Tag: cyberattack

TSMC Says Its IT Hardware Supplier Targetted in Cyberattack

Taiwan Semiconductor Manufacturing said on Friday that a cybersecurity incident involving one of its IT hardware suppliers has led to the leak of the vendor’s company data.

“TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident which led to the leak of information pertinent to server initial setup and configuration,” the company said.

TSMC confirmed in a statement to Reuters that its business operations or customer information were not affected following the cybersecurity incident at its supplier Kinmax.

The TSMC vendor breach is part of a larger trend of significant security incidents affecting various companies and government entities.

Victims range from U.S. government departments, UK’s telecom regulator, to energy giant Shell, all affected since a security flaw was discovered in Progress Software’s MOVEit Transfer product last month.

TSMC said it has cut off data exchange with the affected supplier following the incident.

TSMC also announced in April that it will release new software this year to help customers working on advanced computer chips for cars take advantage of its newest technologies more quickly.

TSMC is the world’s biggest contract manufacturer of semiconductors. Many of the automotive industry’s biggest chip suppliers such as NXP Semiconductor and STMircoelectronics NV tap TSMC to make their chips.

But automotive chips must meet a higher bar for ruggedness and longevity than the chips that go into consumer electronics. TSMC has special manufacturing processes for the automotive industry that typically arrive a couple years after similar processes for consumer chips.

In the past it has then taken automotive chip firms extra time to create chip designs for those specialised manufacturing lines. The result was that car chips could be years behind those in the latest smartphone.

© Thomson Reuters 2023
 

(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Microsoft Blames Iranian State Actors for Cyberattack on Charlie Hebdo

US computing giant Microsoft said Friday that it had identified Iranian state actors as those behind the recent cyberattack on French satirical newspaper Charlie Hebdo.

Clint Watts, the general manager of Microsoft‘s Digital Threat Analysis Center, said that the hackers, who called themselves “Holy Souls,” were Iranian cybersecurity firm Emennet Pasargad.

In early January, Holy Souls announced they had obtained the personal information of more than 200,000 Charlie Hebdo customers, and published a sample of the data as proof.

The cyberattack came after Charlie Hebdo published cartoons of Iranian supreme leader Ayatollah Ali Khamenei in a special edition to mark the anniversary of the 2015 attack on its Paris offices that left 12 dead.

Iran issued an official warning to France over the “insulting and indecent” cartoons.

Emennet Pasargad was the employer of two Iranians, Mohammad Hosein Musa Kazemi and Sajjad Kashian, who were indicted by the United States Justice Department in November 2021.

They allegedly conducted a cyber campaign “to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord” during the 2020 US presidential election.

Kazemi and Kashian allegedly obtained confidential voter information and sent menacing emails, pushing out false information to influence both Democratic and Republican voters, and attempted to hack into state voting-related websites, the department said.

The Charlie Hebdo hackers, whose operation Microsoft dubbed “Neptunium”, offered the stolen subscriber database for sale online for 20 bitcoin, currently about $460,000 (nearly Rs. 3.80 crore), Microsoft said.

“Whatever one may think of Charlie Hebdo’s editorial choices, the release of personally identifiable information about tens of thousands of its customers constitutes a grave threat,” Microsoft said.

 

Samsung’s Galaxy S23 series of smartphones was launched earlier this week and the South Korean firm’s high-end handsets have seen a few upgrades across all three models. What about the increase in pricing? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

LastPass Says Hackers Stole Customer Data, Encrypted Passwords in Breach That Occured in August

LastPass, a password management service, announced on Thursday that hackers stole encrypted copies of customer passwords and other sensitive data such as billing addresses, phone numbers and IP addresses. The announcement is the latest update from a breach that occurred in August. At that time, the company said they had seen no evidence that the hackers had access to customer data or encrypted password vaults.

But the company’s statement on Thursday said that source code and technical information that were stolen as part of that hack was used to target another employee. The hackers were then able to obtain credentials and keys to access and decrypt data stored on a third-party cloud storage space.

