Share

Cyber/Tech Alerts

The 2024 test involved pulsed-energy exposure, causing immediate effects like dizziness and cognitive issues. Norwegian officials informed the Central Intelligence Agency, leading to engagements with Pentagon and White House personnel.

Sources familiar with the experiment noted it did not support foreign targeting of U.S. officials but illustrated pulsed-energy devices’ capacity to influence human biology.

In a related development, the Pentagon acquired a portable device in late 2024 through a Homeland Security Investigations undercover operation, funded by the Department of Defense. The device, containing Russian components, underwent testing for over a year to assess replication of anomalous health incident symptoms.

Officials indicated its directed-energy emission potential, though no confirmed ties to foreign actors exist. This adds to nearly 1,500 reported cases across 96 countries, with declines in new incidents by 2025.

Inquiry into Norwegian Directed-Energy Device

Read more

Share

More Cyber/Tech Alerts

The attacks targeted operational technology and industrial control systems at over 30 wind and solar farms, a combined heat and power plant serving nearly half a million customers, and a manufacturing firm producing energy components.

“The malicious cyber activity caused loss of view and control between facilities and distribution system operators, destroyed data on human machine interfaces (HMIs), and corrupted system firmware on OT devices. While the affected renewable energy systems continued production, the system operator could not control or monitor them according to their intended design.” - CISA

Attackers exploited vulnerable FortiGate firewalls with default credentials to access networks, then used remote desktop protocol and virtual network computing for lateral movement before deploying custom wiper malware called DynoWiper to encrypt files and disrupt communications.

While no interruptions to power or heat occurred, the event exposed risks in distributed renewable energy systems and prompted recommendations for enhanced edge device security.

CERT Polska’s incident report from January 30 detailed the assaults occurring in morning and afternoon hours on December 29. The malware aimed to cause irreversible data destruction, but endpoint detection tools at the combined heat and power plant blocked execution.

Polish authorities attributed the operation to the Russian-linked group Static Tundra, also known as Electrum or Berserk Bear, based on infrastructure overlaps and tactics matching prior campaigns.

Incident Details

Read more

Share

More Cyber Alerts

This backdoor targets VMware vSphere and Windows environments to establish long-term persistence. The malware enables stealthy access through multiple encryption layers and facilitates lateral movement within networks.

Affected organizations are primarily in government services and information technology sectors. BRICKSTORM’s self-monitoring function ensures automatic re-installation if disrupted.

The alert highlights ongoing compromises where actors obtain legitimate credentials by capturing system backups or Active Directory data. They exfiltrate sensitive information and target VMware platforms to steal virtual machine snapshots for credential extraction.

Refer a friend

In one confirmed case, intruders accessed a web server in the demilitarized zone before moving to an internal vCenter server to implant the malware. Seven additional BRICKSTORM samples show variations in capabilities, underscoring its adaptability. Communications are concealed using DNS-over-HTTPS and SOCKS proxies.

Intruders employ advanced tactics to evade detection, including nested TLS encryption and WebSockets. Persistence mechanisms allow the malware to restart automatically upon interruption.

BRICKSTORM is a custom ELF Go-based backdoor for stealthy access, persistence, and command and control. It uses self-watching for reinstallation if disrupted, multiple encryption layers like HTTPS, WebSockets, and nested TLS. DNS-over-HTTPS mimics web traffic with public resolvers such as Cloudflare, Google, and Quad9.

Interactive shells, file manipulation, and SOCKS proxy enable lateral movement. Some samples act as SOCKS proxies or use VSOCK for virtual machine communication with self-signed certificates.

Analysis of eight samples reveals variants for VMware vSphere and Windows. The joint Malware Analysis Report provides indicators of compromise and detection signatures. Network defenders are urged to scan for BRICKSTORM using provided YARA and Sigma rules.

Actors gain access via web shells, move laterally using RDP and SMB with service accounts, copy Active Directory databases, escalate via sudo, and drop BRICKSTORM in /etc/sysconfig/. Modifications to init files ensure execution on boot.

