@World - CBSNews.com
//
The U.S. Justice Department has indicted 12 Chinese nationals for their alleged involvement in state-linked cyber operations. The individuals include employees of the Chinese technology firm i-Soon, members of the APT27 group (also known as Emissary Panda, TG-3390, Bronze Union, and Lucky Mouse), and two officers from China's Ministry of Public Security. These indictments shed light on the hacking tools and methods allegedly employed in a global hacking scandal. The Justice Department stated that the Ministry of State Security (MSS) and Ministry of Public Security (MPS) utilized an extensive network of private companies, including i-Soon, to conduct unauthorized computer intrusions in the U.S. and elsewhere.
The U.S. DoJ charges these individuals with data theft and suppressing dissent worldwide. i-Soon, identified as one of the private companies involved, allegedly provided tools and methods to customers and hacked for the PRC (People's Republic of China). These actions highlight a significant cybersecurity concern involving state-sponsored actors and their use of private firms to conduct cyber espionage.
Recommended read:
References :
- bsky.app: US Justice Department has charged Chinese state security officers and APT27 and i-Soon Chinese hackers linked to network breaches and cyberattacks targeting victims worldwide since 2011.
- CyberInsider: U.S. Charges 12 Chinese Nationals Over Decade-Long Cyber Espionage Campaign
- The Cyber Express: The United States Department of Justice (DOJ) has taken action against a major cyber threat, opening indictments against 12 Chinese nationals, including two officers from China’s Ministry of Public Security (MPS) and several employees of the Chinese technology firm i-Soon.
- bsky.app: USA accuses China's State of operating network of "hackers for hire". Accused 12 individuals, 2 officers of the PRC Ministry of Public Security (MPS), employees of a private company, Anxun Information Technology Co. Ltd, and members of APT27.
- The Hacker News: U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
- securityaffairs.com: US DOJ charges 12 Chinese nationals for state-linked cyber operations
- The Register - Security: Xi's freelance infosec warriors apparently paid up to $75K to crack a single American inbox US government agencies announced Wednesday criminal charges against alleged members of China's Silk Typhoon gang, plus internet domain seizures linked to a long-term Chinese espionage campaign that saw Beijing hire miscreants to compromise US government agencies and other major orgs.…
- DataBreaches.Net: U.S. Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns
- bsky.app: The US Justice Department has charged Chinese state security officers and APT27 and i-Soon Chinese hackers linked to network breaches and cyberattacks targeting victims worldwide since 2011.
- cyble.com: U.S. Indictments Shed Light on i-Soon Hacking Tools, Methods
- Metacurity: US indicts twelve prolific Chinese hackers, including eight i-Soon staffers
- Carly Page: The Department of Justice has announced criminal charges against 12 Chinese government-linked hackers who are accused of hacking over 100 American organizations, including the U.S. Treasury, over the course of a decade
- Threats | CyberScoop: US indicts 12 Chinese nationals for vast espionage attack spree
- BleepingComputer: The U.S. Justice Department has charged Chinese state security officers along with APT27 and i-Soon hackers for network breaches and cyberattacks that have targeted victims globally since 2011.
- hackread.com: US Charges 12 in Chinese Hacker-for-Hire Network, Offers $10M Reward
- Risky Business Media: US indicts the i-Soon and APT27 hackers, the BADBOX botnet gets disrupted again,authorities seize the Garantex crypto exchange, and the FBI arrests hackers who stole Taylor Swift concert tickets.
- Security | TechRepublic: The article discusses the charges against Chinese hackers for their role in a global cyberespionage campaign.
- techxplore.com: US indicts 12 Chinese nationals in hacking
- : US Charges Members of Chinese Hacker-for-Hire Group i-Soon
- Matthias Schulze: U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations
- WIRED: US Charges 12 Alleged Spies in China’s Freewheeling Hacker-for-Hire Ecosystem
- Blog: FieldEffect blog post about U.S. indicts 12 Chinese nationals for cyber espionage.
- blog.knowbe4.com: U.S. Justice Department Charges China’s Hackers-for-Hire Working IT Contractor i-Soon
- Talkback Resources: The article details the indictment of 12 Chinese individuals for hacking activities.
- Schneier on Security: The article discusses the indictment of Chinese hackers for their involvement in global hacking activities.
Eduard Kovacs@SecurityWeek
//
Spanish authorities have arrested a hacker in Alicante for allegedly conducting over 40 cyberattacks targeting critical public and private organizations, including NATO, the US Army, and various Spanish entities such as the Guardia Civil and the Ministry of Defense. The investigation began in early 2024 after a data leak was reported from a Madrid business association, revealing that the hacker was boasting about stolen information on an underground criminal forum, even defacing the victim's website.
The suspect, known online as "Natohub" among other pseudonyms, is accused of illegally accessing computer systems, disclosing secrets, damaging computers, and money laundering. Police seized multiple computers, electronic devices, and over 50 cryptocurrency accounts containing various digital assets. Although the suspect's name hasn't been released by police, local news reports identify him as an 18-year-old man.
Recommended read:
References :
- BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
- securityaffairs.com: Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US.
- BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
- Help Net Security: Suspected NATO, UN, US Army hacker arrested in Spain
- SecurityWeek: Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army.
- : The Spanish National Police and the Civil Guard announced the arrest (and release) of a hacker responsible for the cyberattacks against various Spanish government organizations, NATO and U.S. Army databases, and other international companies and entities.
