The cyber actor played a role in the Treasury breach as well as attacks on critical infrastructure, linked to China-backed advanced persistent threat (APT) group Salt Typhoon.

Source: Trek and Shoot via Alamy Stock Photo

NEWS BRIEF

The Department of the Treasury's Office of Foreign Assets Control (OFAC) announced that it is sanctioning Yin Kecheng, a cyber actor based in Shanghai, who was involved in the recent breach that compromised the Department of Treasury's network.

The OFAC is also sanctioning Sichuan Juxinhe Network Technology, a cybersecurity company based in Sichuan involved with Salt Typhoon, a Chinese state-backed cybercriminal group that has compromised major US telecommunications companies and ISPs.

These designations are just the latest in a series of moves made by the Treasury in an effort to combat malicious cyber activity by the People's Republic of China (PRC) and PRC-backed actors. Previously sanctioned groups include Integrity Technology Group, for its association with Flax Typhoon activity, Sichuan Silence Information Technology, and Wuhan Xiaoruizhi Science and Technology.

"The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government, including those who have targeted the Treasury Department specifically," said Adewale Adeyemo, deputy secretary of the Treasury Department.

The US Department of State's Rewards for Justice program is offering up to $10 million for any information leading to identifying or locating any person who engages in malicious cyber activities against US critical infrastructure under the direction of a foreign government. 

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

US Sanctions Chinese Hacker &amp; Firm for Treasury, Critical Infrastructure Breaches

As LLMs broaden access to hacking and diversify attack strategies, understanding the thought processes behind these innovations will be vital for bolstering IT defenses.

COMMENTARY

Hacking is innovation in its purest form. Like any other innovation, a successful hack requires developing a creative solution to the scenario at hand and then effectively implementing that solution. As technologies facilitate implementation, successfully preventing a hack (that is, blue teaming) or simulating an attack to test defenses (red teaming) will require a better understanding of how adversaries generate creative ideas.

In the 1990s, many organizations and vendors did not sufficiently prioritize security when designing systems. As a result, finding solutions to bypass their security measures took hackers relatively little time. The problem was that while many hackers could imagine attacks that would bypass these rudimentary security measures, few had the technical skills to implement those attacks. For instance, while hacking enthusiasts theoretically understood how to abuse vulnerabilities in insecure network protocols, most lacked the technical skills necessary to write a raw socket library to do so. The bottleneck was implementation.

Over the next two decades, automated tools were developed for almost every generalized attack pattern. Suddenly, the complicated solutions that a '90s hacker could only imagine but lacked the programming capability to execute became possible with the click of a button for anyone. While some attacks still require technical skills, today it is possible to hack by creatively chaining together the abundant functions of various automated hacking tools (e.g., Metasploit, Burp Suite, Mimikatz) to penetrate the system's cracks.

Similarly, it is easy to find help, such as Copilot apps and software developers on freelancing platforms, to write specific functions required to implement an attack. In other words, with the advent of new tools and platforms, the emphasis in a successful hack has been shifting from implementation (that is, being able to write the code for the attack you imagine) to creativity (being able to imagine a novel attack). Now, the advent of large language models (LLMs) with growing inventive capabilities means that pure creativity — rather than bottlenecks in technical capability — will drive the next era of hacking.

**A New Breed of Hackers**

How will this new breed of hackers differ in terms of how they devise new cyberattacks? In many cases, this creativity will take the form of designing a novel prompt, as implementation will increasingly happen through LLMs and their various plug-ins (for instance, Anthropic's Claude 3.5 Sonnet model can already use computers). Most importantly, because many of them will not have a background in computer science, their reasoning will build on ideas and solutions from different domains — also known as analogical transfer. Many fighters in history designed novel martial arts by drawing inspiration from the behaviors of different animals. In a similar vein, a recently developed side-channel attack uses signals from wireless devices in a building to map the bodies of the people inside (analogous to how bats use echolocation to find their prey). Research has also found that information can be stolen even from air-gapped systems not connected to the Internet by examining the electromagnetic wave patterns emitted by a screen's cable or by analyzing the acoustic sound patterns of the screen itself to reconstruct the contents displayed on the computer's screen (perhaps analogous to reconstructing the recent history of a black hole by analyzing faint remnant signals in the form of Hawking radiation).

It's likely that novel prompts making similar analogies will lead to creative uses of LLMs in devising new and unexpected attack patterns. They may draw inspiration from famous battles, chess games, or business strategies, resulting in novel attack patterns or techniques. This also means that successfully preventing such attacks or emulating them for red-teaming purposes will require using research methods from behavioral sciences — such as marketing — to extrapolate common or uncommon prompts an attacker might try.

