In today’s cybersecurity news…
President signs defense bill funding Cyber Command, Pentagon phone security
The $901 billion Pentagon policy bill, named the 2026 National Defense Authorization Act was signed on Thursday night with bipartisan support in both the House and the Senate. It authorizes unprecedented spending levels for national security programs and effectively preserves the dual-hat leadership structure of U.S. Cyber Command and the National Security Agency. In addition to funding for Cyber Command, the bill also “requires the Defense secretary to ensure DOD senior leaders are provided with mobile phones with “enhanced cybersecurity protections,” including data encryption.”
Iranian APT resurfaces with new malware
Threat hunters at SafeBreach are warning of new activity from an Iranian threat actor known as Infy (aka Prince of Persia), this nearly five years after it was observed targeting victims in Sweden, the Netherlands, and Turkey. Described as “still active, relevant, and dangerous,” Infy is one of the oldest APT actors in existence, dating back December 2004. More publicity shy than its Iranian compatriots Charming Kitten, MuddyWater, and OilRig the Infy attacks generally involve a downloader and victim profiler named Foudre paired with a data extraction tool called Tonnerre to extract data from “high-value machines.” Foudre is distributed via phishing emails often with a poisoned Microsoft Excel file as the delivery vehicle. Further details about the campaign are available through a link in the show notes to this episode.
Massive Android botnet Kimwolf launches DDoS attack
According to XLab, this new Android botnet linked to the Aisuru botnet has infected more than 1.8M devices in order to launch more than 1.7 billion DDoS attack commands, and boost its command and control domain. Kimwolf primarily targets TV boxes, uses DNS over TLS to hide communication, and authenticates C2 commands with elliptic curve digital signatures. Although the botnet uses code from the Aisuru family, its, operators have redesigned it to evade detection.
Microsoft Teams suffers brief outage
Thousands of users in the U.S. and Europe reported problems sending messages through the platform on Friday. The issue affected all Teams clients, including the Windows app and mobile apps. The outage was brief, however and was resolved within an hour.
Huge thanks to our sponsor, ThreatLocker
workshops that show CISOs exactly how to implement and maintain Zero Trust in real
environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March
6. Get $200 off with ZTWCISO26 at ztw.com.
Former cyber incident responders plead guilty to ransomware spree
As quoted in Cyberscoop, “former cybersecurity professionals Ryan Clifford Goldberg and Kevin Tyler Martin pleaded guilty Thursday to participating in a series of ransomware attacks in 2023 while they were employed at cybersecurity companies tasked with helping organizations respond to ransomware attacks. Goldberg, who was a manager of incident response at Sygnia, and Martin, a ransomware negotiator at DigitalMint at the time, collaborated with an unnamed co-conspirator to attack victim computers and networks and use ALPHV, also known as BlackCat, ransomware to extort payments.” Each pleaded guilty to conspiracy to interfere with interstate commerce by extortion. Victims of the attacks included a medical company based in Florida, a pharmaceutical company based in Maryland, a California doctor’s office, an engineering company based in California and a drone manufacturer in Virginia, according to the indictment.
DOJ indicts 54 over ATM jackpotting ring
The indictments follow a nationwide ATM jackpotting scheme that stole millions through malware. The crimes are linked to a cybercrime group Tren de Aragua, and charges include of fraud, money laundering, and material support to a terrorist organization. ATM jackpotting involves infecting an ATM with malware, usually by opening its cabinet, connecting a device, or replacing the hard drive with one that is loaded with malicious software that “sends unauthorized commands to the cash dispenser, causing the machine to “jackpot” and release all available money.” If convicted, some defendants face sentences ranging from 20 to 335 years in prison.
NIST tried to take down NTP servers after blackout caused atomic clock drift
Jeffrey Sherman, a NIST supervisory physicist who maintains the institute’s atomic clocks, acknowledged in a mailing list post that he tried to disable backup generators powering some of its Network Time Protocol infrastructure, after a power outage in Boulder, Colorado led to errors. The power failure was due to intense stormy weather. NIST uses its atomic clocks to provide a Network Time Protocol service, which much of the computing world relies on to synchronize events. Sherman wasn’t able to simply turn the main system off and back on again due to backup generator that automatically kick in to keep the servers running. During the outage, NIST advised users them to refer to the organization’s ’s other sources of time information.