< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 10 of 20

Emerging Technologies Reshaping Modern Manufacturing

🛠️ Emerging technologies — from AI and quantum computing to extended reality (XR), edge computing and digital twins — are driving profound change in manufacturing, improving efficiency, safety and innovation. This special report examines how these advances will fundamentally alter operations, competitiveness and value creation across industrial sectors. It highlights practical use cases, adoption challenges and strategic considerations for responsible integration.
read more →

Poland Attributes December Cyber Attacks to Static Tundra

🔒 CERT Polska disclosed coordinated, destructive cyber attacks on December 29, 2025 that targeted more than 30 wind and photovoltaic farms, a manufacturing firm, and a large combined heat and power (CHP) plant. The agency attributed the activity to the cluster it calls Static Tundra, linked to Russia's FSB Center 16, while other vendors noted similarities to Sandworm. Attackers deployed multiple wipers — notably DynoWiper and a PowerShell-based LazyWiper — exploited vulnerable FortiGate appliances, harvested credentials and exfiltrated selected M365 data, but did not succeed in disrupting electricity production or heat delivery.
read more →

FBI Launches Winter SHIELD to Strengthen Cyber Defenses

🔐 The FBI has launched Operation Winter SHIELD, a ten-week campaign outlining ten concrete actions organisations should adopt to improve cyber resilience across IT and OT environments. Developed with domestic and international partners and informed by recent investigations, the initiative connects observed adversary behaviour to practical defenses such as phish-resistant authentication, immutable offline backups, vulnerability management and reduced administrator privileges. Aligned with the US National Cyber Strategy and the FBI Cyber Strategy, the effort aims to harden critical infrastructure and reduce the attack surface.
read more →

CISA Issues New Guidance on Insider Threat Risk Management

🔒 The US Cybersecurity and Infrastructure Security Agency (CISA) has released an infographic to help critical infrastructure operators and SLTT governments prevent, detect and respond to insider threats. It advocates treating insider risk as an essential capability and recommends scalable, multidisciplinary teams that are embedded in existing structures. The guidance outlines a four-stage model—plan, organize, execute, maintain—and emphasizes confidentiality, legal compliance and coordination with external partners.
read more →

Criticism of Kritis Umbrella Law Raises Patchwork Concerns

⚠️ The German Association of Cities warns the coalition's proposed Kritis umbrella law, due for a Bundestag vote, is insufficient because its 500,000‑inhabitant threshold excludes many essential facilities and weakens crisis preparedness. The draft tightens obligations for classified operators — including reporting duties and fines — but the Städtetag urges lowering the cutoff to 150,000 to cover medium-sized municipalities. The association also warns that allowing federal states to designate additional facilities risks creating a fragmented patchwork. In response to a January power-supply arson in Berlin, the amendment asks the government to review and remove publicly available infrastructure data to limit attacker intelligence, a shift Chancellor Friedrich Merz framed as moving from broad transparency toward greater resilience.
read more →

Coordinated Cyberattack on Polish Energy Grid Hits 30 Sites

⚠️ A coordinated late-December cyberattack targeted distributed energy resource (DER) sites across Poland, impacting roughly 30 facilities including combined heat and power (CHP) plants and wind and solar dispatch systems. Researchers at Dragos say attackers damaged OT equipment beyond repair and wiped Windows hosts while disabling remote monitoring, though generation continued and no outages occurred. Dragos links the operation with moderate confidence to the cluster it calls Electrum, noting overlaps with Sandworm/APT44 and ties to destructive wipers used in Ukraine.
read more →

Russian ELECTRUM Linked to December 2025 Polish Grid Attack

🔎 Dragos attributes a coordinated late-December 2025 cyber attack on multiple Polish power grid sites to the Russian state-sponsored crew ELECTRUM with medium confidence. The campaign targeted communication and control systems at combined heat and power facilities and systems managing distributed energy resources, including wind and solar dispatch. Although no blackouts were reported, attackers gained access to OT networks and disabled some equipment beyond repair. Dragos notes the operation blended IT-to-OT tradecraft, with KAMACITE enabling access and ELECTRUM executing ICS-focused actions.
read more →

CISA Urges Critical Infrastructure to Combat Insider Threats

🛡️ CISA is urging critical infrastructure organizations and SLTT governments to take decisive action against insider threats and has published an infographic titled Assembling a Multi-Disciplinary Insider Threat Management Team to guide prevention, detection, and mitigation. The agency highlights that insider threats include both deliberate malicious acts and unintentional errors that can undermine systems and trust. The resource offers actionable steps to build cross-functional teams, foster accountability, and strengthen organizational resilience.
read more →

Russian Sandworm Group Accused Over Poland Power Attack

⚠️ ESET attributes a Dec. 29–30 cyberattack on Poland's electricity grid to Sandworm, a hacking group tied to Russia's GRU. The operation deployed Dynowiper, destructive malware that erases data and left systems at risk of prolonged outage, nearly knocking power out for hundreds of thousands of households. ESET links the incident to a longer campaign of disruptive attacks on Ukrainian energy infrastructure since 2014. Observers say the event highlights growing threats to industrial control systems and the need for stronger defenses and incident response.
read more →

Q4 2025 Internet Disruptions: Causes and Impact Overview

🌐 In Q4 2025 Cloudflare observed over 180 Internet disruptions worldwide driven by government-directed shutdowns, submarine cable cuts, power failures, extreme weather, military action, and technical faults at operators and hyperscalers. Significant incidents included a Tanzania shutdown, multiple fiber and submarine cable outages affecting Haiti, Pakistan, Cameroon and the Dominican Republic, and catastrophic cyclone damage in Sri Lanka and Indonesia. Several provider-side and hyperscaler incidents also reduced availability for many sites and applications, while two Cloudflare-specific outages impacted service for subsets of customers. Verified anomalies and outage details are tracked in Cloudflare Radar and available via the Radar API.
read more →

