Latest news with #APT29
Techday NZ
08-08-2025
- Business
- Techday NZ
Black Kite unveils ASI for targeted third-party cyber risk
Black Kite has launched its Adversary Susceptibility Index (ASI) to support third-party risk management teams in identifying which of their suppliers are most vulnerable to specific threat actors. The ASI has been designed to address the growing challenges that security teams face in the context of increasing ransomware and targeted cyber threats. The solution introduces the capability for organisations to proactively assess the susceptibility of vendors based on the tactics and procedures linked to particular cybercriminal groups. Ferhat Dikbiyik, Chief Research and Intelligence Officer at Black Kite, remarked on the need for more targeted intelligence in response to prominent cyber threats. He said, "With high-profile threats like Volt Typhoon, Black Basta, and APT29, security teams cannot wait for weeks to respond. As threat actors become more targeted and sophisticated, third-party risk teams need tools that reflect the real-world threat landscape. ASI gives organizations the ability to immediately understand which of their suppliers are likely to be in the crosshairs of specific threat groups. It's a powerful step forward in transforming cyber risk programs from passive monitoring to proactive, intelligence-driven action." The Adversary Susceptibility Index builds upon Black Kite's existing Ransomware Susceptibility Index by directly mapping risk exposure to the specific groups behind ransomware campaigns. The new system works by flagging vendors who display vulnerabilities or behaviours associated with known threat actor tactics, techniques, and procedures (TTPs). Features such as identifying open Remote Desktop Protocol (RDP) ports, unpatched Common Vulnerabilities and Exposures (CVEs), or evidence of stealer log leaks are incorporated into the assessment process. ASI also provides security teams with indicators to determine which third-party organisations may require immediate outreach and coordinated remediation efforts. This triage-oriented approach allows for the more efficient allocation of resources and sharper threat response focus. Features and benefits The company stated the key capabilities and advantages of the ASI include the following: Threat Actor Intelligence for Suppliers: Security teams can view which vendors correspond to known adversary profiles without delay. Vendor Sorting by Susceptibility: The system enables prioritisation based on tangible vulnerabilities and the targeting tactics of specific attacker groups. Industry and Geography-Aware Risk: The solution factors in sector-specific and region-specific intelligence, allowing organisations to consider actors' industries, locations, and motivations when assessing exposure. Proactive Vendor Engagement: Actor-specific risk insights can be relayed directly to suppliers, helping accelerate mitigation efforts while fostering trust. According to Black Kite, the ASI's integration of threat actor intelligence within third-party risk management provides a new degree of precision. Instead of relying solely on static risk indicators, organisations can now adjust their priority frameworks to focus on suppliers who are demonstrably exposed to active adversaries' tactics. This, the company notes, aligns third-party cyber risk assessments more closely with current threat intelligence. Through these enhancements, Black Kite aims to provide its customers with a unified approach to vendor cyber risk, combining real-world intelligence with operational workflows. Black Kite states that its broader offering deals not only in risk ratings but in providing a real-time, continuous view of the cyber risks affecting organisational digital supply chains. The company claims to automate the process of gathering threat, business, and risk information for upwards of 3,000 customers across various sectors. Follow us on: Share on:
Yahoo
06-08-2025
- Business
- Yahoo
Black Kite Unveils Adversary Susceptibility Index to Operationalize Threat Actor Intelligence in Third-Party Risk Management
Powerful solution enhances Black Kite's comprehensive threat intelligence to help TRPM teams identify high-risk vendors and take action faster BOSTON, Aug. 6, 2025 /PRNewswire/ -- Black Kite, the leader in cyber third-party risk intelligence, today announced Adversary Susceptibility Index (ASI). Purpose-built for Third-Party Risk Management (TPRM) teams, ASI empowers them to proactively identify which vendors in their ecosystem are most vulnerable to specific threat actors before threats become a breach. "With high-profile threats like Volt Typhoon, Black Basta, and APT29, security teams cannot wait for weeks to respond," said Ferhat Dikbiyik, Chief Research and Intelligence Officer, Black Kite. "As threat actors become more targeted and sophisticated, third-party risk teams need tools that reflect the real-world threat landscape. ASI gives organizations the ability to immediately understand which of their suppliers are likely to be in the crosshairs of specific threat groups. It's a powerful step forward in transforming cyber risk programs from passive monitoring to proactive, intelligence-driven action." ASI builds on Black Kite's Ransomware Susceptibility Index (RSI) by mapping ransomware exposure to the specific threat actor groups behind the risk. ASI does this by revealing vendors that exhibit known vulnerabilities, behaviors, or configurations linked to that actor's tactics, techniques, and procedures (TTPs); exposure indicators, such as open RDP ports, unpatched CVEs, or stealer log leaks; and third parties warranting immediate outreach and coordinated remediation. As a result, organizations can quickly and accurately identify which vendors are most likely to be targeted based on each group's known behaviors, tools, and tactics, adding precision and context to their prioritization strategy. Key features and benefits include: Threat Actor Intelligence for Suppliers: Instantly see which vendors align with a known adversary profile Vendor Sorting by Susceptibility: Prioritize outreach based on real-world exposure and targeted actor tactics Industry and Geography-Aware Risk: Assess risk with contextual intelligence, including actor-specific industries, regions, and motivations Proactive Vendor Engagement: Deliver actor-specific insights to suppliers to accelerate mitigation and build trust ASI brings a new level of precision to cyber risk management by embedding threat actor intelligence directly into third-party risk workflows. Rather than relying on static indicators, ASI enables organizations to prioritize suppliers based on real-world adversary behavior. With this capability, Black Kite delivers a unified, intelligence-driven approach to vendor cyber risk. For more information, visit About Black KiteBlack Kite gives organizations a comprehensive, real-time view into cyber ecosystem risk so they can make informed risk decisions and improve business resilience while continuously monitoring more vendors, partners, and suppliers in an ever-changing digital landscape. Through an automated process, and a combination of threat, business and risk information, Black Kite provides cyber risk intelligence that goes beyond a simple risk score or rating. Black Kite serves more than 3,000 customers in a wide range of industries and has received numerous industry awards and recognition from customers. Learn more at or on the Black Kite blog. Media Contact:Michelle KearneyHi-Touch PR443-857-9468kearney@ View original content to download multimedia: SOURCE Black Kite
Yahoo
09-05-2025
- Business
- Yahoo
Cyberthreats surge against US logistics infrastructure
Cybersecurity provider Trellix recently released its April 'CyberThreat Report' revealing an alarming rise in cyberattacks targeting critical U.S. infrastructure, with the freight and logistics sectors now in the crosshairs of nation-state actors and sophisticated ransomware groups. Between October 2024 and March 2025, the U.S. saw a 136% increase in Advanced Persistent Threat (APT) activity, prolonged and targeted cyberattacks in which an intruder gains unauthorized access to a network and remains undetected for an extended period. Of particular concern is the role of APT29, also known as Midnight Blizzard, a well-documented cyber espionage group linked to the Russian Foreign Intelligence Service. Known for its stealthy, high-level campaigns, APT29 specializes in long-term intrusions that exfiltrate sensitive data without immediate detection. Trellix researchers report that 55% of APT29's observed activity in this period specifically targeted the transportation and shipping sectors, signaling a coordinated focus on disrupting or surveilling supply chain operations. For logistics professionals, this suggests that state-sponsored actors are probing for weaknesses not just in physical infrastructure, but also in the digital ecosystems that support freight visibility, scheduling and warehouse management. Meanwhile, ransomware continues to plague U.S. organizations, with 58% of all global ransomware-related posts traced back to U.S.-based attacks. This reflects an environment where financially motivated criminal groups are increasingly exploiting known and zero-day vulnerabilities, bypassing phishing emails in favor of more direct and technical exploits. What's more troubling is the evolution in attacker methods. Rather than relying on suspicious email attachments, cybercriminals are now favoring fileless malware, which hides in memory, and using legitimate Windows tools to execute attacks, making them harder to detect with traditional antivirus solutions. Learn more about these cybersecurity threats in the Trellix report. How did Flexport's Convoy platform achieve zero thefts over the past 380,000 loads booked? Dooner asked the guy who runs it on a recent episode of WHAT THE TRUCK?!? Here's what Bill Driegert, head of trucking, had to say: Lt. George Ackerman of the Philadelphia Police Department was no stranger to crime trends, but when tractor trailers filled with beef, booze, crab legs and TVs began disappearing at an alarming rate in 2022, even his decades of experience couldn't explain the scale. What began as sporadic cargo thefts ballooned into a citywide epidemic, particularly across Philly's 8th District, where over 180 thefts were eventually reported. The goods, often worth millions, vanished without a trace, with no suspects, no patterns and no product ever recovered. Ackerman, a former trucker himself, became the lead on what