All news with #critical infrastructure tag

🔒 JLR has disclosed a cyber incident that has severely disrupted global sales and production. The company said it proactively shut down systems and is working to restart applications in a controlled manner. At this stage there is no evidence customer data has been stolen, but retail and manufacturing activities remain affected. Tata Motors disclosed related "global IT issues" to investors.

🔐 Pennsylvania’s Office of Attorney General (OAG) confirmed a ransomware attack in August that encrypted files and disrupted civil and criminal court proceedings, forcing several courts to grant time extensions. The OAG said no ransom has been paid and an active multi-agency investigation is underway; it has not yet indicated whether data was exfiltrated. Most staff — about 1,200 across 17 offices — have regained email, and the main phone line and website are restored while full system recovery continues.

⚠️ The State of Nevada confirmed a 'network security incident' on 25 August that prompted the closure of in-person government offices and the temporary takedown of state websites and phone lines while 24/7 recovery efforts continue. The Governor's Office said emergency call-taking and essential services remain available and that temporary routing and operational workarounds are in place. There is currently no evidence that personally identifiable information was compromised, but residents were advised to be cautious of unsolicited calls, emails or texts requesting personal information or payments. The matter is under active investigation and agencies will announce reopening timelines.

🚨 CISA, the NSA, the FBI, and international partners released a joint advisory detailing ongoing malicious activity by PRC state-sponsored APT actors seeking long-term access to critical infrastructure worldwide. The advisory highlights exploitation of vulnerabilities in routers and edge devices used by telecommunications and infrastructure operators, and notes actors' evasion and persistence tactics. It urges organizations to patch known exploited vulnerabilities, enable centralized logging, secure edge infrastructure, and hunt for signs of compromise immediately.

🔒 CISA, the NSA, the FBI, and international partners issued a joint advisory describing People’s Republic of China state-sponsored APT actors compromising networks worldwide to support long-term espionage. Investigations through July 2025 reveal these actors exploit vulnerabilities in large backbone provider edge and customer edge routers—often modifying firmware and configurations to evade detection and maintain persistent access. Affected sectors include telecommunications, government, transportation, lodging, and defense. The advisory urges network defenders, especially in high-risk sectors, to actively hunt for intrusions and apply the recommended mitigations.

🔒 CISA and public- and private-sector partners are assisting Nevada following an August 24 cyber attack, focusing on restoring networks that support lifesaving and critical services. At the state's request, CISA Threat Hunting teams are actively examining systems to determine the full scope of impact and mitigate threats. The agency also advised on FEMA emergency response grants, and the FBI is supporting the investigation.

🛡️ U.S. and international agencies warn that People's Republic of China (PRC) state-sponsored actors have been compromising global networks since at least 2021 to collect communications and other intelligence. Actors targeted telecommunications backbone routers, provider- and customer-edge devices, and infrastructure across government, transportation, lodging, and military sectors. They exploited known CVEs (for example CVE-2024-21887, CVE-2024-3400, Cisco CVEs), modified devices to maintain persistence using on-box PCAP/containers and tunnels, and exfiltrated data via peering and covert channels. The advisory includes IP indicators, binary hashes, Yara/Snort rules, hunting guidance, and prioritized mitigations to patch, isolate management planes, harden credentials, and detect PCAP creation.

🔍 A research team at SUTD's ASSET group released Sni5Gect, an open-source over-the-air toolkit that passively sniffs early 5G signaling and injects crafted payloads before NAS security is established. The framework can crash UE modems, fingerprint devices, bypass some authentication flows, and force downgrades from 5G to 4G without deploying a rogue gNB, with reported injection success rates of 70–90% at up to 20 m. GSMA recorded the issue as CVD-2024-0096.

🔔 CISA released three Industrial Control Systems advisories on August 26, 2025, detailing vulnerabilities and mitigations for INVT VT‑Designer and HMITool, Schneider Electric Modicon M340 controllers and modules, and an updated advisory for Danfoss AK‑SM 8xxA Series. The alerts provide technical details, risk assessments, and recommended mitigations. Administrators and asset owners should review the advisories and apply vendor guidance promptly.

🔒 Security researchers from Midnight Blue have disclosed a critical weakness in an ETSI-endorsed TETRA end-to-end encryption implementation used in professional radios. After extracting and reverse-engineering a Sepura device, they found the E2EE algorithm compresses a 128-bit key to an effective 56 bits before encryption, drastically weakening confidentiality. The behavior looks like an intentional backdoor, and it is unclear which organizations use the vulnerable implementation or whether operators are aware of the risk.

