December 23, 2023 at 07:54AM
Iranian cyberspies, identified as Peach Sandstrom by Microsoft, are targeting defense industrial base organizations with a new backdoor called FalseFont. APT33, which Mandiant tracks as Iran-backed, engages in strategic cyberespionage against organizations in the US, Saudi Arabia, and South Korea. Additionally, 443 online shops have been compromised by cyber crooks using JavaScript-sniffers to steal payment information. Lastly, critical vulnerabilities, including a Chrome bug under exploit and Apple security updates, warrant immediate attention. Finally, Kazakhstan has decided to extradite a network security specialist, Nikita Kislitsin, to Moscow, following a battle between the US and Russia over his extradition.
After analyzing the meeting notes, the key takeaways are as follows:
1. Iranian cyberspies, referred to as Peach Sandstorm, are using a new backdoor named FalseFont to target defense industrial base organizations. They are particularly focused on organizations in the US, Saudi Arabia, and South Korea, with a specific interest in commercial and military aviation companies, as well as those in the energy sector with ties to petrochemical production.
2. A coordinated effort involving law enforcement agencies from 17 countries, Europol, ENISA, and private-sector security firms revealed that 443 online shops had been compromised by cyber crooks using JavaScript-sniffers to steal customers’ credit card or payment information.
3. Multiple critical vulnerabilities have been identified, including vulnerabilities in Chrome, Apple’s Safari, iOS, iPadOS, macOS Sonoma, Ivanti’s Avalanche enterprise mobile device management product, EuroTel ETL3100 radio transmitters, and EFACEC BCU 500 control and automation devices. These vulnerabilities could lead to denial of service, remote code execution, disclosure of sensitive information, and access to hidden resources.
4. A Russian infosec worker, Nikita Kislitsin, is being extradited to Moscow from Kazakhstan. The US government had requested his extradition to Washington in connection with alleged cyber crimes, while Moscow also made an extradition request, which appears to have been granted.
These takeaways provide an overview of the significant cybersecurity threats and incidents discussed in the meeting notes.