Wiper Attack on Polish Power Grid Attributed to Sandworm

🔒 ESET has attributed a late-December 2025 wiper attack on Polish energy infrastructure to the Russia-aligned Sandworm APT and identified the malware as DynoWiper. Analysts reported strong overlaps with prior Sandworm wiper activity and assigned a medium-confidence attribution. Polish officials said critical systems were not disrupted and that two CHP plants and a renewable facility were targeted. The government is accelerating a National Cybersecurity System Act to strengthen IT/OT protections.
read more →

Sandworm Tied to Failed DynoWiper Attack on Poland Grid

⚠️ Security researchers attribute a late-December 2025 cyberattack on Poland’s energy systems to the Russian state-sponsored group Sandworm, which attempted to deploy a destructive wiper named DynoWiper. ESET reports detection as Win32/KillFiles.NMO and published a SHA-1 indicator. Polish officials said two combined heat-and-power plants and a renewable power management system were targeted. Technical details and a public sample remain scarce.
read more →

DynoWiper Used in Attempted Sandworm Attack on Poland

⚠️ A new wiper malware named DynoWiper was used in an attempted disruptive attack on Poland's power sector on December 29–30, 2025, according to a report by ESET. The activity is attributed to the Russia-linked group Sandworm based on overlaps with prior wiper campaigns. Targeted systems included two CHP plants and a renewables management system, but officials report no evidence of successful disruption. Poland is accelerating safeguards and drafting stricter cybersecurity legislation for IT and OT risk management and incident response.
read more →

ESET: Sandworm Linked to Late-2025 Polish Grid Attack

🔎 ESET Research attributes a coordinated late‑2025 cyberattack on Poland’s power grid to the Russia‑aligned APT group Sandworm, citing strong overlaps in malware and tactics. The analyzed destructive payload, named DynoWiper, is detected as Win32/KillFiles.NMO (SHA‑1: 4EC3C90846AF6B79EE1A5188EEFA3FD21F6D4CF6). Researchers state medium confidence in the attribution and report they are not aware of any confirmed operational disruption. The incident occurred on the tenth anniversary of Sandworm’s 2015 Ukrainian power outage.
read more →

Ransomware Hits Verkehrsgesellschaft Main-Tauber Operations

🔒 The office and mobility centre of Verkehrsgesellschaft Main-Tauber (VGMT) are closed and offline after a confirmed cyberattack that encrypted the organisation’s servers and data. It is unclear whether sensitive information was stolen; investigations are ongoing with support from the Baden-Württemberg state cybersecurity agency, local police, district IT specialists and an external vendor. VGMT says public local transport remains unaffected while teams work to restore limited services under heightened security precautions.
read more →

Johnson Controls ICU Stack-Based Overflow Patch Available

⚠️ The Cybersecurity and Infrastructure Security Agency (CISA) warns of a stack-based buffer overflow in Johnson Controls' iSTAR Configuration Utility (ICU), tracked as CVE-2025-26386. The vulnerability affects ICU versions <= 6.9.7 and, under certain conditions, could lead to an operating system failure on the host machine. Johnson Controls released a vendor fix; update ICU to version 6.9.8. CISA recommends applying the update promptly and following network-segmentation and remote-access best practices to reduce exposure.
read more →

EVMAPA EV Charging Stations: Critical Authentication Flaws

🔒 CISA warns of multiple high-severity vulnerabilities in EVMAPA electric vehicle charging station software, including missing authentication on a WebSocket endpoint (CVE-2025-54816), unlimited authentication attempts (CVE-2025-53968), and insufficient session expiration (CVE-2025-55705). Exploitation could enable unauthorized remote command execution, spoofing of station statuses, or denial-of-service, with a top CVSS score of 9.4. Vendor responses vary: EVMAPA plans BASIC auth for OCPP 2.x, uses WSS and vendor VPN for some deployments, and reports one issue has been fixed.
read more →

EU Revises Cybersecurity Rules to Curb High-Risk Suppliers

🔐 The European Commission has unveiled a cybersecurity package to strengthen the EU’s resilience against state and criminal cyber and hybrid threats. The proposals focus on reducing risks from high-risk suppliers outside the EU—particularly in critical infrastructure like mobile networks—using a common, risk-based framework. The plan updates the European Cybersecurity Certification Framework to speed product testing, eases compliance burdens for SMEs, and reinforces ENISA’s role in threat analysis, incident response and vulnerability management.
read more →

EU Proposes Cybersecurity Act 2.0 to Strengthen EU Defenses

🔒 The European Commission has proposed an update to the Cybersecurity Act, published on 20 January, to address shortcomings in the original regulation. The package aims to streamline the European cybersecurity certification framework, introduce a trusted ICT supply chain security framework across 18 critical sectors, and require certification schemes to be developed within 12 months by default. It also expands ENISA's powers to lead incident support, vet suppliers, and pilot skill attestation.
read more →

Internet Voting Remains Too Insecure for Elections

🔐 Bruce Schneier and a broad group of security scientists warn that internet voting is fundamentally insecure and that no known or foreseeable technology can make it safe for public elections. They criticize persistent claims from vendors and advocates—specifically naming Bradley Tusk and the Mobile Voting Foundation—for promoting misleading assurances. The letter calls on election officials and policymakers to reject online voting and stick with proven, auditable processes.
read more →