Notices by Kim Zetter (kimzetter@infosec.exchange)

The mystery around a cyberattack against Venezuela's state-run oil company last December deepens with the discovery this week of a "highly destructive" wiper that may have been used in the attack. Previous reports had indicated that the December attack was a ransomware incident. But the wipr found this week was compiled last September, and hard-coded into it is the domain for Petróleos de Venezuela (PDVSA) , the state-run oil company. The hard-coded domain means the attackers had designed their precision weapon to only destroy data on the oil company's systems, not on any other system outside the company's domain. My story is below. Please consider becoming a paid subscriber if you like my work.

https://www.zetter-zeroday.com/hwiper-targeting-venezuelas-state-oil-company-discovered/

Iranian hacktivists hit US medical device maker Stryker with a "severe" attack that wiped systems and shut down global operations for the company. The hacktivist group, Handala, claim they hit the company in retaliation for the US bombing of a girls' school in Iran and that they struck more than 200,000 of Stryker's servers, systems and devices and remotely wiped many of them. https://www.zetter-zeroday.com/iranian-hacktivists-strike-medical-device-maker-stryker-in-severe-attack-that-wiped-systems/

When a hacker who goes by the names "Waifu" and "Judische" began posting death threats against security researcher Allison Nixon, she had no idea why he targeted her. So she set out to unmask him. The quest led her to uncover the identity of Connor Riley Moucka, a 25-yr-old Canadian who was ringleader of the infamous Snowflake/AT&T hacks as well as Cameron John Wagenius (aka Kiberphant0m
online), an active-duty US Army soldier, who both were arrested. Here's my story, as well as a free link below that.

https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

https://archive.is/20260216131016/https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

The Booz Allen tech contractor behind Treasury Department's unprecedented decision yesterday to cancel all 31 of its contracts with the consulting firm, took the job with Booz Allen - much like Edward Snowden before him - specifically to get access to IRS tax records of President Trump and leak them. And not only Trump's records, he stole the tax records of more than 400,000 other individual and corporate taxpayers -- leaking some of these to the media as well. All of this contributed to the Treasury decision yesterday. https://www.zetter-zeroday.com/booz-allen-tech-contractor-took-irs-job-specifically-to-leak-trumps-tax-records/

Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial."

https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/

Tile device-finding tags, unlike Apple/Google tags, broadcast their MAC address and unique ID unencrypted, letting stalkers, Tile or law enforcement track people/items, per new study done by security researchers. Tile stores all of this location information in a database on its servers. The tag's anti-theft mode also undoes its anti-stalking protection - making any tag put in anti-theft mode invisible to someone doing a scan to detect rogue tags being used to stalk them. My story for Wired:

https://www.wired.com/story/tile-tracking-tags-can-be-exploited-by-tech-savvy-stalkers-researchers-say/

Posting this because the email address is so ridiculous (and yet people probably clicked on it anyway). WSJ published a story yesterday about hackers from China posing as House committee chair Rep. John Moolenaar to send a phishing email to trade groups, law firms and U.S. government agencies. I got hold of the email and the sender address is: johnmoolenaar.mail.house.gov@zohomail.com

https://www.wsj.com/politics/national-security/china-trade-talks-spy-5c4801ca

Two years ago when researchers found and publicly exposed an intentional backdoor in a TETRA encryption algorithm used to secure radio communications for police/military/intel agencies around the world -- the algorithm involved a key advertised as one strength but secretly reduced to 32 bits -- the European organization that produced the algorithm told users that to secure their communications they could deploy an end-to-end encryption solution on top of the backdoor'd algorithm. Now the same researchers say they found a security problem with the end-to-end solution as well -- another reduced key. Here's my story for Wired:

https://www.wired.com/story/encryption-made-for-police-and-military-radios-may-be-easily-cracked-researchers-find/