Research into potential prompts for designing an attack can take various forms. Traditional research methods, such as idea generation experiments, surveys, and in-depth interviews, can provide insights into common and uncommon prompts people may consider. Additionally, research from search engines and social media platforms may offer ideas about common combinations of knowledge (for instance, market basket analysis), which can be valuable for estimating potential analogies that people interested in hacking may be more likely to generate. Finally, crowdsourcing-based research, such as hacking challenges, will again be an asset, but the focus will be not only on the attack but also on the prompts used to develop that attack. Prompts that result in novel attacks are likely to be regularly utilized by both blue and red teams, much like Google Dorks are employed today.

As LLMs broaden access to hacking and diversify attack strategies, understanding the thought processes behind these innovations will be vital for bolstering IT defenses. Insights from behavioral sciences like marketing will play a key role in achieving this goal.

**About the Authors**

Reader (Associate Professor) in Digital Innovation and Information Security, King's College London

Aybars Tuncdogan is a reader (associate professor) in digital innovation and information security at King’s College London. He is also a research affiliate of the King’s AI Institute and a member of both the Cybersecurity Research Centre (King’s Informatics Department) and the Cyber Security Research Group (King’s War Studies Department). 

Professor of Marketing & Innovation, King's College London

Oguz A. Acar is a professor of marketing and innovation and head of generative AI at King's Business School, King's College London. He is also a research affiliate at Laboratory of Innovation Science at Harvard University and an expert at World Economic Forum.

Leveraging Behavioral Insights to Counter LLM-Enabled Hacking

A highly targeted cyber-intelligence campaign adds fuel to the increasingly complex relationship between the two former Soviet states.

Source: Daniren via Alamy Stock Photo

A suspected Russia-nexus threat actor has been executing convincing spear phishing attacks against diplomatic entities in Kazakhstan.

UAC-0063, active since at least 2021, was first documented by Ukraine's Computer Emergency Response Team (CERT-UA) in 2023. With medium confidence, CERT-UA tied it to APT28 (aka Fancy Bear, Forest Blizzard, Strontium, Sofacy), from the General Staff Main Intelligence Directorate (GRU) Military Unit 26165. APT28 is best known for its high-profile attacks against Western governments: the Democratic National Committee (DNC) hack of 2016, campaigns against parliamentary bodies in Germany, Norway, and the Netherlands, and much more.

UAC-0063, specifically, has used cyber operations to collect intelligence from government entities, nongovernmental organizations (NGOs), academic institutions, and energy and defense organizations in Eastern Europe — most notably Ukraine — as well as Central Asia, including Kazakhstan, Kyrgyzstan, Tajikistan, and other countries in the vicinity, including Israel and India.

Its latest ongoing campaign, which, in a blog post, researchers from Sekoia date back to at least 2022, may fold into a broader effort by Vladimir Putin's government to gain strategic insights into, and advantage over, a former Soviet state that has sought to broaden its diplomatic horizons in recent years.

**Phishing Kazakh Diplomats**

On Oct. 16, 2024 — one month after it'd been deployed in the wild — researchers spotted a diplomatic document uploaded to VirusTotal. It appeared to be a legitimate draft of a joint declaration between the chancellor of Germany and heads of Central Asian countries.

"The first step, when you open this document, is that it asks you to enable macros," recalls Amaury Garçon, cyber threat intelligence (CTI) analyst at Sekoia Threat Detection & Research (TDR), adding that the document was obscured by "shapes" at first sight. "Some phishing documents look really ugly or have a bad shape \[at first\] — they prompt the user to enable macros, because if you don't enable macros you can't write text in the document, can't move images, etc.," he notes.

Clicking "enable" would trigger various malicious, unseen commands on a target device. While the user was made privy to the full, unadulterated lure document, in the background their security settings would be downgraded so as to remove the need for future "enable macros" prompts. Next a second, blank document was created and opened by a hidden instance of Microsoft Word. The Visual Basic (VB) code associated with this hidden document — now enabled by default, of course — dropped and executed a malicious HTML application (HTA) containing a backdoor named "HatVibe."

The purpose of HatVibe is to receive and execute code from a remote server. Though Sekoia couldn't identify the payloads associated with this phishing campaign, CERT-UA has previously observed HatVibe downloading and executing a more complex Python backdoor named "CherrySpy."

**What This Means for Kazakhstan and Russia**

Six weeks after researchers spotted the first VirusTotal upload associated with this campaign, on Nov. 27, Putin went on a two-day state visit to the country he deemed Russia's "true ally," Kazakhstan. He and Kazakhstan's president, Kassym-Jomart Tokayev, used the opportunity afforded by the Collective Security Treaty Organization (CSTO) summit to discuss various areas for economic partnership — particularly around the energy sector — and signed agreements over energy, education, and transportation.