They were able to copy such things as basic customer account information, including email addresses and the IP addresses from which customers accessed LastPass, and “fully-encrypted sensitive fields such as website usernames and passwords, secure notes and form-filled data.”

Password managers are a way for customers to store usernames and passwords in one place and can be accessed using a master password that a customer creates. The master password isn’t known to LastPass nor is stored or maintained by the company, it said in its statement.

The other encrypted data can only be decrypted “with a unique encryption key derived from each user’s master password,” the company said.

Nonetheless, LastPass warned customers that they could be targeted for social engineering, phishing attempts or other methods.

“The threat actor may attempt to use brute force to guess your master password and decrypt the copies of vault data they took,” the company said in a statement. “Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices.”

For those who follow LastPass’s password guidance, “it would take millions of years to guess your master password using generally available password-cracking technology,” the company said.

A representative for LastPass didn’t respond to messages seeking comment.

The company said that it has hired the cybersecurity firm Mandiant to investigate the breach. It also said that it is rebuilding its entire development environment from scratch, an indication that hackers had thoroughly comprised the company’s sensitive systems.

LastPass said that its investigation is ongoing, and that it has notified law enforcement and “relevant regulatory authorities.”

© 2022 Bloomberg L.P.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Six Lakh Complaints Registered on Cyber Crime Portal Since Its Inception in 2019, MoS Home Ajay Mishra Says

Six lakh complaints of cybercrime have been registered at the Citizen Financial Cyber Fraud Reporting and Management System since its inception in 2019, Union Minister of State for Home Ajay Kumar Mishra said on Tuesday. Mishra said the Citizen Financial Cyber Fraud Reporting and Management System, under the Indian Cyber Crime Coordination Centre (I4C), has been launched for immediate reporting of financial frauds and to stop siphoning off funds by fraudsters. The toll-free helpline number ‘1930’ has been operationalised for assistance in lodging online cyber complaints.

“Since the inception of Citizen Financial Cyber Fraud Reporting and Management System, more than six lakh complaints have been registered till December 12, 2022, and in more than 1.11 lakh complaints, so far, financial amount of more than Rs 188 crore have been saved,” he said in Lok Sabha during Question Hour.

The minister said the states and Union Territories are primarily responsible for the prevention, detection, investigation and prosecution of crimes including cyber crimes through their Law Enforcement Agencies (LEAs).

The LEAs take legal action as per the provisions of the law against persons involved in cybercrime. The Central Government supplements the initiatives of the states and Union Territories through advisories and financial assistance under various schemes for their capacity building, he said.

Mishra said the I4C has been set up to deal with all types of cybercrime in the country in a coordinated and comprehensive manner.

The National Cyber Crime Reporting Portal (cybercrime.gov.in) was launched on August 30, 2019, as a part of the I4C, to enable people to report incidents of cyber crimes with a special focus on cyber crimes against women and children.

“Cybercrime incidents reported on this portal, their conversion into FIRs and subsequent action thereon are handled by the state and UT LEAs concerned as per the provisions of the law,” the minister said.

He said more than 27,900 police officers from states and Union Territories are registered and over 7,300 certificates issued through the portal.

The Ministry of Home Affairs has provided financial assistance to states and Union Territories under the Cyber Crime Prevention against Women and Children (CCPWC) scheme for their capacity building such as setting up of cyber forensic-cum-training laboratories, capacity building and hiring of junior cyber consultants, Mishra informed the Lok Sabha.

He said cyber forensic/ training laboratories have been commissioned in 30 states and Union Territories.

These are Andhra Pradesh, Arunachal Pradesh, Assam, Chhattisgarh, Gujarat, Haryana, Himachal Pradesh, Kerala, Karnataka, Madhya Pradesh, Maharashtra, Mizoram, Odisha, Sikkim, Telangana, Uttarakhand, Uttar Pradesh, Goa, Meghalaya, Nagaland, Dadra and Nagar Haveli and Daman and Diu, Punjab, Tripura, Puducherry, Chandigarh, Jammu and Kashmir, Rajasthan, West Bengal, Delhi, and Jharkhand.

