Skip Navigation

Homeland Security News

A collection of open-source homeland security and terrorism news from around the world.
Keyword: cyber threats

An indictment was unsealed in New York today charging two Iranian nationals for their involvement in a cyber-enabled campaign to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord, in connection with the 2020 U.S. presidential election.

According to court documents, Seyyed Mohammad Hosein Musa Kazemi (سید محمد حسین موسی کاظمی), aka Mohammad Hosein Musa Kazem, aka Hosein Zamani, 24, and Sajjad Kashian (سجاد کاشیان), aka Kiarash Nabavi, 27, both of Iran, obtained confidential U.S. voter information from at least one state election website; sent threatening email messages to intimidate and interfere with voters; created and disseminated a video containing disinformation about purported election infrastructure vulnerabilities; attempted to access, without authorization, several states’ voting-related websites; and successfully gained unauthorized access to a U.S. media company’s computer network that, if not for successful FBI and victim company efforts to mitigate, would have provided the conspirators another vehicle to disseminate false claims after the election.

“This indictment details how two Iran-based actors waged a targeted, coordinated campaign to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “The allegations illustrate how foreign disinformation campaigns operate and seek to influence the American public. The Department is committed to exposing and disrupting malign foreign influence efforts using all available tools, including criminal charges.”

Read more: Department of Justice

The Los Angeles Police Department says they’ve linked a Northeast Ohio teen to more than 30 nationwide bomb threats and prank calls made to emergency services, also known as swatting.

Police say the group that operates on the Discord chat platform online consists of three teens between the ages of 13 and 16 residing in Medina, Ohio; Yonkers, New York and a US citizen living overseas in the country of Cyprus.

The investigation shows they were allegedly using advanced software, overseas servers, and privacy tools to hide their electronic trail in two incidents in September, one incident in August and 30 other incidents dating back to July 2020.

This group is also connected to the bomb threat at Highland High School in Medina County in October 2020, according to the Medina County Sheriff’s Office.

Read more: WTRF (WV/OH)

The U.S. Justice Department charged a Ukraine national and a Russian in one of the worst ransomware attacks against American targets, court filings showed on Monday.

The latest U.S. actions follow a slew of measures taken to combat a surge in ransomware that has struck several big companies, including an attack on the largest fuel pipeline in the United States that crippled fuel delivery for several days.

An indictment accused Ukrainian Yaroslav Vasinskyi, who was arrested in Poland last month, of breaking into Florida software provider Kaseya over the July 4 weekend.

From there, he and accomplices simultaneously distributed REvil ransomware to as many as 1,500 Kaseya customers, encrypting their data and forcing some to shut down for days, it said.

Read more: Reuters

The ransomware group REvil was itself hacked and forced offline this week by a multi-country operation, according to three private sector cyber experts working with the United States and one former official.

The Russian-led criminal gang was responsible for a May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the U.S. East Coast. REvil’s “Happy Blog” website, which had been used to leak victim data and extort companies, is no longer available.

Officials said the Colonial attack used encryption software called DarkSide, which was developed by REvil associates.

VMWare head of cybersecurity strategy Tom Kellerman said law enforcement and intelligence personnel stopped the group from victimizing additional companies.

Read more: NBC News

Sinclair Broadcast Group, which owns almost 300 stations across the country and provides local news services, was the victim of a ransomware attack over the weekend, the company announced in a Securities and Exchange Commission filing on Monday.

"On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware, and that certain office and operational networks were disrupted," the filing says. "Data also was taken from the Company's network. The Company is working to determine what information the data contained and will take other actions as appropriate based on its review."

Read more: ABC News