"Central Asia is a real point of interest for Russian influence," Maxime Arquillière, senior CTI analyst at Sekoia TDR explains. "We know that Kazakhstan is a close ally, but since the beginning of the Ukraine war, Kazakhstan has distanced itself a little bit from Russia, trying to develop new connections with both Western states and also China."

Kazakhstan's centrality in the Asian continent positions it nicely as a trade bridge between China and Europe, particularly while Ukraine and Russia are consumed by war. And as Sekoia notes in its blog, the country's gradually broadening geopolitical ties are evident in recent agreements with Mongolia and Afghanistan's new Taliban government, and, most notably, its balanced position on the war in Ukraine — supporting Ukraine's right to territorial integrity without outright condemning Russia's invasion.

This latest cyber campaign, then, fits neatly into Russia's broader initiatives with regard to its Central Asian neighbor. Sekoia identified 11 lure documents in all, each one legitimate and likely having originated with Kazakhstan's Ministry of Foreign Affairs, pertaining to diplomatic business between Kazakhstan and potential partner nations.

Exactly how the threat actor obtained these documents is not known. They include, for example:

*   Letters from Kazakhstan's embassies in Afghanistan and Belgium, regarding diplomatic and economic developments.
    
*   A draft of a joint statement between Germany and Central Asian states, following a Sept. 16, 2024, summit in Astana.
    
*   Administrative reports and briefings on the Kazakh president's visits to Mongolia and New York.
    

"It's really coherent with the \[need for\] Russian intelligence to conduct this kind of cyber espionage, to know about the strategic interests between Kazakhstan and European states," Arquillière says.

**About the Author**

Nate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."

Russian APT Phishes Kazakh Gov't for Strategic Intel

New order mandates securing the federal software supply chain and communications networks, as well as deploying AI tools to protect critical infrastructure from cyberattacks — but will the Trump administration follow through?

Source: UPI via Alamy Stock Photo

As President Biden prepares to hand over the government to the incoming Trump administration, he has issued a new cybersecurity executive order (EO) outlining an aggressive cyber-defense plan for today's most dangerous national cyber threats — including China, and rampant software supply chain vulnerabilities across government and the private sector.

Sweeping and ambitious, the EO reads like a detailed US cybersecurity status report from the Biden administration, focused on laying groundwork for the incoming team. And with threats on the rise across the world, party affiliation and partisan predilections aside, America and Americans' cybersecurity relies on a smooth handoff from Biden to Trump, experts say.

The signs are positive so far. The order is a reflection of a forthright and responsible transition to the Trump administration, according to Tom Cross, a cybersecurity strategist at WitFoo.

"Cybersecurity is not a partisan issue — everyone in the United States has a shared interest in protecting our nation against foreign cyber threats, such as spying and network disruption," Cross wrote in a statement responding to the new Biden cybersecurity executive order. "By issuing this EO now, the Biden administration is able to put its best thinking on these topics in motion, giving the Trump administration time to put new leaders in place and develop its strategy going forward.”

The EO is a bookend to Biden's 2021 cybersecurity executive order, issued early in his term, and reflects a country plagued by a new set of geopolitical adversaries armed with increasingly sophisticated technology, including generative artificial intelligence (GenAI).

The order acknowledges the brazen rise in malicious cyber activity from China, including breaches of the US Treasury and at least nine telecommunications networks in a vast espionage operation carried out by Salt Typhoon and other advanced persistent threats (APTs) sponsored by the Chinese government. While the EO only covers federal agencies, the Biden administration has long used federal cybersecurity policies and resources as a way to push the private sector into adopting more secure standards in turn.

"The Biden administration’s latest cyber executive order is focused on securing critical infrastructure, adopting AI for defense, and transitioning to post-quantum cryptography with an ambitious agenda," Andrew Borene, executive director of global security for Flashpoint and a former Office of the Director of National Intelligence (ODNI) senior official, tells Dark Reading. "However, the real power of this executive order may lie in its ability to institutionalize some best practices as American multinational businesses and government agencies face a new Cold War's dangerous digital environment."

**Securing the Federal Software Supply Chain, Cloud, Space**

Biden's latest EO starts with the federal software supply chain, mandating that agencies develop secure software acquisition standards and only do business with software vendors that can attest to secure development practices and provide evidence of compliance with those standards. Within the next 60 days, a consortium is ordered to be convened, including the cecretary of commerce and National Institute of Standards and Technology (NIST) officials, to develop those standards, which will include practices, procedures, controls, and implementation examples, according to the EO.

Federal agencies were also ordered to implement NIST supply chain risk management practices. The Cybersecurity and Infrastructure Security Agency (CISA) and the General Services Administration (GSA) will evaluate how to securely manage open source software inside federal networks.

Biden's order additionally addresses emerging attack surfaces across the federal government, including cloud and space/satellite systems, and calls for the implementation of identity and access management (IAM) practices across agencies.

