References

Cybersecurity and Infrastructure Security Agency (CISA). (n.d.). “Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms.” Retrieved from https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a.
The Hacker News. “Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms.” Last modified December 2024. Accessed December 27, 2024. https://thehackernews.com/2024/12/iran-linked-iocontrol-malware-targets.html.
Gibbons-Neff, Thomas, and Malcolm Browne. “Discord Leaks Reveal U.S. Concern over Starlink’s Role in Ukraine.” The Washington Post, April 18, 2023. Accessed December 27, 2024.
Bridget Diakun, “War Zone GPS Jamming Sees More Ships Show Up at Airports.”, Lloyd’s List, Accessed December 27, 2024. https://www.lloydslist.com/LL1148748/War-zone-GPS-jamming-sees-more-ships-show-up-at-airports.
The Hacker News. “Nation-State Actors Weaponize Ivanti Connect Secure Vulnerabilities for Remote Code Execution.” Last modified January 2024. Accessed December 27, 2024. https://thehackernews.com/2024/01/nation-state-actors-weaponize-ivanti.html.
Wired. “Inside a Firewall Vendor’s 5-Year War with the Chinese Hackers Hijacking Its Devices.” Last modified December 2024. Accessed December 27, 2024. https://www.wired.com/story/sophos-chengdu-china-five-year-hacker-war/.
Microsoft Security Blog. “Onyx Sleet Uses Array of Malware to Gather Intelligence for North Korea.” Last modified July 25, 2024. Accessed December 27, 2024. https://www.microsoft.com/en-us/security/blog/2024/07/25/onyx-sleet-uses-array-of-malware-to-gather-intelligence-for-north-korea/.
PolySwarm. “2024 Recap: North Korean Threat Actor Activity.” Accessed December 27, 2024. https://blog.polyswarm.io/2024-recap-north-korean-threat-actor-activity.
Office of Public Affairs. (n.d.). “China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewalls Worldwide.” United States Department of Justice. Retrieved from https://www.justice.gov
SecurityWeek. “Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet.” Accessed December 27, 2024. https://www.securityweek.com/chinese-apt-volt-typhoon-linked-to-unkillable-soho-router-botnet/
U.S. Department of Justice. “Court-Authorized Operation Disrupts Worldwide Botnet Used by People’s Republic of China State Actors.” Accessed December 27, 2024. https://www.justice.gov/opa/pr/court-authorized-operation-disrupts-worldwide-botnet-used-peoples-republic-china-state.
BleepingComputer. “Flax Typhoon Hackers Infect 260,000 Routers, IP Cameras with Botnet Malware.” Accessed December 27, 2024. https://www.bleepingcomputer.com/news/security/flax-typhoon-hackers-infect-260-000-routers-ip-cameras-with-botnet-malware/.
The Record. “Nearly Two Dozen Danish Energy Companies Hacked Through Firewall Bug.” Accessed December 27, 2024. https://therecord.media/danish-energy-companies-hacked-firewall-bug.
U.S. Department of Justice. “China-Based Hacker Charged for Conspiring to Develop and Deploy Malware That Exploited Tens of Thousands of Firewall Devices Worldwide.” Accessed December 27, 2024. https://www.justice.gov/opa/pr/china-based-hacker-charged-conspiring-develop-and-deploy-malware-exploited-tens-thousands.
SektorCERT. “The attack against Danish, critical infrastructure.”, November 2023.
SecurityWeek. “Destructive ICS Malware ‘Fuxnet’ Used by Ukraine Against Russian Infrastructure.” Accessed December 27, 2024. https://www.securityweek.com/destructive-ics-malware-fuxnet-used-by-ukraine-against-russian-infrastructure/.
Claroty. “Unpacking the Blackjack Group’s Fuxnet Malware.” Accessed December 27, 2024. https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware/.
MITRE ATT&CK. “S1157: Fuxnet.” Accessed December 27, 2024. https://attack.mitre.org/software/S1157/.
BleepingComputer. “FrostyGoop Malware Attack Cut Off Heat in Ukraine During Winter.” Accessed December 27, 2024. https://www.bleepingcomputer.com/news/security/frostygoop-malware-attack-cut-off-heat-in-ukraine-during-winter/.
Dragos. “Protect Against FrostyGoop: ICS Malware Targeting Operational Technology.” Accessed December 27, 2024. https://www.dragos.com/blog/protect-against-frostygoop-ics-malware-targeting-operational-technology/.
Forescout. “ICS Threat Analysis: New Experimental Malware Can Kill Engineering Processes.” Forescout Blog. Accessed December 27, 2024, https://www.forescout.com/blog/ics-threat-analysis-new-experimental-malware-can-kill-engineering-processes/.
Check Point. “What Is Ramnit Malware?” Accessed December 27, 2024. https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-malware/ramnit-malware/
Industrial Cyber. “New Forescout Research Details Persistent Malware Threats to OT/ICS Engineering Workstations.” Accessed December 27, 2024. https://industrialcyber.co/control-device-security/new-forescout-research-details-persistent-malware-threats-to-ot-ics-engineering-workstations/.
TechCrunch. “How the Ransomware Attack at Change Healthcare Went Down: A Timeline.” Last modified December 18, 2024. Accessed December 27, 2024. https://techcrunch.com/2024/12/18/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/
Halcyon. “RansomHub Targets Cenergica in Major Ransomware Attack.” Accessed December 27, 2024. https://www.halcyon.ai/attacks/ransomhub-targets-cenergicain-major-ransomware-attack.
The Cyber Express. “RansomHub Group Strikes Industrial Control Systems.” Accessed December 27, 2024. https://thecyberexpress.com/ransomhub-group-strikes-ics/.
Trend Micro. “How RansomHub Ransomware Uses EDRKillShifter to Disable EDR and Exploit Weaknesses.” Accessed December 27, 2024. https://www.trendmicro.com/zh_tw/research/24/i/how-ransomhub-ransomware-uses-edrkillshifter-to-disable-edr-and-.html
Internet Crime Complaint Center (IC3). Joint Cybersecurity Advisory: RansomHub and EDRKillShifter Operations. August 29, 2024. Accessed December 27, 2024. https://www.ic3.gov/CSA/2024/240829.pdf
Cybersecurity and Infrastructure Security Agency (CISA). Known Exploited Vulnerabilities Catalog. Accessed December 27, 2024. https://www.cisa.gov/known-exploited-vulnerabilities-catalog.

Go to the top ↑