π Whatβs happening in cybersecurity today?
APT-K-47, Asyncshell Malware, China, Fake News, GLASSBRIDGE, Wi-Fi, Exploit, Nearest Neighbor Attack, Russia, TAG-110, HATVIBE, CHERRYSPY, Malware, XorBot, Botnet, NHS, Employee Records, Microsoft, Power Pages, Canada, Montreal North Borough, Yakuza Victims, Sensitive Data, Leak, Schwyz Canton, DDoS Attack, Central Carolina Insurance, Cyber Facility, UK, Nuclear Decommissioning Authority, Australia, Misinformation Bill, Russia, Cyber War, Samsung, Poland, Cyber Defense, EY, J Group Consulting, Access Management Solutions
Listen to the full podcast
π¨Β Cyber Alerts
1.Β APT-K-47 Delivers Malware Using Hajj Lures
APT-K-47, also known as Mysterious Elephant, a South Asian cyber espionage group active since 2022, has been linked to a sophisticated attack campaign deploying an upgraded version of its Asyncshell malware. The group used Hajj-themed phishing lures to distribute malicious Microsoft Compiled HTML Help (CHM) files. These files, disguised as policy documents, contained a decoy PDF from Pakistanβs Ministry of Religious Affairs and a hidden executable delivering the malware.
2.Β Google Exposes GLASSBRIDGE Influence Network
Googleβs Threat Intelligence Group (TAG) has uncovered GLASSBRIDGE, a pro-China influence operation using fake news sites to promote Beijing-aligned narratives worldwide. Since 2022, Google has blocked over 1,000 GLASSBRIDGE-operated sites from appearing in Google News and Discover. The operation, which relies on a network of digital PR firms, creates inauthentic news outlets that republish articles from Chinese state media and press releases. These sites often disguise themselves as independent local news organizations, tailoring content to specific regional audiences and presenting pro-China views as legitimate news.
3.Β Wi-Fi Exploited in Nearest Neighbor Attack
A new attack method, dubbed the βNearest Neighbor Attack,β has emerged, showcasing the growing sophistication of cyber threats. Discovered in February 2022 by cybersecurity firm Volexity, this technique exploits nearby Wi-Fi networks to breach an organizationβs network from thousands of miles away. Russian state-sponsored group GruesomeLarch (also known as APT28 or Fancy Bear) used this method to infiltrate an organization focused on Ukraine, bypassing multi-factor authentication by targeting an Enterprise Wi-Fi network.
4.Β Russian TAG-110 Updates Malware Arsenal
Russian cyber-espionage group TAG-110 has been actively targeting government agencies, human rights organizations, and educational institutions in Central Asia, East Asia, and Europe with sophisticated custom malware tools, including HATVIBE and CHERRYSPY. Operating since at least 2021, TAG-110βs operations align with Russian state interests, focusing on obtaining intelligence and maintaining influence in post-Soviet states. HATVIBE, a custom HTML Application loader, is used to deploy malware like CHERRYSPY, a Python-based backdoor.
5.Β XorBot Botnet Returns with Enhanced Tactics
XorBot, a rapidly evolving botnet family first discovered in November 2023, has continued to grow in prominence throughout 2024. Initially targeting Internet of Things (IoT) devices such as surveillance cameras and routers from major brands like TP-Link, D-Link, and Intelbras, it has been responsible for a significant number of device compromises. As the botnet expands, its operators have begun offering DDoS attack rental services, further monetizing their operations. XorBotβs latest version (1.04) incorporates over 12 distinct exploit techniques targeting various vulnerabilities in IoT devices, enhancing its ability to propagate and persist in compromised networks.
π₯ Cyber Incidents
6.Β Over 1M NHS Employee Records Leaked Online
A recent discovery by cybersecurity researcher Aaron Costello revealed that 1.1 million NHS employee records were exposed online due to improper configuration settings in Microsoft Power Pages. The data, which included sensitive information such as email addresses, phone numbers, and home addresses, was made accessible due to flaws in the platform used by millions globally to build websites. Costello, who works with AppOmni, previously uncovered a similar vulnerability in the HSEβs Covid vaccination portal, which compromised the data of a million individuals.
7.Β Montreal North Borough IT Systems Breached
The Montreal North borough in Canada announced on November 22, 2024, that its Access Montreal and permit offices were offline following a detected intrusion into its computer systems. The local government immediately filed a complaint with the Montreal police, who are now investigating the breach. A specialized cybersecurity firm has been brought in to assist in identifying the source of the attack. The borough, in collaboration with city officials, has mobilized resources to restore operations as quickly as possible.
