07-Mar-24: In Security News Today

China-Linked Cyber Spies Targeting Asia with Watering Hole and Supply Chain Attacks

A nation-state group with ties to China has been conducting cyber espionage by compromising a Tibetan festival website and a software application to target user systems in Asia. This highlights the blending of watering hole and supply chain attacks by cyber spies. The cybersecurity news platform covers global content with a focus on the Middle East & Africa.

Evasive Panda Cyber-Espionage Campaign Targeting Tibetans

A cyber-espionage campaign by the APT group Evasive Panda, also known as BRONZE HIGHLAND and Daggerfly, has been targeting Tibetans globally since at least September 2023. The attackers exploited the Monlam Festival to conduct a watering hole attack and supply-chain compromise involving trojanized Tibetan language translation software installers. Evasive Panda’s sophisticated tactics included deploying various malicious downloaders and backdoors, such as the previously undocumented Nightdoor for Windows, to infiltrate networks and compromise targeted individuals.

Data Breach at Fidelity Linked to Third-Party Vendor

A data breach at Fidelity Investments Life Insurance Company affecting nearly 30,000 individuals has been linked to a cyber incident at third-party service provider Infosys McCamish. This breach follows a similar incident at Bank of America involving the same vendor. The breach exposed sensitive information like names, Social Security numbers, bank account details, and dates of birth, highlighting the increasing frequency and impact of third-party security breaches.

Python-Based Snake Info Stealer Spreading Through Facebook Messages

A Python-based information stealer named Snake is spreading through Facebook messages, targeting unsuspecting users to capture credentials and sensitive data. The malware transmits harvested credentials to platforms like Discord, GitHub, and Telegram. The threat actor behind Snake is likely focused on Vietnamese users, as the malware gathers data from the Vietnamese browser Cốc Cốc and exfiltrates information via the Telegram Bot API.

Former Google Engineer Charged with Theft of AI Technology for Chinese Firms

A former Google engineer, Linwei Ding, has been indicted for stealing trade secrets related to Google’s AI technology to benefit companies in China, highlighting US efforts to prevent the outflow of critical technological information. The stolen trade secrets included details about specialized hardware and software crucial for Google’s supercomputing centers. The US government has been taking measures, such as establishing the Disruptive Technology Strike Force, to address intellectual property theft and tighten restrictions on the export of advanced technologies to countries like China.

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure

Following the disclosure and patching of a critical TeamCity authentication bypass vulnerability, CVE-2024-27198, attackers began exploiting the flaw almost instantly. The issue, allowing unauthorized admin access, was compounded by a miscommunication in the disclosure process between JetBrains and Rapid7, leading to immediate and widespread attack attempts. This incident underscores the rapid pace at which attackers can exploit disclosed vulnerabilities, highlighting the critical need for timely patch application and improved communication during vulnerability disclosures.

Sensitive Swiss Government Data Leaked by Play Ransomware Group

In 2023, the Play ransomware group leaked sensitive Swiss federal government data, including classified documents and login credentials, after attacking IT service provider Xplain. The leaked data included around 65,000 documents, with a majority belonging to the Federal Department of Justice and Police, the Federal Office of Justice, and the Federal Office of Police. The Play ransomware group, believed to be based in Russia, has been responsible for numerous successful attacks using a double extortion model targeting businesses and critical infrastructure in North America, South America, and Europe.

Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks

Cybercriminals, identified as TA4903, have been conducting phishing and BEC campaigns since at least 2021, targeting US organizations by spoofing government agencies and various private sectors. These attacks aim to harvest corporate credentials for fraud activities, such as invoice fraud or payroll redirection. The campaign showcases sophisticated tactics like using PDF attachments with QR codes and HTML attachments, underlining the critical need for heightened awareness and defense strategies against such targeted phishing operations.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.