The CyberWire Daily Briefing
"Salt Typhoon breached at least eight US telecoms."
Views expressed in this cybersecurity, cyber espionage, cyber crime update are those of the reporters and correspondents. Accessed on 06 December 2024, 1413 UTC.
Content and Source: https://thecyberwire.com/newsletters/daily-briefing/13/229
Please click link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Daily Briefing for 12.05.24
Announcement
CSO Perspectives Live | Thursday, December 19th at 2pm ET
Mark your calendar for our next CSO Perspectives Live on Thursday, December 19th at 2:00 PM EST. Join N2K’s Rick Howard, and Hash Table members Kim Jones and Steve Winterfeld for a look at the most impactful stories, threats, and events of the last 90 days. Register now.
Summary
Mark your calendar for our next CSO Perspectives Live on Thursday, December 19th at 2:00 PM EST. Join N2K’s Rick Howard, and Hash Table members Kim Jones and Steve Winterfeld for a look at the most impactful stories, threats, and events of the last 90 days. Register now.
At a glance.
- Salt Typhoon breached at least eight US telecoms.
- Russia's Secret Blizzard exploits Pakistani APT's infrastructure.
- Earth Minotaur targets Tibetan and Uyghur communities with mobile phishing attacks.
- Salt Typhoon breached at least eight US telecoms.
- Russia's Secret Blizzard exploits Pakistani APT's infrastructure.
- Earth Minotaur targets Tibetan and Uyghur communities with mobile phishing attacks.
Salt Typhoon breached at least eight US telecoms.
US Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger revealed in a press call yesterday that China's Salt Typhoon hacking campaign breached at least eight US telecoms, the Wall Street Journal reports. The threat actor also breached telecommunications companies in dozens of other countries.
The Record quotes Neuberger as saying, "Our understanding is that a couple dozens of countries were impacted. We believe this is intended as a Chinese espionage program focused, again, on key government officials, key corporate IP, so that will determine which telecoms were often targeted, and how many were compromised as well."
Neuberger added, "[T]he communications of US government officials relies on these private sector systems, which is why the Chinese were able to access the communications of some senior US government and political officials. At this time, we don't believe any classified communications have been compromised."
From response to resilience: unlock next-level automation for security teamsSecurity teams are facing a constant uphill battle. Between alert fatigue, repetitive manual tasks, endless false positives, inflexible technology, and the looming risk of burnout, it all adds up, making it tough for teams to stay ahead of threats.
That’s where effective workflow orchestration and automation comes in.
Discover how automation can empower analysts and engineers to automate their most repetitive, time-consuming tasks - regardless of complexity - in this guide from Tines. Get the guide today!
US Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger revealed in a press call yesterday that China's Salt Typhoon hacking campaign breached at least eight US telecoms, the Wall Street Journal reports. The threat actor also breached telecommunications companies in dozens of other countries.
The Record quotes Neuberger as saying, "Our understanding is that a couple dozens of countries were impacted. We believe this is intended as a Chinese espionage program focused, again, on key government officials, key corporate IP, so that will determine which telecoms were often targeted, and how many were compromised as well."
Neuberger added, "[T]he communications of US government officials relies on these private sector systems, which is why the Chinese were able to access the communications of some senior US government and political officials. At this time, we don't believe any classified communications have been compromised."
Security teams are facing a constant uphill battle. Between alert fatigue, repetitive manual tasks, endless false positives, inflexible technology, and the looming risk of burnout, it all adds up, making it tough for teams to stay ahead of threats.
That’s where effective workflow orchestration and automation comes in.
Discover how automation can empower analysts and engineers to automate their most repetitive, time-consuming tasks - regardless of complexity - in this guide from Tines. Get the guide today!
Russia's Secret Blizzard exploits Pakistani APT's infrastructure.
Lumen’s Black Lotus Labs and Microsoft Threat Intelligence have published reports on a lengthy campaign by Secret Blizzard (also known as "Turla"), a threat actor tied to Russia's Federal Security Service (FSB). Secret Blizzard infiltrated thirty-three command-and-control nodes used by the Pakistani espionage actor Storm-0156 (also tracked as "SideCopy" or "Transparent Tribe") and repurposed them to deploy malware within Afghan government networks. Secret Blizzard also used the access to compromise military and defense-related institutions in India. Additionally, the threat actor compromised the workstations of the Pakistani-based operators, acquiring "insights into Storm-0156’s tooling, credentials for both C2s and targeted networks, as well as exfiltrated data collected from prior operations."