8.Β Yakuza Helpline Suffers Major Data Leak
On November 15, 2024, the Kumamoto Prefecture Violence Prevention Movement Promotion Center, a Japanese government agency providing confidential support to victims of the Yakuza and individuals seeking to escape its control, experienced a security breach. An employee was redirected to a fraudulent support scam website during work, resulting in unauthorized access to their computer. Although the employee acted quickly by disconnecting the device from the network and power supply, concerns remain that personal information used in the agencyβs operations may have been compromised.
9.Β DDoS Attack Disrupts Schwyz Canton Websites
A large-scale Distributed Denial-of-Service (DDoS) attack has been targeting the website of the canton of Schwyz in Switzerland since the early hours of November 24, 2024. The ongoing attack has led to outages across several cantonal and municipal websites, disrupting access to key online services. While the motivation behind the attack remains unclear, no ransom demands or blackmail letters have been received. Authorities have confirmed that there has been no breach of data confidentiality or integrity.
10.Β Central Carolina Insurance Agency Breached
Central Carolina Insurance Agency (CCIA) is investigating a data breach that exposed sensitive personal and protected health information of over 5,000 individuals. The breach, which was discovered on March 20, 2024, involved unauthorized access to the agencyβs network, compromising information such as Social Security numbers, addresses, phone numbers, medical records, and financial data. Following the discovery, CCIA engaged cybersecurity experts, notified the FBI, and launched a forensic investigation.
π’ Cyber News
11.Β UK NDA Launches New Cybersecurity Facility
The Nuclear Decommissioning Authority (NDA) in the UK has launched the Group Cyberspace Collaboration Centre (GCCC), a specialized facility designed to foster collaboration across nuclear operators and the supply chain. This initiative aims to accelerate the adoption of cutting-edge technologies like AI and robotics, while strengthening the sectorβs defenses against evolving cyber threats. As cybersecurity remains a critical concern for the civil nuclear industry, the GCCC will provide a platform for stakeholders to share knowledge, enhance security measures, and collectively improve resilience against potential cyberattacks.
12.Β Australia Withdraws Misinformation Bill
The Australian government has withdrawn a controversial bill that would have fined online platforms up to 5% of their global revenue if they failed to curb the spread of misinformation. Backed by the Labor government, the bill aimed to give the Australian Communications and Media Authority the authority to enforce rules around misinformation on digital platforms. However, due to strong opposition, including criticisms from figures like Elon Musk and Shadow Communications Minister David Coleman, who argued the bill would suppress free speech, the proposal faced difficulty passing through the Senate.
13.Β Russia Prepared to Launch Cyberattacks on UK
Russia is poised to launch cyberattacks on the United Kingdom and its allies, with the aim of undermining support for Ukraine, according to a warning from UKβs Minister for Intergovernmental Relations Pat McFadden. Speaking at the NATO Cyber Defence Conference, McFadden highlighted the risk of Russia targeting British businesses and critical infrastructure, including power grids, potentially leaving millions without power. He stressed that Russiaβs cyber capabilities, particularly its Unit 29155, have already been involved in multiple attacks against NATO nations.
14.Β Samsung Partners with Polandβs Defense Force
Samsung Electronics has entered a partnership with Polandβs Cyber Defense Force (WOC) to strengthen cybersecurity efforts through joint research and development initiatives. Announced on November 21, 2024, the collaboration focuses on advancing technologies, equipment, and telecommunications solutions aimed at enhancing national security in cyberspace. As part of the agreement, the two entities will engage in R&D projects, testing, and sharing expertise. This partnership builds on Samsungβs ongoing involvement in Polandβs cybersecurity cooperation program, which has been active since 2019.
15.Β EYI Acquires J Group to Boost PAM Solutions
EY Identity (EYI) has acquired Melbourne-based J Group Consulting to enhance its Privileged Access Management (PAM) capabilities across Oceania. Founded in 2022, J Group Consulting specializes in PAM, working with leading tools like CyberArk, SailPoint, and HashiCorp Vault. This acquisition will strengthen EYIβs position in the competitive cybersecurity landscape, expanding its capacity to provide comprehensive PAM solutions to clients in the region. The move comes at a time when organizations are increasingly prioritizing cybersecurity, especially in the wake of stricter regulations and growing threats targeting critical infrastructure.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
