Cybersecurity Roundup: Mandiant Exposes Legacy Protocol Risks, Espionage Sentencing, and More
Mandiant Releases Tools to Demonstrate Net-NTLMv1 Vulnerabilities
Google’s Mandiant has released rainbow tables capable of cracking Microsoft’s outdated Net-NTLMv1 authentication protocol in under 12 hours using consumer-grade hardware costing less than $600. The protocol, known for over 20 years to be vulnerable to credential theft, remains in use despite repeated warnings. Mandiant’s principal red team consultant, Nic Losby, urged organizations to disable Net-NTLMv1 immediately, echoing advice first issued by The Register in 2010.
US Navy Sailor Sentenced for Selling Secrets to China
A US Navy sailor, Wei, was sentenced to 16 years and eight months in prison for selling classified technical manuals and operational intelligence to a Chinese intelligence official between 2022 and 2023. The Department of Justice revealed Wei earned $12,000 from the espionage, despite acknowledging the illegality of his actions.
Supreme Court Hacker Pleads Guilty
Nicholas Moore, a 24-year-old from Tennessee, pleaded guilty to computer fraud after illegally accessing the US Supreme Court’s electronic filing system for 25 days in 2023. Details of his activities remain undisclosed, but the charge carries a potential 10-year prison sentence and fines. The incident follows repeated breaches of US court systems, including a 2023 attack on the PACER system allegedly by Russian hackers.
Interpol Arrests 34 Linked to Nigerian ‘Black Axe’ Cybercrime Syndicate
Interpol detained 34 individuals in Spain, including 10 core members of the Nigeria-based Black Axe gang, known for cyber fraud, human trafficking, and armed robbery. With an estimated 30,000 members and countless affiliates, the arrests mark the group’s third major bust in recent years, following 75 arrests in 2022 and 14 in 2023.
US Bill Targets ICE’s Surveillance App Over Civil Liberties Concerns
A new bill, led by Rep. Bennie Thompson (D-MS), seeks to restrict ICE’s Mobile Fortify app used to identify suspects and protesters exclusively to US ports of entry. The legislation would also ban DHS from sharing the app externally, require its deactivation on non-government devices, and mandate the deletion of biometric data collected from US citizens. Critics argue the app enables overreach and privacy violations, with ICE also deploying license plate readers for broader surveillance.
Source: https://www.theregister.com/2026/01/18/infosec_news_in_brief/
US Navy cybersecurity rating report: https://www.rankiteo.com/company/us-navy
"id": "US-1768809333",
"linkid": "us-navy",
"type": "Breach",
"date": "6/2010",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Technology',
'location': 'Global',
'name': 'Microsoft',
'type': 'Corporation'},
{'industry': 'Defense',
'location': 'United States',
'name': 'US Navy',
'type': 'Government'},
{'industry': 'Judicial',
'location': 'United States',
'name': 'US Supreme Court',
'type': 'Government'},
{'industry': 'Law Enforcement',
'location': 'Global',
'name': 'Interpol',
'type': 'International Organization'},
{'industry': 'Law Enforcement',
'location': 'United States',
'name': 'ICE (Immigration and Customs Enforcement)',
'type': 'Government'}],
'attack_vector': ['Legacy Protocol Exploitation',
'Insider Threat',
'Unauthorized System Access',
'Cyber Fraud',
'Surveillance App Misuse'],
'data_breach': {'data_exfiltration': ['Classified technical manuals',
'Operational intelligence'],
'sensitivity_of_data': ['High'],
'type_of_data_compromised': ['Classified technical manuals',
'Operational intelligence',
'Supreme Court electronic '
'filings']},
'description': 'Google’s Mandiant released tools to demonstrate '
'vulnerabilities in Microsoft’s Net-NTLMv1 authentication '
'protocol, a US Navy sailor was sentenced for selling secrets '
'to China, a hacker pleaded guilty to accessing the US Supreme '
'Court’s filing system, Interpol arrested members of the '
"Nigerian 'Black Axe' cybercrime syndicate, and a US bill "
'targets ICE’s surveillance app over civil liberties concerns.',
'impact': {'brand_reputation_impact': ['US Navy',
'US Supreme Court',
'Interpol'],
'data_compromised': ['Classified technical manuals',
'Operational intelligence',
'Supreme Court electronic filings'],
'legal_liabilities': ['16 years and eight months prison sentence '
'for Wei',
'Potential 10-year prison sentence for '
'Nicholas Moore'],
'systems_affected': ['Microsoft Net-NTLMv1 Authentication Protocol',
'US Supreme Court’s electronic filing '
'system']},
'investigation_status': 'Ongoing',
'lessons_learned': 'Organizations should disable outdated and vulnerable '
'protocols like Net-NTLMv1 immediately to prevent '
'credential theft. Insider threats and unauthorized access '
'to sensitive systems pose significant risks to national '
'security and judicial integrity.',
'motivation': ['Financial Gain',
'Espionage',
'Cyber Fraud',
'Unauthorized Access'],
'post_incident_analysis': {'corrective_actions': ['Disable Net-NTLMv1',
'Enhance insider threat '
'monitoring',
'Strengthen access '
'controls'],
'root_causes': ['Use of outdated and vulnerable '
'protocols',
'Insider threats',
'Inadequate access controls']},
'recommendations': ['Disable Net-NTLMv1 protocol',
'Enhance monitoring of insider threats',
'Strengthen access controls for sensitive systems',
'Review and restrict surveillance app usage to prevent '
'overreach'],
'references': [{'source': 'Mandiant'},
{'source': 'The Register'},
{'source': 'US Department of Justice'},
{'source': 'Interpol'},
{'source': 'Rep. Bennie Thompson (D-MS)'}],
'regulatory_compliance': {'legal_actions': ['16 years and eight months prison '
'sentence for Wei',
'Guilty plea for Nicholas Moore'],
'regulations_violated': ['Espionage laws',
'Computer Fraud and Abuse '
'Act']},
'response': {'containment_measures': ['Disabling Net-NTLMv1 protocol'],
'law_enforcement_notified': ['Interpol',
'US Department of Justice']},
'threat_actor': ['Chinese Intelligence Official',
"Nigerian 'Black Axe' Cybercrime Syndicate",
'Nicholas Moore'],
'title': 'Mandiant Exposes Net-NTLMv1 Vulnerabilities, Espionage Sentencing, '
'and Cybercrime Arrests',
'type': ['Vulnerability Disclosure',
'Espionage',
'Cyber Fraud',
'Unauthorized Access',
'Surveillance Overreach'],
'vulnerability_exploited': ['Net-NTLMv1 Authentication Protocol']}