State Department Launches Bureau of Cyberspace and Digital Policy
Wallet company Trezor confirms phishing attack, Hackers stole $15.6 million from Inverse Finance, Lapsus$ teens charged, Claims of China's cyberattacks in Ukraine questioned, much more
The U.S. Department of State announced that its new bureau devoted to cybersecurity, the Bureau of Cyberspace and Digital Policy (CDP), which nearly 100 people will staff, began operations on Monday, April 4. The CDP bureau will address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy.
The Bureau includes three policy units: International Cyberspace Security, International Information and Communications Policy, and Digital Freedom. Ultimately, the bureau will be led by a Senate-confirmed Ambassador-at-Large. Starting today, Jennifer Bachus, a career member of the Senior Foreign Service, is serving as Principal Deputy Assistant Secretary for the CDP bureau. PDAS Bachus will serve as Senior Bureau Official until an Ambassador-at-Large is confirmed. In addition, Michele Markoff is serving as Acting Deputy Assistant Secretary for International Cyberspace Security, Stephen Anderson is serving as Acting Deputy Assistant Secretary for International Information and Communications Policy, and Blake Peterson is serving as Acting Digital Freedom Coordinator.
The new cybersecurity Bureau comes after a restructuring of the Deparment’’s cybersecurity role under Donald Trump. (Aaron Schaffer / Washington Post)
Related: State Department

Crypto hardware wallet company Trezor confirmed that some of its users were the target of a phishing attack over the weekend. The phishing attack was an attempt to induce users to download malicious code under the guise of Trezor's Suite desktop app by alleging a fake security breach at the company.
Trezor said that "MailChimp [has] confirmed that their service has been compromised by an insider targeting crypto companies. We have managed to take the phishing domain offline. We are trying to determine how many email addresses have been affected." (Michael McSweeney / The Block)
Related: Cointelegraph, Graham Cluley, BeInCrypto, TechDator, Bleeping Computer

Ethereum-based lending protocol Inverse Finance (INV) said that it suffered from an exploit, with an attacker netting $15.6 million worth of stolen cryptocurrency.
The attacker targeted Inverse’s Anchor (ANC) money market, artificially manipulating token prices to borrow loans against extremely low collateral. This hack marked the third of a DeFi protocol in one week. On Tuesday, the gaming-focused Ronin network announced a loss of more than $625 million in crypto. Then two days later, lending protocol Ola Finance said it was exploited for $3.6 million. (Sam Kessler / CoinDesk)
Related: U.Today, BeInCrypto, Bitcoinist, The Block, PYMNTS
Two UK teenagers have been charged with multiple cybercrimes as part of an international police investigation into the Lapsus$ gang, which has hacked significant tech firms, including Microsoft.
Both teenagers are charged with three counts of unauthorized access with intent to impair the operation of or hinder access to a computer and two counts of fraud by false representation. One of the teens has also been charged with one count of causing a computer to perform a function to secure unauthorized access to a program. Last week, the City of London Police, which is leading the international investigation into Lapsus$, announced that it had arrested seven people between the ages of 16 and 21 in the UK. (Joe Tidy / BBC News)
Related: TechCrunch, Engadget, CSO Online, The Register - Security, Slashdot, ComputerWeekly: IT security, Yahoo! News, Graham Cluley, "hackers" - Google News, ComputerWeekly: IT security, iTech Post : Latest News, The Hacker News, Bleeping Computer, DataBreaches.net
Despite the arrest of supposed gang ring leaders, the LAPSUS$ cybercriminal gang has continued to engage in malicious digital acts without them.
LAPSUS$’ newest victim is the global software developer Globant, which claims several blue-chip technology companies as its clients. Last week the gang dumped passwords, along with a link to what it said was 70 gigabytes of Globant’s internal data. Some members of a now-defunct hacker group called the Recursion Team have been behind fake data requests from law enforcement officials and are now affiliated with LAPSUS$. (Lucas Ropek / Gizmodo)


Researchers at Claroty discovered two vulnerabilities in Rockwell Automation's programmable logic controllers (PLCs) and engineering workstation software that an attacker could exploit to inject malicious code on affected systems and stealthily modify automation processes.
The researchers say that the flaws can potentially disrupt industrial operations and cause physical damage to factories like that of Stuxnet and the Rogue7 attacks. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about the flaws, outlining mitigation steps users of the affected hardware and software can take for a "comprehensive defense-in-depth strategy." (Ravie Lakshmanan / The Hacker News)
Related: heise online News, Industrial Cyber, Security Week, ZDNet Security, The Record, Claroty, CISA
Intelligence memos claim to show that China staged a massive cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion.
More than 600 websites belonging to the defense ministry in Kyiv and other institutions suffered thousands of hacking attempts, according to the memos headed “Chinese Attacks on Ukrainian Government, Medical & Education Networks.” Cybersecurity experts were quick to dispute the reports saying that the so-called cyberattacks by China were likely nothing more than routine vulnerability scanning. (Maxim Tucker / The Times)
Related: The Korea Times News, Daily Mail, The Guardian, The Hill

