Reports Note Increasing Threat of Nation-State-Sponsored Cyber Attacks
Tenable, meanwhile, just published its Cloud Risk Report 2024, which calls out North Korea and Russia. It discusses a Windows kernel elevation of privilege vulnerability, saying, "The exploitation activity was orchestrated by the North Korea-based Lazarus Group, with the end goal of establishing a kernel read/write primitive."
The company also noted Microsoft itself was the victim of foreign-sponsored bad guys: "Midnight Blizzard, a Russian state-sponsored actor also known as NOBELIUM, hacked the tech giant's corporate email systems."
Otherwise, just last week Fortinet published "Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA," which followed an August report from the Cybersecurity and Infrastructure Security Agency (CISA) titled, "Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations."
That latter government article said: [T]hese Iran-based cyber actors are associated with the Government of Iran (GOI) and — separate from the ransomware activity — conduct computer network exploitation activity in support of the GOI (such as intrusions enabling the theft of sensitive technical data against organizations in Israel and Azerbaijan)."
While those are ordinary, run-of-the-mill cyber attacks seeking data or ransom, the upcoming election in the U.S. provides unique opportunities for foreign actors to influence matters.
"Russia, Iran, and China have all used ongoing geopolitical matters to drive discord on sensitive domestic issues leading up to the U.S. election, seeking to sway audiences in the U.S. to one party or candidate over another, or to degrade confidence in elections as a foundation of democracy," Microsoft said. "As we've reported, Iran and Russia have been the most active, and we expect this activity to continue to accelerate over the next two weeks ahead of the U.S. election."
About the Author
David Ramel is an editor and writer at Converge 360.