Build a Stronger Identity Security Program to Protect Your OrganizationIn our eBook, Building an Identity Security Program, we provide a step-by-step guide to creating a resilient identity security framework. You'll learn how to integrate identity security into your overall security strategy, protect against threats like MFA attacks, and secure access across your entire organization. Don’t leave your organization vulnerable to identity-based attacks. Arm yourself with the knowledge and tools to defend your business. Download the eBook.
Lumen’s Black Lotus Labs and Microsoft Threat Intelligence have published reports on a lengthy campaign by Secret Blizzard (also known as "Turla"), a threat actor tied to Russia's Federal Security Service (FSB). Secret Blizzard infiltrated thirty-three command-and-control nodes used by the Pakistani espionage actor Storm-0156 (also tracked as "SideCopy" or "Transparent Tribe") and repurposed them to deploy malware within Afghan government networks. Secret Blizzard also used the access to compromise military and defense-related institutions in India. Additionally, the threat actor compromised the workstations of the Pakistani-based operators, acquiring "insights into Storm-0156’s tooling, credentials for both C2s and targeted networks, as well as exfiltrated data collected from prior operations."
In our eBook, Building an Identity Security Program, we provide a step-by-step guide to creating a resilient identity security framework. You'll learn how to integrate identity security into your overall security strategy, protect against threats like MFA attacks, and secure access across your entire organization. Don’t leave your organization vulnerable to identity-based attacks. Arm yourself with the knowledge and tools to defend your business. Download the eBook.
Earth Minotaur targets Tibetan and Uyghur communities with mobile phishing attacks.
Trend Micro is tracking a threat actor dubbed "Earth Minotaur" that's using the MOONSHINE exploit kit to target Tibetan and Uyghur communities. MOONSHINE is designed to exploit vulnerabilities in instant messaging apps on Android devices in order to plant a backdoor. Victims are targeted via phishing messages with malicious links, often themed around Chinese news or government announcements.
Trend Micro notes, "MOONSHINE uses multiple Chromium exploits to attack instant messaging apps on Android. As many instant messaging apps use Chromium as their engine of the built-in browser, it becomes vulnerable when an application doesn’t update their Chromium and doesn’t enable the sandboxing protection feature. This gives attackers a great opportunity to exploit these vulnerabilities and install their backdoors. We found that the MOONSHINE exploit kit can attack multiple versions of Chromium and the Tencent Browser Server (TBS), which is another Chromium-based browser engine."
Dropzone AI Named a Gartner Cool Vendor for the Modern SOC.Dropzone AI has been recognized as a Gartner Cool Vendor, validating its role in transforming SOCs. With an AI SOC Analyst that autonomously investigates alerts 24/7, Dropzone AI helps security teams stay ahead by reducing alert fatigue and providing decision-ready insights. Discover how we're leading SOC innovation.
Trend Micro is tracking a threat actor dubbed "Earth Minotaur" that's using the MOONSHINE exploit kit to target Tibetan and Uyghur communities. MOONSHINE is designed to exploit vulnerabilities in instant messaging apps on Android devices in order to plant a backdoor. Victims are targeted via phishing messages with malicious links, often themed around Chinese news or government announcements.
Trend Micro notes, "MOONSHINE uses multiple Chromium exploits to attack instant messaging apps on Android. As many instant messaging apps use Chromium as their engine of the built-in browser, it becomes vulnerable when an application doesn’t update their Chromium and doesn’t enable the sandboxing protection feature. This gives attackers a great opportunity to exploit these vulnerabilities and install their backdoors. We found that the MOONSHINE exploit kit can attack multiple versions of Chromium and the Tencent Browser Server (TBS), which is another Chromium-based browser engine."
Dropzone AI has been recognized as a Gartner Cool Vendor, validating its role in transforming SOCs. With an AI SOC Analyst that autonomously investigates alerts 24/7, Dropzone AI helps security teams stay ahead by reducing alert fatigue and providing decision-ready insights. Discover how we're leading SOC innovation.
Notes.
Today's issue includes events affecting Afghanistan, China, India, Pakistan, Russia, and the United States.
