Government-linked hackers from Russia targeted WhatsApp accounts of government officials worldwide by sending emails inviting them to join user groups on the messaging app.
This tactic by a hacking group called Star Blizzard is a new approach. The UK’s National Cyber Security Center (NCSC) has connected Star Blizzard to Russia’s FSB domestic spy agency, accusing them of trying to undermine trust in politics in the UK and similar countries.
According to Microsoft, victims would receive an email from an attacker posing as a US government official, instructing them to click on a QR code. This action would allow the attacker to access their WhatsApp account, connecting it to a linked device or WhatsApp web portal instead of a group.
Microsoft stated, “Threat actors gain access to messages within WhatsApp accounts and the ability to exfiltrate this data.”
The fake email invited recipients to join a WhatsApp group about supporting NGOs in Ukraine. Ministers and officials from various countries, especially those involved in Russia-related affairs, defense policy, and Ukraine support, were targeted.
In 2023, NCSC revealed that Star Blizzard had targeted British MPs, universities, and journalists to interfere with British politics. The group is likely affiliated with Russia’s FSB Center 18 unit.
Microsoft warned that despite the WhatsApp campaign ending in November, Star Blizzard continues to use spear phishing tactics to steal sensitive information.
Microsoft advised targeted sectors to be cautious with emails, especially those with external links. They recommend verifying email authenticity by contacting the sender through a known email address.
WhatsApp, owned by Meta, offers end-to-end encryption, ensuring message privacy between sender and recipient unless account access is compromised.
A WhatsApp spokesperson emphasized using official WhatsApp-supported services for account linking and caution when clicking links from trusted sources only.
The Biden administration is taking final steps to strengthen U.S. cyber defenses against increasing threats from China and Russia. They will address vulnerabilities across various sectors, including space and consumer electronics, just days before the administration changes hands. An extensive cybersecurity executive order has been issued as part of this effort.
This directive is expected to be the administration’s last major policy initiative before President Donald Trump takes over. The order aims to combat cyberattacks that have cost the country billions of dollars and caused significant damage to government offices.
A senior administration official stated, “The objective is to make hacking by China, Russia, Iran, and ransomware criminals more challenging and costly, demonstrating that the United States is committed to safeguarding our companies and citizens.” The order follows recent China-linked cyberattacks, including a breach of the U.S. Treasury and communication systems.
Key provisions of the order include the implementation of end-to-end encryption for email and video communications, as well as new requirements for AI-powered cyber defense systems and quantum computing safeguards. It also expands the authority of the Cybersecurity and Infrastructure Security Agency (CISA) to detect threats across federal networks.
The order mandates that by 2027, federal agencies must only purchase internet-connected devices carrying the “Cybertrust Mark,” encouraging manufacturers to enhance security standards for products like baby monitors and home security systems. Additionally, stronger cybersecurity measures for space systems are called for in response to Russia’s targeting of Ukrainian satellite communications.
Amid uncertainties about the order’s longevity, Vice National Security Adviser Ann Neuberger, who led the initiative, plans to resign on January 17th, with the incoming Trump administration’s cyber team yet to be named. The order sets 53 deadlines for government agencies, ranging from 30 days to three years.
Despite the transition, administration officials remain hopeful about the order’s impact, describing it as an urgent response to a growing threat. The official stated, “Enhancing the defensibility of our national infrastructure and strengthening our ability to counter cyber attackers are bipartisan goals.”
According to The Guardian, the government is contemplating a response to Russian hackers who obtained records of 300 million NHS patient interactions, including sensitive data like HIV and cancer blood test results.
The National Crime Agency (NCA) is exploring potential actions against the Russia-based ransomware group Qilin, who recently leaked the stolen NHS records in a cyber attack on June 3.
Healthcare leaders in London, where the attack occurred, set up a helpline to address concerns from worried patients about their data and advised against contacting hospitals or GP practices directly for information.
The NCA and the National Cyber Security Centre are discussing possible responses to the ransom demand of $50 million, which has so far been ignored, prompting concerns about the severity of the attack.
