CyberSecurity updates
2025-01-19 15:34:30 Pacfic

PowerSchool Breach Exposes Student Teacher Data - 10d

A recent cyberattack on PowerSchool has resulted in the compromise of all historical student and teacher data. The breach has affected multiple US school districts, exposing highly sensitive personal information. The impacted data includes all student and teacher records stored within PowerSchool’s systems. This breach represents a significant risk to the privacy and security of student and teacher information.

DOJ Removes China's PlugX Malware from US Computers - 3d
DOJ Removes China

The US Department of Justice, with the FBI, conducted a multi-month operation to remove the PlugX malware from over 4,200 infected computers in the United States. PlugX is a remote access trojan (RAT) widely used by threat actors associated with the People’s Republic of China. This action targeted the command and control infrastructure used by these actors to compromise systems, disrupting their ability to maintain persistent access and conduct further malicious activities on affected networks. The operation underscores the US government’s proactive efforts in combating state-sponsored cyber espionage activities, aiming to neutralize threats before they can be further leveraged for malicious purposes.

US Treasury Hacked by Chinese APT Group - 19h

The US Treasury Department sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe, and a Shanghai-based hacker, Yin Kecheng, for their involvement in the Salt Typhoon cyberattacks. These attacks targeted major US telecom companies, compromising sensitive data and the US Treasury’s network, including systems used for sanctions and foreign investment reviews, and even impacted the computer of the outgoing Treasury Secretary Janet Yellen. This highlights the ongoing sophisticated cyber espionage campaigns from China targeting critical infrastructure and government entities within the US and globally. The sanctioned entities are directly linked to the Chinese Ministry of State Security (MSS), and used a combination of zero-day exploits and other techniques for infiltrating networks and exfiltrating data. The compromise of the Department of the Treasury’s network is considered a major breach, potentially impacting national security due to access to sensitive information.

Ivanti Zero-Day Actively Exploited For RCE - 10d
Ivanti Zero-Day Actively Exploited For RCE

A critical zero-day vulnerability, tracked as CVE-2025-0282, has been discovered in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow allows unauthenticated remote attackers to achieve remote code execution. This is in addition to CVE-2025-0283 which is another stack-based buffer overflow, which requires a local authenticated attacker. This vulnerability is currently being actively exploited in the wild. Organizations are advised to apply the available patches immediately and perform factory resets to ensure complete removal of any potential malware. Ivanti has a long history of being targeted.

Cyber Attack Hits Eindhoven University - 5d
Cyber Attack Hits Eindhoven University

Eindhoven University of Technology (TU/e) suffered a cyber attack, forcing the university to take its network offline. This resulted in a suspension of classes. The university is located near ASML, a key chip manufacturer, raising concerns about the wider impact. The university shut down its computer network as a precautionary measure to mitigate the attack. The network systems were made inaccessible. There is no confirmation yet on data theft.

Silk Typhoon Breaches US Treasury, CFIUS - 8d
Silk Typhoon Breaches US Treasury, CFIUS

The Chinese state-sponsored hacking group ‘Silk Typhoon’ has been linked to a significant breach of a US Treasury agency in December 2024, with further reports indicating they also compromised the Committee on Foreign Investment in the United States (CFIUS), which assesses national security risks associated with foreign investments. The attackers are suspected to have stolen sensitive information from both the Treasury and the CFIUS, which has raised significant concerns in the US government. This coordinated attack demonstrates a pattern of sophisticated cyber espionage activities by the Silk Typhoon group.

MirrorFace APT Cyber Espionage Campaign Against Japan - 9d
MirrorFace APT Cyber Espionage Campaign Against Japan

The MirrorFace APT, linked to China, has been conducting extensive cyber espionage campaigns against Japan since 2019. The group uses malware delivered via email attachments, and exploits VPN vulnerabilities to steal sensitive information. Targets include the Japanese government, defense, aerospace, semiconductor, communications and research organizations. The group uses tools like ANEL and NOOPDOOR for its attacks. The campaign shows a deep focus on infiltrating Japanese national security and advanced technology sectors.

UN Aviation Agency Suffers Data Breach - 10d
UN Aviation Agency Suffers Data Breach

The International Civil Aviation Organization (ICAO), a United Nations agency, has confirmed a cyberattack resulting in the theft of 42,000 records from its recruitment database. The breach has raised concerns about the security of personal information held by international organizations, and a probe is underway to understand the extent of the damage. This incident highlights the need for enhanced security measures to protect sensitive data within international organizations.

China Hack US Treasury via BeyondTrust - 19d

Chinese state-sponsored threat actors compromised the US Treasury Department by exploiting a vulnerability in a third-party software provider, BeyondTrust. The attackers accessed employee workstations and exfiltrated unclassified documents. This incident highlights the risk associated with third-party dependencies and supply chain attacks. The attackers gained remote access, raising concerns about the security posture of government agencies. The affected systems were not immediately identified but were confirmed to be workstations.

Atos Denies Space Bears Ransomware Attack Claims - 15d
Atos Denies Space Bears Ransomware Attack Claims

French tech giant Atos, a major contractor for the French government and military, is denying claims by the Space Bears ransomware gang that they have breached their systems. The Space Bears group claims to have stolen data and has threatened to leak it, while Atos insists that no breach occurred. This incident highlights the ongoing threat of ransomware attacks, even against major organizations, and the potential for conflicting claims following such attacks. The truth will likely come out if Space Bears publishes the stolen data next week.

Rhode Island Health Data Leaked Online - 18d
Rhode Island Health Data Leaked Online

Rhode Island’s health benefits system was breached, leading to a data leak on the dark web, compromising residents’ personal data. The compromised data included sensitive information from the state’s health benefits system. This incident demonstrates the ongoing threats to government infrastructure and highlights the importance of robust security measures. The breach underscores the necessity for continuous monitoring and improvements in state-level cybersecurity protocols.