Pages

Feb 18, 2026

A New Cyberattack

      From Hackread:

A new wave of cyberattacks is stalking organisations across the UK, US, Canada, and Northern Ireland. According to the latest research from Forcepoint X-labs, attackers are impersonating the US Social Security Administration (SSA) to bypass security and take total control of private computers. ...  
It starts with an email that looks official but is riddled with red flags, like the fake domain SSA.COM and the misspelling of Statement as “eStatemet.” If a user falls for the bait and opens the attached .cmd script, the computer quietly begins to sabotage its own defences. The X-labs team’s report noted that the script’s first job is to check for administrator powers using a technique called PowerShell auto-elevation. Once it has control, it kills Windows SmartScreen (the system that usually blocks suspicious apps from running) by modifying the computer’s registry. It also strips away the Mark-of-the-Web, a hidden digital tag Windows uses to identify files from the internet. ...  
Once the guards are down, the script performs a silent installation of ConnectWise ScreenConnect. In a normal office, this is a legitimate tool for IT support. However, here, hackers are weaponising it as a Remote Access Trojan (RAT) to maintain a permanent “backdoor” into the network. Researchers noted that the software is hardcoded via a System.config file to call back to a specific server: ...
at

7 comments:

  1. Anonymous8:42 AM, February 18, 2026

    This agency is full speed ahead with online transactions and that would explain letting go of 7k SSA employees. Identity theft remains a growing problem.

    The latest identity theft and credit card fraud statistics paint a bleak picture. There were nearly 1.2 million reported cases of identity theft and over 500,000 cases of credit card fraud in the first three quarters of 2025. Both measures exceeded the number of cases reported over the entirety of 2024. Identity theft and credit card fraud have been the most common types of fraud since 2020, according to data from the Federal Trade Commission (FTC)

    ReplyDelete
    Replies
    1. Anonymous7:59 PM, February 18, 2026

      If you’ve had transactions with SSA in the past 11-12 month, I‘d assume your information is available to anyone with a more than rudimentary knowledge of how AI works. Hope it was worth it to get to see Elon and his tech bros get even more grotesquely rich.

      Delete
  2. Anonymous4:38 PM, February 18, 2026

    This is a fake problem. No one is dumb enough to click on that link. Not even Leland.

    ReplyDelete
  3. Anonymous5:11 PM, February 18, 2026

    I'm truly surprised SSA didn't have enough sense years ago to buy domains ssa.com, .org, .net, etc. Isn't that standard business practice, at least after the White House learned that lesson 20 years ago?

    ReplyDelete
    Replies
    1. Anonymous6:59 PM, February 18, 2026

      ssa.com was registered in 1992, before the world wide web became public in 1993.

      Delete
  4. Anonymous7:57 PM, February 19, 2026

    I just read about the hack of Palantir. Considering all of our data is in their databases the DOGE leaks last year are old news. I’m furious. I will never forgive the carelessness of those involved

    ReplyDelete