Originally reported by Dark Reading
TL;DR
Week brings supply chain Android malware, Russian attacks on Polish energy, RMM tool abuse surge, evolved ClickFix campaigns, and Singapore's successful defense against Chinese hackers.
Multiple active attack campaigns including nation-state targeting of critical infrastructure and supply chain compromise of Android devices warrant high severity classification.
Researchers have identified a supply chain attack embedding malware directly into Android devices at the manufacturing level. The Keenadu malware performs browser search hijacking, ad fraud, and executes unauthorized actions without user knowledge. This represents a significant escalation in supply chain compromise tactics, moving beyond traditional software distribution channels to target the device manufacturing process itself.
The attack demonstrates the growing sophistication of mobile threat actors and the critical need for hardware supply chain security controls.
Russia-aligned threat actors have conducted wiper attacks against Poland's renewable energy sector, targeting wind and solar farms alongside a manufacturing facility and heating plant. The attacks represent continued nation-state targeting of critical energy infrastructure, particularly focusing on renewable energy sources.
Poland's energy sector survived the attacks, but the incident highlights the persistent threat to European energy infrastructure as geopolitical tensions continue driving cyber operations against critical systems.
Singapore and its four major telecommunications providers successfully defended against a Chinese state-sponsored attack utilizing a zero-day exploit. The country's effective response was attributed to strong public-private coordination and information sharing between government agencies and telecom operators.
The incident demonstrates both the continued targeting of telecommunications infrastructure by nation-state actors and the effectiveness of coordinated defense strategies when government and private sector maintain tight operational relationships.
Threat actors are increasingly leveraging legitimate Remote Monitoring and Management (RMM) software instead of custom malware, providing multiple operational advantages including stealth, persistence, and efficiency. The trend represents a significant shift toward "living-off-the-land" techniques that abuse legitimate administrative tools.
Security teams must adapt detection capabilities to identify malicious RMM usage while avoiding disruption of legitimate administrative operations.
ClickFix attack campaigns have adapted to current defenses by incorporating DNS lookup commands to deliver ModeloRAT malware. The technique tricks users into executing malicious commands under the guise of fixing technical issues, demonstrating continued evolution in social engineering tactics.
The DNS-based approach allows attackers to bypass traditional file-based detection while maintaining the social engineering effectiveness that makes ClickFix campaigns successful.
New strategic guidance addresses the growing challenge of protecting data assets from automated AI scraping operations. The playbook provides CISOs with frameworks for balancing security controls against AI data harvesting while maintaining business functionality and growth objectives.
As AI systems increasingly target organizational data for training purposes, security teams require specialized approaches to govern scraping risks and protect intellectual property from automated harvesting.
Originally reported by Dark Reading