Major Incidents or Breaches

  • Three major UK retailers have suffered high-profile cyberattacks. In response, the National Cyber Security Centre (NCSC) has issued updated security guidance for all UK companies, highlighting the ongoing threat to the retail sector.
  • Azerbaijan has publicly attributed a February cyberattack on local media outlets to Russian state-backed group APT29, amid broader efforts to reduce Russian influence in the country.
  • Romanian state websites were targeted by DDoS attacks from a Russian-linked hacktivist group during national elections, demonstrating continued politically motivated cyber activity in Eastern Europe.

Notable Threat Actor Activity

  • The Golden Chickens threat group has deployed two new malware families, TerraStealerV2 and TerraLogger, aimed at stealing browser credentials and cryptocurrency wallet data. These developments indicate ongoing evolution and diversification of their malware toolkit.
  • Ukraine detained an alleged FSB agent recruited via TikTok for espionage activities, underscoring the use of social media platforms for human intelligence recruitment and operational tasking by Russian intelligence services.

Newly Discovered Vulnerabilities and Risks

  • Security researchers have raised concerns about the open-source tool easyjson, widely used by US government and private sector organisations. Its ties to Russia’s VK and a sanctioned CEO present a persistent supply chain risk, highlighting the need for increased scrutiny of open-source dependencies.

Trends, Tools, or Tactics of Interest

  • There is a marked increase in stealth tactics by threat actors, with a focus on maintaining long-term access and control within compromised environments. The use of AI to enhance these capabilities is noted as a growing trend.
  • Deepfake technology continues to advance, with new research showing that even high-quality deepfakes may inadvertently retain biometric patterns (such as heartbeats) from source videos, potentially providing new avenues for detection.
  • Password reuse remains a significant issue, with 94% of leaked passwords found to be non-unique, reinforcing the need for improved credential hygiene and adoption of passwordless authentication solutions.
  • The transition to passkey-based authentication is accelerating, with industry recommendations emphasising early adoption and preparation for a passwordless future.

Regulatory or Policy Developments

  • The NCSC’s publication of security guidance following the UK retail sector attacks is a notable policy response, urging all organisations to review and strengthen their cyber resilience measures.