Larisa Brown @larisamlbrown
EXCL: China staged a huge cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion, according to intelligence memos obtained by The Times https://t.co/2JMkcl2iac
Larisa Brown @larisamlbrown
EXCL: China staged a huge cyberattack on Ukraine’s military and nuclear facilities in the build-up to Russia’s invasion, according to intelligence memos obtained by The Times https://t.co/2JMkcl2iacGerman wind turbine manufacturer Nordex SE experienced a cyber security incident that forced it to shut down IT systems across multiple locations and business units as a precautionary measure.
The company said that the incident had been noticed early and that the shutdown of IT systems might affect customers, employees, and other stakeholders. (Reuters)
Related: Renewables Now


Researchers from Lab52 say that a previously unknown Android malware uses the same shared-hosting infrastructure used by the Russian APT group known as Turla. However, attribution to the hacking group is not possible.
They identified a malicious APK named “Process Manager” that acts as Android spyware, uploading information to the threat actors. Process Manager attempts to hide on an Android device using a gear-shaped icon, pretending to be a system component, and then asks for eighteen different permissions. The app also downloads additional payloads to the device. (Bill Toulas / Bleeping Computer)
Related: TechDator, Digital Information World, Security News | Tech Times, iTech Post : Latest News, Lab52
GitLab has addressed a critical severity vulnerability that could allow remote attackers to take over user accounts using hardcoded passwords.
The bug (discovered internally and tracked as CVE-2022-1162) affects both GitLab Community Edition (CE) and Enterprise Edition (EE). GitLab urged users to immediately upgrade all GitLab installations to the latest versions (14.9.2, 14.8.5, or 14.7.7) to block potential attacks. (Sergiu Gatlan / Bleeping Computer)
Related: Reddit cybersecurity, The Hacker News, Security Affairs, Gitlab
A group of academics from the University of Oxford and Armasuisse S+T has disclosed details of a new attack technique they call Brokenwire against the popular Combined Charging System (CCS) that could potentially disrupt the ability to charge electric vehicles at scale.
The attack interferes with the control communications that transpire between the vehicle and charger to wirelessly abort the charging sessions from as far as 47m (151ft). Details of the attack have been kept under wraps to prevent active exploitation in the wild while concerned stakeholders work towards arriving at appropriate countermeasures. (Ravie Lakshmanan / The Hacker News)
Related: Brokenwire
Axie Infinity, the play-to-earn crypto game in which players collect digital pets known as "Axies," hosted a previously scheduled party hours after it learned it was the victim of a hack of $625 million.
That day, March 29, was also the day that Jeff "The Jiho" Zirlin, Axie Infinity's 31-year-old co-founder, was tapped to give the keynote address at the inaugural NFT LA that took over Los Angeles' LA Live convention center. "We realized the Ronin network has been exploited for 173,000 [Ethereum] and around 25 million dollars in USDC," Zirlin announced to a stunned crowd during his keynote, under a screen with the words "State of the NFT Union: Where we are today and what's next." (Jon Sarlin / CNN Business)


Cybersecurity journalist Kim Zetter examined the work of Intrusion Truth, a Chinese individual or group devoted to exposing the real names of Chinese-state-backed, financially motivated hackers. She also spoke with a dozen security experts about the pros and cons of exposing nation-state hackers and the effect, if any, it has had on curbing China’s theft of trade secrets.
Intrusion Truth told Zetter that the group is composed of and consults “a global network of anonymous contributors” from various backgrounds whose identities are sometimes unknown even to each other. Although experts say there is value in naming and shaming the Chinese threat actors, Intrusion Truth’s work is of little importance in defending organizational networks, and the value of outing threat actors was more effective years ago. (Kim Zetter / Zero Day)


Password authentication startup Tru.id raised $9 million in a venture funding seed round.
Sorenson Ventures joined its seed funding round alongside Episode 1, MMC Ventures, and NHN Ventures. (FinSMEs)
Related: Business Wire, Tech.eu
Photo by Lucas Sankey on Unsplash