Sponsored EventsUpcoming Cybersecurity Summits (Multiple locations, Dec 6 2024 - Jan 31 2025) Join us In-Person and network over breakfast, lunch & a cocktail reception on 12/6 in Scottsdale, 12/12 in Jacksonville, 1/24 in Tampa and 1/31 in Atlanta! Learn about the latest threats and solutions from Huntington National Bank, Coca Cola, IBM and more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)Selected Reading
Today's issue includes events affecting Afghanistan, China, India, Pakistan, Russia, and the United States.
Attacks, Threats, and Vulnerabilities
Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam (Silent Push) Silent Push Threat Analysts began tracking a campaign we are calling “Payroll Pirates" for their use of a payroll redirection phishing scam
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples (iVerify) iVerify’s Mobile Threat Hunting finds Pegasus spyware is more prevalent and capable of infecting a wide range of devices, not just devices of high-risk users.
Black Friday triggers more than 600% rise in attempted retail cyber scams (PR Newswire) /PRNewswire/ -- Darktrace, a global leader in AI for cybersecurity, today revealed a surge in retail cyber attacks at the opening of the 2024 holiday shopping...
Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam (Silent Push) Silent Push Threat Analysts began tracking a campaign we are calling “Payroll Pirates" for their use of a payroll redirection phishing scam
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples (iVerify) iVerify’s Mobile Threat Hunting finds Pegasus spyware is more prevalent and capable of infecting a wide range of devices, not just devices of high-risk users.
Black Friday triggers more than 600% rise in attempted retail cyber scams (PR Newswire) /PRNewswire/ -- Darktrace, a global leader in AI for cybersecurity, today revealed a surge in retail cyber attacks at the opening of the 2024 holiday shopping...
Trends
Threat Spotlight: Phishing techniques to look out for in 2025 (Barracuda) Over the last few months, Barracuda’s threat analysts have reported on several advanced phishing techniques implemented by attackers to evade security controls and make malicious emails look more convincing, legitimate, and personal.
Threat Spotlight: Phishing techniques to look out for in 2025 (Barracuda) Over the last few months, Barracuda’s threat analysts have reported on several advanced phishing techniques implemented by attackers to evade security controls and make malicious emails look more convincing, legitimate, and personal.
Products, Services, and Solutions
RegScale Joins ICMP, the AWS Marketplace for Intelligence Agencies (RegScale) RegScale has been listed on the AWS Marketplace for the Intelligence Community (ICMP) — learn how we’re transforming GRC for intelligence and government.
OpenText Partners with Secure Code Warrior to Deliver Comprehensive Application Security and Customized Developer Risk Management (OpenText) The new agreement empowers development teams with continuous upskilling to turn security into a strategic advantage, reduce risks, and elevate customer trust
Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects (BusinessWire) New Bundle Provides Market-Leading Application Security Testing for SAP BTP Development
CrowdStrike Helps Secure the End-to-End AI Ecosystem Built on AWS (CrowdStrike) CrowdStrike expands AWS integration at re:Invent 2024, securing AI innovation with end-to-end visibility and protection for workloads, AI models, and sensitive data in the cloud.
SECUTIX and DataDome Partner to Elevate Bot Protection for Ticketing (SECUTIX) SECUTIX and DataDome Partner to Elevate Bot Protection for Ticketing - 4th December 2024
Axiad Unveils Axiad Mesh to Resolve Identity Risk at Enterprise Scale (Axiad) World’s First Identity Risk Management Solution Helps Organizations Identify, Quantify and Automatically Remediate Risks, and Fortify Identities for Maximum Security
Revolut Selects Metomic to Enhance SaaS Data Security across Its SaaS Environment (Metomic) According to Revolut, Metomic’s solution provides the visibility and control needed to drive innovation without sacrificing data security
Exclusive Networks Takes Cloud Security to the Next Level with Netskope Managed Services (Netskope) Cybersecurity Specialist Becomes a Netskope Global Authorized Training Partner
OpenText Partners with Secure Code Warrior to Deliver Comprehensive Application Security and Customized Developer Risk Management (OpenText) The new agreement empowers development teams with continuous upskilling to turn security into a strategic advantage, reduce risks, and elevate customer trust
Industry EventsFor a complete running list of events, please visit the Event Tracker.
RegScale Joins ICMP, the AWS Marketplace for Intelligence Agencies (RegScale) RegScale has been listed on the AWS Marketplace for the Intelligence Community (ICMP) — learn how we’re transforming GRC for intelligence and government.
