< ciso
brief />
Tag Banner

All news with #nation state actor tag

192 articles

UK updates National Risk Register with cyber scenarios

🔒 The UK government has expanded its National Risk Register to include several new cyber-related scenarios affecting digital infrastructure, water systems, policing, and a potential large-scale IT outage. The July 14 update also adds a section on interference in democratic processes, covering attacks on election infrastructure and online information operations. Likelihoods are generally assessed as low but impacts range from moderate to catastrophic, prompting plans for a national resilience campaign to boost household preparedness.
read more →

Rival Chinese and Indian Cyber Espionage Hits Pakistan

🔒 SentinelLabs reports that suspected China- and India-linked cyber operators targeted multiple Pakistani law enforcement systems between February 2024 and April 2026, focusing on Balochistan Police. The compromise affected servers hosting biometric records, case files and tenant registrations, and included implants in a public Complaint Management System. Analysts linked PlugX, ShadowPad and Cobalt Strike to China-nexus activity and Remcos to a suspected India-nexus actor. The incidents underscore risks from centralized police IT systems and concentrated intelligence value.
read more →

EU and UK announce joint cyber sanctions on Russia

🛡️ The EU and the UK issued coordinated sanctions targeting Russian individuals, entities, and intelligence units accused of orchestrating cyberattacks across Europe. Designations include GRU and FSB-linked officers, cybercriminals, and private firms alleged to recruit hackers and run malware operations. Officials cite sustained campaigns against government and critical infrastructure since 2010 and recent disruptive attempts in Poland. The measures follow broader EU proposals to strengthen cybersecurity and precede additional sanctions on foreign companies tied to attacks.
read more →

Multiple nation-linked groups target Pakistani police

🛡️ Cybersecurity researchers disclosed sustained espionage targeting Pakistani law enforcement between February 2024 and April 2026, impacting Balochistan Police and other agencies. Compromised assets included network appliances, web servers for police applications, and a Fortinet FortiMail gateway, with a Complaint Management System used to host implants. Four threat clusters deployed PlugX, ShadowPad, Cobalt Strike, and Remcos RAT, linking the activity to China- and India-nexus actors. The dual targeting by adversaries and partners underscores the high intelligence value of law enforcement systems.
read more →

AI's accelerating role in cybersecurity risks

🛡️ Five Eyes agencies warned that AI's rapid development raises cyber risks, particularly autonomous hacking and automated attacks. Bruce Schneier explains that AI widens the gap between skill and ability, enabling less-skilled actors to cause greater harm while also offering defensive tools. He argues that guardrails on large platforms won't stop open-source models and urges using AI for defense across all heightened risks.
read more →

Evolution of the Pro‑Russia Influence Ecosystem

🛡️ Four years into Russia’s invasion of Ukraine, the pro‑Russia influence ecosystem has shifted from wartime tools back toward a global strategic asset. GTIG observes expansion of covert information operations, revived hacktivism, and increasing use of generative AI across planning and content creation. The ecosystem blends state, state‑aligned, and independent actors, targeting the West, Russia’s near abroad, the Middle East, Africa, and domestic audiences while exploiting media mimicry, cyber‑enabled IO, and direct dissemination.
read more →

Suspected Russian Involvement in JLR Cyberattack

🛡️ Security experts have reacted to a New York Times report linking Russian hackers to the Jaguar Land Rover breach, which reportedly cost the British economy £1.9bn. Microsoft flagged the activity, and specialists pointed to the lack of a ransom demand, timing before a vehicle rollout, and novel ransomware as indicators of state involvement. Former JLR security leaders and industry analysts suggest the attack resembled sabotage more than typical cybercrime.
read more →

FBI warns of Russian targeting Signal backup keys

🔔 The FBI has issued a public service announcement warning that multiple clusters of Russian intelligence actors, including FSB officers and military hackers, are targeting high-risk users to steal Signal Backup Recovery Keys. The campaign uses phishing messages masquerading as messaging app support to elicit verification codes, account PINs, and recovery keys. Victims include government officials, military personnel, journalists and Ukrainian officials. Users are advised to only trust official support channels and to generate a new recovery key to invalidate older backups.
read more →

Five Eyes Urges Urgent AI-Driven Cyber Resilience

🛡️ The Five Eyes cybersecurity agencies warned on June 22 that frontier AI is already reshaping offensive and defensive cyber capabilities and urged businesses to prioritize cyber resilience. They cautioned that AI accelerates attacks by lowering barriers and shrinking the window between discovery and exploitation, while also offering defensive benefits. The group recommended a whole-of-organization response focused on basics, secure-by-design, defence in depth, and integrating AI into security operations. Practical steps included reducing attack surfaces, accelerating patching, addressing legacy systems, strengthening access controls, and preparing incident response.
read more →

NCSC: 75% of CNI Incidents Linked to Hostile States

🛡️ Richard Horne, CEO of the UK National Cyber Security Centre, told the RUSI Annual Security Lecture that three-quarters of cyber incidents affecting UK critical national infrastructure over the past year were traced to nation-state actors or hostile states. The NCSC handled around 200 incidents between June 2025 and May 2026, with threats described across three contested digital spaces: far, mid and near. Horne warned that AI and cloud supply-chain exploitation increase attacker scale and urged organisations to prioritise continuous defence, fix legacy vulnerabilities and close IT-OT knowledge gaps.
read more →