In a detailed incident, access began in April 2024 and persisted through at least September 3, 2025. Lateral movement included jump servers and Active Directory Federation Services for key exfiltration.

Blocking unauthorized DNS-over-HTTPS providers is recommended to reduce unmonitored traffic. Inventory of network edge devices should include monitoring for suspicious connectivity.

Proper segmentation restricts traffic from demilitarized zones to internal networks. If similar activity is detected, incidents should be reported to the agency’s operations center. The guidance emphasizes hunting for intrusions and applying mitigations promptly. Critical infrastructure operators face heightened risks from such state-sponsored activities.

Read more

Share

More Cyber/Tech Alerts

The root cause was an automatically generated configuration file for threat traffic that grew far beyond expected size, triggering crashes in multiple traffic-handling systems. Recovery was achieved through staged fixes deployed progressively during the afternoon and evening.

As of late November 18, 2025 (post-resolution), all services are fully operational with no recurring issues observed. The outage impacted a broad range of dependent platforms globally, including social media networks, artificial intelligence (AI) services, streaming platforms, delivery applications, collaboration tools, and countless enterprise services.

Peak error rates and latency spikes occurred between approximately 11:20 a.m. and 2:42 p.m. Cloudflare has confirmed the incident was entirely internal in origin, with no evidence of external attack or malicious activity. Initial details have been released; a comprehensive post-mortem is expected shortly.

What is Cloudflare and Why Does It Matter?

Cloudflare is one of the world’s largest and most critical internet infrastructure companies. It operates as a global reverse proxy, content delivery network (CDN), DDoS mitigation platform, DNS provider, and zero-trust security service.

In practical terms, Cloudflare sits between roughly 20–25% of all internet traffic worldwide, acting as the first line of defense and performance optimization for millions of websites and applications.

Read more

Share

More Alerts

The operation represented an imminent threat to the agency's protective operations. The protective intelligence investigation led to the discovery of more than 300 co-located Subscriber Identity Module servers and 100,000 Subscriber Identity Module cards across multiple sites. The devices were concentrated within 35 miles of the United Nations General Assembly underway in New York City.

The timing, location, and potential for significant disruption to New York telecommunications prompted the agency to move quickly. In addition to carrying out anonymous telephonic threats, these devices could be used to conduct a wide range of telecommunications attacks.

This includes disabling cell phone towers, enabling denial of services attacks, and facilitating anonymous, encrypted communication between potential threat actors and criminal enterprises.

While forensic examination of these devices is ongoing, early analysis indicates cellular communications between nation-state threat actors and individuals who are known to federal law enforcement.

Investigation Details

Read more

Share

More Cyber Alerts

This occurred through an unconditional block on TCP port 443, the standard network channel for secure web browsing that ensures encrypted data transfer between users and websites.

China's internet censorship system, known as the Great Firewall, inserted forged TCP RST+ACK packets—signals that abruptly end network connections—to stop both incoming and outgoing traffic on this port.

Technical reviews show that the device responsible for the block had features unlike those seen in earlier documented parts of the Great Firewall, such as increasing TCP window sizes in the inserted packets.

The disruption blocked access to many foreign websites and applications that rely on HTTPS, the protocol for secure online communications that protects information like login details and financial transactions.

This affected operations for organizations connected to China, including interruptions to platforms from companies such as Apple and Tesla. Checks during the event confirmed the issue was limited to port 443, with no interference on other common network channels.

Evaluations based on available data point to an internal cause, such as a setup error or a test of network controls, rather than outside interference. The short length of the outage and its focus on one port suggest it was not a planned widespread restriction.