Experts from the NCA are working to remove the data leaked by Kirin on the messaging platform, but the extent of the damage and the potential impact of retrieving or deleting the data remain uncertain.
Authorities have dealt with similar ransomware gangs previously, including taking down the LockBit group with international cooperation, showcasing their commitment to combatting cyber threats.
The recent attack on the NHS reveals a major breach in patient data security, affecting multiple hospitals and healthcare facilities, leading to cancellations and disruptions in medical services.
Patients are cautioned to be vigilant against potential scams targeting them based on the leaked data and are advised to report any suspicious activity to the appropriate authorities immediately.
The NHS Helpline is available for patients seeking information or assistance related to the incident, and efforts are being made to minimize the impact of the data breach on patient care.
The release of private healthcare test records along with NHS data indicates a broader breach that could have far-reaching implications, underscoring the need for enhanced cybersecurity measures in the healthcare sector.
Despite ongoing challenges, healthcare providers are striving to maintain essential services for patients while addressing the fallout from the cyber attack on the NHS.
Cybersecurity experts stress the importance of swift action in response to data breaches, indicating that negotiations with ransomware groups typically end once data is leaked.
While the situation remains precarious, authorities and healthcare institutions are working diligently to mitigate the impact of the attack and prevent further breaches in the future.
G7 leaders have raised concerns about China’s support for Russia in the Ukraine war and the production of cheap goods causing “harmful overcapacity,” despite German apprehensions.
During the annual summit held in Puglia under the Italian presidency, a 36-page report by the U.S. condemned Chinese subsidies on products like solar panels and electric vehicles, attributing them to global distortions, market disruptions, and overcapacity that threaten worker resilience, industry security, and economic stability.
Specifically, U.S. officials pointed out China as a major supplier of materials used by Russia against Ukraine, expressing concern over the long-term security implications. Despite Ukrainian President Zelensky’s assurance that Chinese leaders vowed not to provide weapons to Moscow, U.S. President Joe Biden highlighted China’s arms supply to Russia.
The U.S., Japan, and the EU, along with an informal eighth partner at the G7 summit, have expressed worries over Beijing’s heavy subsidies in green energy and technology sectors flooding global markets with unfairly priced products, creating stiff competition for Western companies, especially in the green technology space.
The National Security Council spokesman, John Kirby, mentioned plans to address China’s non-market policies having detrimental global effects. China’s top official, First Vice Premier Ding Xuexiang, is set to visit Brussels to discuss EU plans for increased tariffs on Chinese-made electric cars.
In a bid for diversity at the summit, global leaders from countries like India, Turkey, UAE, Brazil, and Mauritania were invited to participate. The G7 emphasized the importance of cooperation to address collective challenges, as expressed by Italian Prime Minister and G7 President Giorgia Meloni.
Russia faced stiff consequences at the summit, including wider sanctions, loss of control over state assets, and a new 10-year US-Ukraine security pact. A proposed $50 billion loan to Ukraine funded by interest profits from Russian state assets marked the beginning of economic pressure on Russia.
The final statement from the summit demanded Russia to cease its illegal aggression in Ukraine, pay reparations for inflicted damage, and explore legal options to enforce compliance. Russia dismissed the security pact as a nominal agreement and criticized the appropriation of frozen asset proceeds.
While Zelensky addressed Indian Prime Minister Modi on revising India’s reliance on Russian oil, discussions focused on the rising oil prices set by Russia and India’s growing purchases of Russian offshore crude.
The U.S. and EU impose price restrictions on Russian crude sales to prevent Western involvement unless sold below a certain cap. India, currently the largest buyer of Russian offshore crude, has not joined this ban, prompting calls for stricter price caps and actions against transportation exceeding the imposed price limit.
According to the former chief executive of the National Cyber Security Centre, a Russian cybercriminal group is responsible for a ransomware attack that disrupted operations and testing at a major NHS hospital in London.
The attack on pathology services firm Synovis resulted in a significant capacity impairment and was deemed a very serious incident.
Following the attack, the affected hospital declared a critical situation, halted operations and tests, and was unable to conduct blood transfusions.
A memo sent to NHS staff at multiple London hospitals and primary care services described the incident as a “major IT incident”.
