Meyer Burger has announced that it will be closing its Colorado facility after securing a USD 90 million financial package from the City of Colorado Springs and the State of Colorado. In a July 2024 statement, the company also revealed that Chief Commercial Officer (CCO) Moritz Borgmann would be stepping down for personal reasons. Following this, the company surprised many by disclosing plans to shutter its Colorado operations despite the financial support. Additionally, Meyer Burger accepted loans totaling more than USD 300 million from the U.S. Department of Energy and applied for the Advanced Manufacturing Tax Credit 45X, a provision of the U.S. Inflation Reduction Act (IRA) under the Biden administration’s Green New Deal.

“Meyer Burger Technology AG announced today that the planned construction of a solar cell production facility in Colorado Springs, Colorado, USA, is no longer financially viable due to recent developments, and the project will therefore be discontinued,” the company stated.

The firm’s board of directors has tasked management with developing a “comprehensive restructuring and cost-cutting program.” The company also announced the departure of board member Mark Kerekes and noted that its financing gap, which remained after an April 2024 capital raise, would be significantly reduced. Furthermore, the firm’s medium-term EBITDA target and debt ratio are now expected to be considerably lower than previously projected.

I reached out to the company for further comment, but they declined.

Story by Skeeter Wesinger

https://www.linkedin.com/posts/skeeterw_meyer-burger-has-announced-that-it-will-be-activity-7235224739336568833-dM9k?utm_source=share&utm_medium=member_desktop

 

 

Of course, I am not using their real name, but the (Blue) Whale, also known as the Whale Group, is considered dangerous for several reasons, primarily due to its sophisticated methods, specific targets, and their alignment with geopolitical interests.
The Blue Whale is known for using highly targeted and convincing phishing campaigns. These attacks often involve well-researched and personalized emails that trick recipients into revealing sensitive information, such as login credentials. The group’s ability to craft sophisticated spear-phishing emails that appear legitimate makes detecting the threat challenging for even vigilant individuals.

The Blue Whale primarily focuses on high-profile targets, including political figures, military personnel, journalists, and researchers, particularly in Europe and Eastern Europe. These targets often involve sensitive areas like national security, policy-making, or international relations. The information stolen from such targets can be extremely valuable, and this information can even potentially be used to influence political events or even compromise national security.
The group’s primary motive appears to be espionage and intelligence gathering, which aligns with the interests of state-sponsored cyber espionage. The information collected by the Blue Whale could be used for a variety of purposes, including, but not limited to, undermining political opponents, influencing elections, or gaining a strategic advantage in international negotiations.
The Blue Whale has demonstrated high-level persistence in its operations. Often, the group returns to its targets repeatedly using remote connections until it is finally successful. The group is also extremely adaptive, constantly refining its tactics, techniques, and procedures (TTPs) to evade detection and improve the effectiveness of its attacks. This persistence and adaptability make it a formidable adversary and one not to be taken lightly.
In addition to phishing, the Blue Whale has been known to use advanced techniques, such as zero-day exploits (vulnerabilities that are currently unknown to the software vendor), to compromise systems. This level of sophistication indicates that the group has access to significant resources, potentially directly supplied by a nation-state sponsor.
Beyond espionage, the activities of groups like the Blue Whale have the potential to cause significant disruption. By compromising key individuals and institutions, they can disrupt governmental operations, undermine public trust, and create instability. In some cases, the stolen information could be leaked or manipulated to create political unrest or even to discredit public figures.
Overall, the (Blue) Whale’s combination of targeted attacks, sophistication of methods, and alignment with geopolitical interests make it one of the world’s most dangerous cyber-espionage groups. Their activities have the potential to cause significant harm at both the individual and state levels, making them a critical concern for cybersecurity professionals and national security agencies.

By Skeeter Wesinger August 18, 2024

Whaling is a specialized spear phishing that targets high-profile individuals within an organization, often called “Very big fish. These targets typically include senior executives, CEOs, CFOs, board members, or other key personnel with significant access to sensitive information, decision-making power, or financial resources. The termwhalingis derived from the idea that these individuals are thebig fishin the organizational hierarchy, making them particularly valuable targets for attackers.

Whaling

Whaling

Attackers carefully select their targets based on their roles and access within the organization. High-ranking executives are prime targets because they often have the authority to approve financial transactions, access confidential information, or initiate critical decisions without additional oversight.

Research and Reconnaissance:

Before launching an attack, cybercriminals conduct extensive research on their targets. They gather information from publicly available sources like LinkedIn, company websites, press releases, social media, and news articles. This information is used to craft personalized and convincing emails or messages that resonate with the target’s professional responsibilities and personal interests.

A whaling attack’s phishing email is highly customized and tailored to the specific target. It might appear to come from a trusted source, such as a colleague, a business partner, or even the company CEO, as these emails appear to be real. The email often contains urgent requests, such as approving a financial transaction, and often offers a clickable link for downloading an attachment or providing sensitive information.

An email that is similar to spear phishing but entices the recipient to call a phone number instead of clicking a link is called vishing (short for “voice phishing”).

In a vishing attack, the email may be crafted to appear as a legitimate communication from a trusted source, often urging the recipient to call a specific phone number. Once the recipient calls, they are typically connected to a scammer who attempts to extract sensitive information, such as passwords, credit card numbers, or other personal data, often under the guise of resolving an urgent issue or verifying account details.

Unlike generic phishing attacks, which might contain obvious red flags like poor grammar or suspicious links. However, whaling emails are usually very well-crafted, making them difficult to detect as fraudulent.

Once the target falls for the phishing attempt, the attacker can exploit the situation in various ways:

  • The attacker might trick the executive into authorizing a wire transfer to a fraudulent account.
  • The attacker could gain access to sensitive information, such as intellectual property, confidential business plans, or employee records.
  • The attacker may obtain login credentials that provide access to the company’s network, enabling further infiltration and data breaches.
  • The consequences of a successful whaling attack can be severe, including financial losses, legal repercussions, reputational damage, and the compromise of sensitive data. Because these attacks target the highest levels of an organization, they can have a cascading effect, leading to widespread disruption.

Whaling by Foreign Actors:

When whaling attacks are conducted by foreign actors, such as nation-state groups or state-sponsored hackers, the stakes are even higher. These attacks may be part of broader cyber-espionage campaigns aimed at stealing trade secrets, gaining intelligence, or disrupting the operations of a foreign company or government.

In this context, the term “whaling” still applies, but the focus shifts to the strategic objectives of the attackers, who may be working on behalf of a foreign government with geopolitical motives. These attacks are often more sophisticated, involving advanced techniques like social engineering, custom malware, and exploitation of zero-day vulnerabilities. Educating executives and key personnel about the risks of whaling and how to recognize phishing attempts is critical. Regular training sessions can help them spot suspicious emails and avoid falling victim.

Multi-Factor Authentication (MFA): Implementing MFA for accessing sensitive systems and approving financial transactions adds an extra layer of security, making it harder for attackers to exploit compromised credentials.

Email Filtering and Security Solutions: Advanced email security solutions can help detect and block phishing attempts by analyzing email content, links, and attachments for signs of fraud.

Incident Response Planning: Organizations should have a robust incident response plan to quickly respond to and mitigate the effects of a whaling attack, should one occur.

By Skeeter Wesinger August 14, 2024