Home Security News Cybersecurity Headlines: Chinese APT Hacks US Entities, Ukraine Targets Russian Tax Agency, and More

Cybersecurity Headlines: Chinese APT Hacks US Entities, Ukraine Targets Russian Tax Agency, and More

Posted: January 3, 2024

black samsung android smartphone on white textile

Chinese APT Hacked Dozens of US Critical Entities

In a startling development in the cybersecurity landscape, Chinese state-sponsored hackers, also known as Advanced Persistent Threats (APT), successfully infiltrated the systems of multiple US-based critical entities. The affected numbers amount to a staggering two dozen entities, demonstrating the broad scale and reach of the breach.

The infected parties constitute some of the nation's key service sectors. These include a prominent gas and oil pipeline, underlining the energy sector's vulnerability to cyber onslaughts. Furthermore, a water utility operating in Hawaii and a major port also fell into the crosshairs of these malicious actors. The incident highlighted critical infrastructure cyber vulnerabilities and underscored the urgency for bolstered cybersecurity protocols.

Significant Security Vulnerabilities Get Patched

To bolster security across various platforms, companies such as Fortinet, Zoom, Palo Alto Networks, and Ivanti released patches addressing several security flaws. These patches highlight the ongoing efforts of tech giants to strengthen their cybersecurity and safeguard users from potential cyber threats.

Ukraine Claims Destruction of Russia's Federal Tax Agency's Servers

In a significant turn of events in the cyber warfare scene, Ukraine's defense intelligence directorate, the GUR, has made substantial claims of successful cyber-attacks against Russia. A prime target is Russia's Federal Tax Service (FNS), one of the crucial agencies in the country.

According to the allegations leveled by the GUR, the Ukrainian entity managed to strike a devastating blow by wiping out an astounding number of over 2,300 servers at the FNS. The impact of the offensive suggests a thorough and systematic approach to cyber warfare to cause large-scale disruption.

The damage goes beyond mere server destruction, implying a complete obliteration of the infrastructure at the FNS. As per the claims, the attack erased critical databases and their backups, resulting in a significant data loss.

Adding to the devastation, configuration files within the servers were deleted, and regional servers connected to the main hub were disconnected. This comprehensive attack practically dismantles the operational abilities of the FNS, severely disrupting tax-related operations throughout Russia.

GambleForce Exploits SQL Injections to Steal Sensitive Information

A recent revelation in the field of cybercrime involves the suspicious activities of GambleForce. The cyber group has been using SQL injections, a code injection technique used to attack data-driven applications, to infiltrate many platforms. Targets reported include gambling, government, retail, and travel websites.

Cybercriminal conduct involves stealing sensitive data from these websites, a violation that can lead to serious negative implications ranging from financial misappropriation to unauthorized access to private data. This case underlines the urgency for strengthened fortification against SQL injections, a well-known yet persisting vulnerability in many sites.

Microsoft Defies Storm-1152 Cybercrime-As-A-Service Business

Showing resilience against cybercrime, Microsoft has taken action against Storm-1152. The entity, operating as a cybercrime-as-a-service business, has facilitated numerous malicious activities, including phishing, identity theft, and Distributed Denial of Service (DDoS) attacks.

Through its actions, Microsoft has disrupted the operations of Storm-1152, setting a precedent to push back against cybercrime-as-a-service businesses. It also massively supports attempts to secure the cyber landscape and protect users from falling prey to these heinous acts.

Suspected Hive Ransomware Gang Member Arrested in France

In a significant win against cyber threats, French police made a notable arrest. They successfully apprehended an individual suspected to be involved with the notorious Hive ransomware gang. Known for its malicious ransomware activities targeting systems globally, the Hive gang's operations play a central role in the rise of digital crime.

The arrest not only resulted in the detaining of a suspected member but also led to the discovery of a substantial amount of digital currency suspected to have been accrued through unlawful activities. The development signals a positive step forward in tackling international cybercriminal networks that exploit digital privacy.

SIM Swapper Sentenced in Texas

In an unfolding event of cybercrime consequences, a Texas resident received a firm prison sentence for SIM swapping, resulting in massive cryptocurrency theft. Daniel Akira Mills, the convicted offender, has been handed a 24-month sentence for his illicit activities.

Mills' illicit activities utilized SIM swapping - an increasingly prevalent cybercrime method - to steal digital identities and siphon off assets. As a result of his operations, Mills managed to amass over $600,000 in cryptocurrency. His conviction and subsequent sentencing underline the increasing legal repercussions globally for indulging in such fraudulent activities.