During a BBC Radio 4 interview, Ciarán Martin confirmed that a group of Russian cybercriminals known as Kirin was behind the Synovis attack. These groups operate within Russia, targeting organizations globally for financial gain.
The cybercriminals, who have a history of attacks on various entities, inadvertently caused severe disruption to primary care with their ransomware attack.
While the government’s policy is to refrain from paying ransoms, companies affected by such attacks have the option to do so.
The National Cyber Security Centre is collaborating with NHS authorities to investigate the repercussions of the cyber attack.
Synovis has reported the incident to the police and the Information Commissioner.
Health Secretary Victoria Atkins assured that patient safety is the top priority and efforts are underway to resume services safely.
Synovis CEO Mark Darragh mentioned that a taskforce of Synovis and NHS IT experts is evaluating the impact and necessary measures.
It may take “weeks rather than days” to receive pathology results due to the severity of the attack, as per a senior source cited by the Health Service Journal.
The European Union delivered a direct message to the owners of Facebook in Silicon Valley on Tuesday due to concerns about President Vladimir Putin’s attempts to influence the European Parliament with pro-Russian lawmakers.
Meta has a deadline of five days to outline its plan to tackle fake news, fake websites, and Kremlin-funded advertisements, or face serious consequences.
The EU is worried about Facebook’s handling of fake news, especially 40 days after the European Parliament elections and during a year when many people around the world are voting.
Thierry Breton, the Internal Market Commissioner, emphasized that electoral integrity is a top priority and warned of swift action if Facebook does not address the issues within a week.
He stated, “We expect Meta to inform us within five working days of the measures they are taking to mitigate these risks, or we will take all necessary steps to safeguard our democracy.”
The commission has initiated formal proceedings against Meta ahead of the elections taking place across Europe from June 6 to 9.
There are concerns that Russia might exploit Facebook, with its over 250 million monthly active users, to influence the election outcome in its favor.
Belgian Prime Minister Alexander de Croo suggested that Russia’s aim to support pro-Russian candidates in the European Parliament was evident through alleged payments to parliamentarians.
While specific examples were not provided, concerns include foreign-funded advertisements on Facebook.
An official stated, “They are mistaken if they think they are not profiting from this.”
Additionally, there is insufficient transparency in the tools for identifying illegal or questionable content.
The EU has highlighted delays in removing links to fake news platforms, known as “doppelganger sites”.
Last week, a Czech news agency’s website was hacked to display fake news, including a false claim about an assassination attempt on the Slovak president.
French Europe Minister Jean-Noël Barrault raised concerns about Russian propaganda targeting France to disrupt public debate and interfere in the European election campaign.
Privacy Notice: Newsletters may include information about charities, online advertising, and content funded by external organizations. Please see our Privacy Policy for more information. We use Google reCaptcha to protect our website and Google. privacy policy and terms of service Apply.
After newsletter promotion
One more issue with Facebook is Meta’s decision to restrict discussions on sensitive topics like the Middle East to prevent user-generated content.
This practice known as “shadowbanning” has raised transparency concerns, and the EU is urging Facebook to clarify its decision-making process.
The official added, “Users must be informed when this occurs and have the opportunity to challenge it, or it could lead to controversy.”
There are also worries that Facebook might discontinue CrowdTangle, a service that assists in monitoring disinformation for fact checkers, journalists, and researchers.
The case against Facebook on Tuesday marks the sixth by the European Commission since the Digital Services Act (DSA) came into effect.
However, many question whether these actions are sufficient to combat misinformation. NATO officials have compared disinformation to a weapon as potent as physical warfare during a panel in Brussels.
Authorities argue that Facebook is not idle in addressing these issues, but the existing measures are inadequate, opaque, and not effective enough.
Under the new DSA laws implemented in August, the EU has the authority to levy fines up to 6% of social media companies’ revenue or bar them from operating in the union.
Facebook responded, stating, “We have robust processes for identifying and mitigating risks on our platform. We are collaborating with the European Commission and will share further details of our efforts with them. We look forward to the opportunity.”
