Chinese Hacking Group Might Have Shut Down Power Grid in Mumbai

Hackers siphoned 70GB of data from hard-right social media site Gab, Microsoft released SolarWinds scanning code, CISA warns of Rockwell PLC flaws, Clubhouse protocols violate privacy, more

Check out our latest original report on the rise of vendor-owned cybersecurity journalism outlets, available only to free sign-up Metacurity subscribers.

Cybersecurity firm Recorded Future suggesting that as part of a broad cyber campaign a Chinese hacking group dubbed Red Echo implanted malware into the control systems that manage electricity supply across India, possibly shutting down power in Mumbai, a city of 20 million.

Although most of the malware was not activated, and the link between the malware and the outage is still unsubstantiated, Stuart Solomon, Recorded Future’s chief operating officer, said the group“has been seen to systematically utilize advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.” (David E. Sanger and Emily Schmall / New York Times)

Related: ETTelecom.comTribune IndiaThe Straits Times Asia NewsBusiness StandardDeccan Herald, Reddit - cybersecurityRecorded FutureTimes Now

WikiLeaks-style group Distributed Denial of Secrets (DDoSecrets) revealed what it calls calling “GabLeaks,” a collection of more than 70 gigabytes of Gab data representing more than 40 million posts siphoned from the hard-right, white nationalist social media website Gab.

The hacked data include all of Gab's public posts and profiles (not including photos or videos) as well as private group and private individual account posts and messages, and user passwords and group passwords.  Among the users whose hashed passwords appear in the dump are Donald Trump, Republican congresswoman and QAnon-conspiracy theorist Marjorie Taylor Greene, MyPillow CEO and election-conspiracy theorist Mike Lindell, and hate-mongering radio host Alex Jones. (Andy Greenberg / Wired)

Related: WiredBusiness InsiderHackRead

Microsoft open-sourced CodeQL queries that developers can use to scan source code for malicious implants matching the SolarWinds supply-chain attack.

Using Microsoft’s just-released queries, developers can scan their source codebase for functionality or syntactic code elements that match those used by the malicious implants from the SolarWinds attack. (Lawrence Abrams / Bleeping Computer)

Related: CyberscoopThe New StackHotHardware.comDataBreachToday.comIT ProSecurityWeekZDNet Security, LinuxSecurity - Security ArticlesSecurity AffairsWinBuzzerNeowin, Microsoft, Silicon Angle

In a joint hearing by the House Oversight and Homeland Security committees, the current and former SolarWinds CEOs blamed the breach of the company’s Orion update on the brute-force guessing of company passwords, as well as the possibility the hackers could have entered via compromised third-party software.

They further said the guessing of the simple password, solarwinds123, was a “mistake that an intern had made.” (Brian Fung and Geneva Sands / CNN)

Related: CNN, Reddit - cybersecuritySecurity News | Tech Times, Business Insider, Gizmodo

A group of academics from Ruhr-Universität Bochum and the North Carolina State University uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name.

Those gaps even allow bad actors to backend code changes after approval to trick users into giving up sensitive information. (Ravie Lakshmanan / The Hacker News)

Related: Which? NewsThe RegisterSensors Tech Forum

The French cybersecurity agency known as ANSSI said that it had discovered a new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks.

The malware will spread itself on every reachable machine on which Windows RPC accesses are possible. Administrators can block the malware from infecting other hosts on the network by changing the password of the privileged domain account it uses for propagation to other hosts. (Sergiu Gatlan / Bleeping Computer)

Related: Reddit - cybersecurityANSSI

Researchers at Intezer report that malware strains coded in the Go programming language have increased around 2,000% since 2017, confirming the general trend that malware has slowly moved away from C and C++ to Go, a programming language developed and launched by Google in 2007.

Golang, as the programming language is formally known, is used by nation-state hacking groups, cybercrime operators, and even security teams, who often use it to create penetration-testing toolkits. (Catalin Cimpanu / ZDNet)

Related: ZDNet, Intezer, TechRadar

The Cybersecurity and Infrastructure Security Agency (CISA) warned that programmable logic controllers from Rockwell Automation marketed under the Logix brand used in industrial control settings could be remotely commandeered, exploiting a newly disclosed vulnerability that has a severity score of 10 out of 10.

The vulnerability, tracked as CVE-2021-22681, is the result of the Studio 5000 Logix Designer software, making it possible for hackers to extract a secret encryption key. Rockwell is not issuing a patch but advises PLC users to follow specific risk mitigation steps. (Dan Goodin / Ars Technica)

Related: E Hacking NewsSecurity Week, CISA

The Biden Administration is allowing a Commerce Department rule aimed at combatting Chinese technology threats to the supply chain to take effect next month despite the objections of American businesses.

The rule, which a source says the administration won’t enforce aggressively, enables the Commerce Department to ban technology-related business transactions that it determines to pose a national security threat. (John D. McKinnon / The Wall Street Journal)

Related: Japan Times

Hacker Pwn2Ownd announced that the prominent jailbreaking tool "unc0ver" had been updated to support iOS 14.3 and earlier releases, extending the jailbreaking arms race between hackers and Apple.

While the jailbreak will work with previous releases of iOS, the latest version won't work with the current generation, iOS 14.4. (Malcolm Owen / Apple Insider)

Related: iDownload Blogxda-developersMacRumors

The National Security Agency (NSA) and Microsoft are advocating for the Zero Trust security model to combat modern, sophisticated threats.

The guiding principle of zero-trust is the constant verification of user authentication or authorization, the least privileged access, and segmented access based on network, user, device, and app. (Ionut Ilascu / Bleeping Computer)

Related:, NSA

The popular audio-only social media network Clubhouse has several privacy-violating policies, including the automatic recording of Clubhouse rooms, an inability to delete information users share about one another, the right to share personal information on its user without notification, and much more.

Clubhouse is purportedly engaging in these privacy-violating acts as it prepares to monetize user data. (Jason Aten /

Related:channelnewsChiang Rai Times, Ars Technica

End-to-end device cybersecurity start-up Axonius has raised $100 million to achieve the $1 billion unicorn status in a Series D funding round led by Stripes and Lightspeed Ventures.

Related: Silicon Angle, ETTelecom.comReutersGlobesSecurityWeek

Photo by Vishal Panchal on Unsplash