- www.scworld.com: Suspected hacker arrested for attacks on NATO, US Army
- CyberInsider: Police Arrest Hacker Behind Attacks on U.S. and NATO Systems
- cyberinsider.com: Police Arrest Hacker Behind Attacks on U.S. and NATO Systems
- www.bleepingcomputer.com: Spanish National Police : (Spanish language) The Spanish National Police and the Civil Guard announced the arrest (and release) of a hacker responsible for the cyberattacks against various Spanish government organizations, NATO and U.S. Army databases, and other international companies and entities. Police seized multiple computers, electronic devices, and 50 cryptocurrency accounts containing various digital assets. Although no identity was released, linked the victim organizations to high profile attacks by the hacker using the alias "natohub".
- www.helpnetsecurity.com: Suspected NATO, UN, US Army hacker arrested in Spain
- www.securityweek.com: SecurityWeek provides details on the hacker's arrest and the organizations targeted.
- BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
- bsky.app: The Spanish police have arrested a suspected hacker in Alicante
for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities. https://www.bleepingcomputer.com/news/legal/spain-arrests-suspected-hacker-of-us-and-spanish-military-agencies/
- Cybernews: An undisclosed hacker has been accused of over 40 cyberattacks on strategic organizations, including government, universities, NATO, and the US Army.
- www.policia.es: Spanish National Police : (Spanish language) The Spanish National Police and the Civil Guard announced the arrest (and release) of a hacker responsible for the cyberattacks against various Spanish government organizations, NATO and U.S. Army databases, and other international companies and entities.
- Techmeme: Spanish police arrest a hacker for allegedly conducting 40 cyberattacks on critical public and private organizations, seizing 50 crypto accounts, PCs, and more
- BleepingComputer: The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities.
- www.techmeme.com: Spanish police arrest a hacker for allegedly conducting 40 cyberattacks on critical public and private organizations, seizing 50 crypto accounts, PCs, and more
- ciso2ciso.com: Police arrest teenager suspected of hacking NATO and numerous Spanish institutions
- gbhackers.com: Authorities Arrested Hacker Who Compromised 40+ Organizations
- www.helpnetsecurity.com: The Spanish National Police has arrested a hacker suspected of having breached national and international agencies (including the United Nation’s International Civil Aviation Organization and NATO), Spanish universities and companies, and released stolen data on the dark web.
gist.github.com via pushcx@Lobsters
//
A 15-year-old hacker has uncovered a significant security vulnerability related to Cloudflare's caching feature. This "zero-click deanonymization attack" can expose a user's precise location, within a 250-mile radius, without any interaction required from the user. The exploit impacts several popular platforms, including Signal and Discord, raising concerns for privacy among users. The hacker published a research paper warning about this undetectable exploit, targeted towards journalists, activists, and hackers, highlighting how attackers could send a malicious payload and reveal locations within seconds.
Multiple online cybercrime platforms including Cracked, Nulled, Sellix, and StarkRDP, have been seized by law enforcement in a large international operation. These sites, which facilitated the trading of stolen data, malware, and hacking tools, were used by over 10 million users. The operation involved authorities from multiple countries, and included arrests, property searches, and the confiscation of devices and funds. Europol reports that these platforms had generated over a million euros in illicit profits. The shutdown also targeted supporting services like financial processor Sellix and hosting service StarkRDP. Authorities indicate that these forums also offered AI-based tools to automate security vulnerability scans and enhance phishing attacks.
Recommended read:
References :
- Lobsters: Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
- The Hacker News: Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown
- blog.cloudflare.com: Cloudflare : Cloudflare released an outage postmortum for yesterday's incident in which multiple Cloudflare services were unavailable for almost a full hour.
- BleepingComputer: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage yesterday that brought down multiple services for nearly an hour.
- www.bleepingcomputer.com: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage yesterday that brought down multiple services for nearly an hour.
- BleepingComputer: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage yesterday that brought down multiple services for nearly an hour.
- cyb_detective: An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.
- Anonymous ???????? :af:: An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.
- : Cloudflare : Cloudflare released an outage postmortum for yesterday's incident in which multiple Cloudflare services were unavailable for almost a full hour. This caused all operations against R2 object storage to fail for the duration of the incident, and caused a number of other Cloudflare services that depend on R2 to fail as well.
- bsky.app: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage yesterday that brought down multiple services for nearly an hour.
- BleepingComputer: A routine attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.
- : Cloudflare released an outage postmortum for yesterday's incident in which multiple Cloudflare services were unavailable for almost a full hour.
@blogs.microsoft.com
//
Microsoft is taking legal action against a foreign-based hacking group accused of operating a "hacking-as-a-service" infrastructure. This group exploited stolen Azure API keys and customer Entra ID credentials to bypass the safety controls of Microsoft's generative AI services, particularly the Azure OpenAI Service. They are said to have developed sophisticated software to gain access, and then intentionally alter the capabilities of those services. This allowed them to generate offensive and harmful content, which was then distributed through tools sold to other malicious actors. This abuse was discovered by Microsoft in July 2024, leading to the lawsuit.
Microsoft's Digital Crimes Unit has stated that the threat actors actively scraped public websites to obtain exposed customer credentials. The group monetized their illicit access by selling custom tools, alongside detailed instructions on generating harmful content. The lawsuit seeks to dismantle the group’s operation, including seizing websites like "aitism[.]net" central to their criminal activity. Microsoft has since revoked the threat-actor's access, put in place countermeasures and strengthened their safeguards to prevent future incidents. The threat actor group is believed to have targeted not only Microsoft but other AI platforms and U.S. based companies, including those in Pennsylvania and New Jersey.
Recommended read:
References :
- ciso2ciso.com: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation – Source:thehackernews.com
- osint10x.com: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
- The Hacker News: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
- Pyrzout :vm:: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation – Source:thehackernews.com
- www.the420.in: Microsoft Sues Hackers for Exploiting AI Services with Stolen Azure Credentials
- Schneier on Security: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
- arstechnica.com: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
- Osint10x: Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
- blogs.microsoft.com: Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
|
|
FlagThis - #hacking