Cyber Threats in Space, Akira Ransomware, and Corporate Security News

Cyber Activity Targeting Space Sector

• 🚀 A new report indicates a significant increase in cyber operations targeting space-related organizations during the Gaza War, with only 11 incidents occurring before October 7th.
• 🎯 Pro-Palestinian activist groups, in particular, ramped up their activity, frequently targeting the Israel Space Agency with DDoS attacks.
• ⚠️ Cyber operations against space sector organizations are now a routine element of geopolitical escalation.

Threat Actor Tactics and Infrastructure

• 💻 The Russia-aligned threat actor Romcom utilized SockGholish to breach a US civil engineering firm that had worked for Ukraine, highlighting the exploitation of compromised websites for malware delivery.
• 🌐 Evidence suggests Russia's Gamaredon and North Korea's Lazarus Group may be coordinating, sharing infrastructure and malware like Invisible Ferret.
• 🔒 Canon confirmed a breach of a subsidiary via an attack targeting Oracle e-business suite instances, though no data was leaked by the Clop extortion gang.

Account Takeover and AI Browser Vulnerabilities

• 💰 The FBI has reported $262 million in losses from account takeover fraud schemes since January 2025, often involving social engineering to impersonate financial institutions.
• 🧠 A novel technique called HashJack uses hashtags to inject malicious prompts into AI browser assistants, potentially leading to automatic data exfiltration.
• ⚠️ While Perplexity and Microsoft have mitigated HashJack, the vulnerability remains unresolved in the Chrome browser.

Akira Ransomware Deep Dive

• ⚡ Akira is identified as an aggressive and sophisticated ransomware actor focused on speed, encrypting a small percentage of files rapidly to achieve quick encryption across systems.
• 🔌 Infection vectors often involve exploiting Sonic Wall vulnerabilities and using compromised credentials, followed by creating admin credentials for stealth.
• 🛠️ Akira employs "living off the land" techniques, using existing system tools and DL sideloading to trick trusted applications into running malicious code.
• 🎯 While manufacturing, business services, and construction are primary targets, Akira's ransomware-as-a-service model allows for widespread attacks across all industries.
• 📈 Recommendations for protection include remediating known exploited vulnerabilities, enabling phishing-resistant MFA, maintaining offline backups, and implementing defense-in-depth strategies.

Corporate Security Incidents

• 🏛️ Multiple London councils, including RBKC and Westminster City Council, were hit by disruptive cyberattacks affecting shared IT systems and phone services.
• ⚠️ A Campbell Soup CISO has been placed on leave following a lawsuit alleging disparaging remarks about the company's products and racist comments about co-workers.