would become the city's largest cargo theft case in modern history. At first, detectives assumed it was a string of isolated jobs. But the thieves always seemed to know exactly where to strike, regardless of drivers' unique schedules. A breakthrough came in April 2023, when Ackerman responded to a robbery involving over 2 million U.S. dimes stolen from a U.S. Mint trailer. Surveillance footage showed a highly coordinated team, including scouts, lookouts and loaders, operating in sync. Ackerman and his team, with support from the FBI, Secret Service and state police, slowly began to unravel the group. Cell tower data, surveillance footage and even Coinstar deposits pointed to a tightly knit crew based in the area. Their incriminating texts, bragging about 'liquor and cow feet' dinners, confirmed their role in more than $1.5 million in thefts. Learn more about Ackerman's detective work from Philadelphia magazine here. Be part of the solution that stops freight fraud in its tracks. Let's cut through the noise and address this issue head-on! Freight fraud has reached a crisis level, and it impacts everyone in the industry. It's time for us to come together to address this critical problem and share best practices on how to mitigate it. Join us on May 14 in Dallas at the Freight Fraud Symposium, where transportation executives, freight leaders and technology buyers will come together to discuss the issues we all face, share lessons learned and get insights on the latest technology to tackle this problem. Register now Articles by Grace Sharkey Fraud flowers in April showers Massachusetts man convicted in CDL bribery scam DHL Express ships endangered antelopes to Kenya; freight fraud; fixing backhauls | WHAT THE TRUCK?!? The post Cyberthreats surge against US logistics infrastructure appeared first on FreightWaves.
Yahoo
02-05-2025
- Politics
- Yahoo
Azerbaijani lawmaker blames Russia for February cyberattack
Russia was behind the February cyberattack on Azerbaijani media, Ramid Namazov, head of the Azerbaijani parliament's commission on countering hybrid threats, said on May 2, the APA news agency reported. According to Namazov, the investigation found that the cyberattack against Azerbaijan that took place on Feb. 20, was carried out by the infamous APT29 group, also known as Cozy Bear, widely believed to be linked to Russia's Foreign Intelligence Service. "The activities of APT29, which is engaged in cyber espionage, are mainly directed against government agencies, foreign diplomatic missions, as well as political, defense, energy, media and other critical areas," the lawmaker said. Namazov suggested that the attack was a retaliation for the closure of the Russian House in Baku in early February and the possible shutdown of the Azerbaijani branch of Sputnik radio. "It is because of these processes that this politically motivated incident of cyber interference took place," he added. Azerbaijan, who has maintained historical ties with Russia, has seen relations with Moscow dwindle following the Dec. 25 crash of Flight J2-8243, which killed 38 people. Azerbaijani President Ilham Aliyev has accused Russia of causing the crash. Russian hacker groups have engaged in various forms of cyber warfare throughout the full-scale war, including cyberattacks against Ukraine, hacks of civilian infrastructure in Europe, and interference in foreign elections. Read also: Ukraine war latest: Ukraine destroys 83,000 Russian targets using drones in April, Syrskyi says We've been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.
Yahoo
02-05-2025
- Politics
- Yahoo
Azerbaijan accuses Russia of massive cyberattack
Ramid Namazov, chairman of the Azerbaijani parliament's commission on countering hybrid threats, claims that Russia was behind the February 2025 cyberattack on the country. Source: Namazov's words at a public hearing on 2 May were quoted by Azerbaijan's state news agency APA, as reported by European Pravda Details: Namazov said that the investigation found that the 20 February cyberattack against Azerbaijani media was carried out by the APT29 group, also known as Cozy Bear, which is linked to Russian military intelligence. "The activities of APT29, which is engaged in cyber espionage, are mainly directed against government agencies, foreign diplomatic missions, as well as the sectors of politics, defence, energy, media and other critical areas," the MP listed. He said that the attackers had penetrated the networks of Azerbaijani media systems in advance. The MP claims that the cyberattack was triggered by the decision of the Azerbaijani authorities on 3 February to close the Russian House in Baku due to violations of the law, as well as a possible closure of the Azerbaijani branch of Sputnik radio. "It is because of these processes that this politically motivated incident of cyber interference has occurred," Namazov said. Background: It should be noted that the tensions in Russian-Azerbaijani relations back then coincided with the downing of an Azerbaijan Airlines flight in December 2024 near Grozny. Azerbaijan, according to media reports, has evidence that the plane that crashed in December after being diverted from Russia to Kazakhstan was shot down by the Russian Pantsir-S air defence system. Support Ukrainska Pravda on Patreon!