Acronym Index

GFW: Great Firewall

HTTPS: Hypertext Transfer Protocol Secure

IP: Internet Protocol

RST+ACK: Reset + Acknowledge

SYN: Synchronize

SYN+ACK: Synchronize + Acknowledge

TCP: Transmission Control Protocol

TTL: Time to Live

Details of the Block:

Read more

Share

More Cyber Alerts

The Standeford Journal - News, Intel Analysis

China's Deep-Sea Cable Cutter: A New Tool Threatening Global Undersea Information Infrastructure

INDO-PACIFIC/EUROPE—The Taiwanese Ministry of Foreign Affairs has raised concerns over a new Chinese-developed tool: a deep-sea cable cutter designed to sever fortified underwater communication and power lines…

Read more

a year ago · 1 like · Donald Standeford

More Sci-Tech On SJ

The recently released advisories address vulnerabilities in port equipment, networks, and navigation systems, emphasizing the risks posed by Chinese-manufactured technologies and GPS disruptions on ships and ports worldwide.

Refer a friend

These advisories pinpoint specific dangers arising from foreign technologies—particularly those manufactured by Chinese entities—that threaten port equipment, networks, and operational systems integral to shipping. Additionally, they address vulnerabilities in navigation tools, such as the Global Positioning System (GPS), which is essential for determining a vessel’s location, and the Automatic Identification System (AIS), which aids in collision avoidance.

These systems are susceptible to disruptions or spoofing, posing significant safety risks to maritime travel. To counter these threats, the advisories recommend proactive measures, including contingency planning for GPS outages, enhancing security protocols for port infrastructure, and reporting suspicious activities to the U.S. Coast Guard.

These efforts aim to safeguard the Marine Transportation System (MTS), a vital component of global trade and security. The economic significance of the MTS cannot be overstated. According to the U.S. Government Accountability Office (GAO-25-107244), the MTS manages over $5.4 trillion in goods and services annually and supports more than 30 million jobs across 360 U.S. ports.

However, this system faces an escalating array of cybersecurity threats from nation-states—such as China, Iran, North Korea, and Russia—as well as hacktivists and insider threats. These risks, detailed in the GAO report attached to this alert, threaten both national security and economic stability, setting the stage for why cybersecurity is a critical priority for the maritime sector.

The broad threat landscape outlined in the advisories underscores the urgency of addressing these vulnerabilities comprehensively.

Specific Threats, Vulnerabilities In Port Infrastructure, Navigation Systems

Read more

Share

Alerts On Cyber Incidents

The Standeford Journal - News, Intel Analysis

NASA Working With NGA To Implement Full GPS Capability On The Moon

NASA/NGA - The National Geospatial-Intelligence Agency (NGA) is jointly working with NASA to implement a GPS positioning and navigational system that would be fully functional on the moon, guiding visitors "as accurately and as safely as GPS does on Earth…

Read more

3 years ago · 2 likes · Donald Standeford

SJ Cyber/Tech Reports

According to the advisory, corroborated reports from vessel masters indicate that the disruptions, which lasted several hours, impacted electronic navigation systems, including GPS, AIS, and other Positioning, Navigation, and Timing (PNT) tools. The disruptions forced ships to switch to backup navigation methods to maintain safe passage through this critical maritime choke-point.

The incident, documented at 1830 UTC (6:30 PM UTC), underscores ongoing concerns about electronic interference in the region. Bandar Jask, strategically located east of the Strait of Hormuz, has previously been associated with Iranian activities, including the Islamic Revolutionary Guard Corps Navy (IRGCN) operations and potential GPS jamming capabilities.

The UKMTO has urged masters experiencing such disruptions within its Voluntary Reporting Area (VRA) to report incidents to its watch-keepers, highlighting the need for heightened vigilance.

This event aligns with historical patterns of GPS interference in the Persian Gulf and Strait of Hormuz, often linked to geopolitical tensions.

While the source of this specific interference remains unconfirmed, it echoes past reports of Iranian jamming efforts, such as incidents noted in recent years by the U.S. Maritime Administration, aimed at disrupting maritime and aviation navigation.

As the Strait of Hormuz remains vital for global oil and gas transit, such incidents pose significant risks to commercial shipping, prompting calls for robust contingency measures.

