All news with #critical infrastructure tag

🔒 Singapore's Cyber Security Agency says China-linked threat actor UNC3886 breached the country's four largest telcos — Singtel, StarHub, M1, and Simba — at least once last year, gaining limited access to critical systems but failing to disrupt services or exfiltrate confirmed customer data. Investigators found a zero-day used to bypass perimeter firewalls and rootkits employed for stealth and persistence. The government launched Operation Cyber Guardian, mobilized multiple agencies, and contained the intrusions while increasing monitoring across critical sectors.

🛡️ Singapore's Cyber Security Agency (CSA) disclosed that the China-linked espionage group UNC3886 executed a deliberate, targeted campaign against the nation's telecommunications sector, naming M1, SIMBA Telecom, Singtel and StarHub as targets. The agency said the actor used sophisticated tools, including a weaponized zero-day and kernel-level rootkits, to gain unauthorized access to portions of telco networks. CSA reported no evidence of customer personal data exfiltration or service disruption and said a defensive operation called CYBER GUARDIAN has closed the group's access points and expanded monitoring across affected operators.

🛡️ CISA coordinated a year-long, multiagency effort to secure Super Bowl LX, working with the NFL, DHS, the FBI, state and local partners, and private vendors to protect people, venues, and critical infrastructure. Region 9 authored a tailored playbook and executed physical security assessments using the Infrastructure Survey Tool and Infrastructure Visualization Platform, conducted tabletop exercises, and delivered bombing prevention workshops and cyber hygiene training. These layered measures aimed to reduce risk, strengthen communications interoperability, and ensure resilient operations throughout gameday.

🔒 The Cybersecurity and Infrastructure Security Agency (CISA) has issued Binding Operational Directive 26-02 requiring federal civil executive branch agencies to decommission end-of-support (EOS) edge devices within specified timelines. Agencies must identify and remediate vulnerabilities within three months and remove EOS devices from external-facing network edges within 18 months, replacing them with vendor-supported hardware. The directive also mandates continuous discovery and inventory processes to prevent future exposure.

🔒 Conpet, Romania's national oil pipeline operator, disclosed a cyberattack that disrupted its corporate IT systems and temporarily took down its public website. The company said operational technologies, including SCADA and telecommunications systems, were not affected and crude oil transport continued normally. The Qilin ransomware group claimed responsibility and alleged nearly 1 TB of data exfiltration, posting sample documents as proof. Conpet is investigating the incident with national cybersecurity authorities and has filed a criminal complaint with DIICOT.

⚠️ A critical vulnerability (CVE-2025-15080) affects Mitsubishi Electric MELSEC iQ-R Series firmware (R08/16/32/120PCPU) versions 48 and earlier. An attacker can read device data or parts of control programs, write device data, or cause a denial-of-service by sending specially crafted SLMP or proprietary protocol packets. Mitsubishi Electric recommends updating affected firmware to version 49 or later and, until patched, restricting access via firewalls, IP filters, VPNs, and LAN-only operation.

🛡️ Italy says it repelled multiple cyberattacks of Russian origin days before the Winter Olympic Games in Milan and Cortina d'Ampezzo. Targets included sites connected to the Games and several hotels in Cortina; facilities of the Foreign Ministry were also affected. Foreign Minister Antonio Tajani thanked security teams and said authorities coordinated defenses with event organizers.

🛡️ Germany and Israel jointly conducted a first-ever exercise, called “Blue Horizon,” to practice defending against a major cyberattack as part of a recent bilateral cyber and security pact. The drill aims to familiarize experts and advance the planned construction of a German “Cyberdome”, modeled on Israeli systems that consolidate data and use AI to detect network vulnerabilities and warn organizations. The pact also foresees closer cooperation on cybercrime, artificial intelligence and drone defense.

🛠️ Emerging technologies — from AI and quantum computing to extended reality (XR), edge computing and digital twins — are driving profound change in manufacturing, improving efficiency, safety and innovation. This special report examines how these advances will fundamentally alter operations, competitiveness and value creation across industrial sectors. It highlights practical use cases, adoption challenges and strategic considerations for responsible integration.

🔒 CERT Polska disclosed coordinated, destructive cyber attacks on December 29, 2025 that targeted more than 30 wind and photovoltaic farms, a manufacturing firm, and a large combined heat and power (CHP) plant. The agency attributed the activity to the cluster it calls Static Tundra, linked to Russia's FSB Center 16, while other vendors noted similarities to Sandworm. Attackers deployed multiple wipers — notably DynoWiper and a PowerShell-based LazyWiper — exploited vulnerable FortiGate appliances, harvested credentials and exfiltrated selected M365 data, but did not succeed in disrupting electricity production or heat delivery.

