CyberHappenings logo
☰
🏠 Home 📂 Browse ℹī¸ About

MS-ISAC funding set to expire, impacting state and local cybersecurity

First reported
Last updated
📰 1 unique sources, 1 articles

Summary

Hide ▲

The Multi-State Information Sharing and Analysis Center (MS-ISAC) faces funding expiration on September 30, 2025, due to federal budget cuts. This center is crucial for detecting and mitigating cyber threats targeting state and local governments. Without continued funding, MS-ISAC may start charging for its services, potentially leaving many state and local entities vulnerable to cyberattacks. The MS-ISAC detected over 40,000 potential cyberattacks and prevented more than 59,000 malware and ransomware attacks in 2024. It also blocked 5.4 million suspected malicious emails. The loss of federal funding will create significant vulnerabilities for rural and small communities that often lack the resources to manage cybersecurity threats independently.

Timeline

  1. 15.08.2025 00:26 📰 1 articles

    MS-ISAC funding set to expire on September 30, 2025

    The Multi-State Information Sharing and Analysis Center (MS-ISAC) faces funding expiration on September 30, 2025, due to federal budget cuts. This center is crucial for detecting and mitigating cyber threats targeting state and local governments. Without continued funding, MS-ISAC may start charging for its services, potentially leaving many state and local entities vulnerable to cyberattacks. The MS-ISAC detected over 40,000 potential cyberattacks and prevented more than 59,000 malware and ransomware attacks in 2024. It also blocked 5.4 million suspected malicious emails.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Iranian Homeland Justice Group Targets Global Embassies in Phishing Campaign

An Iranian-aligned group, Homeland Justice, has conducted a coordinated, multi-wave spear-phishing campaign targeting embassies and consulates in Europe and other regions. The campaign involves sending spear-phishing emails disguised as legitimate diplomatic communications to deploy malware. The phishing emails exploit geopolitical tensions and use compromised email accounts to send malicious Microsoft Word documents. The malware establishes persistence, contacts a command-and-control server, and harvests system information. The campaign is part of a broader regional espionage effort aimed at diplomatic and governmental entities during a time of heightened geopolitical tension. The campaign began on August 19, 2025, and targeted around four dozen embassies, consulates, and government ministries globally, as well as various international organizations. The campaign is assessed to have concluded shortly after it began, with the attackers' command-and-control infrastructure appearing inactive.

Open in new tab

Chinese State-Sponsored Actors Compromise Global Critical Infrastructure Networks

Chinese state-sponsored Advanced Persistent Threat (APT) actors, specifically the group known as Salt Typhoon, have been conducting a sustained campaign to gain long-term access to critical infrastructure networks worldwide. This campaign targets telecommunications, transportation, lodging, and military networks, exploiting vulnerabilities in routers and taking steps to evade detection and maintain persistent access. The Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, released a joint advisory detailing this ongoing malicious activity. The advisory provides actionable guidance and intelligence to help organizations defend against these sophisticated cyber threats. The advisory builds on previous reporting and incorporates updated threat intelligence from investigations conducted through August 2025, reflecting overlapping indicators with industry reporting on various Chinese state-sponsored threat groups. Salt Typhoon has been active since at least 2019, targeting at least 600 organizations, including 200 in the U.S., and 80 countries. The Czech Republic's National Cyber and Information Security Agency (NUKIB) issued a warning about data transfers to China, highlighting concerns over the transfer of system and user data to the PRC and the remote administration of technical assets. The Czech government previously accused China of targeting its critical infrastructure through APT 31, which began in 2022. China's offensive cyber activities include large-scale telco attacks by Salt Typhoon and positioning for potential destructive cyberattacks. The advisory tracks this cluster of activity to multiple advanced persistent threats (APTs), though it partially overlaps with Salt Typhoon. The advisory details how state-backed threat actors, including Salt Typhoon, penetrate networks around the world, as well as how defenders can protect their own environments. The Czech Republic's National Cyber and Information Security Agency (NUKIB) has assessed the risk of significant disruptions caused by China at a 'High' level, indicating a high probability of occurrence. NUKIB confirmed malicious activities of Chinese cyber-actors targeting the Czech Republic, including a recent APT31 campaign targeting the Czech Ministry of Foreign Affairs. The Chinese government has access to data stored by private cloud service providers within the Czech Republic, ensuring that sensitive data is always within its reach. NUKIB warns about consumer devices, such as smartphones, IP cameras, electric cars, large language models, and even medical devices and photovoltaic converters manufactured by Chinese firms, as risky devices that can transfer potentially sensitive data to Chinese infrastructure. 45 previously unreported domains associated with Salt Typhoon and UNC4841 have been discovered, with the oldest domain registration activity dating back to May 2020.

Open in new tab

Operation Serengeti 2.0: INTERPOL-led Cybercrime Crackdown in Africa

Operation Serengeti 2.0, an INTERPOL-led international operation, resulted in the arrest of 1,209 cybercriminals across Africa and the UK. The operation targeted high-harm and high-impact cybercrimes, including ransomware, online scams, and business email compromise (BEC). Between June and August 2025, law enforcement seized $97.4 million and dismantled 11,432 malicious infrastructures linked to attacks on 87,858 victims worldwide. The operation involved investigators from 18 African countries and the UK, and utilized data from multiple private sector partners. Significant actions included the dismantling of 25 cryptocurrency mining centres in Angola, an online investment fraud operation in Zambia, and a transnational inheritance scam originating in Germany. Additionally, 45 illegal power stations and $37 million worth of mining and IT equipment were confiscated. A human trafficking network was also disrupted in Zambia. The operation also targeted a gang behind $300 million in investment fraud and a syndicate of Chinese nationals illegally mining cryptocurrency.

Open in new tab

PipeMagic RansomExx Malware Exploits Windows Vulnerability

A security flaw in Microsoft Windows, CVE-2025-29824, has been exploited by threat actors to deploy the PipeMagic malware as part of Play ransomware attacks. The vulnerability, a privilege escalation flaw in the Windows Common Log File System (CLFS), was patched in April 2025. PipeMagic, first documented in 2022, acts as a backdoor providing remote access and executing commands on compromised hosts. The malware has been observed in attacks targeting industrial companies in Southeast Asia, Saudi Arabia, and Brazil. It uses various techniques, including fake OpenAI ChatGPT apps and DLL hijacking, to deliver the malware. PipeMagic is a modular malware that uses a domain hosted on Microsoft Azure to stage additional components. The threat actor behind these attacks, tracked as Storm-2460, has been active across multiple sectors and geographies, including IT, financial, and real estate in the U.S., Europe, South America, and the Middle East. The PipeMagic backdoor has been updated to improve persistence and lateral movement within targeted networks. It uses a modified version of the GitHub ChatGPT Desktop Application project to disguise its malicious code and communicates with its C2 server over TCP. The backdoor has been observed targeting the Brazilian manufacturing sector and was the only one among the 121 vulnerabilities patched by Microsoft in April 2025 that was actively exploited in the wild.

Open in new tab