Latvian cybersecurity officials report that politically motivated hackers linked to Russia and Belarus are launching a new wave of cyberattacks against the Latvian government and critical infrastructure websites. The attacks aim to disrupt access rather than steal sensitive data, according to Baiba Kaskina, head of the Latvian Computer Emergency Response Team (CERT). Varis Teivans, deputy manager of Latvian CERT, highlighted this trend two years ago in an interview with Recorded Future News.
In August, the frequency of attacks surged again, likely in response to Latvia’s new aid package to Ukraine, which includes drones and air defense systems. Vineta Sprugaine, a representative of the Latvian State Radio and Television Center, noted that such attacks often coincide with political decisions or holidays.
Most of these incidents involve distributed denial-of-service (DDoS) attacks, which temporarily slow down targeted websites. Kaskina described the attacks as “very large” in volume and “well customized” to their targets.
Russia-linked hacktivist groups, including NoName057(16) and Anonymous Guys, have claimed responsibility for the recent cyberattacks on Latvian websites, asserting they are retaliating against Latvia for supporting Ukraine. NoName057(16) declared on Telegram, “We continue to punish Russophobic Latvia for aiding the criminal Kyiv regime.”
Baiba Kaskina acknowledged that while Latvia is ‘well prepared’ for these attacks, the constantly evolving tactics of the hackers make them challenging to combat. She described the attacks on Latvia and other Baltic states as part of a ‘hybrid war’ aimed at creating societal panic and eroding trust in government institutions.
The White House’s cybersecurity office urged network operators to adopt available measures to secure the Border Gateway Protocol (BGP), a critical yet vulnerable technology used for routing internet traffic. The new guidance highlights that BGP lacks sufficient security and resilience features against current risks, a concern that has persisted for 25 years.
BGP is used by networks to exchange routing information, such as internet addresses, with other networks. For example, a mobile network uses BGP to connect with a cloud service or residential broadband network. Without updates, BGP is susceptible to exploits by malicious actors. Hijacking BGP can redirect users to malicious sites, exposing them to theft or data breaches, and can also facilitate DDoS attacks or disrupt telecommunications.
The Office of the National Cyber Director (ONCD) recommends that network operators adopt Resource Public Key Infrastructure (RPKI), which involves digital certificates managed by Regional Internet Registries. RPKI supports technologies like Route Origin Validation (ROV) and Route Origin Authorization (ROA) to help networks verify reachable internet addresses.
The ONCD acknowledges that securing BGP is challenging and provides detailed guidance on the protocol. It notes that federal networks in the US have not fully implemented ROAs but aim to have over 60% of advertised IP space secured by the end of the year. The ONCD will lead a new Internet Routing Security Working Group, including the Cybersecurity and Infrastructure Security Agency (CISA) and industry partners.
The Indian government maintains strict restrictions on Chinese telecom equipment manufacturers like ZTE and Huawei, citing security concerns. Despite ZTE’s recent proposal to partner with Celkon Resolute to manufacture routers in Andhra Pradesh, the government’s stance remains unchanged. This is due to the National Security Directive, which prohibits using equipment from ‘non-trusted sources’ in India’s telecom networks, effectively barring these companies from participating in the 5G rollout and limiting their involvement in existing networks.
The ‘trusted sources’ policy enforced by the National Cyber Security Coordinator (NCSC) is central to the issue. ZTE and Huawei still need to meet the stringent compliance requirements, which include detailed disclosures about their operations and products. As a result, they remain excluded from India’s telecom projects. The Department of Telecommunications (DoT) has also asked operators to assess and report the use of non-trusted equipment in their networks, further limiting these companies’ prospects.
Although ZTE can manufacture consumer Wi-Fi equipment in India, these products can only be used in telecom networks with NCSC approval. The ZTE-Celkon partnership has stalled due to a lack of progress and clarity from the government. Despite some recent relaxations for Chinese companies in other sectors, the telecom equipment industry remains tightly regulated, with little chance of relief for ZTE and Huawei amid ongoing geopolitical tensions and cybersecurity concerns.
According to Lumen Technologies, a Chinese hacking group has exploited a software flaw, compromising several internet companies in the US and abroad. Researchers at Lumen revealed that the hackers targeted a previously unknown vulnerability in Versa Director, a software platform used by Santa Clara-based Versa Networks. The attack began early in June and affected four US firms and one in India.
Versa Networks acknowledged the flaw and urged customers to update their software. Lumen’s researchers believe the hacking campaign was conducted by the Chinese government-backed group, ‘Volt Typhoon.’
Allegedly, the attackers aimed to surveil the customers of the compromised internet companies. Cybersecurity experts warn that such access could enable broad, undetected surveillance.
The US Cybersecurity and Infrastructure Security Agency added the Versa vulnerability to its list of known exploited weaknesses. Concerns over China’s cyber activities have grown, with US officials noting an increase in the intensity of these efforts. In April, the FBI warned that China was developing the capability to disrupt critical infrastructure.
Microsoft plans to host a cybersecurity summit in September following a global IT outage caused by a flawed update from CrowdStrike in July. The outage disrupted nearly 8.5 million Windows devices and had widespread impacts across sectors, including airlines, banks, and healthcare. In response, Microsoft’s summit, scheduled for 10 September at its Redmond, Washington headquarters, will focus on strengthening cybersecurity systems and include discussions with government representatives and industry stakeholders.
The July outage highlighted the risks of relying on single-vendor cybersecurity solutions, as many organisations struggled to manage the disruption. CrowdStrike, the company at the centre of the incident, faces multiple legal challenges, including a lawsuit from shareholders alleging that the company failed to test its software, leading to the massive disruption properly. Delta Air Lines, one of the companies severely affected, has also initiated legal action, citing at least $500 million in losses due to flight cancellations.
CrowdStrike’s market value has dropped by approximately $9 billion since the outage, and the company is under intense scrutiny as it prepares to report its second-quarter financial results. The upcoming summit is seen as a critical step in addressing the vulnerabilities exposed by the incident and fostering a more resilient cybersecurity ecosystem.
Oilfield services company Halliburton disclosed on Friday that an unauthorised third party had breached some of its systems. The company, which discovered the breach two days prior, has initiated an internal investigation and taken affected systems offline to safeguard its data.
Halliburton is currently assessing the impact of the incident, but as of now, there is no evidence of any disruption to energy services. The US Department of Energy confirmed on Thursday that the breach had not affected the provision of energy services.
The EU is facing a significant divide among its member states regarding the regulation of high-risk telecom suppliers, particularly Huawei and ZTE, in the context of 5G network infrastructure. Eleven of the 27 EU countries have enacted legal measures to restrict these suppliers following the European Commission’s adoption of the 5G Cybersecurity Toolbox in 2020.
The following divide reflects varying levels of concern about national security, economic interests, and diplomatic relations. Scepticism surrounding Huawei and ZTE intensified in 2018 when numerous countries, including the US and Japan, began excluding these companies from public tenders due to allegations of espionage and their ties to the Chinese government.
Sweden was among the first EU nations to ban Huawei, mandating the removal of its equipment from 5G networks by 1 January 2025. Despite Huawei’s denials of wrongdoing, distrust persists within the EU. Responses to these security concerns vary significantly. Germany has announced that components from Huawei and ZTE must be removed from its 5G core networks by the end of 2026, aligning with its National Security Strategy.
In contrast, Italy has taken a more cautious approach, evaluating cases involving Huawei individually. Despite signing a 5G security declaration with the US, Slovenia rejected a bill to exclude high-risk manufacturers, indicating a more lenient stance.
NATO’s initiative to enhance global internet resilience through satellite communications has made significant strides since its launch on 31 July 2024. With a $2.5 million investment from NATO’s Science for Peace and Security (SPS) programme, the project aims to create a hybrid network that can reroute data during emergencies when undersea cables are compromised.
Collaborating with prestigious institutions like Cornell University and Johns Hopkins University, the consortium known as HEIST is focused on developing a working prototype within the next two years, with a demonstration planned at the Blekinge Institute of Technology in Sweden.
The initiative seeks to bolster internet security by integrating satellite and submarine cable technologies and addresses the complex legal challenges associated with international telecommunications. By promoting collaboration among NATO Allies and partners, this project represents a proactive approach to safeguarding critical infrastructure and ensuring the stability of global communications in an increasingly digital landscape.
The Defense Advanced Research Projects Agency (DARPA) announced the finalists for its AI Cyber Challenge (AIxCC) at DEF CON, a competition that rewards teams for training large language models (LLMs) to identify and fix vulnerabilities in open-source code. BigTech companies like Google, Microsoft, Anthropic, and OpenAI supported participants with AI model credits. The challenge saw about 40 teams submit projects, which were tested on their ability to detect and remediate injected vulnerabilities in open-source coding projects.
Experts say that generative AI can help automate the detection and patching of security flaws in code, and this development can be critical as unsophisticated yet harmful cyberattacks increasingly target critical facilities such as hospitals and water systems. Automating basic cybersecurity practices, such as scanning and fixing code bugs, could significantly reduce these incidents.
Despite running these tests in a controlled, sandboxed environment, the semifinalists’ LLM projects managed to discover 22 unique vulnerabilities and automatically patch 15 of them. DARPA, which has invested over $2 billion in AI research since 2018, plays a unique role in cybersecurity innovation: it created a mock city under cyberattack within DEF CON, attracting over 12,500 visitors. The seven finalist teams will compete in the challenge’s final round at next year’s DEF CON conference, with government officials hoping these AI tools will soon be applied to protect real-life critical infrastructure.
Anne Neuberger, the Biden administration’s deputy national security advisor for cyber and emerging technology, emphasised the goal of using AI for defense as swiftly as adversaries use it for offense. The White House is already collaborating with the Department of Energy to explore deploying these AI tools within the energy sector and hopes to eventually apply them to proprietary company code.
An international operation has dismantled the criminal ransomware group Radar/Dispossessor, which had been targeting companies across various sectors, including healthcare and transport. Authorities from the United States and Germany led the effort to bring down the group, which was founded in August 2023 and initially focused on the US before expanding its attacks globally.
The investigation has identified 43 companies as victims, spanning countries such as the UK, Germany, Brazil, and Australia. The group, led by an individual using the alias ‘Brain’, primarily targeted small to medium-sized enterprises. Many more companies are believed to have been affected, with some cases still under investigation.
Radar/Dispossessor exploited vulnerable computer systems, often through weak passwords and the absence of two-factor authentication, to hold data for ransom. Authorities successfully dismantled servers and domains associated with the group in Germany, the US, and Britain.
Twelve suspects have been identified, hailing from various countries, including Germany, Russia, Ukraine, and Kenya. Investigations are ongoing to identify further suspects and uncover more companies that may have been victimised.