Former Amazon Engineer Pleads Guilty to Crypto Exchange Hacking

In another prominent cybercrime case, Shakeeb Ahmed, a previous security engineer at Amazon, pleaded guilty to hacking charges. Ahmed was charged with infiltrating and robbing two cryptocurrency exchanges. The offenses, committed in July 2022, resulted in stealing over $12.3 million worth of digital currency.

As digital currencies gain wider acceptance and use, the security of cryptocurrency exchanges becomes crucial. Cases like Ahmed's underscore the pressing need for robust security measures to safeguard these platforms against potential vulnerabilities and thefts.

New Vulnerability Discoveries and Patches

The cybersecurity landscape remains a constant battlefield, with new vulnerabilities being discovered at a quick pace, along with the development of patches to fix them. Here are some of the most recent notable vulnerabilities and patch news.

CISA Assigns CVE to Unitronics Vulnerability Exploited in Water Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has assigned a Common Vulnerabilities and Exposures (CVE) identifier to a vulnerability discovered in Unitronics' Vision PLC system. This step is crucial in recognizing and bringing attention to the vulnerability exploited in recent attacks on water sector entities. The CVE identifier helps in the standardized identification and reporting of the vulnerability, aiding in effective mitigation efforts.

New DNS Spoofing Attacks Leverage Microsoft DHCP Servers

A novel form of Domain Name System (DNS) spoofing attack was recently identified, pivoting on Microsoft's Dynamic Host Configuration Protocol (DHCP) servers. These attackers employ DHCP servers to gain unauthorized access to Active Directory Integrated DNS zones without authentication. This attack underlines the imperative requirement to implement rigorous security measures and regularly update and patch systems.

Vulnerabilities in Edulog Parental Portal Exposed K-12 Student Information

Recent discoveries have exposed multiple vulnerabilities in the parental portal belonging to Edulog, an online platform dedicated to managing school transportation. These vulnerabilities opened up access to sensitive K-12 student information. The exposure emphasizes the critical need for robust cyber protection measures, especially when handling sensitive data pertaining to minors.

Fortinet, Zoom, Palo Alto Networks, and Ivanti Release Patches for High-Severity Flaws

Acute vulnerabilities often prompt immediate responses with the development of remedial patches. Several prominent tech corporations, including Fortinet, Zoom, Palo Alto Networks, and Ivanti, have recently issued patches for various high-severity irregularities. These patches address the flaws and provide enhanced security to their respective systems and platforms.

These continued discoveries of vulnerabilities and the consequent release of patches highlight cybersecurity's ongoing, rigorous dynamics. Ensuring a resilient digital space calls for constant vigilance, swift response, and the persistent pursuit of enhanced security measures.

Other Cybersecurity Updates

The field of cybersecurity remains ever-dynamic, with various updates and developments aimed at ramping up the security of digital systems. Here are some key developments that have transpired recently.

CEO of Dragos Joins Venture Capital Firm DataTribe

In a move that underlines the intertwining of cybersecurity and entrepreneurship, Robert Lee, CEO of Dragos, has joined DataTribe, a well-known venture capital firm. In his new role as a venture partner, Lee will contribute his comprehensive cybersecurity experience to further stimulate the creation and growth of startups within the industry. This strategic partnership is set to bring a synergy of capital and knowledge that could fuel new advancements in cybersecurity solutions.

Release of Open Source Tool Swagger Jacker by Bishop Fox

Bishop Fox, a leading cybersecurity consulting firm, has recently launched an open-source tool named Swagger Jacker. This tool aims to simplify the auditing of OpenAPI definition files. By offering it as an open-source application, Bishop Fox encourages wide-scale adoption, allowing users to identify and mitigate potential security risks in their API configurations. This contribution by Bishop Fox underscores the potential of collaborative, open-source efforts in strengthening cybersecurity practices.

Launch of 5th Gen Intel Xeon Processors with Enhanced Security Features

Innovation in the hardware realm continues to play a vital role in fostering more secure digital ecosystems. Chip giant Intel has launched its 5th generation Xeon processors, underlining this commitment. These new processors bring enhanced performance and, more notably, increased security with the addition of Intel Trust Domain Extensions. These improvements speak to Intel's commitment to rendering hardware more powerful and safer, tackling security challenges from the ground up.