🚨 The Maryland Transit Administration (MTA) reported on August 24 that it is investigating a cyber incident involving unauthorized access to specific systems. Most core services, including Local Bus, Metro Subway, Light Rail, MARC and Commuter Bus, remain on schedule, but some functions are disrupted. Affected services include Mobility Paratransit new bookings and rescheduling, MTA real-time updates and call center support, and Baltimore Metro elevator phones, and the agency is working with the Maryland Department of Information Technology, third-party cybersecurity experts and law enforcement to investigate and remediate the issue.

🔐 The Joint SAFECOM–NCSWIC Project 25 (P25) User Needs Working Group (UNWG) has published a video series highlighting the importance of P25 land mobile radio (LMR) encryption for national security and first responder communications. The series explains three types of P25 protections — link layer authentication, link layer encryption, and voice traffic encryption — and why each matters. Another installment outlines UNWG’s role in preserving interoperability and encourages public safety stakeholder engagement.

🔒 Pakistan Petroleum Limited (PPL) was struck by the Blue Locker ransomware, detected on 6 August, which appends a .blue extension to encrypted files and has reported deletion of backups and theft of some business and employee data. The incident encrypted servers and disrupted financial operations while recovery work proceeded in a phased manner. Pakistan's NCERT issued a high alert to 39 key ministries and institutions and warned of multiple distribution vectors. Organisations, especially critical infrastructure operators, are urged to verify and isolate backups, implement network segmentation and enhanced monitoring, and engage incident response and forensic teams as needed.

🔒 CISA published Advisory ICSA-25-233-01 on August 21, 2025 describing a Denial-of-Service vulnerability (CVE-2025-5514, CVSS v3 5.3) in the Mitsubishi Electric MELSEC iQ-F Series CPU module web server. An attacker can send specially crafted HTTP requests that exploit an Improper Handling of Length Parameter Inconsistency to delay processing and prevent legitimate users from accessing the web server. Mitsubishi Electric reports no plans to release a fix and advises customers to restrict network exposure, use IP filtering and VPNs, and limit physical access. CISA recommends isolating control networks behind firewalls and minimizing internet exposure.

🔔 CISA released three Industrial Control Systems (ICS) advisories on August 21, 2025, detailing vulnerabilities and potential exploits affecting products from Mitsubishi Electric and FUJIFILM. The notices cover MELSEC iQ-F Series CPU Module, Mitsubishi Electric air conditioning systems (Update A), and Synapse Mobility. Each advisory includes technical details and recommended mitigations. CISA urges administrators and asset owners to review and apply the guidance promptly.

⚠️ Warlock is a ransomware operation that emerged in 2025 and uses double extortion — encrypting systems and threatening to publish stolen data to coerce payment. The group has targeted government agencies and critical service providers across Europe, and on August 12 a cyber incident disrupted UK telecom Colt Technology Services, with an alleged auction of one million stolen documents. Security analysts link recent intrusions to exploitation of the SharePoint vulnerability CVE-2025-53770, which Microsoft says is actively exploited; Microsoft has published analysis and urges immediate patching. Recommended mitigations include enforcing multi‑factor authentication, keeping security tools and software patched, maintaining secure off‑site backups, reducing attack surface, encrypting sensitive data, and educating staff on phishing and social engineering.

🔒 Cisco Talos identifies the threat cluster Static Tundra as a long-running, Russian state-sponsored actor that compromises unpatched and end-of-life Cisco networking devices to support espionage operations. The group aggressively exploits CVE-2018-0171 and leverages weak SNMP community strings to enable local TFTP retrieval of startup and running configurations, often exposing credentials and monitoring data. Talos also observed persistent firmware implants, notably SYNful Knock, and recommends immediate patching or disabling Smart Install, strengthening authentication, and implementing configuration auditing and network monitoring to detect exfiltration and implanted code.

🔍 CISA, with partners including DARPA, OUSD R&E, and the NSA, is leading an interagency effort to close a national gap in software understanding that endangers critical infrastructure. A new Sandia National Laboratories report, The National Need for Software Understanding, describes the gap’s causes, risks, and options for remediation. CISA urges manufacturers to design software for independent analysis and invites experts and mission owners to engage on research priorities.

⚠️ The Netherlands' Public Prosecution Service (Openbaar Ministerie) disconnected its networks on July 17 after suspecting attackers had exploited Citrix device vulnerabilities, leaving several fixed, average and portable speed cameras unable to record offences. Internal email remained available, but external communications and documents required printing and postal delivery. Regulators including the National Cybersecurity Centre were informed, and prosecutors warned that ongoing downtime will delay cases and hamper road-safety enforcement while systems remain offline.

🔒 CISA and international partners released new guidance to help operational technology (OT) owners and operators establish and maintain comprehensive asset inventories and taxonomies. The resource provides practical steps to identify, classify, and track OT devices and components that support critical infrastructure, including industrial control systems and automation. Implementing these practices aligns with the Cross-Sector Cybersecurity Performance Goals and enhances visibility, risk management, and operational resilience for mission-critical services.