CyberSecurity news

FlagThis - #nationalsecurity

MalBot@malware.news - 40d

US Treasury Hacked by Chinese APT Group - The US Treasury Department sanctioned a Chinese cybersecurity firm and a hacker for involvement in cyberattacks, compromising sensitive data at the Treasury and major telecom companies.
The US Treasury Department has sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe Network Technology Co., and a Shanghai-based hacker, Yin Kecheng, for their involvement in significant cyberattacks. These attacks compromised sensitive systems at the Treasury Department and major US telecommunication companies and ISPs. Sichuan Juxinhe is linked to the Salt Typhoon hacking group, which has infiltrated numerous US telecom companies and ISPs intercepting sensitive data from high-value political officials and communication platforms. Yin Kecheng, connected to the Chinese Ministry of State Security (MSS), is associated with the recent breach of the Treasury's network, impacting systems involved in sanctions and foreign investment reviews.

The Treasury's systems, including those used by Secretary Janet Yellen, were accessed during the breach resulting in the theft of over 3,000 files. The stolen data included policy documents, organizational charts, and information on sanctions and foreign investment. The cyber activity has been attributed to the Salt Typhoon group, alongside a related group known as Silk Typhoon (formerly Hafnium), which exploited vulnerabilities in Microsoft Exchange Server and used compromised APIs. The Treasury Department stated that it will continue using its authority to hold accountable malicious actors that target American people and the US government.

Recommended read:
References :
  • malware.news: US Sanctions Chinese firm behind sweeping Salt Typhoon telecom hacks
  • The Hacker News: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon
  • BleepingComputer: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
  • ciso2ciso.com: US Sanctions Chinese Hacker & Firm for Treasury, Critical Infrastructure Breaches – Source: www.darkreading.com
  • ciso2ciso.com: US sanctions Chinese hacker & firm for Treasury, critical infrastructure breaches
  • : U.S. Treasury : Treasury's OFAC is sanctioning Yin Kecheng, a Shanghai-based cyber actor who was involved with the recent Department of the Treasury network compromise.
  • ciso2ciso.com: U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon – Source:thehackernews.com
  • www.bleepingcomputer.com: US sanctions Chinese firm, hacker behind telecom and Treasury hacks
  • securityaffairs.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
  • ciso2ciso.com: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
  • Pyrzout :vm:: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network – Source: www.securityweek.com
  • ciso2ciso.com: The U.S. Treasury’s OFAC sanctioned a Chinese cybersecurity firm and a Shanghai cyber actor for ties to Salt Typhoon and a federal agency breach.
  • www.tomshardware.com: News report on Chinese hackers infiltrating US Treasury Secretary's PC and gaining access to over 400 PCs.
  • ciso2ciso.com: U.S. Treasury Sanctions Chinese cybersecurity firm and actor over federal agency breach tied to Salt Typhoon
  • www.nextgov.com: US Treasury Department sanctions imposed for Salt Typhoon's involvement.
  • www.nextgov.com: The Treasury Department's sanctions follow a major hack targeting telecommunications companies and potentially impacting high-value political officials.
  • Threats | CyberScoop: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks.
  • cyberscoop.com: Treasury sanctions Chinese cybersecurity company, affiliate for Salt Typhoon hacks
  • thecyberexpress.com: U.S. Treasury sanctions Salt Typhoon hackers
  • www.csoonline.com: The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.
  • Security Affairs: The US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Chinese firm Sichuan Juxinhe Network Technology Co., LTD.
  • Security Boulevard: U.S. Treasury Sanctions Chinese Individual, Company for Data Breaches
@cyberscoop.com - 21d

DOGE Cybersecurity Failures Expose US National Security - Concerns are rising over cybersecurity vulnerabilities within the Department of Government Efficiency (DOGE), particularly regarding internal backdoors potentially implemented by DOGE employees on Treasury servers.
References: ciso2ciso.com , Pyrzout :vm: , The Verge ...
Concerns are mounting over potential cybersecurity failures within the Department of Government Efficiency (DOGE), as experts express alarm over Elon Musk's takeover of key Treasury systems. The situation involves a 25-year-old DOGE team member allegedly writing backdoors into the Treasury’s $6 trillion payment system, raising serious national security concerns. These backdoors could compromise sensitive financial data, including information related to government payroll, tax records, and financial transactions, potentially leading to espionage and financial manipulation.