Check out our Latest News and Follow us at Facebook

Original Source

Meta Takes Down Indian Firm CyberRoot Risk Advisory’s Accounts Along With 900 Chinese Fake Accounts

Social media giant Meta has taken down over 40 accounts operated by an Indian firm CyberRoot Risk Advisory, allegedly involved in hacking-for-hire services, the online giant said in a report. Meta also took down a network of about 900 fake accounts on Instagram and Facebook operated from China by an unknown entity.

These accounts were focused on collecting data on people in Myanmar, India, Taiwan, the US, and China, including military personnel, pro-democracy activists, government employees, politicians and journalists, according to the company’s Threat Report on the Surveillance-for-Hire Industry released on December 15.

“We removed a network of more than 40 accounts on Facebook and Instagram operated by an Indian firm called CyberRoot Risk Advisory Private. Rather than directly sharing malware on our apps, this group’s activity manifested primarily in social engineering and phishing, often intended to trick people into giving up their credentials to various online accounts across the internet,” the report said.

According to Meta, CyberRoot used fake accounts to create fictitious personas tailored to gain trust with the people they targeted around the world and to appear more credible, these personas impersonated journalists, business executives and media personalities.

In some cases, CyberRoot also created accounts that were very identical to accounts connected to their targets like their friends and family members, with only slightly changed usernames, likely in an attempt to trick people into engaging, the report said.

Meta said it found CyberRoot targeted people around the world involved in various industries, including cosmetic surgery and law firms in Australia, real estate and investment companies in Russia, private equity firms and pharmaceutical companies in the US, environmental and anti-corruption activists in Angola, gambling entities in the UK, and mining companies in New Zealand.

“They were focused on business executives, lawyers, doctors, activists, journalists and members of the clergy in countries like Kazakhstan, Djibouti, Saudi Arabia, South Africa and Iceland,” the report said.

Meta said it continues to investigate and take action against spyware vendors around the world, including in China, Russia, Israel, the US, and India, who targeted people in about 200 countries and territories.

The social media firm in its research has found that the global surveillance-for-hire industry continues to grow and indiscriminately target people – including journalists, activists, litigants and political opposition – to collect intelligence, manipulate and compromise their devices and accounts across the internet.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

AIIMS Delhi Cyberattack Originated From China; Data From Five Servers Successfully Retrieved, MoHFW Says

The AIIMS Delhi cyberattack, which crippled the online services of Delhi’s largest medical institute, originated from China, according to the FIR. Hackers breached five out of 40 physical servers, and the data from all five servers has now been successfully retrieved, senior officials from the Ministry of Health and Family Welfare, Government of India (MoHFW) said on Wednesday. 

AIIMS Delhi server attack was by the Chinese, FIR details that the attack had originated from China. Of 100 servers (40 physical and 60 virtual), five physical servers were successfully infiltrated by the hackers. The damage would have been far worse but is now contained. Data in the five servers have been successfully retrieved now,” said the source from the Ministry of Health and Family Welfare (MoHFW).

AIIMS Delhi first reported a failure in its servers on November 23. Two of the analysts deployed to look after the servers’ securities have also been suspended for the alleged breach of cybersecurity.

AIIMS authorities in a statement issued stated that the e-Hospital data has been restored.

“The eHospital data has been restored on the servers. The network is being sanitised before the services can be restored. The process is taking some time due to the volume of data and a large number of servers/computers for the hospital services. Measures are being taken for cyber security,” they had said. “All hospital services, including outpatient, in-patient, laboratories, etc continue to run on manual mode,” the statement had said.

Earlier this month, a special cell of Delhi Police launched an investigation into the attack on the computer system at AIIMS Delhi.

