UK nuclear site hacked by Russian & Chinese hackers

Dec 05 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that thinks cybercriminals hacked our Advent calendar ๐Ÿ‘€๐Ÿ˜‹๐Ÿ™ƒ

Todayโ€™s hottest cybersecurity news stories:ย 

  • โ˜ข๏ธ UK nuclear site hacked by Russian & Chinese hackers ๐Ÿ‘จโ€๐Ÿ’ป

  • โš ๏ธ Microsoft warns that CACTUS is back via malvertising ๐ŸŽญ

  • ๐Ÿšซ Group of UEFI flaws named logoFAIL expose devices ๐Ÿšช

Seriously, Chernobylshit ๐Ÿ’€

๐Ÿšจ UK's Sellafield Nuclear Site Hacked by Russia and China-Linked Cyber Groups ๐Ÿšจ

In a shocking revelation, a decade-long cyber breach at Sellafield, the UK's most hazardous nuclear site, has come to light. ๐ŸŒ Cybersecurity failings, potentially compromising activities like moving radioactive waste, have been covered up by senior staff, raising concerns about national security. ๐Ÿ˜ฑ

The breach, dating back to 2015, involves sleeper malware embedded in Sellafield's networks, with uncertain eradication status. The facility, sprawling 6 sq km on the Cumbrian coast, holds the world's largest plutonium store. ๐Ÿ’ป๐Ÿญ

Sellafield's failure to alert regulators for years has hindered quantifying data loss and ongoing risks.ย ๐Ÿ˜ฌ The site, under "special measures" for cybersecurity, faces potential prosecution.

Labour's Ed Miliband calls for urgent government action, highlighting the seriousness of this report on critical energy infrastructure. ๐Ÿญ๐Ÿ”’

Concerns include insecure servers (dubbed Voldemort), external contractors' unsupervised access, and inadvertent BBC broadcast of secure login details.

โš ๏ธ Cyber threats from Russia and China pose significant risks, leading to heightened alerts from GCHQ. The Office for Nuclear Regulation (ONR) urges improvements, with potential new systems at the emergency control center.

Sellafield, vital for the UK's nuclear industry expansion, costs ยฃ2.5bn/year to operate. Decommissioning, a massive undertaking, is estimated at ยฃ263bn, a fiscal risk according to the Office for Budget Responsibility. ๐Ÿ’ธ๐Ÿ”

Sellafield assures multiple cybersecurity layers and collaboration with regulators. ONR emphasises ongoing investigations and high cybersecurity standards.

The Department for Energy Security and Net Zero assures public safety, acknowledging historical issues and expecting regular updates on improvements. ๐Ÿ›ก๏ธ๐ŸŒ

Stay informed and secure! ๐Ÿ“ฐ๐Ÿ”’

Your SOC 2 Compliance Checklist from Vanta

Are you building a business? Achieving SOC 2 compliance can help you win bigger deals, enter new markets and deepen trust with your customers โ€” but it can also cost you real time and money.

Vanta automates up to 90% of the work for SOC 2 (along with other in-demand frameworks), getting you audit-ready in weeks instead of months. Save up to 400 hours and 85% of associated costs.

Download the free checklist to learn more about the SOC 2 compliance process and the road ahead.

Microsoft: Watch out for Operation Desert Storm ๐ŸŒต๐Ÿ‘€๐Ÿ‘พ

๐Ÿšจ Alert: New Wave of CACTUS Ransomware Attacks! ๐Ÿšจ

Microsoft issues a warning about the latest cyber threatโ€”CACTUS ransomware attacks! ๐Ÿ˜ฑ๐Ÿ”’ These attacks use malvertising lures to deploy DanaBot, a multifunctional tool acting as an entry point for next-stage payloads. ๐Ÿค–๐Ÿ’ป

The Microsoft Threat Intelligence team reveals that DanaBot infections lead to hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware. ๐ŸŒช๏ธ๐Ÿ’ผ

UNC2198, known for deploying Maze and Egregor ransomware, has previously used QakBot infections for initial access. The shift to DanaBot likely stems from a coordinated law enforcement operation in August 2023 that took down QakBot's infrastructure. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿšซ

The ongoing Danabot campaign, observed since November, uses a private version of the info-stealing malware.ย ๐Ÿ”„๐Ÿ‘พ Credentials harvested by the malware are sent to an actor-controlled server, enabling lateral movement via RDP sign-in attempts and granting access to Storm-0216. ๐Ÿ”„๐Ÿšช

This alert follows recent CACTUS ransomware attacks exploiting vulnerabilities in Qlik Sense and the discovery of a new macOS ransomware called Turtle, written in the Go programming language. Stay vigilant, update security measures, and protect your systems! ๐Ÿ›ก๏ธ๐Ÿ‘€

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

logoFAILArmy ๐Ÿคฆ

๐Ÿ›ก๏ธ Security Alert: LogoFAIL Vulnerabilities Found in UEFI Firmware! ๐Ÿ›‘

A critical security flaw dubbed LogoFAIL has been discovered in the Unified Extensible Firmware Interface (UEFI) code used by various independent firmware/BIOS vendors. ๐Ÿšจ๐Ÿ’ป These vulnerabilities pose a significant risk, allowing threat actors to bypass Secure Boot, Intel Boot Guard, and other security technologies embedded in the firmware.

LogoFAIL can be exploited to inject a malicious logo image file into the EFI system partition during the boot phase, leading to persistent malware delivery and compromise of the system's security. ๐Ÿ˜ฑ๐Ÿ”“ The vulnerabilities, affecting both x86 and ARM-based devices, involve heap-based buffer overflow and out-of-bounds read flaws in image parsing libraries.

Notably, this attack vector doesn't break runtime integrity like previous threats, such as BlackLotus or BootHole. However, it raises concerns as it can give attackers a stealthy advantage in bypassing endpoint security solutions and deploying persistent firmware bootkits. ๐Ÿค๐Ÿ‘ข

Major firmware vendors like AMI, Insyde, and Phoenix, along with devices from Intel, Acer, Lenovo, and others, are affected, making LogoFAIL a widespread and severe issue. Stay tuned for details to be revealed at the upcoming Black Hat Europe conference. ๐ŸŒ๐Ÿ”

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles