CISA, the FBI, the NSA, and partner agencies released a joint Cybersecurity Advisory on December 9, 2025, warning that pro‑Russia hacktivist groups are exploiting minimally secured, internet‑facing VNC connections to access OT/ICS devices in critical infrastructure sectors including Water and Wastewater, Food and Agriculture, and Energy. The advisory names groups such…
Tag: CRITICAL INFRASTRUCTURE
![Cybersecurity News | Daily Recap [10 Dec 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [10 Dec 2025]")
Daily Recap, Microsoft released its December security updates addressing 56–57 flaws, including 3 zero-days and active exploits, while Adobe patched nearly 140 vulnerabilities and SAP and other vendors issued urgent fixes. Threat actors and incidents highlighted include North Korea-linked React2Shell operators exploiting to deploy new EtherRAT variants, CastleLoader/CastleRAT under GrayBravo expanding its infrastructure targeting logistics and transport, Storm-0249’s stealthy ransomware tactics, and high-profile breaches and investigations involving Coupang, HSE, and the Khashoggi spyware allegations. #EtherRAT #CastleLoader
A coalition led by the FBI, CISA, and NSA warns of increased opportunistic attacks by pro-Russia hacktivist groups targeting critical infrastructure through basic security lapses. These groups exploit poor VNC security to cause physical damage, with links to Russian state entities. #CARR #NoName05716…
U.S. agencies have issued warnings about cyberattacks against critical infrastructure by Russian-backed groups such as CARR and NoName057(16). These groups have targeted sectors like water, energy, and food, with some attacks causing physical damage and operational disruptions. #CARR #NoName057(16)…
Researchers identified a new Rust-based ransomware family named 01flip that targets Windows and Linux systems in the Asia-Pacific region and is tracked as part of cluster CL-CRI-1036. The campaign involved manual activity, use of Sliver implants, exploitation attempts against CVE-2019-11580, and an alleged data leak posted to a dark web forum….
U.S. authorities have charged a Ukrainian hacker, Victoria Dubranova, for her involvement in cyberattacks supporting Russian hacktivist groups targeting critical U.S. infrastructure such as water systems, election sites, and nuclear facilities. These groups, notably CARR and NoName057(16), carried out damaging DDoS attacks, breaching vital systems and endangering public safety. #CARR #NoName057(16) #U.S.CriticalInfrastructure #RussianHacktivists
The Jaguar Land Rover cyberattack highlighted the critical vulnerabilities in manufacturing supply chains, especially through compromised third-party software. Ensuring strict secure software development practices and certifications like IEC 62443-4-1 can help prevent similar catastrophic breaches. #JaguarLandRover #SupplyChainSecurity #SSDLCL #IEC62443
A Ukrainian national was extradited to the U.S. and charged with involvement in Russian hacktivist groups CARR and NoName057(16), which are financially supported by the Russian government. The groups have launched DDoS attacks and cyber intrusions supporting Russia’s geopolitical interests, including tampering with public water systems. #CyberArmyofRussia_Reborn #NoName057(16) #RussianHackers #CriticalInfrastructureAttacks…
A Ukrainian woman, Victoria Dubranova, faces charges in the US for her alleged involvement with pro-Russia hacktivist groups CARR and NoName057(16), responsible for numerous cyberattacks worldwide. These groups, linked to Russian military intelligence, targeted critical infrastructure and government entities, with US authorities offering substantial rewards for information. #CyberArmyofRussia_Reborn #NoName057(16) #GRU…
The U.S. Department of Justice has taken action against Russian cyber groups CARR and NoName057(16), accusing them of targeting critical infrastructure globally on Moscow’s behalf. Key figures like Ukrainian national Victoria Dubranova face charges, with ongoing trials and international law enforcement collaboration. #CARR #NoName057(16) #VictoriaDubranova…
Group123 is a North Korean state-sponsored APT active since at least 2012 that conducts espionage across East and Southeast Asia, the Middle East, and beyond using spear‑phishing, malicious documents (including HWP), drive‑by exploits, and a large toolkit of loaders and implants to gain persistent access. Recent campaigns show intensified Windows-focused intrusions, advanced defense-evasion (DLL sideloading, hollowing, sandbox checks), cloud‑based C2, and a partial shift toward revenue generation including use of Maui ransomware. #Group123 #ROKRAT
Industrial leaders Siemens, Schneider Electric, Rockwell Automation, and Phoenix Contact release Patch Tuesday advisories revealing critical and high-severity vulnerabilities in their ICS/OT products. These flaws enable remote code execution, DoS, and man-in-the-middle attacks, threatening critical infrastructure security. #SiemensVulnerabilities #OTSecurity…
This article discusses a vulnerability in U-Boot bootloader versions prior to 2017.11, which allows potential arbitrary code execution due to improper access control in volatile memory. The flaw affects multiple Qualcomm chips and requires mitigation through updates and security practices. #UBoot #Qualcomm #CVE202524857…
U.S. and international agencies assess that pro‑Russia hacktivist groups—including Cyber Army of Russia Reborn (CARR), NoName057(16), Z‑Pentest, and Sector16—are conducting opportunistic intrusions against critical infrastructure by scanning for internet‑facing VNC services and exploiting default or weak credentials to access HMI/OT devices. These unsophisticated but impactful operations involve VPS‑based brute‑force attacks, GUI…
The rise of initial access brokers has significantly expanded the cyberattack ecosystem, enabling both state-backed and criminal groups to conduct large-scale intrusion campaigns with greater ease and sophistication. This trend emphasizes the increasing importance of prioritizing identity security, supply chain protection, and operational technology hardening for national security and organizational resilience….