On the cloud front, the order mandates that FedRAMP marketplace service providers such as Google or Amazon provide federal agencies with recommendations on cloud configuration.

"I am particularly happy to see that cloud providers will be required to publish information to clients on how to operate securely," Chris Hauk, consumer privacy champion at Pixel Privacy, wrote in a statement. "Too many data breaches have been due to misconfigured cloud data buckets, many times leaving the data stored in those buckets open to anyone with an Internet connection and a little bit of knowledge."

Space systems meanwhile are ordered to receive continuous analysis to ensure US systems are keeping up with the latest threats, the EO explained.

"As cybersecurity threats to space systems increase, these systems and their supporting digital infrastructure must be designed to adapt to evolving cybersecurity threats and operate in contested environments," the EO reads. "In light of the pivotal role space systems play in global critical infrastructure and communications resilience, and to further protect space systems and the supporting digital infrastructure vital to our national security, including our economic security, agencies shall take steps to continually verify that federal space systems have the requisite cybersecurity capabilities through actions including continuous assessments, testing, exercises, and modeling and simulation."

**Securing Federal Communications**

China's espionage activities have highlighted the need to secure federal communications networks, according to the EO. The Biden administration thus has established guidelines for shoring up communications network cybersecurity, including implementing identity controls, encrypting DNS traffic, and encrypting all emails, voice, video, and messaging.

Regarding cryptography, the Biden EO said new rules for protecting and auditing cryptographic keys will be developed by NIST. Further, agencies should require post-quantum cryptography, where applicable, the EO states.

These cryptography and authentication controls requirements are also applicable to other critical national security systems, Flashpoint's Borene points out.

"From energy grids to satellites, the directive emphasizes the need to secure the systems that underpin our national security and daily life," he adds. "The push for universal encryption and authentication protocols is particularly timely, given the frequency and scale of recent attacks."

**Unleashing AI to Secure Critical Infrastructure**

Artificial Intelligence must be deployed to protect US critical infrastructure from cyberattack, according to the Biden EO. The order establishes a program to explore the use of AI to bolster US cyber defenses and push for additional research.

And indeed, AI will place an increasing role in protecting the US from cyberattacks in the future, according to Christian Geyer, CEO and founder of Actfore.

"While it's crucial to recognize the expanding attack surface that AI may bring, we can be optimistic about the incredible potential it holds for enhancing security and efficiency," Geyer wrote in a statement. "The main challenge lies in navigating the complexities of government processes, but with the right approach, these challenges can be overcome, ensuring that technology initiatives are both effective and secure."

Ransomware and the development of digital identification for secure online transactions are also included in the Biden administration's cybersecurity wish list.

The EO is clearly comprehensive and wide-ranging. But without buy-in from Trump's cyber team, many of the EO's efforts could be stymied, researchers warn. It's unclear for now how it will go.

The Trump administration has already signaled a distaste for regulation, and put it into practice throughout Trump's first term, according to Coleman Mehta, head of global public policy and strategy at Infoblox. Yet, he was willing to build on previous cybersecurity policies from the Obama administration.

"Similarly, President Biden often built on policies set by Trump," Mehta tells Dark Reading. "The fundamentals of that continuity should stay the same; focus on the threat from Chinese cyber adversaries, strengthen supply chain security, and continue to build public-private collaboration."

During his recent Senate confirmation hearings for secretary of state, Sen. Marco Rubio (R-Fla.) indicated an interest in seeing policy changes that address the global cyber supply chain threat, Flashpoint's Borene points out.

"Looking ahead, the new administration inherits a world of rapidly escalating state threats from adversaries like China, Russia, Iran, along with a growing network of cyber proxies and even transnational criminal extortion groups," Borene says. "A well-executed handoff of some of the executive order’s provisions could bolster US cyber defenses at a time when proactive information security has never been more critical."

Biden's Cybersecurity EO Leaves Trump a Comprehensive Blueprint for Defense

PRESS RELEASE

BRENTWOOD, Tenn., Jan. 14, 2025 /PRNewswire/ -- Fortified Health Security (Fortified), a Best in KLAS managed security services provider (MSSP) specializing in healthcare cybersecurity, today released the 2025 Horizon Report, a semiannual publication on cybersecurity news, trends, guidance and solutions for healthcare organizations.

Analyzing data from the Office for Civil Rights (OCR), the Horizon Report has served as a free resource for healthcare professionals since 2017. The 2025 edition includes contributions from experts—including internationally recognized cybersecurity expert Paul Connelly—on solutions for some of the acute cybersecurity issues facing healthcare organizations today. These include budget and talent challenges, the growing role of AI in hospitals, the evolution of threat actors and third-party risk management. 