According to official sources, a team of the Central Forensic Lab (CFSL) has been pressed into service to check the infected server of the AIIMS Delhi to identify the source of the malware attack.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Tata Power Said to Have Been Hit by Cyberattack, IT Systems Affected

Tata Power on Friday said that a cyberattack has hit its Information Technology (IT) infrastructure and affected its systems.

Tata Power Company Limited had a cyberattack on its IT infrastructure impacting some of its IT systems, a BSE filing from the Mumbai-headquartered company said.

The company has taken steps to retrieve and restore the systems, it informed.

All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points, it added.

A senior official from the Maharashtra Police’s cyber wing said an intelligence input had been received about threat to Tata Power and other electricity companies.

All the concerned companies have been alerted, the official said, adding that an audit and check of firewalls is underway.

Meanwhile, earlier this year, Tata Power had announced partnerships with Kolte-Patil Developers and Hyundai to set up e-charging stations and electric vehicle infrastructure across the country. Tata Power partnered with Kolte-Patil Developers Limited (KPDL), a real estate company, to set up e-charging stations across its projects in Pune, Mumbai and Bengaluru for convenience of electric vehicle owners. As part of the wider green mobility adoption, EVs and the charging infrastructure play a key role to mitigate climate change challenges in the urban mobility space, Tata Power had said in a statement.

Hyundai Motor India, in May this year, said it had joined hands with Tata Power to set up fast charging electric vehicle infrastructure across its select dealerships in the country. Under the collaboration, 60kW DC charging stations will be installed at the company’s 34 EV dealerships in 29 cities to cater to all kinds of electric vehicles through Hyundai and Tata Power EZ Charge mobile app. Hyundai would facilitate, through its dealerships, space and necessary administrative approvals, while Tata Power would operate and maintain the charging stations.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Lithuania Faces Cyberattack, Russia’s Killnet Claims Hack of Sites in Retaliation for Transit Ban

Lithuanian state and private institutions were hit by a denial-of-service cyberattack on Monday, the Baltic country’s National Cyber Security Centre said in a statement released by the defence ministry.

“It is very likely that attacks of similar or greater intensity will continue in the coming days, especially in the transportation, energy and financial sectors,” the centre said.

Lithuania’s tax authority said in a statement it had halted all activities due to an unusually large number of attempts to connect to its systems, although all data was safe.

“The main targets are state institutions, transport institutions, media websites,” deputy Defence Minister Margiris Abukevicius said, in another sign of deteriorating relations between Baltic NATO country Lithuania and neighbouring Russia because of Moscow’s invasion of Ukraine in February.

Soon after, Russian hacker group Killnet claimed responsibility for the distributed denial of service (DDoS) cyberattack on Lithuania, saying it was in response to Vilnius’s decision to block the transit of goods sanctioned by the European Union to the Russian exclave of Kaliningrad.

“The attack will continue until Lithuania lifts the blockade,” a spokesperson for the Killnet group told Reuters. “We have demolished 1652 web resources. And that’s just so far.”

Kaliningrad is connected to the rest of Russia by a rail link through Lithuania, a member of the EU and NATO.

Kaliningrad is sandwiched between EU and NATO members Poland and Lithuania and supplied by rail via Lithuanian territory.

Lithuania had begun to see signs of an attack as early as June 21, Abukevicius said.

A Russian Security Council spokesperson on June 22 promised retaliation over the blocked shipments, stating that these would have “a serious negative impact on the population of Lithuania”.

European Union foreign policy chief Josep Borrell said last week Lithuania “only applies the European Union sanctions” in ceasing transport of certain goods to Kaliningrad, and has not taken any unilateral decisions.

© Thomson Reuters 2022

 

Check out our Latest News and Follow us at Facebook

Original Source

Microsoft Alleges Russian Spies of Targeting Ukraine’s Allies in 42 Countries Including US

Coinciding with unrelenting cyberattacks against Ukraine, state-backed Russian hackers have engaged in “strategic espionage” against governments, think tanks, businesses and aid groups in 42 countries supporting Kyiv, Microsoft said in a report on Wednesday.

