CTI Weekly: US Intelligence Leak Links Russia to Threat Actors

Highly confidential intelligence documents, allegedly leaked from the US Pentagon, reveal communications between a Russian government agent and pro-Russian cyber threat actors.

The leaked documents include details of US satellite surveillance capabilities and references to intercepted communications between a pro-Russian hacktivist group and Russia’s intelligence agency, claiming to have gained access to a Canadian gas pipeline.

If accurate, this would represent the first known instance of a pro-Russian hacktivist group conducting a disruptive operation against Western industrial control systems. The findings suggest cooperation between pro-Russian hacktivist groups and Russian state organizations, further suggesting that the Russian state supports, or at least coordinates with, pro-Russian threat actors whose motivations align with the government’s objectives.

 

Other news:

Zero Days

Microsoft has fixed a zero-day vulnerability in Windows Common Log File System drivers that was being used to deploy Nokoyawa ransomware by escalating privileges.

 

Apple has released emergency security updates to address two zero-day vulnerabilities affecting various devices amid unconfirmed reports of active exploitation.

 

Data Breach

The data of several companies has been leaked through ChatGPT prompts, highlighting the need for corporate policies on the use of AI services. Hyundai has reported a data breach that affected an undisclosed number of customers in Italy and France due to a database compromise.

 

State Use of Malware

QuaDream, an Israeli company, has been selling the REIGN platform to governments. This platform consists of exploits, malware, and infrastructure used to extract data from mobile devices. An update regarding this is provided in the full intelligence summary, subscribe below to see

 

 

Subscribe below to more and to discover other significant cyber criminals, nation-state and hacktivist news.