Archive for June 19, 2025

The Washington Post Hack Appears To Have Originated From China

Posted in Commentary with tags on June 19, 2025 by itnerd

Following up on this post about the Washington Post being hacked comes this story which indicates that China was behind the hack:

The incident marks the second known instance of Chinese hackers targeting the Washington Post. In 2013, the newspaper disclosed a breach of its technology servers and multiple systems that exposed a broad array of internal data.

Chinese state-backed cyber groups frequently target American journalists, government officials, and dissidents abroad in campaigns of espionage and transnational repression. Last year, the Department of Justice indicted seven Chinese nationals linked to a prolific group tracked as APT31 for running a 14-year cyber campaign against critics, businesses, journalists, and political figures worldwide (see: US Indicts Accused APT31 Chinese Hackers for Hire).

The group, also tracked as Judgment Panda and Violet Typhoon, is affiliated with the Chinese Ministry of State Security. The hackers impersonated prominent media outlets and journalists to send phishing emails embedded with tracking links. The links harvested data such as email open times, recipient locations, and IP addresses from their targets.

Chinese nation-state hackers have been known to target email systems. Microsoft in 2023 disclosed that Chinese hackers exploited a Microsoft Outlook token validation flaw to target governments in Europe and the United States 

Christian Geyer, founder and CEO of Actfore had this comment:

“Whether it’s a missile strike on a newsroom or a cyber breach that delays critical reporting, the goal is the same…silence, intimidate, and control the narrative. With tensions rising globally, the attack on the Washington Post should be seen not just as a breach, but as a signal in a broader campaign to disrupt independent journalism.” 

China is a well resourced adversary that needs a lot more attention placed on it. Because I really believe that we will see more and more attacks by them with severe consequences if we don’t act now to counter them.

Leave a comment »

Krispy Kreme Admits That It Was Pwned

Posted in Commentary with tags on June 19, 2025 by itnerd

Krispy Kreme has confirmed that attackers stole the personal information of over 160,000 individuals in a November 2024 cyberattack.

While not huge, this is a far from trivial amount of people affected.

Rebecca Moody, Head of Data Research at Comparitech had this comment:

“This is a significant breach, and, according to our findings, it is the second-largest data breach following a ransomware attack on a food and beverage company in 2024. Worldwide, we tracked 68 attacks on this sector in 2024 with 726,650 records affected across these attacks in total. The largest breach was on Bojangles Restaurants, Inc. in February 2024 where 165,106 people had their data breached, while the third largest was on Panera Bread (Panera, LLC) in which 136,302 people had their data impacted.”

“So far this year, we’ve noted 13 attacks on food and beverage companies, affecting just over 40,000 records. Across 2024/25 the average ransom demand across these attacks was just under $1.9 million.”

“Krispy Kreme has been quite slow in reporting this breach, taking around 7 months to notify victims. This is significantly above the overall average we noted across all US companies reporting breaches following ransomware attacks (4.1 months) and even higher than the average across food and beverage companies (3.6 months). Therefore, we’d highly recommend anyone affected take up the free identity monitoring services being offered by Krispy Kreme as soon as possible, while being on high alert for any potential phishing messages.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy had this to say:

“It is concerning that it has taken Krispy Kreme this long to acknowledge the data breach and inform the individuals affected by the breach. I’m not saying they need to put a glowing neon sign in their window that says “Your data is hot and has been stolen,” but they should not have taken this long. 7 months is a long time for data to be exposed without anyone being informed, and the least Krispy Kreme could do is offer free credit monitoring and free donuts for life.”

“Affected individuals need to keep an eye on their accounts (and take advantage of any free credit monitoring services that may be offered) and stay alert for any phishing texts, emails, or phone calls from bad actors attempting to use the harvested data to get their hands on even more personal and financial data.”

Krispy Kreme really stuffed it in terms of how long it took to let the world know that they had been pwned. Normally I would be saying that the relevant authorities should be asking questions as to why that was the case. But given how the world is right now, I don’t think that’s going to happen. But it should.

Leave a comment »

CIRA’s Internet Performance Test turns 10 with new features and insights on Canada’s digital divide

Posted in Commentary with tags on June 19, 2025 by itnerd

CIRA is proud to celebrate the 10-year anniversary of its Internet Performance Test (IPT), marking a significant milestone in the journey towards building a more equitable and accessible internet across Canada. Since the first test was captured in the spring of 2015, Canadians have run over 1.7 million tests, leveraging the tool and its crowd-sourced approach to better understand their connection. The platform allows local governments, advocates and researchers to track national progress toward closing the digital divide.

Over the years, the data collected through IPT has provided insight into how the internet is evolving across Canada. In its inaugural year, the national median download speed was just over 11 Mbps, with an upload speed of 2.4 Mbps. Fast forward to last year, the national median speeds soared to 92 Mbps download and 27 Mbps upload, showcasing incredible progress.

This milestone coincides with the launch of new CRTC hearings that will investigate how to improve the shopping experience for consumers to ensure they get the speed and quality they pay for.

Key insights

  • A noticeable inflection point after 2019 suggests that increased government and private investments in response to the COVID-19 pandemic—and its consequences on the online lives of Canadians—have significantly impacted connectivity.
  • While rural speeds have improved substantially, the gap between rural and urban connectivity remains largely unchanged.
  • Regional disparities persist, with New Brunswick enjoying relatively fast speeds, while the Prairies continue to lag behind.
  • The far North, particularly the territories, shows the lowest connectivity levels, with median speeds well below half the national average.
  • Latency—a critical quality metric that can lead to noticeable delays in online activities such as video calls, streaming and other real-time applications—highlights the challenges faced by networks covering vast territories. Areas such as Nunavut, Newfoundland and Labrador and Saskatchewan exhibit the highest latency levels, indicating the need for continued investment in underserved regions.

