Cybersecurity on goodinfo.net Daily

Critical Infrastructure Giant Itron Confirms Cyberattack Affecting Smart Meter Systems for 110M+ Homes

goodinfo.net — Mon, 27 Apr 2026 21:03:00 +0800

Critical Infrastructure Giant Itron Confirms Cyberattack Affecting Smart Meter Systems for 110M+ Homes

April 27, 2026 21:03 CST | Source: TechCrunch

Key Points

American energy technology company Itron confirmed in an SEC filing late Friday that it suffered a cyberattack in mid-April, with hackers gaining access to some of its internal systems. Itron provides smart metering and energy management services for water, electricity, and gas to over 110 million homes and businesses globally, making it a critical energy infrastructure supplier.

Timeline of Events

According to the SEC filing, Itron said it was “notified” of an intruder in its systems but did not specify who provided the notification. The company subsequently expelled the hackers and has seen no signs of further intrusions into its internal systems.

Itron did not specify the type of cyberattack it experienced — such as whether ransomware was deployed or if the company had been contacted by the hackers directly. It is also not immediately clear what impact, if any, the cyberattack is having on the company’s operations.

Customer Systems Not Affected

Itron stated that it did not identify unauthorized activity in the “customer-hosted portion of its systems,” suggesting that the breach may be limited to its IT network and has not compromised client infrastructure.

Emergency Response

Itron activated its contingency plans and data backups, and said its operations have “continued in all material respects.” However, the company warned that it may need to make subsequent legal filings and regulatory notifications. This suggests the company may have experienced a data breach, which could trigger further legal obligations under state data breach notification laws.

About Itron

Based in Liberty Lake, Washington, Itron provides technology for managing energy grids, including water, gas, and electricity supplies. The company has operations in over 100 countries and serves thousands of customers, including cities and municipalities.

Cybersecurity Accountability in Question

It remains unclear who at Itron is responsible for cybersecurity. A spokesperson for Itron did not immediately respond to TechCrunch’s request for comment.

The incident raises renewed concerns about cybersecurity at critical infrastructure providers. As a core technology supplier managing US energy and water systems, a breach at Itron carries potentially widespread security implications.

Source: TechCrunch - Critical infrastructure giant Itron says it was hacked

Security Researchers Uncover Fast16, a 2005 Cyber Sabotage Framework Predating Stuxnet by Five Years

goodinfo.net — Mon, 27 Apr 2026 08:15:00 +0800

📰 Article

SentinelOne Labs has announced a major cybersecurity discovery: a cyber sabotage framework named Fast16, whose core components date back to 2005 — at least five years before the infamous Stuxnet worm. This is the earliest known targeted attack aimed at tampering with high-precision calculation software.

Key Findings

The Fast16 framework specifically targets high-precision calculation software, patching code in memory to tamper with computational results. Combined with self-propagation mechanisms, attackers aimed to produce equally inaccurate calculations across an entire facility. This 2005 attack is considered a harbinger of sabotage operations targeting ultra-expensive, high-precision computing workloads of national importance, including advanced physics, cryptographic, and nuclear research.

Technical Details

Researchers discovered that Fast16 embedded a customized Lua virtual machine — a design that predates the earliest Flame malware samples by three years. Lua is a lightweight scripting language with native proficiency for extending C/C++ functionality. For high-end malware frameworks, this capability is indispensable, as it avoids having to recompile entire implant components to add functionality to already-infected machines.

The investigation began with an architectural hunch. Researchers noted that a certain tier of apex threat actors has consistently relied on embedded scripting engines for modular functionality. By searching mid-2000s malware collections for samples with specific fingerprint characteristics, they discovered a service wrapper binary called svcmgmt.exe.

Deep analysis revealed an embedded Lua 5.0 virtual machine and an encrypted bytecode container unpacked by the service entry point. The attackers extended the Lua environment to include native modules for file operations, registry access, network communication, and process management.

