π Whatβs going on in the cyber world today?
Secret Blizzard, Amadey, Kazuar, Backdoor, Ukraine, EagleMsgSpy, Spyware, ZLoader, DNS Tunneling, C2 Communications, WordPress, Hunk Companion, Windows, UI Framework, EDR Detection, Krispy Kreme, Disruption, Online Orders, Bitcoin, ATM, Byte Federal, Breach, Personal Data, OpenAI, ChatGPT, Sora, Global Outage, India, Delhi Police, X Account, MagIC Edem, FundaciΓ³n Arturo LΓ³pez PΓ©rez, Oncology Institute, Ransomware, US, Cyber Director, Cybersecurity Policy, Dutch Central Bank, Cash Reserves, Cyberattacks, BeReal, Privacy Complaint, European Union, NOYB, Europol, Operation PowerOFF, DDoS Providers, Fortinet, Acquisition, Perception Point, Email Security
Listen to the full podcast
π¨Β Cyber Alerts
1. Secret Blizzard Uses Amadey to Deploy Kazuar
The Russian nation-state actor Secret Blizzard, also known as Turla, has been linked to a sophisticated campaign deploying the Kazuar backdoor in Ukrainian systems by leveraging the Amadey malware-as-a-service (MaaS) platform. Between March and April 2024, the group utilized Amadey bots to deliver tailored PowerShell droppers encoded with Turla-controlled command-and-control (C2) URLs, enabling precise targeting of Ukrainian military assets. This operation exemplifies Secret Blizzardβs strategy of co-opting third-party malware infrastructure to obscure its activities, a tactic designed to complicate attribution and intelligence efforts.
2. Spyware Found Exploiting Devices Since 2017
Researchers have uncovered EagleMsgSpy, a sophisticated Android spyware active since 2017 and allegedly linked to Chinese law enforcement. Developed by Wuhan Chinasoft Token Information Technology Co., Ltd., the malware collects vast amounts of data, including messages, call logs, audio recordings, and location data, using an installer APK and a headless surveillance client. It targets popular apps like WhatsApp, Telegram, and WeChat while employing advanced obfuscation techniques to evade detection.
3. ZLoader Malware Adds DNS Tunneling Feature
ZLoader malware has resurfaced with significant updates, introducing a custom Domain Name System (DNS) tunneling protocol for command-and-control (C2) communications. This new version, identified as ZLoader 2.9.4.0, enhances the malwareβs evasion tactics by incorporating an interactive shell that supports over a dozen commands, enabling more flexibility for ransomware attacks. The malware, which has been linked to Black Basta ransomware campaigns, now uses a combination of DNS tunneling and traditional HTTPS communications to mask its network traffic, providing additional resilience against detection.
4. Hunk Companion Plugin Flaw Installs Malware
A critical vulnerability in the WordPress Hunk Companion plugin (CVE-2024β11972) is being actively exploited by attackers to install vulnerable or closed plugins, which can lead to severe security risks, including Remote Code Execution (RCE), SQL Injection, and Cross-Site Scripting (XSS) attacks. Affecting all versions prior to 1.9.0, this flaw, which has a CVSS score of 9.8, allows unauthenticated users to bypass permission checks when installing plugins. This enables malicious actors to deploy plugins with known vulnerabilities, such as the RCE bug in the WP Query Console plugin, potentially giving attackers control over WordPress sites.
5. Windows UI Framework Exploited to Evade EDR
A newly discovered malware technique leverages Windowsβ UI Automation (UIA) framework, a feature initially designed to aid assistive technologies, to carry out malicious activities without triggering endpoint detection and response (EDR) tools. This technique allows attackers to stealthily execute commands, steal sensitive data, redirect browsers to phishing websites, and manipulate messaging apps like Slack and WhatsApp. By using the Component Object Model (COM) for inter-process communication, malicious actors can interact with hidden UI elements and perform actions like writing messages without them appearing on the screen.
π₯ Cyber Incidents
6. Krispy Kreme Disrupted by Ransomware Attack
Krispy Kreme has reported a significant cybersecurity incident that is impacting its operations, particularly in the area of online ordering. In a filing with U.S. federal regulators, the company revealed that it detected unauthorized activity on its network on November 29, 2024. Although physical stores remain operational and deliveries to retail partners are unaffected, some online ordering services in the U.S. have been temporarily disrupted. The incident is expected to have a material impact on business operations until recovery efforts are completed.