"As we enter 2025, the healthcare sector will be confronted with a rise in cyberattacks, strict legislative regulations and the ongoing enhancement of AI, all while navigating financial pressures," wrote Dan Dodson, chief executive officer at Fortified, in the report. "There are no 'one-size-fits-all' answers to confronting these challenges. That is why collaboration is critical to safeguarding cybersecurity risks."

The report also provides important data breach statistics, building on those published in Fortified's mid-year report last summer. Key insights from the report include:

*   The total number of patient records exposed in 2024 rose 9%, from 168 million to 183 million
    
*   Business Associates accounted for a smaller percentage of cyber attacks in 2024 than the year prior, yet these attacks comprised 67% of total exposed patient records
    
*   Healthcare Clearing Houses saw an increase in cyber attacks of more than 2,000%, indicating growing vulnerability among entities that manage massive volumes of patient data
    
*   While network servers remained the most common breach location, phishing was reinforced as a go-to tactic for threat actors, with email breaches growing by 18% in 2024
    

"2024 was a challenging year for cybersecurity among healthcare organizations, with mega breaches like Change Healthcare—the largest ever reported in the United States—making national news and sending shockwaves through the healthcare industry," said Dodson. "With the Horizon Report, we aim to chart a path forward for healthcare organizations by gathering the latest expert insights and best practices for cyber resilience."

The full report is available for download here.

About Fortified Health Security   
Fortified is Healthcare's Cybersecurity Partner® – protecting patient data and reducing risk throughout the healthcare ecosystem. A managed security service provider that has been awarded numerous industry accolades, Fortified works alongside healthcare organizations to build customized programs that help clients leverage their prior security investments and current processes while implementing new solutions that reduce risk and increase their security posture over time. Led by a team of industry-recognized cyber experts, Fortified's high-touch engagements and client-specific process maximize value and deliver an actionable, scalable approach to help reduce the risk of cyber events. To learn more, visit www.fortifiedhealthsecurity.com.

You May Also Like

183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cybersecurity Report

PRESS RELEASE

SALT LAKE CITY — January 13, 2025 — Ivanti, the software company that breaks down barriers between IT and security so that Everywhere Work can thrive, has appointed seasoned tech leader, Karl Triebes, as Chief Product Officer. In his new role, Triebes will focus on ensuring that Ivanti’s product strategy aligns with the company’s long-term goals, drives innovation, and enhances customer satisfaction.

Triebes’ appointment comes at a pivotal time for Ivanti, as the company continues to expand its footprint in the IT management and security landscape. His extensive experience and visionary approach are expected to ensure the company remains at the forefront of delivering high-quality technology solutions.

“I am thrilled to join Ivanti at such an exciting time in the company’s journey,” said Karl Triebes. “Ivanti's commitment to innovation and customer-centric approach align perfectly with my vision for product development. I look forward to working with the talented team at Ivanti to drive our product strategy forward, enhance our engineering capabilities, and deliver exceptional solutions to our customers.”

He joins Ivanti with over 30 years of extensive experience in technology leadership and product development. Throughout his career, Karl has held pivotal roles in several high-profile technology companies such as F5, Amazon and Imperva. In these positions, he has consistently demonstrated a strong prowess in engineering, product strategy, and driving business growth. His seasoned leadership and innovative vision have been instrumental in advancing technology solutions and enhancing product portfolios.

His strategic oversight will ensure that Ivanti’s products not only meet but exceed the expectations of customers, driving sustained business growth and solidifying Ivanti’s position as a leader in the industry.

“Customer satisfaction is at the heart of everything we do,” Triebes added. “By focusing on innovation and maintaining a customer-centric approach, we can develop products that not only solve current challenges but also anticipate future needs. I am eager to lead Ivanti in this direction and contribute to the company’s continued success.”

Ivanti’s CEO, Dennis Kozak, stated, “We are delighted to welcome Karl to the Ivanti team. His extensive experience and proven track record in technology leadership make him the perfect fit for our organization. We are confident that under his guidance, Ivanti will continue to innovate and deliver exceptional solutions to our customers.”

About Ivanti

Ivanti breaks down barriers between IT and security so that Everywhere Work can thrive. Ivanti has created the first purpose-built technology platform for CIOs and CISOs – giving IT and security teams comprehensive software solutions that scale with their organizations’ needs to enable, secure and elevate employees' experiences. The Ivanti platform is powered by Ivanti Neurons - a cloud-scale, intelligent hyper automation layer that enables proactive healing, user-friendly security across the organization, and provides an employee experience that delights users. Over 35,000 customers, including 85 of the Fortune 100, have chosen Ivanti to meet challenges head-on with its end-to-end solutions. At Ivanti, we strive to create an environment where all perspectives are heard, respected and valued and are committed to a more sustainable future for our customers, partners, employees and the planet. For more information, visit www.ivanti.com and follow @GoIvanti.

