CyberSecurity news

FlagThis - #nationalsecurity

MalBot@malware.news //

US Treasury Hacked by Chinese APT Group - The US Treasury Department sanctioned a Chinese cybersecurity firm and a hacker for involvement in cyberattacks, compromising sensitive data at the Treasury and major telecom companies.
The US Treasury Department has sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe Network Technology Co., and a Shanghai-based hacker, Yin Kecheng, for their involvement in significant cyberattacks. These attacks compromised sensitive systems at the Treasury Department and major US telecommunication companies and ISPs. Sichuan Juxinhe is linked to the Salt Typhoon hacking group, which has infiltrated numerous US telecom companies and ISPs intercepting sensitive data from high-value political officials and communication platforms. Yin Kecheng, connected to the Chinese Ministry of State Security (MSS), is associated with the recent breach of the Treasury's network, impacting systems involved in sanctions and foreign investment reviews.

The Treasury's systems, including those used by Secretary Janet Yellen, were accessed during the breach resulting in the theft of over 3,000 files. The stolen data included policy documents, organizational charts, and information on sanctions and foreign investment. The cyber activity has been attributed to the Salt Typhoon group, alongside a related group known as Silk Typhoon (formerly Hafnium), which exploited vulnerabilities in Microsoft Exchange Server and used compromised APIs. The Treasury Department stated that it will continue using its authority to hold accountable malicious actors that target American people and the US government.

Recommended read:
References :
  • malware.news: US Sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks
  • The Hacker News: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
  • BleepingComputer: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
  • ciso2ciso.com: US Sanctions Chinese Hacker & Firm for Treasury, Critical Infrastructure Breaches – Source: www.darkreading.com
  • ciso2ciso.com: US sanctions Chinese hacker & firm for Treasury, critical infrastructure breaches
  • : U.S. Treasury : Treasury's OFAC is sanctioning Yin Kecheng, a Shanghai-based cyber actor who was involved with the recent Department of the Treasury network compromise.
  • ciso2ciso.com: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon – Source:thehackernews.com
  • www.bleepingcomputer.com: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
  • securityaffairs.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
  • ciso2ciso.com: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
  • Pyrzout :vm:: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
  • ciso2ciso.com: The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach.
  • www.tomshardware.com: News report on Chinese hackers infiltrating US Treasury Secretary's PC and gaining access to over 400 PCs.
  • ciso2ciso.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
  • www.nextgov.com: US Treasury Department sanctions imposed for Salt Typhoon's involvement.
  • www.nextgov.com: The Treasury Department's sanctions follow a major hack targeting telecommunications companies and potentially impacting high-value political officials.
  • Threats | CyberScoop: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks.
  • cyberscoop.com: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks
  • thecyberexpress.com: U.S. Treasury sanctions Salt Typhoon hackers
  • www.csoonline.com: The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.
  • Security Affairs: The US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD.
  • Security Boulevard: U.S. Treasury Sanctions Chinese Individual, Company for Data Breaches
@cyberscoop.com //

DOGE Cybersecurity Failures Expose US National Security - Concerns are rising over cybersecurity vulnerabilities within the Department of Government Efficiency (DOGE), particularly regarding internal backdoors potentially implemented by DOGE employees on Treasury servers.
References: ciso2ciso.com , Pyrzout :vm: , The Verge ...
Concerns are mounting over potential cybersecurity failures within the Department of Government Efficiency (DOGE), as experts express alarm over Elon Musk's takeover of key Treasury systems. The situation involves a 25-year-old DOGE team member allegedly writing backdoors into the Treasury’s $6 trillion payment system, raising serious national security concerns. These backdoors could compromise sensitive financial data, including information related to government payroll, tax records, and financial transactions, potentially leading to espionage and financial manipulation.

The alleged security failures are compounded by reports that the DOGE team member had full administrator privileges to sensitive systems, going beyond the initially claimed "read-only" access. Sensitive veterans' data, including information about Department of Veterans Affairs benefits, are among the Treasury Department records Elon Musk's so-called Department of Government Efficiency now has access to. The lack of transparency and oversight surrounding DOGE's access to these systems has prompted Senator Elizabeth Warren to demand answers from the Treasury Secretary regarding the "security and management failure."

