Home Blog

Germany warns of APT28 router hacks

Ana Mary Joseph
-
0
Germany warns of APT28 router hacks

Germany’s domestic intelligence agency on Tuesday warned that Russian state-linked hacking group APT28 has compromised vulnerable TP-Link internet routers to spy on military, government, and critical infrastructure targets.

The Federal Office for the Protection of the Constitution (BfV) said the alert was issued with partners including the foreign intelligence service BND and the US FBI. APT28—also known as “Fancy Bear” and attributed by Western governments to Russia’s GRU military intelligence—attacked several thousand routers worldwide, including about 30 vulnerable devices in Germany, according to the BfV.

In some cases, compromises were confirmed, prompting operators to replace affected routers. The agency noted APT28’s prior intrusions against Germany’s parliament, the centre-left SPD party, and air traffic control authorities, and urged immediate remediation on exposed or unpatched TP-Link devices.

US warns Iranian hackers escalating attacks on OT assets

Naushad K. Cherrayil
-
0
US warns Iranian hackers escalating attacks on OT assets
  • FBI, NSA, CISA, EPA, Department of Energy, and US Cyber Command’s Cyber National Mission Force claim the actors aim to cause disruptive effects inside the United States.
  • Activity has hit unnamed organisations in government services and facilities, water and wastewater systems, and the energy sectors.

US cybersecurity, law enforcement, and intelligence agencies on Tuesday warned that Iran‑affiliated hackers are intensifying campaigns against operational technology in multiple critical infrastructure sectors, targeting publicly exposed programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) displays.

According to a joint advisory from the FBI, NSA, CISA, EPA, Department of Energy, and US Cyber Command’s Cyber National Mission Force, the actors aim to cause disruptive effects inside the United States.

Officials said some intrusions have already led to operational disruption and financial losses, with attackers manipulating display data, extracting device project files, and interacting with OT assets in ways that can impact real‑world processes.

Heightened regional tensions

The activity has hit unnamed organisations in government services and facilities, water and wastewater systems, and the energy sector, underscoring the risks posed by internet‑exposed industrial controllers and insufficient segmentation between IT and OT networks, the agencies said.

The alert arrives amid heightened regional tensions. While officials did not link specific incidents to recent military developments, security researchers and federal alerts describe a pattern of Iran‑aligned threat activity seeking to exploit readily accessible OT devices for disruptive impact rather than espionage, raising concerns about critical services’ resilience to adversary operations.

Agencies urged immediate hardening steps, including removing PLCs and HMIs from direct internet exposure, enforcing multifactor authentication and strong access controls, applying vendor security updates, segmenting networks, enhancing monitoring for unauthorised changes to OT configurations, and developing incident response playbooks tailored to industrial environments.

Related Posts:

Middle East Geopolitics casts shadow over AI-powered cloud boom

Naushad K. Cherrayil
-
0
Middle East Geopolitics casts shadow over AI-powered cloud boom
  • Cloud providers are weighing a more cautious Middle East expansion, while enterprises revisit single-region deployments in favour of geographically diverse architectures despite data residency goals.

Cloud revenues are surging as demand for compute and storage to power AI applications accelerates, prompting hyperscalers to expand data centre footprints even as geopolitical risks darken the near-term outlook, according to GlobalData’s “Cloud Watch Q1 2026: AI Drives Expansion, but the Economic Fallout from a Stormy Geopolitical Climate Could Disrupt Growth.”

GlobalData says most hyperscalers are ramping capex tied to AI. AWS’s 2026 investment is expected to reach about $200billion, more than 50 per cent over the previous year while Google is expected to reach $185 billion, focusing on Tensor Processing Unit (TPU) and Graphic Processing Unit (GPU) solutions..

“Sky-high expectations for AI, amid concerns about whether returns will be sufficient, raise questions about whether the AI bubble is bursting,” said Amy DeCarlo, Principal Analyst at GlobalData.

“At the same time, IT teams worry about threat actors leveraging AI to overwhelm security—any of which could dampen demand for processing, storage, and connectivity.”

Cautious approach

The war in Iran is compounding pressures beyond higher energy costs. Following US and Israeli strikes in February, AWS infrastructure in the UAE and Bahrain was hit by Iranian drones, triggering regional cloud disruptions across payments and supply chains. AWS waived all March charges for the ME-CENTRAL-1 (UAE) region.

Iran vowed to target data centres as “enemy technology infrastructure.” With facilities in an active conflict zone, providers are weighing a more cautious Middle East expansion, while enterprises revisit single-region deployments in favour of geographically diverse architectures despite data residency goals.

Rising geopolitical tensions among the US, China, and Russia, coupled with surveillance fears, are accelerating interest in sovereign cloud solutions to ensure in-region data residency. AI considerations are intensifying scrutiny of providers’ national affiliations and access to high-value data.

