Breach Roundup: FBI Warns of US Renewable Energy Sector Threats

Google Offers $250,000 Reward for KVM Vulns; CocoaPods Flaws Expose Apple Apps
Breach Roundup: FBI Warns of US Renewable Energy Sector Threats
Image: Shutterstock

Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week: FBI warns of cyberthreats to U.S. renewable energy sector, Indonesia data center hacker apologizes, Google Pixel 6 series devices bricked, critical vulnerability in EoL D-Link routers, Google offers $250,000 reward for KVM vulnerabilities, NCA disrupts global Cobalt Strike supply chain.

See Also: Fortifying OT Networks: Key Benefits of Implementing Protocol Isolation

FBI Warns of Growing Cyberthreats Targeting US Renewable Energy Sector

The U.S. Federal Bureau of Investigation issued a warning highlighting escalating cyberthreats against the U.S. renewable energy sector. Emphasizing risks to power-generating operations and intellectual property theft, the agency reports cyber actors may exploit vulnerabilities in operational technology (OT) systems, particularly targeting solar panel inverters to disrupt power output or compromise battery storage. With the rise of renewable energy adoption driven by federal incentives and local initiatives such as Virginia's ambitious energy goals, the sector has become a prime target.

The FBI urged vigilance among industry stakeholders, advising monitoring for suspicious network activities, updating security protocols, and reporting cyber intrusions promptly. Recognizing the interconnectedness of the energy infrastructure, the agency also advised precautions against vendor risks and supply chain vulnerabilities. The bureau also stressed the importance of offline data backups, access management and vulnerability mitigation strategies to mitigate potential cyber incidents.

Critical Vulnerability in End-of-Life D-Link Routers Exploited

Hackers are exploiting a path traversal flaw in D-Link DIR-859 WiFi routers to gather account information, including passwords. The vulnerability, CVE-2024-0769, carries a severity score of 9.8 and affects DIR-859's end-of-life routers. D-Link released a security advisory explaining the flaw in the "fatlady.php" file affects all firmware versions, enabling attackers to leak session data, escalate privileges, and gain full control via the admin panel. D-Link will not patch CVE-2024-0769, so users should switch to a supported device immediately.

Threat monitoring platform GreyNoise reports active exploitation of CVE-2024-0769, with hackers targeting the 'DEVICE.ACCOUNT.xml' file to dump account names, passwords, user groups and descriptions. The attack uses a malicious POST request to '/hedwig.cgi,' exploiting CVE-2024-0769 to access sensitive configuration files via 'fatlady.php,' potentially revealing user credentials.

Google Offers $250,000 Reward for KVM Vulnerabilities

Google initiated a vulnerability reward program targeting the Kernel-based Virtual Machine hypervisor, offering up to $250,000 for discovery of critical zero-day vulnerabilities. Dubbed "kvmCTF," the contest invites participants to log into guest virtual machines and attempt guest-to-host attacks on a bare metal host system. The goal is to exploit vulnerabilities exclusively within the KVM subsystem of the host kernel, excluding vulnerabilities in the QEMU emulator or host-to-KVM techniques.

KVM was integrated into mainline Linux since 2007 and used widely by Google in Android and Google Cloud platforms. It supports multiple VMs with hardware emulation.

Launched on June 27, the contest operates on UTC-based time slots, outlining detailed rules from initial file downloads to proof of successful exploits. Rewards range from $250,000 for a full VM escape down to $10,000 for relative memory reads, emphasizing high payouts for severe vulnerabilities. The program rules specify that rewards are exclusive to the first successful submission per category.

CocoaPods Vulns Expose Millions of Apple Apps to Supply Chain Risks

Security researchers from EVA Information Security report that CocoaPods, an open-source dependency manager for Swift and Objective-C apps, left thousands of packages vulnerable for nearly a decade. This issue, tracked as CVE-2024-38368 with a CVSS score of 9.3, stemmed from unclaimed Pods on GitHub's Trunk server, allowing attackers to potentially insert malicious code via a simple CURL request.

A separate vulnerability, CVE-2024-38366, with a maximum CVSS score of 10, enabled remote code execution on the Trunk server due to insecure email verification. A third flaw, CVE-2024-38367 with CVSS 8.2, exploited email validation to steal session tokens without user interaction.

The vulnerabilities could have facilitated supply chain attacks affecting popular apps from major companies such as Meta, Apple and Microsoft. CocoaPods maintainers reportedly patched these vulnerabilities months ago.

NCA Disrupts Cobalt Strike Supply Chain in Global Operation

The UK’s National Crime Agency coordinated with international partners in Operation Morpheus to target illicit instances of the Cobalt Strike tool. Cobalt Strike, originally a legitimate penetration testing tool, has been misused by cybercriminals who distribute cracked versions for malicious activities.

During the operation, conducted with Europol and agencies from Australia, Canada, Germany, the Netherlands and Poland, along with private sector allies, 690 unlicensed Cobalt Strike instances across 27 countries were identified. By collaborating with 129 ISPs, law enforcement successfully took down 593 domains hosting these illegal software copies within a week.

Indonesia Data Center Hacker Apologizes

A threat actor behind the ransomware attack on an Indonesian government-owned data center apologized for inconveniencing Indonesian citizens not long after demanding a $8 million ransom in exchange for a decryption key, reported ABC News.

"Citizens of Indonesia, we apologize for the fact that it affected everyone," the hacker wrote on their dark web site. "Our attack did not carry a political context, only a pentest with post-payment. We hope that our attack made it clear to you how important it is to finance the industry and recruit qualified specialists."

The ransomware attack took down the Temporary National Data Center, which hosts data from about 285 government departments and agencies (see: Indonesia Data Center Hack Threatens Transformation Efforts).

The government later admitted that the affected agencies did not have backups in place because data recovery was an optional measure.

Google Pixel 6 Series Devices "Bricked" After Factory Reset

Owners of Google Pixel 6 series phones reported devices "bricking" after factory resets in the past week. Typically done to wipe data before resale, these resets are causing an error about a missing 'tune2fs' file during boot, leading to a recovery screen stating, "Cannot load Android system. Your data may be corrupt." This prompts an endless loop of factory resets. With OEM locks preventing bootloader configuration and sideload updates via ADB failing, the issue remains unresolved. Some affected users were in the Android 15 beta program, but it's not a common factor. Google addressed the issue on Tuesday and said it is working on a fix.

Japan Celebrates Elimination of Floppy Disks From Government Systems

Japan has phased out the use of floppy disks across all government systems, marking a significant milestone in its modernization efforts. The Digital Agency announced the elimination of 1,034 regulations governing floppy disk usage, with only one related to environmental standards remaining.

Digital Minister Taro Kono celebrated the achievement, emphasizing a broader push to eradicate outdated technologies including fax machines from government operations. Established during the COVID-19 pandemic to streamline processes, the Digital Agency highlighted Japan's shift away from paper filing and antiquated technology.

Other Stories From Last Week

About the Author

Anviksha More

Anviksha More

Senior Subeditor, ISMG Global News Desk

More has seven years of experience in journalism, writing and editing. She previously worked with Janes Defense and the Bangalore Mirror.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.