“Since the start of the war, the Russian targeting (of Ukraine’s allies) has been successful 29 percent of the time,” Microsoft President Brad Smith wrote, with data stolen in at least one-quarter of the successful network intrusions.

“As a coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine,” Smith said.

Nearly two-thirds of the cyberespionage targets involved NATO members. The United States was the prime target and Poland, the main conduit for military assistance flowing to Ukraine, was the second. In the past two months, Denmark, Norway, Finland, Sweden and Turkey have seen stepped-up targeting.

A striking exception is Estonia, where Microsoft said it has detected no Russian cyber intrusions since Russia invaded Ukraine on February 24. The company credited Estonia’s adoption of cloud computing, where it’s easier to detect intruders. “Significant collective defensive weaknesses remain” among some other European governments, Microsoft said, without identifying them.

Half of the 128 organisations targeted are government agencies and 12 percent are non-governmental agencies, typically think tanks or humanitarian groups, according to the 28-page report. Other targets include telecommunications, energy and defense companies.

Microsoft said Ukraine’s cyber defenses “have proven stronger” overall than Russia’s capabilities in “waves of destructive cyberattacks against 48 distinct Ukrainian agencies and enterprises.” Moscow’s military hackers have been cautious not to unleash destructive data-destroying worms that could spread outside Ukraine, as the NotPetya virus did in 2017, the report noted.

“During the past month, as the Russian military moved to concentrate its attacks in the Donbas region, the number of destructive attacks has fallen,” according to the report titled Defending Ukraine: Early Lessons from the Cyber War. The Redmond, Washington, company has unique insight in the domain due to the ubiquity of its software and threat detection teams.

Microsoft said Ukraine has also set an example in data safeguarding. Ukraine went from storing its data locally on servers in government buildings a week before the Russian invasion — making them vulnerable to aerial attack — to dispersing that data in the cloud, hosted in data centers across Europe.

The report also assessed Russian disinformation and propaganda aimed at “undermining Western unity and deflecting criticism of Russian military war crimes” and wooing people in nonaligned countries.

Using artificial intelligence tools, Microsoft said, it estimated “Russian cyber influence operations successfully increased the spread of Russian propaganda after the war began by 216 percent in Ukraine and 82 percent in the United States.”

Check out our Latest News and Follow us at Facebook

Original Source

SpiceJet Says Q4 2021 Earnings Delayed Due to Ransomware Attack on IT Systems

No-frills airline SpiceJet on Friday said the announcement of its audited standalone and consolidated financial results for the quarter and financial year ended March 31, will get delayed due to a ransomware attack on its IT systems. In a regulatory filing, SpiceJet said it has postponed its board meeting on May 30, to consider and approve the company’s March quarter and FY 22 results to a later date.

“We wish to inform you that we are expecting a delay in submission of audited standalone and consolidated financial results of the Company for the financial year ended March 31, 2022 with stock exchange… due to ransomware attack on our IT systems which has affected the completion of the audit process within the stipulated time,” the filing added.

The company is taking the corrective measures with assistance of cyber experts and authorities on the issue, it said.

“Accordingly, the board meeting of the company scheduled to be held on May 30, is being postponed and the revised date of the board meeting… will be communicated shortly,” SpiceJet said.

Several SpiceJet flights were delayed on Tuesday due to a ransomware attack on its system.

“Certain SpiceJet systems faced an attempted ransomware attack last night that has impacted our flight operations. While our IT team has to a large extent contained and rectified the situation, this has had a cascading effect on our flights leading to delays,” a SpiceJet spokesperson had said in a statement on May 25.

The airline in the statement also informed that it was in touch with experts and cybercrime authorities on the issue.

Check out our Latest News and Follow us at Facebook

Original Source

Exit mobile version