Security remains a core differentiator. Hyperscalers continue organic investment and M&A; in March, Google closed its $32 billion acquisition of security platform Wiz. “While early in cloud adoption many questioned providers’ security, confidence has grown, and many IT leaders now see hyperscalers as offering stronger protections than on-premises,” DeCarlo said.

Strait of Hormuz disruption elevates helium to top tech supply-chain risk

Naushad K. Cherrayil
-
0
Strait of Hormuz disruption elevates helium to top tech supply-chain risk
  • Price spikes, tighter allocations, and intensified competition for secure deliveries expected in near term.

A functional impairment of the Strait of Hormuz is emerging as a critical threat to the global technology supply chain, with helium shortages posing a more immediate risk to semiconductor manufacturing and AI infrastructure than crude oil, according to GlobalData.

The research firm says energy markets and policymakers have traditionally focused on crude flows through the Gulf, but the latest disruption underscores a lesser-known chokepoint: shipping routes that deliver noble gases and other specialty inputs required for advanced chipmaking and high-performance computing. Scarce substitutes, limited stockpiles, and concentrated production could magnify the shock, GlobalData notes.

“Oil is the headline commodity in any Gulf disruption, but for the technology sector, the bigger black swan is specialty materials, especially helium,” said Ramnivas Mundada, Director of Companies and Economic Research at GlobalData.

“Semiconductor fabrication, memory production, and high-performance computing rely on stable flows of noble gases. If those flows are impaired, the effects can be faster and harder to manage than an oil price spike.”

Helium has become a central vulnerability due to its role in thermal management, leak detection, and multiple semiconductor process steps, combined with complex purification and tight logistics.

Qatar accounts for roughly 30 per cent of global helium output, according to the US Geological Survey, making Strait disruptions tantamount to sidelining nearly a third of supply. GlobalData warns this could immediately pressure lead times, allocations, and prices, with fabs particularly exposed given limited substitutes and the need to maintain process stability and tool uptime.

Memory manufacturing faces outsized risk

With Samsung Electronics and SK Hynix producing about two-thirds of global memory, helium constraints can quickly ripple through DRAM and NAND pricing, OEM procurement cycles for smartphones, PCs, and storage, and node transition timelines.

Even temporary shortages can force producers to prioritise product lines, slow capacity ramps, and extend maintenance and qualification, potentially lengthening AI server build times given memory’s centrality to GPU platforms. While buffers exist, cylinder availability, purification capacity, transport lead times, and safety rules cap inventory strategies, GlobalData adds.

Beyond semiconductors, execution risks are rising for AI infrastructure in the UAE, where Amazon Web Services, Microsoft, and Nvidia are building large-scale compute aligned with sovereign AI and national digital goals.

Regional instability and impaired logistics threaten hardware deliveries, spares, networking equipment, and cross-border predictability. “Helium-driven chip delays, especially in memory, could extend lead times, delaying clusters and AI rollouts,” Mundada said.

GlobalData contrasts helium with oil, noting crude disruptions can be cushioned by diversified supply, strategic reserves, and rerouting. Specialty inputs lack such resilience due to concentrated production, limited redundant purification, specialised handling requirements, minimal substitutes, and long qualification cycles in regulated fabs—making modest supply hits disproportionately disruptive.

A strategic resource

In the near term, GlobalData expects price spikes, tighter allocations, and intensified competition for secure deliveries. Over the medium term, companies are likely to accelerate resilience measures: diversify suppliers beyond the Gulf, strike longer-term offtake deals with non-Gulf producers, invest in helium recovery and recycling, expand supply-chain visibility beyond tier-1 vendors, and scrutinise sovereign AI execution risk with contingency planning—steps that require capital and time.

GlobalData recommends immediate actions for chipmakers, hyperscalers, and downstream OEMs: map exposure to Gulf-sourced helium and specialty gases; stress-test fab and supplier continuity under constrained gas allocations; secure secondary logistics routes and contingency suppliers; evaluate recovery systems and process optimisations to cut helium intensity; and coordinate closely with gas vendors on cylinder availability and prioritised deliveries.

“Technology leaders should treat helium and other specialty inputs as strategic resources, not routine consumables,” Mundada concluded.

“Companies that quantify their exposure early and act decisively will be better positioned to protect production continuity, manage costs, and keep AI infrastructure timelines on track.”

India’s fixed communications revenue to reach $20.1b by 2030 as fibre and FWA surge

Ana Mary Joseph
-
0
India’s fixed communications revenue to reach $20.1b by 2030 as fibre and FWA surge
  • Jio poised to lead the fixed broadband market by subscription share, leveraging its FTTH footprint and the expansion of AirFiber.
  • Fixed voice revenue will contract at a 0.6% through 2030 amid falling ARPU, migration to mobile and OTT calling, and the inclusion of free voice minutes in bundled fixed plans.

India’s fixed communications market is set to grow from $14.9 billion in 2025 to $20.1 billion by 2030, driven by rapid expansion in fixed broadband services, according to new forecasts from GlobalData.The research points to a 6.1 per cent compound annual growth rate (CAGR) for total fixed revenues over the period, even as legacy voice continues to decline.