OpenText Partners with Secure Code Warrior to Deliver Comprehensive Application Security and Customized Developer Risk Management (OpenText) The new agreement empowers development teams with continuous upskilling to turn security into a strategic advantage, reduce risks, and elevate customer trust
Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects (BusinessWire) New Bundle Provides Market-Leading Application Security Testing for SAP BTP Development
CrowdStrike Helps Secure the End-to-End AI Ecosystem Built on AWS (CrowdStrike) CrowdStrike expands AWS integration at re:Invent 2024, securing AI innovation with end-to-end visibility and protection for workloads, AI models, and sensitive data in the cloud.
SECUTIX and DataDome Partner to Elevate Bot Protection for Ticketing (SECUTIX) SECUTIX and DataDome Partner to Elevate Bot Protection for Ticketing - 4th December 2024
Axiad Unveils Axiad Mesh to Resolve Identity Risk at Enterprise Scale (Axiad) World’s First Identity Risk Management Solution Helps Organizations Identify, Quantify and Automatically Remediate Risks, and Fortify Identities for Maximum Security
Revolut Selects Metomic to Enhance SaaS Data Security across Its SaaS Environment (Metomic) According to Revolut, Metomic’s solution provides the visibility and control needed to drive innovation without sacrificing data security
Exclusive Networks Takes Cloud Security to the Next Level with Netskope Managed Services (Netskope) Cybersecurity Specialist Becomes a Netskope Global Authorized Training Partner
OpenText Partners with Secure Code Warrior to Deliver Comprehensive Application Security and Customized Developer Risk Management (OpenText) The new agreement empowers development teams with continuous upskilling to turn security into a strategic advantage, reduce risks, and elevate customer trust
For a complete running list of events, please visit the Event Tracker.
Events
AWS re:Invent (Las Vegas, Nevada, USA, Dec 2 - 6, 2024) AWS re:Invent offers learning sessions on many topics in a variety of formats and at various levels so you can expand your knowledge and grow your skills at a pace that is right for you. Select a topic from the list to learn more about these opportunities at re:Invent.
ISC2 SECURE Washington, DC (Virtual, Dec 4 - 5, 2024) You’re invited to participate in powerful collaboration and discover the latest topics impacting the cybersecurity profession. Join us for ISC2 SECURE Washington, DC, Live online on December 4-5, 2024! Over two days of interactive sessions, cybersecurity experts will address common challenges shared by government entities and the private sector/industry - not just in DC but around the globe. After a number of major national and global cybersecurity incidents in 2024, its clear we're all part of one ecosystem that must remain a united front to ensure resilience in the face of threats. Make an impact on the security of your organization’s assets and data with actionable ideas and strategies from this important event. Members earn up to 7.5 CPE credits.
SecureWorld Pacific Virtual Conference (Virtual, Dec 11, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
GovSummit (Washington, DC, USA, Dec 11, 2024) In a world of escalating digital threats and disruptions, Splunk stands at the core of government agencies, equipping them with the solutions they need to stay resilient and ensure mission success, even in the face of the unexpected. Today, the power is in digital resilience.
Sponsor & SupportGrow your brand, generate leads, and fill your funnel.With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.
AWS re:Invent (Las Vegas, Nevada, USA, Dec 2 - 6, 2024) AWS re:Invent offers learning sessions on many topics in a variety of formats and at various levels so you can expand your knowledge and grow your skills at a pace that is right for you. Select a topic from the list to learn more about these opportunities at re:Invent.
ISC2 SECURE Washington, DC (Virtual, Dec 4 - 5, 2024) You’re invited to participate in powerful collaboration and discover the latest topics impacting the cybersecurity profession. Join us for ISC2 SECURE Washington, DC, Live online on December 4-5, 2024! Over two days of interactive sessions, cybersecurity experts will address common challenges shared by government entities and the private sector/industry - not just in DC but around the globe. After a number of major national and global cybersecurity incidents in 2024, its clear we're all part of one ecosystem that must remain a united front to ensure resilience in the face of threats. Make an impact on the security of your organization’s assets and data with actionable ideas and strategies from this important event. Members earn up to 7.5 CPE credits.
SecureWorld Pacific Virtual Conference (Virtual, Dec 11, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.
GovSummit (Washington, DC, USA, Dec 11, 2024) In a world of escalating digital threats and disruptions, Splunk stands at the core of government agencies, equipping them with the solutions they need to stay resilient and ensure mission success, even in the face of the unexpected. Today, the power is in digital resilience.
Comments
Post a Comment
Please leave a comment about our recent post.