Read more

Share

All Cyber/Tech Alerts

The Standeford Journal - News, Intel Analysis

Quantum Leap Forward: ORNL’s Single-Chip Breakthrough Brings the Quantum Internet Closer

ORNL - Researchers at Oak Ridge National Laboratory (ORNL) have demonstrated a new quantum photonic device that integrates key capabilities on a single chip for the first time. This innovation focuses on quantum computing with photons to create qubits, which can exist in multiple states simultaneously…

Read more

a year ago · Donald Standeford

The Standeford Journal - News, Intel Analysis

China Says It Carried Out First Successful Attack By Quantum Computer On Military-Grade Encryption

BEIJING - Chinese researchers, led by Wang Chao from Shanghai University have claimed that they carried out the first successful attack using a Canadian D-Wave quantum computer on widely used military-grade encryption algorithms, which they said poses a…

Read more

2 years ago · 2 likes · Donald Standeford

SJ Cyber/Tech Reports

These alerts address a range of malicious activities, from sophisticated ransomware scams targeting corporate executives to violent online networks exploiting minors and the Chinese government’s use of freelance hackers to compromise global networks.

Refer a friend

The FBI emphasizes the need for heightened vigilance, offering actionable tips to protect against these evolving threats.

CISA/FBI: "Urgent Alert: Criminals posing as "BianLian Group" are sending extortion letters to corporate execs, threatening to leak sensitive info unless paid."

Corporate Executives Under Siege: The BianLian Ransomware Scam

Read more

Share

Recent Cyber/Tech Alerts

The Standeford Journal - News, Intel Analysis

Poland Works To Construct Quantum Computer For Military Applications As Technology Progresses

POLAND - The Polish military has announced that the Warsaw University of Technology is developing a pioneering quantum computer infrastructure prototype, built entirely from scratch within Poland, as global advancements in quantum computer technology continue…

Read more

a year ago · 1 like · Donald Standeford

The Standeford Journal - News, Intel Analysis

China Says It Carried Out First Successful Attack By Quantum Computer On Military-Grade Encryption

BEIJING - Chinese researchers, led by Wang Chao from Shanghai University have claimed that they carried out the first successful attack using a Canadian D-Wave quantum computer on widely used military-grade encryption algorithms, which they said poses a…

Read more

2 years ago · 2 likes · Donald Standeford

All SJ Sci-Tech Reports

Customers in Southeast Asia, Australia, New Zealand, and Oceania will have to re-point their satellite dish to a new satellite and update their decoder setti…

Read more

Share

Recent Cyber Alerts

The Standeford Journal - News, Intel Analysis

China Says It Carried Out First Successful Attack By Quantum Computer On Military-Grade Encryption

BEIJING - Chinese researchers, led by Wang Chao from Shanghai University have claimed that they carried out the first successful attack using a Canadian D-Wave quantum computer on widely used military-grade encryption algorithms, which they said poses a…

Read more

2 years ago · 2 likes · Donald Standeford

The Standeford Journal - News, Intel Analysis

Data Breach Exposes 2.7 Billion Public Records On Nearly 3 Billion People To Dark Web

CYBER - The "USDoD" hacking group claims to have stolen 2.7 billion records on around 2.9 billion people after a data breach on National Public Data (NPD) database containing personal data on virtually all American citizens and released most of it in a dark web marketplace where stolen data is sold off for $3.5 million USD…

Read more

2 years ago · 3 likes · Donald Standeford

SJ Cyber/Tech Reports

According to the Israeli military, "The "CYBERDOME" exercise is the primary cyber-defense exercise conducted jointly by the U.S. Cyber Command, together with the Israel Defense Forces' J6 and Cyber Defense Directorate, and the Intelligence Directorate."

It also said that, "The exercise focused on enhancing both countries' cyber capabilities while strengthening joint cyber defense capabilities. This was achieved through various battlefield-tailored operational scenarios and on the backdrop of increasing cyber threats faced by both countries, with an emphasis on the Middle East."

According to U.S. Cyber Command, “We are now in our ninth iteration of the CYBERDOME series of exercises, this annual event provides a valuable opportunity for U.S. and Israeli cyber personnel to work together in a complex training environment, solidifying the bond between our two nations and fostering a shared understanding of cyber operations."