GlobalData estimates fixed voice revenue will contract at a 0.6 per cent CAGR through 2030 amid falling ARPU, migration to mobile and OTT calling, and the inclusion of free voice minutes in bundled fixed plans. In contrast, fixed broadband revenue is projected to rise at a 6.6 per cent CAGR, propelled by growing subscriptions to fiber-to-the-home/building (FTTH/B) and fixed wireless access (FWA).

“Fixed broadband service revenue will increase at a CAGR of 6.6 per cent during 2025–2030, driven by the growth in broadband subscriptions, especially fiber optic and FWA,” said Srikanth Vaidya, Telecom Analyst at GlobalData.

Aggressive fibre rollouts

The firm expects fiber lines to account for about 63 per cent of total broadband connections by 2030, aided by government-backed fibre investment and accelerated FTTH rollouts by operators.

From a low base, FWA is forecast to expand at a 20.7 per cent CAGR as carriers push 5G-based home and business broadband into areas with limited fiber coverage. Reliance Jio (JioAirFiber) and Bharti Airtel (Xstream AirFiber) began scaling nationwide following 2023 launches, while BSNL introduced its Quantum 5G FWA service in Hyderabad in June 2025 with plans for additional cities.

Jio is poised to lead the fixed broadband market by subscription share over the forecast period, leveraging its FTTH footprint and the expansion of AirFiber. Competitive pricing and OTT bundles are expected to further stimulate demand. Jio’s entry plan is priced at ₹399 ($4.3) per month for unlimited data at 30Mbps, while a ₹999 ($10.7) plan offers unlimited data at 150 Mbps plus access to 13 OTT platforms, including Amazon Prime Video, JioHotStar, Discovery+, Zee5, and SonyLIV.

“India’s fixed broadband market is entering a phase of accelerated digital transformation, underpinned by aggressive fibre rollouts, strategic pricing, and bundled OTT offerings,” Vaidya added.

“As operators like Jio and Airtel continue to innovate around FWA and FTTH, the market is poised to bridge the digital divide and redefine home connectivity standards.”

Anonymous researcher drops “BlueHammer” zero-day exploit for Windows on GitHub

Mohammed Fahad
-
0
Anonymous researcher drops “BlueHammer” zero-day exploit for Windows on GitHub
  • “BlueHammer” targets Windows Defender’s update mechanism and can elevate a local user to administrator—and in some cases SYSTEM—privileges.
  • Enterprises now face an unpatched local privilege escalation affecting a widely deployed, SYSTEM-privileged component.

An anonymous security researcher has published a working zero-day exploit for Windows on GitHub, triggering urgent warnings from defenders and rapid interest from would-be attackers. The flaw, dubbed “BlueHammer,” targets Windows Defender’s update mechanism and can elevate a local user to administrator—and in some cases SYSTEM—privileges.

The exploit appeared on April 2, 2026, under the alias “deadeclipse666,” following a March 26 blog post threatening disclosure over a dispute with Microsoft. “Running that ‘whoami’ and seeing SYSTEM just hits different,” one GitHub user commented after testing the code. The repository quickly amassed more than 100 forks and nearly 300 stars.

Security researchers say the exploit is real. Justin Elzem, CTO at TrustedSEC, described the bug as a TOCTOU/symlink race in Defender’s signature updates, where a SYSTEM-privileged process follows paths a low-privilege user can redirect. Will Dormann, Senior Principal Vulnerability Analyst at Tharros, confirmed he achieved elevated privileges by running the proof-of-concept, noting the reliability varies and that Windows Server builds sometimes grant only admin, not SYSTEM.

While eight of 72 antivirus engines on VirusTotal flagged the shared FunnyApp.exe binary, experts warn the public C source code enables attackers to recompile countless variants and bypass signature-based detection. “With source in hand, hash-based defenses are largely moot,” one analyst said.

The leaker, who also posted on X and Blogger, accused Microsoft of breaking an agreement and “leaving me homeless,” vowing to dump code without detailed explanations.

In posts calling out the Microsoft Security Response Center (MSRC) and its leadership, the researcher thanked them “for making this possible,” and acknowledged the exploit “has a few bugs” that may be fixed later.

Microsoft said it supports coordinated vulnerability disclosure and investigates reported issues promptly, adding that video demonstrations are sometimes requested to assess impact but are not required. Some researchers contend MSRC’s processes have deteriorated. “MSRC used to be quite excellent to work with,” Dormann said, alleging staffing cuts and rigid triage have increased friction for reporters.

Enterprises now face an unpatched local privilege escalation affecting a widely deployed, SYSTEM-privileged component. Defenders are urging immediate hardening and monitoring: restrict execution from user-writable paths via WDAC/AppLocker, watch for junction/symlink creation and anomalous activity by msmpeng.exe, and prepare for behavior-focused detection as attackers spin up polymorphic variants. A fix from Microsoft is pending.

123...267Page 1 of 267