The LockBit ransomware gang is re-emerging, following a recent international crackdown that severely disrupted its operations.
Based in Russia, the group has created new dark web sites to showcase a few alleged victims and release stolen data. The gang is now under investigation by the National Crime Agency in Britain, as well as the FBI and other law enforcement agencies. This comes after a joint operation led by Europol to target the group last week.
In a statement issued in English and Russian, LockBitSupp, the group’s administrator, claimed that law enforcement agencies hacked their previous dark web site by exploiting vulnerabilities in PHP, a commonly used programming language for websites. They assured that other servers with backup blogs not using PHP would continue leaking data from targeted companies.
The statement also mentioned personal negligence and irresponsibility, along with expressing support for Donald Trump in the U.S. presidential election. The group even offered a job to the individual who hacked their main site. Law enforcement confirmed that LockBitSupp does not reside in the U.S. and is cooperating with authorities.
Despite the disruption, the NCA stated that LockBit remains compromised, but they are vigilant as the group may attempt to reorganize. Additionally, the U.S. has indicted two Russians for deploying LockBit ransomware globally. Ukrainian police also arrested suspects related to attacks carried out using LockBit’s malicious software.
The renewed Rockbit website has issued threats against U.S. government sites and listed more alleged hacking victims. Security experts indicate that the group is attempting to resume operations but will face challenges due to the damage caused by international law enforcement actions.
LockBit operates on a ransomware-as-a-service model, leasing software to criminal organizations in exchange for a cut of the ransom payments. Despite the setback, the group needs to rebuild its reputation within the criminal community to attract affiliates following the recent law enforcement activities.
Ransomware attacks involve hackers infiltrating a target’s system, disabling it with malware, and encrypting files for ransom. Recent trends include extracting sensitive data like personal and customer information and demanding payment in cryptocurrency, mainly Bitcoin, to decrypt files or delete stolen data copies. Last year saw a record $1.1 billion paid in ransomware payments.
Despite its recent emergence, these technologies and concepts are not new.
The United States and the Soviet Union developed and tested anti-satellite weapons (ASAT) during the Cold War. Both nations also regularly utilized nuclear power in space.
As early as 1959, the United States initiated the development of anti-satellite missiles due to concerns about Soviet efforts to do the same. This led to a 1985 test launch by an F-15 fighter jet, which successfully destroyed a satellite by ejecting its payload at an altitude of 36,000 feet and hissing into orbit, carrying a deteriorating U.S. aircraft, according to the U.S. Air Force Museum.
A paper published by the Air Force’s Air University Press in 2000 stated that from 1969 to 1975, the U.S. government developed an anti-satellite system using existing nuclear missiles in “direct ascent” mode to destroy space targets.
In addition to nuclear weapons, the U.S. government placed its first nuclear-powered satellite into orbit in 1961. The Soviet Union similarly developed and deployed comparable technology that powered many satellites during that period.
History has demonstrated that these developments are not without risks. In 1978, a Soviet nuclear-powered satellite malfunctioned and fell from the sky, spreading radioactive debris over northern Canada.
However, what has not yet been publicly revealed is the existence of a Russian nuclear-powered satellite carrying weapons.
According to a 2019 technical essay published in The Space Review, nuclear-fueled satellites equipped with powerful jammers that can block communications and other signals over large areas for extended periods may be installed. Experts have responded to this week’s news.
Bowen, of the University of Leicester, stated that such a design would be “very expensive” and “waiting for something to go wrong could create a nuclear environmental disaster in orbit.”
Ultimately, while none of this technology is new, the actual implementation would certainly be considered an escalation, according to Bowen and Bugerin.
Some have questioned whether the disclosure is purely political in nature, rather than a military threat.
Kremlin spokesman Dmitry Peskovin suggested that the White House’s actions may be an attempt to manipulate Congress to vote on a funding bill that would provide new aid to Ukraine. He raised the possibility of a diversionary tactic from the other side.
Francesca Giovannini, executive director of the Atomic Stewardship Project at Harvard Kennedy School, noted that “Russia has long been attempting to develop weapons in space,” indicating potential misinformation or diversion tactics being employed.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