Karl Triebes Joins Ivanti as Chief Product Officer

PRESS RELEASE

Today, CISA — along with U.S. and international partners — released joint guidance Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. As part of CISA’s Secure by Demand series, this guidance focuses on helping customers identify manufacturers dedicated to continuous improvement and achieving a better cost balance, as well as how Operational Technology (OT) owners and operators should integrate secure by design elements into their procurement process.

Critical infrastructure and industrial control systems are prime targets for cyberattacks. The authoring agencies warn that threat actors, when compromising OT components, target specific OT products rather than specific organizations. Many OT products are not designed and developed with Secure by Design principles and often have easily exploited weaknesses. When procuring products, OT owners and operators should select products from manufacturers who prioritize security elements identified in this guidance.

For more information on questions to consider during procurement discussions, see CISA's Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem. To learn more about secure by design principles and practices, visit Secure by Design.

CISA and US and International Partners Publish Guidance for OT Owners and Operators

PRESS RELEASE

Riyadh, Saudi Arabia, Jan. 13, 2025 (GLOBE NEWSWIRE) -- SEALSQ Corp (NASDAQ: LAES) ("SEALSQ" or "Company"), a company specializing in Semiconductors, PKI, and Post-Quantum technology hardware and software products, today announced that in partnership with its parent company, WISeKey International Holding (“WISeKey”) (SIX: WIHN, NASDAQ: WKEY), is scaling its presence in Saudi Arabia to support the Kingdom’s digital transformation and cybersecurity advancements. Through their joint venture, WISeKey Arabia, in collaboration with the Juffali Group, SEALSQ and WISeKey aim to gradually introduce groundbreaking technology innovations tailored to Saudi Arabia’s unique needs.

In 2019, WISeKey Arabia, in partnership with the Juffali Group, a leading Saudi business conglomerate, is committed to fostering a secure digital ecosystem in alignment with Vision 2030. The collaboration focuses on providing state-of-the-art solutions, including Public Key Infrastructure (PKI), digital identity management, and IoT security, enhanced with SEALSQ’s quantum-resistant cryptographic technologies. This initiative ensures a robust foundation for Saudi businesses and government entities to thrive in an increasingly digital world.

Gradual Deployment of Cutting-Edge Technologies  
SEALSQ and WISeKey plan to gradually introduce innovative solutions to Saudi Arabia’s technology landscape, including advancements in satellite communication and IoT security through the WISeSat.Space ecosystem. WISeSat.Space, WISeKey’s pioneering low-power, secure satellite solution, enables real-time data processing for IoT devices in remote locations.

The system is designed to provide:

*   End-to-End Security: Utilizing quantum-resistant encryption to protect critical IoT data.
    
*   Cost-Efficiency: Reducing the barriers to satellite communication for businesses and government projects.
    
*   Scalability: Supporting diverse applications, including environmental monitoring, smart cities, and supply chain optimization.
    

WISeSat.Space’s integration into the Saudi market represents a strategic step in equipping local industries with the tools needed to excel in the Fourth Industrial Revolution.

Partnership with Hedera and The Hashgraph Association  
In addition to WISeSat.Space’s deployment, SEALSQ and WISeKey are collaborating with Hedera, leveraging its enterprise-grade distributed ledger for blockchain-based applications. These efforts align with The Hashgraph Association’s five-year partnership with the Saudi Ministry of Investment Association, which includes the launch of the $250M DeepTech Venture Studio. The DeepTech Venture Studio is designed to support startups operating within Saudi Arabia in areas such as blockchain, AI, IoT, robotics, and quantum computing.

Funded with $50M from The Hashgraph Association and $200M from the Saudi Ministry of Investment Association, the DeepTech Venture Studio provides significant opportunities for Saudi-based companies leveraging Hedera’s hashgraph network. WISeKey Arabia will serve as a trusted technology partner, empowering startups with secure and scalable solutions.

Aligning with Vision 2030  
WISeKey and SEALSQ’s plans align with Saudi Arabia’s Vision 2030, which emphasizes innovation, digital transformation, and economic diversification. The partnership supports key national initiatives, including the Centre for the Fourth Industrial Revolution (C4IR) Saudi Arabia and the Quantum Economy project, ensuring that the Kingdom remains a global leader in advanced technologies.

“Our commitment to Saudi Arabia extends beyond cybersecurity,” said Carlos Moreira, CEO of SEALSQ. “By introducing groundbreaking technologies like WISeSat and collaborating with key partners such as the Juffali Group, Hedera, and The Hashgraph Association, we aim to empower the Kingdom’s businesses and government with the tools they need to succeed in a rapidly evolving digital landscape.”

About SEALSQ:  
SEALSQ focuses on selling integrated solutions based on Semiconductors, PKI and Provisioning services, while developing Post-Quantum technology hardware and software products. Our solutions can be used in a variety of applications, from Multi-Factor Authentication tokens, Smart Energy, Smart Home Appliances, Medical and Healthcare and IT Network Infrastructure, to Automotive, Industrial Automation and Control Systems.

