gmail and Telegram accounts. A group of journalists recorded meetings with Hanan to get information on the group, posing as potential clients.
Another day, another record DDoS
Cloudflare reports it saw a massive DDoS attack over the weekend, achieving 71 million requests-per-second at its peak. This saw 54% more requests than the previous record DDoS Google blocked back in June. The attack originated from over 30,000 IP addresses, and came as part of a flood of DDoS attempts over the weekend, targeting a variety of organizations. This marks a continued trend of DDoS attacks coming from cloud providers. Traditionally these attacks came from residential ISPs, using botnet-infected machines. According to Cloudflare, the number of HTTP-based DDoS attacks increased 79% on the year in Q4.
Cut cables lead to Lufthansa outage
The German airline Lufthansa grounded all flights early on February 15th, after damage to four Deutsche Telecom fiber broadband cables at a rail location in northern Frankfurt disrupted its IT operations at its global flight operations center. Some flights resumed later in the day, but it didn’t expect flights in Frankfurt to resume until the early evening. The broadband cables were damaged by concrete drills working in the area. As of this recording, Deutsche Telecom repaired two of the cables but couldn’t comment when all would be fixed.
Anonymous Sudan ruins Sweden’s Valentines Day
A cyberattack on Scandinavian Airlines knocked its website offline and caused its mobile app to leak user data. Some customers attempting to log in to the SAS app saw another customer’s account, including contact info and itineraries, but did not include passport information. Sweden’s national public broadcaster SVT, as well as some universities, telcos, and private companies also reported cyberattacks. The group “Anonymous Sudan” took credit for the attacks. This supposedly occurred in response to the burning of a Quran during January protests in Stockholm. The Russian-backed UserSec group said on Telegram it assisted Anonymous Sydan in the airline attack.
And now a word from our sponsor, US, yes, CISO Series
ASML employee stole chip data
In the world of chipmaking, the Dutch firm ASML remains a key supplier, providing lithography equipment required for cutting edge chip processes. The company disclosed that a China-based employee stole confidential information. Bloomberg’s sources say the theft included technical information, but not hardware. No other specifics, although ASML said it wasn’t material to its business. It informed the Dutch trade ministry as that could constitute a violation of export controls. Last year it also accused a China-based firm of stealing trade secrets. Japan and the Netherlands recently agreed to further technology exports on chip making equipment to China.
City of Oakland declared state of emergency after ransomware
The Californian city first experienced the ransomware attack on February 8th. In the update announcing the state of emergency, the city said it continues to struggle with the fallout, with “several non-emergency systems including phone lines within the City of Oakland impacted or offline.” The state of emergency will allow officials to speed obtaining equipment, deploying personnel, and issuing orders to help bring services back online. No word on if the attacks obtained any data or what ransom they demanded.
Copilot stops narcing on secrets
GitHub updated its Copilot AI-powered code suggestion system to now filter out autocompleting secrets like keys, credentials, and passwords. Its training set includes these on novel strings. GitHub says these suggestions were already entirely fictitious, but that now it will block them entirely. The update will also block Copilot from suggesting other security faux pas, like hardcoded credentials, path injections, or SQL injections. The tool also added a new “Fill-In-the-Middle” mode, which allows developers to leave a gap for the AI to fill using a library of known code suffixes.
El Salvador plans “bitcoin embassy”
The country’s ambassador to the US said it plans to open a “bitcoin embassy” in Texas, claiming it could help “expansion of commercial and economic exchange projects.”. It began talks with Texas Deputy Secretary of State Joe Esparza about the project. This isn’t the first time El Savador planned a foreign location to advocate for the cryptocurrency. It also signed a memo of understanding with the Swiss city Lugano last year to create a “bitcoin office.” In June 2021, El Salvador became the first country to recognize bitcoin as legal tender. A March 2022 study found that only 14% of business completed at least one transaction in bitcoin in the country.