WhatsApp disrupts alleged NSO spear‑phishing attacks

🔒 WhatsApp says it detected and disrupted spear‑phishing campaigns it attributes to the NSO Group after investigating user reports of social‑engineering attacks. Meta reports the phishing lures redirected targets to external websites and that test accounts and groups linked to the activity were removed. The company provided three domains as indicators of compromise and urged users to update apps and enable protections such as Advanced Protection on Android and Lockdown Mode on iOS.
read more →

Agencies Warn of LinkedIn Recruitment for Espionage

🛡️ A joint bulletin from the FBI, MI5, ASIO, CSIS and NZSIS warns that Chinese military intelligence is using professional networking sites and job platforms to recruit Western workers into sharing sensitive information. The advisory details fake cover companies, targeted outreach on platforms like LinkedIn, and staged hiring processes that escalate from innocuous reports to requests for privileged material via encrypted messaging. Targets include military personnel, academics, journalists, and think-tank staff, and payments are made through common money-transfer and crypto services. The agencies urge scepticism toward unsolicited, well-targeted approaches and rapid moves to encrypted apps.
read more →

Executives and CISOs Must Treat Cyber as Statecraft

🔒 Bharat Thakrar of ISACA’s London Chapter told Infosecurity Europe 2026 that cyber, AI and geopolitics are now inseparable and warned against treating security as merely an IT problem. He cited breaches like Sony Pictures (2014), Viasat (2022) and Stryker (2026) to show private firms can be legitimate geopolitical targets. Thakrar proposed the Cyber Geopolitical Preparedness and Response (CGPR) framework—assess exposure, evaluate readiness, plan response and continuous monitoring—and urged geopolitical stress‑tests, revamped HR vetting, tighter access controls and predefined executive authorities.
read more →

Law enforcement seizes hosting tied to Iranian campaigns

🔎 On May 22, 2026, Dutch investigators seized roughly 800 servers from WorkTitans B.V., a hosting provider that allegedly operated as a successor to a sanctioned ISP. The seized infrastructure supported multiple Iranian cyber espionage groups—MuddyWater, Agrius (UNC2428), and Nimbus Manticore—each using the provider for command-and-control, lure hosting, and scanning. This takedown disrupted active operations and highlights the need to evaluate hosting environments, ASNs, and passive DNS history rather than relying solely on individual IP flags.
read more →

Chinese-linked Hackers Exploit Middle East Conflict

🔎 ESET warns that China-aligned APT groups have been exploiting the Middle East war to target maritime, energy and political organizations, while continuing global espionage aligned with Beijing’s strategic priorities. The report covers October 2025–March 2026 and highlights activity against Syria, Central and South America, and an attempted intrusion into an AI and robotics firm in South Korea. Russia-aligned actors focused on Ukraine and destructive campaigns, while Iran-aligned activity shifted to proxy and hacktivist actions amid internet disruptions.
read more →

Attack Surface and Cyber Risks for FIFA 2026

📘 The 2026 FIFA World Cup spans 39 days across 16 host cities in three nations, creating a vast temporary tournament network layered on existing stadium and municipal infrastructure. This assessment warns of high likelihoods for disruptive intrusions, large-scale fraud and politically motivated DDoS and hack-and-leak operations. Key drivers include Iran-nexus disruptive campaigns, pro-Russian hacktivist DDoS activity and financially motivated cybercrime targeting fans and the hospitality ecosystem.
read more →

AI-Enabled Sanctions Evasion Raises Governance Risks

🛡️ New RUSI research warns that adversaries, notably North Korea and Iran, are moving from AI-assisted to AI-enabled sanctions evasion and proliferation financing. The report highlights AI’s ability to mass-produce fraudulent documents, automate shell-company administration, and analyze blockchain flows to evade detection. Experts urge enterprises to adopt behavior-based analytics, defensive AI, stronger identity verification and updated training to counter these evolving threats.
read more →

Netherlands seizes servers tied to hosting firm

🔎 Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company accused of enabling cyberattacks, interference operations, and disinformation campaigns. Authorities say the suspects provided resources indirectly to Russian and Belarusian entities sanctioned by the EU, and that infrastructure was moved to a front company after sanctions. Raids recovered servers, laptops, phones, and records across multiple Dutch data centers.
read more →

ROADtools misuse in cloud identity attacks

🔍 ROADtools is an open-source Python toolkit for red teams and researchers that attackers have repurposed to target Microsoft Entra ID. It enumerates tenants, registers devices, and acquires or manipulates OAuth2/OpenID Connect tokens while using legitimate Microsoft APIs and configurable request attributes to evade detection. Nation-state actors have used ROADtools for discovery, persistence and defense evasion, and Palo Alto Networks outlines detection queries, mitigation recommendations and protections available via Cortex Cloud, Cortex XDR and Unit 42 services.
read more →

From WarGames to Cyberwar: Nation-State Cyber Threats

🔍 In a RSA 2025 conversation, Allie Mellen, author of Code War, frames modern cyber conflict through historical doctrine, showing how nations' distinct strategies shape attacks and espionage. She cautions that attribution based solely on technical signals is insufficient because actors can forge signatures and deploy false flags, so motive and context matter. Mellen warns that AI will make attacks faster and more adaptive, and urges defenders to strengthen fundamentals and adopt automation and AI on the defensive side.
read more →