China accuses US of cyberattacks and cyberespionage
The Chinese National Computer Virus Emergency Response Center (CVERC) published a report on Monday, jointly with the private Chinese cybersecurity firm Qihoo 360, accusing the NSA of conducting “tens of thousands of malicious attacks on network targets in China in recent years” through its Tailored Access Operations (TAO) elite hacker unit. The attacks included a university that focuses on aeronautical and space research. The foreign ministry in Beijing stated, “we ask the US to provide an explanation and urge them to immediately stop this illegal move.”
London’s biggest bus operator hit by cyber “incident”
The transportation group Go-Ahead announce this week in a statement delivered to the London Stock Exchange that it had discovered unauthorized activity on its network. Sky News reported that “bus and driver rosters may have been impacted by the attack, which could disrupt operations.” Go-Ahead operates multiple services across England and is London’s largest bus company, operating over 2400 buses in the capital and employing more than 7000 staff. The firm also operates several high-capacity railway services in the UK including Great Northern, Thameslink, Gatwick Express and Southern.
Researchers reveal new Iranian threat group APT42
Threat intelligence firm Mandiant says it has found at least 30 victims of APT42, a state-backed Iranian threat group, although it said the count is likely much higher given the group’s “high operational tempo.” Mandiant assessed with “moderate confidence” that the group “is operating on behalf of the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO),” and that it poses a threat to foreign policy officials, commentators, and journalists, particularly those in the US, the UK and Israel, working on Iran-related projects,” it said.
Over 80% of top websites leak user searches to advertisers
Security researchers at Norton Labs have found that roughly eight out of ten websites that offer a search bar leak visitors’ search terms to online advertisers like Google, which implies a breaching of the users’ privacy by leaking sensitive information to a network of third parties. These third parties can then use this data to deliver targeted advertisements or track user behavior on the web. This leaves users unable to estimate their exposure or stop its dissemination. While some websites may declare this practice in their user policy, visitors typically don’t read these and assume that the information they enter on embedded search fields is isolated from big data brokers.
Thanks to today’s episode sponsor, Snyk
Code, dependencies, containers, cloud environments… all of it.
And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places.
Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity
US government recovers $30M from Axie Infinity hack
Chainalysis announced on Thursday that it helped the U.S. government recover about $30 million stolen from Axie Infinity earlier this year. In a blog post, Chainalysis’ Erin Plante said officials recovered the funds, which were allegedly stolen by North Korea’s Lazarus Group. Plante said, “this marks the first time ever that cryptocurrency stolen by a North Korean hacking group has been seized, and we’re confident it won’t be the last.” Hackers stole over $600 million from Axie this past spring, laundering many of the proceeds through privacy mixer Tornado Cash. The U.S. Treasury Department later sanctioned Tornado Cash for facilitating money laundering.
(Coinbase)
Lazarus Group unleashes custom malware to spy on energy providers
Lazarus Group is also behind a new cyberespionage campaign whose goal appears to be to steal data and trade secrets from energy providers across the US, Canada, and Japan. This is according to research published yesterday by Cisco Talos. Threat researchers say they “observed malicious activity attributed to Lazarus Group between February and July. All of the intrusions began by exploiting Log4j vulnerabilities in VMware Horizon, followed by the deployment one or more of three custom malware implants called VSingle, YamaBot, and MagicRAT.”
Classified NATO documents stolen from Portugal, now sold on darkweb
According to Bleeping Computer, “the Armed Forces General Staff agency of Portugal (EMGFA) has suffered a cyberattack that allegedly allowed the theft of classified NATO documents, which are now sold on the dark web. The agency only realized they suffered a cyberattack after hackers posted samples of the stolen material, offering to sell the files to interested individuals. American cyber-intelligence agents noticed the sale of stolen documents and alerted the U.S. embassy in Lisbon, which in turn warned the Portuguese government about the data breach.”
Emergency text averted possible California power cuts
A text message, called a”flex-alert” sent to the phones of residents, requested them to limit energy use for three hours to cut the risk of power cuts being implemented. “The California Independent System Operator (Cal-ISO), said it saw an immediate and significant drop in the use of power after the text was sent.” The alert was issued after record temperatures put pressure on the state’s electrical grid.The alert targeted 24 counties, which included Los Angeles and the Bay Area, because of high population and high air conditioning use.
(BBC News)