Leave a comment »

Iran-aligned BladedFeline spies on Iraqi and Kurdish officials: ESET

Posted in Commentary with tags on June 19, 2025 by itnerd

The Iran-aligned threat group BladedFeline has targeted Kurdish and Iraqi government officials in a recent cyber-espionage campaign, according to ESET researchers. The group deployed a range of malicious tools discovered within the compromised systems, indicating a continued effort to maintain and expand access to high-ranking officials and government organizations in Iraq and the Kurdish region. The latest campaign highlights BladedFeline’s evolving capabilities, featuring two tunneling tools (Laret and Pinar), various supplementary tools, and, most notably, a custom backdoor Whisper and a malicious Internet Information Services (IIS) module PrimeCache, both identified and named by ESET.

Whisper logs into a compromised webmail account on a Microsoft Exchange server and uses it to communicate with the attackers via email attachments. PrimeCache also serves as a backdoor: it is a malicious IIS module. PrimeCache also bears similarities to the RDAT backdoor used by OilRig Advanced Persistent Threat (APT) group.

Based on these code similarities, as well as on further evidence presented in this blogpost, ESET assesses that BladedFeline is a very likely subgroup of OilRig, an Iran-aligned APT group going after governments and businesses in the Middle East. The initial implants in the latest campaign can be traced back to OilRig. These tools reflect the group’s strategic focus on persistence and stealth within targeted networks.

BladedFeline has worked consistently to maintain illicit access to Kurdish diplomatic officials, while simultaneously exploiting a regional telecommunications provider in Uzbekistan, and developing and maintaining access to officials in the government of Iraq.

ESET Research assesses that BladedFeline is targeting the Kurdish and Iraqi governments for cyberespionage purposes, with an eye toward maintaining strategic access to the computers of high-ranking officials in both governmental entities. The Kurdish diplomatic relationship with Western nations, coupled with the oil reserves in the Kurdistan region, makes it an enticing target for Iran-aligned threat actors to spy on and potentially manipulate. In Iraq, these threat actors are most probably trying to counter the influence of Western governments following the US invasion and occupation of the country.

In 2023, ESET Research discovered that BladedFeline targeted Kurdish diplomatic officials with the Shahmaran backdoor, and previously reported on its activities in ESET APT Activity reports. The group has been active since at least 2017, when it compromised officials within the Kurdistan Regional Government, but is not the only subgroup of OilRig that ESET Research is monitoring. ESET has been tracking Lyceum, also known as HEXANE or Storm-0133, as another OilRig subgroup. Lyceum focuses on targeting various Israeli organizations, including governmental and local governmental entities and organizations in healthcare.

ESET expects that BladedFeline will persist with implant development in order to maintain and expand access within its compromised victim set for cyberespionage.

For a more detailed analysis and technical breakdown of BladedFeline’s tools used in Operation RoundPress, check out the latest ESET Research blogpost “Whispering in the dark” on WeLiveSecurity.com.

Leave a comment »

Hammerspace Now Available on Oracle Cloud Marketplace

Posted in Commentary with tags on June 19, 2025 by itnerd

Hammerspace, the standards-based data platform that simplifies AI infrastructure and an Oracle partner, today announced its solution is available on the Oracle Cloud Marketplace and can be deployed on Oracle Cloud Infrastructure (OCI). Oracle Cloud Marketplace is a centralized repository of enterprise applications offered by Oracle and Oracle partners.

Hammerspace helps enable enterprises to leverage the full potential of existing GPU server capacity in hybrid cloud, multi-cloud and geographically distributed environments by providing a high-performance global namespace that spans sites, clouds and storage systems. It allows data to be sourced from on-premises storage and delivered directly to GPU resources in OCI at maximum speeds. 

With the Hammerspace Tier 0 solution, enterprises can transform existing local NVMe storage intoultra-fast, persistent shared storage inside OCI GPU virtual machines (VMs), eliminating the need for replication and avoiding delays or compromises. The Tier 0 solution enables enterprises to feed thousands of GPUs in parallel, reducing idle cycles and supporting low-latency data access for both reads and writes. This capability accommodates a wide variety of workloads, including training, inference and high-performance computing.

In recent OCI performance benchmarks, the Hammerspace Tier 0 solution delivered 2.5X faster read bandwidth, 2X higher write throughput, and 51 percent lower latency when compared to the same client servers connected to external networked storage running on OCI. These results were achieved using OCI bare metal shapes, with zero custom software or hardware, leveraging the Hammerspace Tier 0 solution, which utilizes low-latency NVMe storage local to OCI GPU VM shapes.

Oracle Cloud Marketplace is a one-stop shop for Oracle customers seeking trusted business applications and services that offer unique solutions. Designed to run any application faster and more securely for less, OCI can help address a variety of data privacy, sovereign AI, and low latency requirements. It is the only hyperscaler capable of delivering 200+ AI and cloud services at the edge, in a customer’s data center, across clouds, or in the public cloud. Oracle’s distributed cloud delivers the benefits of the cloud with greater control and flexibility while also providing the consistent performance, Service Level Agreements (SLAs) and global pricing, for which OCI has become known.

Learn More: 

Leave a comment »