Iranian Hackers Compromise US Government Agencies and Military Contractors

Iranian state-sponsored hackers have been accused of carrying out a five-year cyber espionage campaign, compromising hundreds of thousands of employee accounts at US companies and government agencies, including the Departments of Treasury and State, and defense contractors. The hackers used spearphishing and social engineering tactics, to trick victims into clicking on malicious links and deploying malware. Four Iranian nationals, including one alleged member of the Islamic Revolutionary Guard, have been indicted for the attacks, which compromised over 20,000 accounts at a hospitality company and hundreds of thousands of accounts overall, although the extent of data compromise remains unclear.

Russian Hackers Disrupt Texas Water System in First-Ever Attack

Russian hackers claiming to be backed by the Kremlin have been accused of disrupting a water system in Muleshoe, Texas, in a first-ever attack on a US water system by Russia. The hackers, identified as the Cyber Army of Russia Reborn (CARR), allegedly accessed the town's water tower remotely in January, causing it to overflow with thousands of gallons of water for almost an hour. The group, also known as Sandworm, has a history of conducting cyberattacks on Ukrainian organizations and government agencies, and has been linked to attacks on the Olympics Opening Games in South Korea in 2018. The FBI is currently investigating the hacking activity, which has raised concerns about the potential disruption of critical infrastructure and the need for partnership to secure water systems against these threats.

Hackers Breached Change Healthcare's Systems Days Before Cyberattack

Hackers gained access to Change Healthcare's systems on February 12, over a week before launching a ransomware attack on February 21, which crippled parts of the US healthcare system. The attackers, believed to be the ALPHV ransomware gang, used compromised credentials to access the network, and then manipulate an application that multifactor authentication was not enabled on. UnitedHealth Group, Change's parent company, paid a ransom to the attackers, reportedly around $22 million in bitcoin. The breach has cost UnitedHealth $870 million so far and has left many healthcare providers struggling to stay afloat. The incident has raised concerns about cyber risks in the healthcare industry and prompted a probe by the US Department of Health and Human Services.

Nespresso Website Vulnerability Exploited in Phishing Campaign

A phishing campaign has been using an open redirect vulnerability in the Nespresso website to steal Microsoft credentials. The campaign starts with a phishing email that appears to be from Bank of America, leading to a legitimate but infected Nespresso URL. This URL delivers a malicious HTML file disguised as a Microsoft login page, aimed at capturing victims' credentials. The attackers are exploiting the fact that some security vendors only inspect the initial link, not detecting hidden or embedded links. The campaign has been launched from multiple sender domains, consistently using the infected Nespresso URL and fake Bank of America email. It is unclear if the vulnerability has been fixed.