Begun, The Crime Wars Have

Today in the space between war and peace…

BadPilot Campaign: Sandworm Subgroup Launches Multiyear Global Access Operation
Cybercrime: A Complex Threat to National Security
Ransomware: Beyond Money, Government Spies Have Their Own Objectives
Lazarus Group Implements New Cyber Espionage Tactics Using LinkedIn
German Police Investigate Sabotage of Warship
Latvian Minister Warns of Potential Sabotage Threats Amid Russian Propaganda on BRELL
Emerging Realpolitik in Africa: DRC Events Signal Potential Dangers
Chinese Espionage Expected to Increase Ahead of NATO Summit, Says Dutch Minister

BadPilot Campaign: Sandworm Subgroup Launches Multiyear Global Access Operation

A new report from the Microsoft Threat Intelligence Center (MSTIC) has revealed a new activity cluster that analysts link to the Russian state actor known as Seashell Blizzard (Microsoft’s name for Sandworm), referred to as the "BadPilot campaign." Since 2021, this group has targeted global Internet-facing infrastructure to support high-value operations. Their activities extend beyond Eastern Europe, employing opportunistic access techniques for long-term persistence and credential collection. This campaign affects sensitive sectors worldwide and exploits various software vulnerabilities, advancing Russia's military objectives and posing significant risks.

Cybercrime: A Complex Threat to National Security

According to a new report by the Google Threat Intelligence Group, recent cybercrime incidents, like the CONTI ransomware attacks in Costa Rica, have caused significant economic disruptions and prompted international remediation efforts. These attacks, which include extortion through data leaks, threaten national security and have led to an estimated $55 billion in losses in the U.S. due to business email compromise since 2013. The emergence of data leak sites poses additional threats, particularly to smaller economies, enabling foreign intelligence access to sensitive information.

Ransomware: Beyond Money, Government Spies Have Their Own Objectives

Ransomware gangs are characterized by their rapid and profit-driven tactics, contrasting with state-sponsored cyber spies who operate with stealth and strategic intent, according to a new feature story on The Register. However, some groups from China, Russia, Iran, and North Korea blur these distinctions by employing ransomware for geopolitical or financial purposes. For instance, Russia's Sandworm uses ransomware for political objectives, while North Korea conducts ransomware attacks to fund weapons programs. Additionally, Iran exploits vulnerabilities for financial gain. These dual-use strategies complicate efforts to attribute and respond to cybercrime.

Lazarus Group Implements New Cyber Espionage Tactics Using LinkedIn

A new report by cyber threat intelligence solution vendor SOCRadar identifies Lazarus Group as exploiting LinkedIn by impersonating recruiters in the finance and travel sectors. According to the report, they use fraudulent job offers to distribute cross-platform malware aimed at data theft. The initial contact involves a fake decentralized cryptocurrency exchange project, leading to the deployment of scripts that compromise cryptocurrency wallet data and install a Python-based backdoor.

German Police Investigate Sabotage of Warship

The German Navy is investigating several sabotage attempts amid concerns of potential Russian hybrid warfare tactics. Vice Admiral Kaack described these incidents as tests for NATO, raising security worries within both society and the alliance. Notable incidents include the discovery of metal shavings in the engine of the new warship "Emden" in Hamburg, suggesting possible sabotage prior to its deployment in the Baltic Sea. Local authorities are conducting an investigation, and German officials are enhancing countermeasures in response to the threat of increased Russian aggression, with intelligence indicating risks of large-scale conflict by 2029 if NATO is perceived as weakened.

Latvian Minister Warns of Potential Sabotage Threats Amid Russian Propaganda on BRELL

Latvia's Minister of Transport, Rihards Kozlovskis, emphasized the need to safeguard the country's infrastructure and address potential Russian provocations. He expressed skepticism about amending international laws and highlighted the importance of fortifying defenses against unauthorized actions that could advantage Russia. Kozlovskis questioned the validity of Sweden's recent report on cable damage (which ruled it an accident), citing concerns over suspicious disruptions. As Latvia remains disconnected from Russia's BRELL grid, there is heightened vigilance regarding possible sabotage amid ongoing disinformation campaigns from Russia and Belarus.

Emerging Realpolitik in Africa: DRC Events Signal Potential Dangers

According to an article published by Chatham House, the resurgence of M23 rebels in the Democratic Republic of Congo, reportedly supported by Rwanda, signals a rise in hybrid warfare that jeopardizes regional stability. The conflict, fueled by competition for resources, highlights shortcomings in traditional peacekeeping and diplomatic efforts. Responses from the international and regional communities have been varied and often ineffective, complicated by underlying realpolitik considerations.

Chinese Espionage Expected to Increase Ahead of NATO Summit, Says Dutch Minister

As reported by Bloomberg, the Netherlands is expecting a rise in Chinese espionage targeting critical sectors ahead of the NATO summit, according to Dutch Minister of Foreign Affairs Caspar Veldkamp.