7. Byte Federal Hit With Breach Exposing Users
Byte Federal, one of the largest Bitcoin ATM operators in the U.S., has revealed that the personal data of 58,000 users was compromised in a recent security breach. The breach, which occurred on September 30, was discovered by Byte Federal on November 18. Hackers exploited a vulnerability in third-party software, specifically within the GitLab developer platform, to gain access to sensitive customer information. The exposed data includes names, addresses, phone numbers, government-issued IDs, Social Security numbers, transaction activity, and user photographs.
8. OpenAI Services Suffer Global Outage
ChatGPT, OpenAIβs widely used AI chatbot, experienced a global outage on December 12, 2024, affecting millions of users for nearly three hours. The disruption, which began shortly before 7 PM ET, also impacted OpenAIβs API and Sora services, leading to widespread frustration as users were unable to log in and faced error messages. With over 28,000 complaints registered on Downdetector, the outage highlighted the reliance on AI tools in both personal and business operations. OpenAI quickly acknowledged the issue and worked to restore services, successfully bringing ChatGPT, API, and Sora back online.
9. Indiaβs Delhi Police Hacked by MagIC Edem
The Delhi Policeβs X account was briefly hacked on December 10, 2024, by the cyber group MagIC Edem. This breach occurred just after a cyber challenge event hosted by the police, which aimed to promote digital security awareness. The hack raised concerns about the security of high-profile government accounts, especially as the Delhi Police had recently shared posts urging citizens to safeguard their digital privacy.
10. FALP Oncology Institute Hit by Ransomware
The FALP Oncology Institute in Chile is currently dealing with a ransomware attack that has rendered its website, customer portal (My FALP), and appointment booking services unavailable. In an internal statement, the institute advised users to disconnect their devices from the network if they detect an βinc-readme.txtβ file, a sign of the attack. The IT team, supported by external security providers, is working to contain the incident and prevent further compromises to FALPβs systems.
π’ Cyber News
11. Report Urges Strengthening US Cyber Director
A recent report by the Center for Cybersecurity Policy and Law urges the incoming Trump administration and Congress to strengthen the Office of the National Cyber Director (ONCD). Established in 2021, the ONCD has been instrumental in developing a national cybersecurity strategy and coordinating efforts across the federal government. However, the report suggests that the officeβs mission needs clearer definition and public visibility to distinguish it from other key agencies like CISA and OMB.
12. DNB Urges Cash Reserves Amid Cyber Threats
The Dutch central bank (DNB) has advised citizens to keep cash at home in light of rising cyberattack threats, particularly from Russia, that could disrupt payment systems. In a statement issued on December 12, 2024, the DNB warned that if digital payment infrastructure is compromised, people may struggle to make purchases using bank cards or conduct online transfers. While the bank did not specify an exact amount of cash to keep, it pledged to release more detailed guidance in the new year on how to prepare financially for such disruptions.
13. BeReal Faces Privacy Complaint Over Tactics
BeReal, the popular selfie-sharing app, is facing a privacy complaint in Europe after altering its consent process for tracking following its acquisition by French mobile games publisher Voodoo. The complaint, filed by the European privacy group noyb, claims that BeReal is using manipulative tactics, also known as βdark patterns,β to pressure users into agreeing to ad tracking, violating the General Data Protection Regulation (GDPR). Since July 2024, European users who reject tracking are repeatedly shown a consent banner every time they try to post, while those who agree never see the banner again.
14. Europol Crackdown Disrupts 27 DDoS Providers
Europolβs Operation PowerOFF has successfully disrupted a major DDoS-for-hire network by shutting down 27 popular βbooterβ and βstresserβ websites, which cybercriminals use to launch Distributed Denial-of-Service attacks. Coordinated across 15 countries, the operation led to the arrest of three administrators and the identification of over 300 users planning malicious activities. The festive season is historically a peak period for these types of attacks, which can cause significant financial and reputational damage.
15. Fortinet Acquires Perception Point
Fortinet has completed the acquisition of Perception Point, a leader in advanced email and collaboration security, enhancing its Security Fabric portfolio. This strategic move allows Fortinet to better protect organizations against the growing complexity of digital threats, particularly in modern communication platforms like email, Slack, and Microsoft Teams. Perception Pointβs AI-powered capabilities, including advanced threat detection, real-time protection, and patented sandboxing technology, will now be integrated into Fortinetβs comprehensive cybersecurity solutions.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