Refer a friend

Full Report On Cyberdome IX:

Read more

Share

All Cyber Alerts

The Standeford Journal - News, Intel Analysis

China Says It Carried Out First Successful Attack By Quantum Computer On Military-Grade Encryption

BEIJING - Chinese researchers, led by Wang Chao from Shanghai University have claimed that they carried out the first successful attack using a Canadian D-Wave quantum computer on widely used military-grade encryption algorithms, which they said poses a…

Read more

2 years ago · 1 like · Donald Standeford

The Standeford Journal - News, Intel Analysis

Chinese Hackers Embedded Malware In US Infrastructure, US Renews Controversial Section 702

NASHVILLE, TENNESSEE - According to the Director of the FBI, Chinese state-sponsored hackers have hidden exploits within key U.S. infrastructure and are just waiting “for the right moment to deal a devastating blow…

Read more

2 years ago · 3 likes · Donald Standeford

All SJ Cyber Reports

Furthermore, the hackers copied information that the joint statement said "was subject to U.S. law enforcement requests pursuant to court orders," adding, "We expect our understanding of these compromises to grow as the investigation continues". 

Refer a friend

Another Group Called "Volt Typhoon" Embedded In US Networks For At Least Five Years

Read more

Share

Recent Cyber Alerts

The Standeford Journal - News, Intel Analysis

NASA Working With NGA To Implement Full GPS Capability On The Moon

NASA/NGA - The National Geospatial-Intelligence Agency (NGA) is jointly working with NASA to implement a GPS positioning and navigational system that would be fully functional on the moon, guiding visitors "as accurately and as safely as GPS does on Earth…

Read more

3 years ago · 1 like · Donald Standeford

SJ Reports On Space

The Standeford Journal - News, Intel Analysis

China Says It Carried Out First Successful Attack By Quantum Computer On Military-Grade Encryption

BEIJING - Chinese researchers, led by Wang Chao from Shanghai University have claimed that they carried out the first successful attack using a Canadian D-Wave quantum computer on widely used military-grade encryption algorithms, which they said poses a…

Read more

2 years ago · 1 like · Donald Standeford

SJ Reports On Cyber/Tech

Of the disruptions reported:

• 279 targeted aircraft

• 52 targeted vessels

Despite the GPS disruptions, the ministry said that there were no major issues or damages caused by the interference, with the ICT reporting that it "consistently detected radio interference originating from the Kaepung and Haeju areas of North Korea”.

According to the ministry, it has been continuously monitoring the activities while coordinating with the land and maritime ministries in order to ensure the safety of air and sea navigation while maintaining a high level of readiness, according to South Korean media.

What Is GPS Jamming?

Read more

Share

Alerts On Mideast

The Standeford Journal - News, Intel Analysis

Israel Preparing "Significant Strike" On Iran In Retaliation For Recent Missile Attack

JERUSALEM - The Israeli military is currently preparing a "significant strike" on Iran following the recent Iranian missile attack on Israel and said that they do not rule out the possibility that Iran may retaliate with an additional strike, according to a statement by the Israel Defense Forces (IDF…

Read more

2 years ago · 1 like · Donald Standeford

SJ Reports On Mideast

Although there are other reports on this, thus far they are all citing Iran International's report. We have it on our radar and are watch…

Read more

Share

All Cyber Alerts

The Standeford Journal - News, Intel Analysis

Chinese Hackers Embedded Malware In US Infrastructure, US Renews Controversial Section 702

NASHVILLE, TENNESSEE - According to the Director of the FBI, Chinese state-sponsored hackers have hidden exploits within key U.S. infrastructure and are just waiting “for the right moment to deal a devastating blow…

Read more

2 years ago · 3 likes · Donald Standeford

All SJ Cyber Reports

Down Detector shows that Bank of America has recently begun to have service interruptions. Check the comment …

Read more

Share

The Standeford Journal News, Intel

Chinese Hackers Embedded Malware In US Infrastructure, US Renews Controversial Section 702

NASHVILLE, TENNESSEE - According to the Director of the FBI, Chinese state-sponsored hackers have hidden exploits within key U.S. infrastructure and are just waiting “for the right moment to deal a devastating blow”. According to FBI Director Chris Wray, the risks posed by the Chinese government to the United States previously spoken of in previous reports are no longer…

Read more

2 years ago · 3 likes · Donald Standeford

Microsoft says that the systems have been restored and CrowdStrike says they are rolling their update back globally.

