T-Mobile Shares More Information on China-Linked Cyberattack

November 28, 2024 at 06:30AM T-Mobile reported a cyberattack linked to the Chinese group Salt Typhoon but stated the attack was blocked with no access to sensitive customer data. T-Mobile’s Chief Security Officer clarified that while attempts were detected, defenses protected their systems, and connections to the attacking network were severed promptly. ### Meeting Takeaways … Read more

U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider

November 27, 2024 at 11:54PM T-Mobile reported recent attempts by hackers to infiltrate its systems, though no sensitive data was accessed. The attacks originated from a connected wireline provider’s network and were thwarted by T-Mobile’s security measures. The incident is notable following cyber threats from a China-linked group targeting U.S. telecoms. ### Meeting Takeaways – … Read more

T-Mobile US takes a victory lap after stopping cyberattacks: ‘Other providers may be seeing different outcomes’

November 27, 2024 at 04:05PM Chinese cyber-espionage group “Salt Typhoon” allegedly compromised a wireline provider’s network to access T-Mobile US systems. T-Mobile thwarted these attempts, ensuring no sensitive customer data was accessed. The company, which has faced breaches previously, is seeing positive results from enhanced cybersecurity measures following a significant investment. **Meeting Notes Takeaways:** 1. … Read more

APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor

November 27, 2024 at 06:28AM APT-C-60, a South Korea-aligned cyber espionage group, targeted a Japanese organization in August 2024 using a job application phishing scheme to deploy the SpyGlace malware. The attack utilized services like Google Drive and Bitbucket, exploiting vulnerabilities in WPS Office, and involved sophisticated methods for executing and distributing the malware. ### … Read more

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

November 26, 2024 at 06:18AM The Chinese threat actor Earth Estries has been targeting Southeast Asian telecommunications and government networks using a new backdoor, GHOSTSPIDER, along with MASOL RAT. Compromising over 20 entities globally, they exploit various vulnerabilities for cyber espionage, showcasing advanced tactics and a sophisticated operational structure. Recent attacks indicate a significant evolution … Read more

Fancy Bear ‘Nearest Neighbor’ Attack Uses Nearby Wi-Fi Network

November 25, 2024 at 01:29PM Russian APT group Fancy Bear employed a novel “Nearest Neighbor” cyber-espionage technique during the Russia-Ukraine war, infiltrating a US organization by compromising nearby Wi-Fi networks. This remote attack underscores the security risks of proximity and emphasizes the need for stronger defenses against Wi-Fi vulnerabilities and enhanced monitoring practices. ### Meeting … Read more

Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack

November 25, 2024 at 04:54AM A Russian cyberespionage group executed a Nearest Neighbor Attack to infiltrate Organization A’s network via Wi-Fi, after compromising a nearby organization. Investigated by Volexity, the attack involved credential theft and sophisticated methods like using Microsoft’s Cipher.exe to erase traces. The incident highlights Wi-Fi security vulnerabilities for organizations. ### Meeting Notes … Read more

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

November 25, 2024 at 03:34AM Earth Estries, a Chinese APT group, has been targeting critical sectors globally since 2023, utilizing advanced malware like GHOSTSPIDER and SNAPPYBEE. Their tactics involve exploiting public server vulnerabilities for espionage, impacting over 20 organizations across various industries. They employ a complex command-and-control infrastructure, indicating shared tools with other APTs. **Meeting … Read more

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

November 22, 2024 at 12:17PM A China-linked group, TAG-112, compromised Tibetan media and university websites, delivering the Cobalt Strike toolkit via malicious JavaScript. Visitors were tricked into downloading disguised malware, highlighting ongoing cyber-espionage targeting Tibet. Although linked to a more advanced group (TAG-102), TAG-112 exhibits less sophistication in its attacks. ### Meeting Takeaways – Nov … Read more

Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia

November 22, 2024 at 07:12AM Russian-linked threat group TAG-110 has been conducting a cyber espionage campaign targeting Central Asia, East Asia, and Europe, utilizing custom malware HATVIBE and CHERRYSPY. The campaign, focused on government and educational institutions, aims to gather intelligence to support Russia’s geopolitical interests, particularly in post-Soviet states. **Meeting Takeaways – Cyber Espionage … Read more