🔐 The FBI has launched Operation Winter SHIELD, a ten-week campaign outlining ten concrete actions organisations should adopt to improve cyber resilience across IT and OT environments. Developed with domestic and international partners and informed by recent investigations, the initiative connects observed adversary behaviour to practical defenses such as phish-resistant authentication, immutable offline backups, vulnerability management and reduced administrator privileges. Aligned with the US National Cyber Strategy and the FBI Cyber Strategy, the effort aims to harden critical infrastructure and reduce the attack surface.

🔒 The US Cybersecurity and Infrastructure Security Agency (CISA) has released an infographic to help critical infrastructure operators and SLTT governments prevent, detect and respond to insider threats. It advocates treating insider risk as an essential capability and recommends scalable, multidisciplinary teams that are embedded in existing structures. The guidance outlines a four-stage model—plan, organize, execute, maintain—and emphasizes confidentiality, legal compliance and coordination with external partners.

⚠️ The German Association of Cities warns the coalition's proposed Kritis umbrella law, due for a Bundestag vote, is insufficient because its 500,000‑inhabitant threshold excludes many essential facilities and weakens crisis preparedness. The draft tightens obligations for classified operators — including reporting duties and fines — but the Städtetag urges lowering the cutoff to 150,000 to cover medium-sized municipalities. The association also warns that allowing federal states to designate additional facilities risks creating a fragmented patchwork. In response to a January power-supply arson in Berlin, the amendment asks the government to review and remove publicly available infrastructure data to limit attacker intelligence, a shift Chancellor Friedrich Merz framed as moving from broad transparency toward greater resilience.

⚠️ A coordinated late-December cyberattack targeted distributed energy resource (DER) sites across Poland, impacting roughly 30 facilities including combined heat and power (CHP) plants and wind and solar dispatch systems. Researchers at Dragos say attackers damaged OT equipment beyond repair and wiped Windows hosts while disabling remote monitoring, though generation continued and no outages occurred. Dragos links the operation with moderate confidence to the cluster it calls Electrum, noting overlaps with Sandworm/APT44 and ties to destructive wipers used in Ukraine.

🔎 Dragos attributes a coordinated late-December 2025 cyber attack on multiple Polish power grid sites to the Russian state-sponsored crew ELECTRUM with medium confidence. The campaign targeted communication and control systems at combined heat and power facilities and systems managing distributed energy resources, including wind and solar dispatch. Although no blackouts were reported, attackers gained access to OT networks and disabled some equipment beyond repair. Dragos notes the operation blended IT-to-OT tradecraft, with KAMACITE enabling access and ELECTRUM executing ICS-focused actions.

🛡️ CISA is urging critical infrastructure organizations and SLTT governments to take decisive action against insider threats and has published an infographic titled Assembling a Multi-Disciplinary Insider Threat Management Team to guide prevention, detection, and mitigation. The agency highlights that insider threats include both deliberate malicious acts and unintentional errors that can undermine systems and trust. The resource offers actionable steps to build cross-functional teams, foster accountability, and strengthen organizational resilience.

⚠️ ESET attributes a Dec. 29–30 cyberattack on Poland's electricity grid to Sandworm, a hacking group tied to Russia's GRU. The operation deployed Dynowiper, destructive malware that erases data and left systems at risk of prolonged outage, nearly knocking power out for hundreds of thousands of households. ESET links the incident to a longer campaign of disruptive attacks on Ukrainian energy infrastructure since 2014. Observers say the event highlights growing threats to industrial control systems and the need for stronger defenses and incident response.

🌐 In Q4 2025 Cloudflare observed over 180 Internet disruptions worldwide driven by government-directed shutdowns, submarine cable cuts, power failures, extreme weather, military action, and technical faults at operators and hyperscalers. Significant incidents included a Tanzania shutdown, multiple fiber and submarine cable outages affecting Haiti, Pakistan, Cameroon and the Dominican Republic, and catastrophic cyclone damage in Sri Lanka and Indonesia. Several provider-side and hyperscaler incidents also reduced availability for many sites and applications, while two Cloudflare-specific outages impacted service for subsets of customers. Verified anomalies and outage details are tracked in Cloudflare Radar and available via the Radar API.

🔒 ESET has attributed a late-December 2025 wiper attack on Polish energy infrastructure to the Russia-aligned Sandworm APT and identified the malware as DynoWiper. Analysts reported strong overlaps with prior Sandworm wiper activity and assigned a medium-confidence attribution. Polish officials said critical systems were not disrupted and that two CHP plants and a renewable facility were targeted. The government is accelerating a National Cybersecurity System Act to strengthen IT/OT protections.

⚠️ Security researchers attribute a late-December 2025 cyberattack on Poland’s energy systems to the Russian state-sponsored group Sandworm, which attempted to deploy a destructive wiper named DynoWiper. ESET reports detection as Win32/KillFiles.NMO and published a SHA-1 indicator. Polish officials said two combined heat-and-power plants and a renewable power management system were targeted. Technical details and a public sample remain scarce.