The alleged security failures are compounded by reports that the DOGE team member had full administrator privileges to sensitive systems, going beyond the initially claimed "read-only" access. Sensitive veterans' data, including information about Department of Veterans Affairs benefits, are among the Treasury Department records Elon Musk's so-called Department of Government Efficiency now has access to. The lack of transparency and oversight surrounding DOGE's access to these systems has prompted Senator Elizabeth Warren to demand answers from the Treasury Secretary regarding the "security and management failure."

Recommended read:
References :
  • ciso2ciso.com: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
  • Pyrzout :vm:: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
  • The Register - On-Prem: Musk’s DOGE ship gets ‘full’ access to Treasury payment system, sinks USAID
  • The Verge: Elon Musk is staging a takeover of the federal budget
  • www.techdirt.com: A 25-Year-Old Is Writing Backdoors Into The Treasury’s $6 Trillion Payment System. What Could Possibly Go Wrong?
  • cyberscoop.com: Cybersecurity, government experts are aghast at security failures in DOGE takeover
  • ciso2ciso.com: Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?
  • PCMag UK security: Judge Blocks DOGE's Access to Treasury Systems
  • The Verge: Federal judge blocks DOGE from accessing sensitive Treasury records
  • techxplore.com: TechXplore article questioning if the DOGE initiative is a cybersecurity threat.
Pierluigi Paganini@Security Affairs - 70d

US Considers Banning TP-Link Routers - The U.S. government is investigating TP-Link routers for potential national security risks and their alleged use in cyberattacks, possibly leading to a ban.
The U.S. government is considering a ban on TP-Link routers due to potential national security risks. Investigations are underway to determine if the routers have been used in cyberattacks, which could lead to a ban in 2025. The inquiry involves multiple government agencies, including the Departments of Justice, Commerce, and Defense. A Commerce Department office has already subpoenaed TP-Link as part of the investigation.

TP-Link routers currently hold a significant market share, approximately 65% of the U.S. market for home and small business routers. The routers are also found on US military bases and sold to military personnel and their families, and are a popular choice on Amazon.com and used by the Defense Department. The investigation was prompted by concerns that TP-Link's products have vulnerabilities and are subject to Chinese law, making them a potential vehicle for cyberattacks. The final decision on a ban may fall to the incoming Trump administration.

Recommended read:
References :
  • Security Affairs: US considers banning TP-Link routers over cybersecurity concerns
  • arstechnica.com: Report: US considers banning TP-Link routers over security flaws, ties to China
  • www.bleepingcomputer.com: The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk.
Field Effect@Blog - 2d

Australia Bans Kaspersky Software Over National Security Concerns - Australia banned Kaspersky software from government networks due to national security concerns, citing risks of foreign interference, espionage, and sabotage.
The Australian government has banned Kaspersky Lab products and web services from all government systems, citing an "unacceptable security risk" stemming from potential foreign interference, espionage, and sabotage. Effective April 1, 2025, government entities must remove the software, reflecting concerns about Kaspersky's data collection practices and possible exposure to foreign government influence. The ban follows a threat and risk analysis that concluded the software posed a significant threat to Australian Government networks and data.

The directive aims to also encourage critical infrastructure providers and personal users to reconsider their use of Kaspersky products due to the identified security risks. While the directive does not explicitly name the foreign government, Kaspersky Lab is a Russian cybersecurity company, raising concerns about ties to the Russian government. Similar bans have been implemented in other countries, including the United States, which banned Kaspersky products from federal systems back in 2017. Exemptions to the ban may be considered for legitimate business reasons related to national security, subject to appropriate mitigations.

Recommended read:
References :
  • BleepingComputer: The Australian government has banned all Kaspersky Lab products and web services from its systems and devices following an analysis that claims the company poses a significant security risk to the country.
  • securityaffairs.com: Australia bans Kaspersky software over national security concerns, citing risks of foreign interference, espionage, and sabotage of government networks.
  • Talkback Resources: The Australian Government has banned Kaspersky Lab products and web services from all government systems and devices due to security concerns related to potential foreign interference and espionage, effective April 1, 2025.
  • Talkback Resources: Australia Bans Kaspersky Software Over National Security and Espionage Concerns [app]
  • Blog: FieldEffect reports on the Australian government banning Kaspersky software.

Blogs

Research Tools