Post-Quantum Cryptography (PQC) refers to cryptographic methods that are secure against an attack by a quantum computer. As quantum computers become more powerful, they may be able to break many of the cryptographic methods that are currently used to protect sensitive information, such as RSA and Elliptic Curve Cryptography (ECC). PQC aims to develop new cryptographic methods that are secure against quantum attacks. For more information, please visit www.sealsq.com.

Forward-Looking Statements  
This communication expressly or implicitly contains certain forward-looking statements concerning SEALSQ Corp and its businesses. Forward-looking statements include statements regarding our business strategy, financial performance, results of operations, market data, events or developments that we expect or anticipates will occur in the future, as well as any other statements which are not historical facts. Although we believe that the expectations reflected in such forward-looking statements are reasonable, no assurance can be given that such expectations will prove to have been correct. These statements involve known and unknown risks and are based upon a number of assumptions and estimates which are inherently subject to significant uncertainties and contingencies, many of which are beyond our control. Actual results may differ materially from those expressed or implied by such forward-looking statements. Important factors that, in our view, could cause actual results to differ materially from those discussed in the forward-looking statements include the expected success of our technology strategy and solutions for IoMT Security for Medical and Healthcare sectors, SEALSQ's ability to implement its growth strategies, SEALSQ's ability to continue beneficial transactions with material parties, including a limited number of significant customers; market demand and semiconductor industry conditions; and the risks discussed in SEALSQ's filings with the SEC. Risks and uncertainties are further described in reports filed by SEALSQ with the SEC.

SEALSQ Corp is providing this communication as of this date and does not undertake to update any forward-looking statements contained herein as a result of new information, future events or otherwise.

SEALSQ in Cooperation With WISeKey Expands Post-Quantum Footprint in Saudi Arabia

The FTC claims that the Web hosting company's security failures led to several major breaches in the past few years.

Source: M4OS Photos via Alamy Stock Photo

NEWS BRIEF

Having found GoDaddy's security policies inadequate, the Federal Trade Commission (FTC) is requiring the Web hosting company to implement a more rigorous set of security practices.

According to the FTC's complaint, "GoDaddy has failed to implement reasonable and appropriate security measures to protect and monitor its website-hosting environments for security threats, and misled customers about the extent of its data security protections on its website hosting services" since 2018, the agency said in a statement.

The FTC found GoDaddy failed to manage assets and software updates, assess risks to shared hosting services, adequately log and monitor any security-related events, and segment its shared hosting from insecure environments.

These cybersecurity failures led to several security breaches between 2019 and 2022, where hackers were able to gain unauthorized access to customers' websites and data, putting consumers of these websites at risk, according to the FTC. 

All this while GoDaddy claimed on its websites, social media, and emails that it "deployed reasonable security and that it was in compliance with the EU-US and Swiss-US Privacy Shield Frameworks," ultimately misleading its customers.

Going forward, GoDaddy is required to establish and implement a comprehensive information-security program, and must hire an independent third-party to perform biennial reviews of its security program.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

FTC Orders GoDaddy to Fix Inadequate Security Practices

By staying vigilant, agile, and prepared, organizations can turn TDIR from a defensive strategy into a proactive enabler of security and operational excellence.

The digital era has revolutionized how businesses operate, bringing unprecedented opportunities and challenges. Among the most pressing challenges are the ever-growing and sophisticated cyber threats. From crippling ransomware attacks to insidious phishing campaigns, organizations face a mounting need to defend their digital assets effectively.

In this complex landscape, threat detection, investigation, and response (TDIR) has become a cornerstone of modern cybersecurity. Unlike traditional, siloed approaches, TDIR integrates advanced technologies, skilled professionals, and well-defined processes into a unified framework. This holistic strategy empowers organizations to anticipate, identify, and address threats swiftly, fortifying both their security posture and operational resilience.

**Threat Detection: The First Line of Defense**

Cybersecurity begins with visibility — the ability to identify anomalies before they evolve into full-blown incidents. Threat detection serves as a digital sentinel, continuously monitoring systems for suspicious activities or deviations from the norm.

Take, for example, an instance where an employee's account starts downloading large volumes of sensitive data during non-business hours. While this may appear routine, sophisticated detection tools like security information and event management (SIEM) or endpoint detection and response (EDR) systems can flag such behavior as potentially malicious. These tools analyze vast amounts of data in real-time, enabling security teams to prioritize and respond to critical alerts.

**Real-World Applications of Threat Detection**

*   Phishing attacks: A SIEM solution identifies multiple failed log-in attempts from international IP addresses, signaling a targeted phishing campaign.
    