Microsoft also said it is "investigating an issue" after companies worldwide began reporting issues with its services.

Thus far, the attack does not look to be the result of a cyberattack, but rather a consequence of an update that had been rolled out on systems worldwide.

What Is CrowdStrike? Effects Of The Outage Worldwide, More Information:

Read more

Share

The Standeford Journal News And Intel

Chinese Hackers Embedded Malware In US Infrastructure, US Renews Controversial Section 702

NASHVILLE, TENNESSEE - According to the Director of the FBI, Chinese state-sponsored hackers have hidden exploits within key U.S. infrastructure and are just waiting “for the right moment to deal a devastating blow”. According to FBI Director Chris Wray, the risks posed by the Chinese government to the United States previously spoken of in previous reports are no longer…

Read more

2 years ago · 3 likes · Donald Standeford

Read SJ Cyber Reports

Read more

Share

All Alerts On Critical Infrastructure

In light of both the increase in reported attacks on the water supply and an increase in vulnerabilities found in the country's water systems, the EPA urged water systems to act immediately to take steps to protect the nation's drinking water.

Refer a friend

Not only have cyberattacks become more frequent and severe against critical infrastructure, but the EPA says that around 70% of the water utilities inspected by the federal government over the last year were in violation of cybersecurity standards put into place to prevent attacks on the systems.

McCabe said in many cases systems are not doing what they should be doing and have no available plans for vulnerability prevention. As the water systems often rely on computers with operating systems, some of the ways the utilities failed the standards:

• Failing to change default passwords for equipment

• Failing to lock out system access to ex-employees

Cyberattacks on water systems can lead to numerous problems with either the water supply or the alteration of the chemical composition of the water to hazardous levels:

• Interruption in the water treatment process

• Interruption in the water storage process

• Damage to valves that control the water flow

• Damage to the water pumps

• Altering of the water's chemical composition

• Change of chemical levels to dangerous amounts

“In many cases, systems are not doing what they are supposed to be doing, which is to have completed a risk assessment of their vulnerabilities that includes cybersecurity and to make sure that plan is available and informing the way they do business,” McCabe stated.

McCabe: Cyberattacks On Water Infrastructure Are Not Just Private Individuals, Many Government-Backed Entities. FDA: Every US Critical Infrastructure Sector Has Been Targets Of Cyberattacks

Read more

Share

The Standeford Journal - News & Intel

Chinese Affiliated Hackers Compromise Critical Infrastructure With Intent To Sow Panic, Chaos, Deploy Future Attacks

WASHINGTON - Chinese affiliated hackers have compromised over two dozen “critical entities” within the United States, including critical infrastructure such as water utility companies, at least one oil and gas pipeline, an attempt on the Texas power grid to…

Read more

2 years ago · 1 like · Donald Standeford

See Cyber/Tech Reports

Airport Announcements Regarding The Nationwide Issue:

Read more

Share

The news agency reported that the attack occurred on a payroll system which targeted service personnel, officials, and some veterans.

The attack is said by the news agency to have exposed the names of the personnel, and their bank details.

It should be noted that the system reported to have been attacked is not connected to the main computer systems for the British Ministry of Defense.

The Standeford Journal - News & Intel

Chinese Affiliated Hackers Compromise Critical Infrastructure With Intent To Sow Panic, Chaos, Deploy Future Attacks

WASHINGTON - Chinese affiliated hackers have compromised over two dozen “critical entities” within the United States, including critical infrastructure such as water utility companies, at least one oil and gas pipeline, an attempt on the Texas power grid to…

Read more

2 years ago · 1 like · Donald Standeford

Statement Transcript Released By British Government:

Read more