The UAE has been trying to recruit Pentagon workers displaced by DOGE to move to Abu Dhabi to work on AI for the UAE's military. A UAE brigadier general met last month with two former staffers of the Defense Digital Service who have worked on US classified projects and tried to recruit them and their entire DDS team to move to Abu Dhabi. The general was apparently given permission by the Pentagon to recruit the members of Defense Digital Service -- who resigned enmasse from their jobs last month due to DOGE --- despite warnings last year from US spy agencies and federal lawmakers that the UAE could share AI tech with China and despite the UAE's disturbing history of recruitment of US workers. Remember Dark Matter when the UAE recruited former NSA operators/analysts to work on cybersecurity jobs only to have them help UAE spy agencies hack other nations, members of the royal family and dissidents and journalists? One of the people from the UAE who assisted with the recruiting of DDS workers has ties to Dark Matter. Here's my story:

https://www.zetter-zeroday.com/uae-recruiting-us-personnel-displaced-by-doge-to-work-on-ai-for-its-military/

Chris Krebs has quit his job at SentinalOne to launch a legal and public relations fight against Trump and the presidential memo Trump he signed against Krebs last week. "Krebs said he understood why some have kept a low profile and tried not to further anger the president. But he said he disagreed with that approach. "I don’t think this lay-low-and-hope-this-blows-over approach is the right one for the moment we’re in."

Miles Taylor who was also targeted by Trump said "the memos targeting him and Krebs were 'punishment for dissent' and that he too planned to fight back.... 'How we respond will set the tone inevitably for how others targeted by these EOs decide to respond.”

https://www.wsj.com/politics/policy/chris-krebs-trump-cybersecurity-executive-action-31cb99cb

Two seemingly blockbuster stories published on Friday that reported that the Trump admin had ordered US Cyber Command and CISA to "stand down" on their work to detect and counter Russian cyber threats. But new info has come out to contradict the stories or qualify them. I dug into what we know and don't know. As always, if anyone has any additional information related to these stories, please contact me on Signal at KimZ.42.

https://www.zetter-zeroday.com/did-trump-admin-order-u-s-cyber-command-and-cisa-to-stand-down-on-russia/

The National Science Foundation fired nearly 170 workers this morning in Zoom call. This included workers who had already cleared their one-year probationary period only to have it changed to two years earlier this month, putting them in line for termination. It also included at-will permanent workers -- the latter were not among those designated for firing by the Trump administration; instead NSF decided on its own to eliminate them. Here's my story:
https://www.wired.com/story/national-science-foundation-february-2025-firings/

DHS fired more than 400 employees today, including 130 people from CISA. If you work or worked for CISA or have information about what's going on there, you can reach me on Signal at KimZ.42

https://abcnews.go.com/Politics/dhs-cuts-405-employees-workforce/story?id=118847047

Have tips? Story ideas? Something you think I should know about?

Reach me on Signal at KimZ.42

I cover cybersecurity and national security, writing about: nation-state hacking, espionage, cyber warfare, cybercrime, and policy. I don't write about companies - unless they've done something wrong.

In a first-ever report from the intelligence community, the US government has revealed that it disclosed 39 zero day vulnerabilities to vendors/public to be patched rather than keep them for NSA/CIA/FBI to exploit in hacking operations. The report, however, doesn't say how many zero days the gov discovered in 2023 that it kept to exploit. And ten of the 39 it did disclose that year, it had already kept secret for an unknown number of years to exploit before deciding to disclose them in 2023. Here's my story: https://www.zetter-zeroday.com/u-s-government-disclosed-39-zero-day-vulnerabilities-in-2023-per-first-ever-report/

Last month as drones over NY/NJ made headlines, a radiation-monitoring site reported spikes in radiation in NY, seemingly supporting a theory that the drones were tracking a dirty bomb on the loose there. Only the spikes were fake. I wrote about how the fake info got reported and how it spread on social media

https://www.zetter-zeroday.com/anatomy-of-a-nuclear-scare/

New law in Belgium allows "ethical" hackers to hack Belgian companies without their permission. The law requires hackers to report any vulnerabilities they find within 72 hours of discovering them. "You can't just test the security of a system and then say nothing about it afterwards."

Hackers also are prohibited from asking for a bounty "otherwise it is the same principle as asking for a ransom."

"There are more than 3,000 ethical hackers in Belgium. They will be able to see whether the data of an average citizen is properly secured. If the government comes up with a corona app, ethical hackers can now legally test it."

https://www-vrt-be.translate.goog/vrtnws/nl/2023/02/14/ethische-hackers-mogen-meer-door-nieuwe-wet/?_x_tr_sl=fr&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp