Tag: Critical Infrastructure

Iranian Hackers Sustain Two-Year Intrusion on Critical National Infrastructure

An Iranian state-sponsored threat group has been linked to a prolonged cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, with activities spanning nearly two years. Security firm FortiGuard Incident Response (FGIR) reported that this cyber espionage campaign, initiated in May 2023 and continuing through February 2025, has raised significant concerns regarding national security.

The report highlighted the techniques used by the attackers, suggesting extensive reconnaissance and the use of network prepositioning to maintain persistent access for potential future operations. The group is believed to be connected to the known Iranian cyber threat actor known as Lemon Sandstorm, previously referred to as Rubidium and other aliases. This actor has been observed targeting various sectors including aerospace, oil and gas, and utilities across multiple regions including the United States, Europe, and Australia.

During the analysis of this ongoing attack, it was noted that the initial phase involved the appropriation of stolen credentials to gain access to the victim’s SSL VPN system. The threat actors deployed backdoors and web shells to facilitate long-term access, employing a series of tools to gain deeper penetration within the network. Later stages of the attack involved attempts at regaining control after initial containment measures were implemented by the victim.

U.S. cybersecurity and intelligence agencies have previously flagged Lemon Sandstorm for deploying ransomware against targets in nations including the U.S., Israel, and the UAE, underlining the group’s increasing activity and the potential threat they pose. Despite extensive infiltration attempts, there remains no evidence that the perpetrators have accessed the victim’s operational technology network, primarily due to counteractive measures taken by cybersecurity teams. The report from Fortinet illustrates not only the sophistication of the attack but also the persistent threat posed by state-sponsored hackers.

May 3, 2025
EU’s NIS2 Directive Toughens Cybersecurity Standards Across Member States

On 17 October 2024, the European Union implemented the Network and Information Security Directive 2 (NIS2), a significant advancement in cybersecurity legislation aimed at bolstering the defenses of critical infrastructure across various sectors. With the primary goal of enhancing the cybersecurity capabilities of essential and important organizations, NIS2 introduces a comprehensive framework requiring operators to adopt minimum cybersecurity standards and report cyber incidents.

The directive expands the scope of its predecessor, the original NIS directive, covering a wider array of industries including energy, transport, healthcare, and digital services. Central to its objectives, NIS2 seeks to improve supply chain security and streamline the reporting process for cybersecurity incidents. Non-compliance could lead to hefty fines, emphasizing the directive’s enforcement of stricter measures across the EU.

NIS2 categorizes organizations impacted by the directive into two primary groups: essential entities, which are large organizations with specific employee and financial metrics, and important entities, including medium-sized organizations. This broad coverage signifies that many more public and private entities will now be held accountable under cybersecurity regulations, creating a more uniform approach to securing infrastructure.

Key components of NIS2 include a duty of care regarding security practices, reporting obligations for cyber incidents, and supervisory mechanisms to ensure compliance. Organizations in sectors outlined in Annex 1, such as banking and drinking water services, will face more rigorous scrutiny regarding their cybersecurity policies. For comprehensive details on the directive, organizations can refer to the official legal text at EUR-Lex – 32022L2555.

May 1, 2025
UK Government Unveils Cyber Resilience Bill to Strengthen National Security

The UK government has taken a significant step forward in bolstering the nation’s cybersecurity with the introduction of the Cyber Resilience Bill. This bill is aimed at safeguarding the economy against the increasing prevalence of cyber threats by improving the resilience of organizations that provide essential services. This initiative seeks to address the growing vulnerabilities in current frameworks, particularly highlighted by high-profile ransomware and supply chain attacks.

One important aspect of the new legislation is its expanded definition of Critical National Infrastructure (CNI). Whereas traditional definitions focused on sectors like energy and healthcare, the Cyber Resilience Bill now includes Managed Service Providers and organizations that handle large quantities of data. This adjustment is critical as it recognizes the integral role these bodies play in supporting essential services, reflecting an alignment with the EU’s NIS2 Directive.

Moreover, the bill reiterates the necessity for enhanced incident reporting, which mandates organizations to notify regulators of significant cyber incidents within 24 hours. This establishes a more urgent timeline compared to previous regulations, allowing for swifter responses from cybersecurity authorities and better mitigation strategies to be enacted, reducing the overall impact of attacks.

It is also crucial to underline that while the Cyber Resilience Bill is poised to impact various sectors, the actual enforcement of these regulations will depend on the readiness of regulators like the Information Commissioner’s Office (ICO). The new requirements underscore the need for businesses across the board to bolster their cybersecurity frameworks and risk management strategies, as the bill’s successful implementation hinges on their ability to adapt quickly.

April 21, 2025