Historical Significance

The name “Fast16” was referenced in the infamous ShadowBrokers leak of the NSA’s “Territorial Dispute” components. An evasion signature instructed operators: “fast16 *** Nothing to see here — carry on ***.” This discovery suggests some connection between the framework and U.S. intelligence agency cyber operations.

Contemporary Implications

Although Fast16 was discovered nearly two decades ago, it carries significant warning value in today’s context. As AI-driven high-precision computing plays an increasingly critical role in scientific research, industrial design, and national security, targeted sabotage attacks against such computational infrastructure pose an unprecedented threat.

SentinelOne researchers noted that attack paradigms similar to Fast16 may be resurfacing in new forms today, particularly targeting computational infrastructure in cutting-edge fields such as AI training, quantum computing, and advanced materials simulation.

Source: SentinelOne Labs Report

US Cyber Agency Locked Out: CISA Denied Access to Anthropic's Most Powerful AI Hacking Model

goodinfo.net — Sun, 26 Apr 2026 18:00:00 +0800

US Cyber Agency Locked Out: CISA Denied Access to Anthropic’s Most Powerful AI Hacking Model

According to multiple reports, the US Cybersecurity and Infrastructure Security Agency (CISA) — the federal agency responsible for protecting America’s critical cyber infrastructure — has been denied access to Mythos, the latest and most powerful AI model from AI company Anthropic. This situation has sparked widespread concerns about the nation’s cybersecurity capabilities.

CISA “Last in Line”

Computerworld reported on April 24 that CISA is “last in line” for access to the Mythos model. This report echoes an exclusive scoop from Axios on April 21, which revealed that the top US cyber agency simply does not have access to Anthropic’s powerful hacking model.

More troubling still, Tech Brew reported on April 23 that a random Discord community gained access to the Mythos model before CISA did. This contrast highlights the dilemma the government faces in obtaining cutting-edge AI security tools.

Mythos Model’s Capabilities

Anthropic’s Mythos model is described as the company’s most powerful AI system to date, with significant cybersecurity offensive and defensive capabilities. The model can identify system vulnerabilities, conduct penetration testing, simulate attack scenarios, and provide security hardening recommendations for defenders.

In AI security research, Mythos is seen as a “double-edged sword” — it can be used by defenders to discover and patch system vulnerabilities, but also by attackers to find new attack vectors. This dual-use nature makes it a critical resource that cybersecurity agencies worldwide are racing to obtain.

Industry Response

The cryptocurrency industry’s response to the Mythos model has been particularly swift. According to CoinDesk and the Financial Times, DeFi (decentralized finance) project leaders with access to the Mythos model say that AI will simultaneously arm both attackers and defenders, further widening the gap between security-conscious and security-negligent projects. The industry is calling for the establishment of joint defense infrastructure to counter AI-empowered new cyber threats.

Policy Implications

This incident has sparked a profound discussion about the relationship between private AI companies and government agencies. Key questions include:

National Security Priority: Should AI tools used for national defense be prioritized for government cybersecurity agencies?
Access Allocation Mechanism: Who decides which organizations can get access to powerful AI models?
Security Asymmetry: If malicious actors have easier access to advanced AI tools than government agencies, what threat does this pose to national security?

The CISA director has previously warned on multiple occasions that AI technology is reshaping the cybersecurity landscape, and the government needs to accelerate its pace to maintain defensive capabilities. However, the lack of Mythos access suggests that the government still faces structural barriers in obtaining the most advanced AI security tools.

Next Steps

As of now, neither CISA nor Anthropic has issued formal comments on the matter. Analysts expect this incident may prompt congressional discussions on the regulatory framework for AI model access, particularly concerning AI systems with cybersecurity capabilities.

As AI technology’s application in the cybersecurity field deepens, how to balance commercial interests with national security needs will become a core challenge for policymakers.

Source: Axios, Computerworld, Tech Brew