Lizzie Clark

April 14th – This Week’s Top Cybersecurity and Dark Web Stories

MITRE releases a shared fraud-cyber framework, Iranian-affiliated threat actors exploit PLCs across US, and $12m frozen in NCA-led Operation Atlantic.

This week’s cybersecurity and dark web news stories discuss MITRE releasing a shared fraud-cyber framework, an Iranian-affiliated threat actors exploiting PLCs across the US, and $12m frozen in NCA-led Operation Atlantic.

MITRE Launches Framework to Combat Financial Fraud

A new open-source framework designed to help financial institutions fight back against cyber-enabled fraud has been released by MITRE’s Center for Threat-Informed Defense (CTID).

The MITRE Fight Fraud Framework™ (F3) is a first-of-its-kind effort to define and standardise the tactics and techniques used in cyber-enabled financial fraud, developed in response to financial fraud losses reaching $13.7 billion in 2024 alone.

The framework addresses a long-standing structural problem in the industry. Fraud and cyber teams often observe different parts of the same incident, making it difficult to connect behaviours, coordinate response, and reduce financial loss. F3 gives both teams a common language to close that gap.

The framework organises fraudster behaviour into tactics and techniques drawn from real-world incidents, covering the full attack lifecycle: Reconnaissance, Resource Development, Initial Access, Defence Evasion, Positioning, Execution, and Monetisation.

F3 is globally accessible, open, and free to use, and was developed with input from major institutions including JPMorganChase, Lloyds Banking Group, CrowdStrike, and Standard Chartered. Organisations can contribute new techniques and refinements via the project’s public GitHub repository.

US Agencies Issue Urgent Warning Over Iranian Attacks on Critical Infrastructure

US federal authorities are urging critical infrastructure operators to take immediate action after Iranian-linked hackers were found actively targeting industrial control systems across the country.

The FBI, CISA, NSA, EPA, Department of Energy, and US Cyber Command have jointly warned that Iranian-affiliated advanced persistent threat (APT) actors are exploiting internet-facing programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley across multiple critical infrastructure sectors.

Since at least March 2026, the attackers have disrupted PLC functions across Government Services and Facilities, Water and Wastewater Systems, and Energy sectors, with some victims experiencing operational disruption and financial loss.

Authorities say the attackers used legitimate configuration software to gain access to exposed devices, then manipulated data displayed on control system interfaces. The actors also deployed Dropbear SSH software on victim endpoints to maintain remote access.

The advisory calls for immediate steps, including disconnecting PLCs from public-facing internet, enabling multi-factor authentication, and placing physical mode switches into run position to prevent remote modification. Organisations are encouraged to contact CISA or their local FBI field office if they suspect compromise.

NCA-Led Operation Freezes $12 Million in Global Cryptocurrency Fraud Crackdown

An international law enforcement operation has frozen over $12 million in suspected criminal proceeds and identified more than 20,000 victims of cryptocurrency fraud across the UK, US, and Canada.

Operation Atlantic, coordinated by the NCA, US Secret Service, Ontario Provincial Police, and Ontario Securities Commission, focused on identifying victims who had lost, or were at risk of losing, cryptocurrency through “approval phishing” — a scam where victims are tricked into granting criminals access to their cryptocurrency wallets, often as part of investment scams.

So far, more than $45 million stolen in cryptocurrency fraud schemes has been identified around the world, with one UK victim alone thought to have lost more than £52,000.

Private sector organisations played a critical role in the operation, tracing illicit transactions and identifying victims in real-time so that funds could be secured before criminals moved them.

Miles Bonfield, Deputy Director of Investigations at the NCA, said the operation demonstrated what is possible when international agencies and private industry work together, adding that the NCA would continue to target fraudsters wherever they are based.

Related Content

Hidden Intelligence Inside Ransomware Data Explained
Post

The Intelligence Hidden in Ransomware Data

Ransomware
Read
Post

Explore the Data Breach Dashboard in Cerberus

Product Updates
Read
Post

Faster speed to triage with improved detail view in DarkIQ

Product Updates
Read
Vulnerability Management: How to Prioritize Real Threats Over Noise
Post

Vulnerability Management: How to Prioritize Real Threats Over Noise

ASM
Read
Why is Attack Surface Management Now Worth the Cost?
Post

The True Cost of a Ransomware Attack in 2026

Pre-Attack Intelligence Ransomware Threat Intelligence
Read
Four Ways CTEM Fails Without ASM
Post

What Are the Four Ways CTEM Fails Without ASM?

ASM
Read
Post

April 7th – This Week’s Top Cybersecurity and Dark Web Stories

News
Read
How Do You Build an Attack Surface Management Program
Post

How Do You Build An Attack Surface Management Program?

ASM
Read
A Complete Guide to Continuous Threat Exposure Management
Post

Your Complete Guide to Continuous Threat Exposure Management

CTEM
Read