Recommended read:
References :
  • ciso2ciso.com: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
  • Pyrzout :vm:: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
  • The Register - On-Prem: Musk’s DOGE ship gets ‘full’ access to Treasury payment system, sinks USAID
  • The Verge: Elon Musk is staging a takeover of the federal budget
  • www.techdirt.com: A 25-Year-Old Is Writing Backdoors Into The Treasury’s $6 Trillion Payment System. What Could Possibly Go Wrong?
  • cyberscoop.com: Cybersecurity, government experts are aghast at security failures in DOGE takeover
  • ciso2ciso.com: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
  • PCMag UK security: Judge Blocks DOGE's Access to Treasury Systems
  • The Verge: Federal judge blocks DOGE from accessing sensitive Treasury records
  • techxplore.com: TechXplore article questioning if the DOGE initiative is a cybersecurity threat.
Dissent@DataBreaches.Net //

GCHQ Intern Pleads Guilty to Data Breach Risking National Security - A former GCHQ intern pleaded guilty to transferring top-secret data from a secure GCHQ computer to a work phone and then to a personal hard drive, raising concerns about insider threats.
A former GCHQ intern, Hasaan Arshad, has pleaded guilty to violating the Computer Misuse Act by transferring top-secret data from a secure GCHQ computer to his work phone. He then moved the data to a personal hard drive connected to his home PC. Arshad admitted to the unauthorized acts, which prosecutors say involved a "top secret" tool worth millions of pounds. The tool was developed using a "significant amount" of taxpayer money.

Arshad, a student at the University of Manchester, was arrested and his home searched in September 2022. While he claimed his actions stemmed from curiosity and a desire to further develop the software, the incident underscores the risk of insider threats. Cybersecurity experts highlight the need for organizations to implement strict access controls, restrict removable media, and manage mobile device capabilities in sensitive areas to prevent such breaches.

Recommended read:
References :
  • DataBreaches.Net: Here’s today’s reminder of the insider threat (well, this, and the fact that U.S. government officials continue to deny any problem with discussing attack plans on Signal).
  • The Register - Security: Not exactly Snowden levels of skill A student at Britain's top eavesdropping government agency has pleaded guilty to taking sensitive information home on the first day of his trial.…
  • www.itpro.com: A former GCHQ intern has pleaded guilty to transferring data from a top-secret computer onto his work phone.
Field Effect@Blog //

Australia Bans Kaspersky Software Over National Security Concerns - Australia banned Kaspersky software from government networks due to national security concerns, citing risks of foreign interference, espionage, and sabotage.
The Australian government has banned Kaspersky Lab products and web services from all government systems, citing an "unacceptable security risk" stemming from potential foreign interference, espionage, and sabotage. Effective April 1, 2025, government entities must remove the software, reflecting concerns about Kaspersky's data collection practices and possible exposure to foreign government influence. The ban follows a threat and risk analysis that concluded the software posed a significant threat to Australian Government networks and data.

The directive aims to also encourage critical infrastructure providers and personal users to reconsider their use of Kaspersky products due to the identified security risks. While the directive does not explicitly name the foreign government, Kaspersky Lab is a Russian cybersecurity company, raising concerns about ties to the Russian government. Similar bans have been implemented in other countries, including the United States, which banned Kaspersky products from federal systems back in 2017. Exemptions to the ban may be considered for legitimate business reasons related to national security, subject to appropriate mitigations.

Recommended read:
References :
  • BleepingComputer: The Australian government has banned all Kaspersky Lab products and web services from its systems and devices following an analysis that claims the company poses a significant security risk to the country.
  • securityaffairs.com: Australia bans Kaspersky software over national security concerns, citing risks of foreign interference, espionage, and sabotage of government networks.
  • Talkback Resources: The Australian Government has banned Kaspersky Lab products and web services from all government systems and devices due to security concerns related to potential foreign interference and espionage, effective April 1, 2025.
  • Talkback Resources: Australia Bans Kaspersky Software Over National Security and Espionage Concerns [app]
  • Blog: FieldEffect reports on the Australian government banning Kaspersky software.

Posts

Blogs

Research Tools