*   Ransomware: EDR platforms detect unusual file encryption patterns, catching ransomware in its early stages.
    
*   Insider threats: User and entity behavior analytics (UEBA) uncover unauthorized attempts to access sensitive files, potentially indicating insider malfeasance.
    

**Investigation: Unveiling the Bigger Picture**

Detection alone is not enough. Once a potential threat is identified, the investigation phase provides the context necessary to understand its origin, scope, and potential impact. This process is akin to piecing together a digital jigsaw puzzle to form a coherent narrative of the attack.

**Case Study**

A supply chain attack compromises an organization's network via a vulnerable third-party vendor. An investigation reveals that attackers exploited outdated software in the vendor's systems to gain unauthorized access.

During this phase, security teams leverage tools such as extended detection and response (XDR) platforms to correlate events, validate alerts, and construct a detailed timeline of the incident.

**Key Techniques in Threat Investigation**

*   Root cause analysis: Identifying vulnerabilities such as unpatched software or weak passwords.
    
*   Event correlation: Connecting seemingly unrelated events, such as unusual file transfers and login attempts, to reveal a coordinated attack.
    
*   Threat intelligence integration: Enriching investigations with external threat data to understand attacker tactics and methodologies.
    

**Response: Neutralizing the Threat**

The final phase of TDIR is response — an organized effort to contain, mitigate, and recover from the threat. The success of this phase hinges on speed, precision, and collaboration across teams.

**Example Scenario**

A university detects a ransomware attack encrypting files across its network. The incident response team acts swiftly to isolate infected systems, restore critical data from secure backups, and patch vulnerabilities exploited by the attackers. Post-incident, the university implements enhanced email filtering and endpoint protection to prevent future attacks.

**Key Response Strategies**

*   Containment: Isolating affected accounts or systems to limit the threat's impact.
    
*   Remediation: Eliminating malicious code, closing security gaps, and strengthening defenses.
    
*   Recovery: Restoring normal operations through reliable backups while leveraging lessons learned to refine future response protocols.
    

**The Value of TDIR in Modern Cybersecurity**

Organizations that adopt a comprehensive TDIR framework gain a competitive edge in cybersecurity. Here are some of the key benefits:

*   Enhanced visibility: Continuous monitoring across endpoints, networks, and cloud environments ensures a clear understanding of the security landscape.
    
*   Faster response times: Automated workflows and well-defined playbooks reduce the time taken to address incidents, minimizing damage.
    
*   Cost savings: Early detection and efficient response mechanisms lower the financial and reputational costs of breaches.
    
*   Regulatory compliance: A robust TDIR framework supports adherence to compliance standards like GDPR, HIPAA, and CCPA by ensuring effective threat management.
    

**TDIR in Action: Learning From Real-World Scenarios**

*   Healthcare data breach: A hospital responds to a ransomware attack by isolating compromised systems, restoring data from secure backups, and enhancing access controls to prevent recurrence.
    
*   Retail supply chain attack: A retailer mitigates a breach caused by a third-party vendor by implementing stronger third-party risk management practices and network segmentation.
    
*   Insider threat in banking: A financial institution uncovers unauthorized actions by an employee, leading to immediate corrective measures and stricter privileged access management.
    

**Proactive Defense Through TDIR**

In today's threat-filled digital landscape, TDIR is not merely a cybersecurity option — it's an imperative. By adopting a proactive, unified approach, organizations can build resilience against a diverse array of threats, from phishing and ransomware to insider attacks.

TDIR's strength lies in its integration of advanced technology, human expertise, and strategic processes, enabling organizations to navigate the evolving cyber threat landscape with confidence. As the battle against cybercrime continues, those who embrace TDIR will not only safeguard their operations but also strengthen their reputations and ensure long-term resilience.

By staying vigilant, agile, and prepared, organizations can turn TDIR from a defensive strategy into a proactive enabler of security and operational excellence.

**About the Author**

Lead Engineer/IAM Architect, Paramount Global

Sameer Bhanushali is an experienced IAM Architect with more than 16 years of expertise in information security, identity and access management (IAM), cloud services, and system architecture. Recognized for his ability to lead end-to-end IAM initiatives, Sameer leverages cutting-edge technologies and industry best practices to design and implement tailored solutions for both on-premises and cloud environments.

Sameer has been instrumental in aligning technical strategies with organizational goals, optimizing system performance, and enhancing cybersecurity defenses throughout his career. His consultancy excellence across diverse sectors has consistently delivered scalable IAM solutions that drive business growth while ensuring robust security.

A holder of advanced IAM and cybersecurity certifications, Sameer excels in navigating complex cybersecurity challenges, strengthening security postures, and exploring innovative technologies to deliver transformative outcomes. His dedication to the field is reflected in his thought leadership and unwavering commitment to protecting sensitive information in an evolving threat landscape.

Source

DARKReading