Cyber Briefing: 2023.09.25

CyberMaterial
6 min readSep 25, 2023

--

👉 What’s happening in cybersecurity today?

Falcon Group, Deadglyph, Backdoor, Espionage, Middle East, Booking.com, Scam, BBTok, Latin America, China Soft Power, Africa, TikTok, Temu, Bermuda Government, Russia, Egyptian Politician Targeted, Monti Ransomware, Auckland University of Technology, Nansen, Ohio Community College, ChatGPT, DALL-E, India Cryptanalysis Tool, GDPR.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. Stealth Falcon’s Advanced Deadglyph Backdoor

Researchers from ESET have uncovered a highly advanced and previously undisclosed backdoor called “Deadglyph,” employed by the nation-state actor Stealth Falcon for espionage activities in the Middle East. The Stealth Falcon group, known for targeting political activists and journalists, has been active since at least 2012. Deadglyph’s architecture involves cooperating components, using different programming languages to hinder analysis. The backdoor dynamically receives commands from its command-and-control (C2) server and boasts various counter-detection mechanisms, making it a formidable tool for cyber espionage.

2. Complex Scam Aims for Travelers’ Data

Security researchers have uncovered a complex information-stealing campaign where hackers infiltrate hotels, booking sites, and travel agencies to target customers’ financial data. They employ deceptive tactics, including a fake Booking.com payment page, to increase their success rate in collecting credit card information. By impersonating legitimate interactions and using trusted communication channels, these cybercriminals trick victims into revealing sensitive data.

3. New Banking Trojan Threat in Latin America

A fresh malware campaign is actively targeting Latin America, with a focus on users in Brazil and Mexico. This campaign is distributing a new variant of the notorious BBTok banking trojan, which specializes in mimicking the interfaces of over 40 Mexican and Brazilian banks. It deceives victims into providing their 2FA codes and payment card details, primarily via phishing emails with diverse file types.

4. China’s Digital Influence in Africa

Chinese state-sponsored cyber threat groups have been found targeting telecommunications, financial, and government organizations in Africa as part of their efforts to support China’s soft power agenda in the region. SentinelOne, a cybersecurity firm, revealed that these activities are aligned with China’s interests in Africa’s telecommunications sector and its broader digital influence.

5. TikTok Scam Promotes Temu Store

In a concerning trend on TikTok, scammers are using videos that falsely suggest sensitive celebrity photos and videos have been leaked to promote referral rewards for the online megastore, Temu. These deceptive videos prompt viewers to download the Temu app and enter referral numbers to access the alleged leaked content. While this particular scam is aimed at generating store credit for scammers, it raises concerns about the potential for malicious activities on TikTok in the future. Users are advised to exercise caution and avoid installing suspicious software when encountering such videos.

đź’Ą Cyber Incidents

6. Bermuda Cyberattack Linked to Russia

The Government of Bermuda has connected a widespread cyberattack affecting its IT systems to hackers believed to be based in Russia. The attack disrupted internet, email, and phone services across all government departments. Premier David Burt stated that while the investigation is ongoing, there is currently no evidence of data theft, and efforts are focused on restoring services. Reports also suggest that other Caribbean jurisdictions may have been impacted by similar cyberattacks.

7. Spyware Attack Targets Former Egyptian MP

Three zero-day vulnerabilities in Apple devices were exploited to launch a targeted spyware attack on Ahmed Eltantawy, a former member of the Egyptian parliament, between May and September 2023. This attack came shortly after Eltantawy announced his intention to run for the 2024 Egyptian presidential elections. The attack was attributed to the Egyptian government, known for its use of commercial spying tools, and delivered through SMS and WhatsApp links.

8. Monti Ransomware Hits Auckland University

Auckland University of Technology became the alleged victim of a data breach by the infamous Monti ransomware group. Despite the group’s motive remaining mysterious, they claimed responsibility for the breach and even added AUT to their “Wall of Shame.” While the university took swift action, isolating affected servers and enhancing security measures, the incident’s full impact and the extent of stolen data are still under investigation.

9. Nansen’s Password Reset Amid Data Breach

Nansen, an Ethereum blockchain analytics firm, is urging a subset of its users to reset their passwords due to a breach at its authentication provider. The breach, which occurred via an unnamed vendor, resulted in the exposure of email addresses, password hashes, and blockchain addresses for 6.8% of Nansen’s users. While Nansen took swift action to halt malicious activity, the firm advises all users, whether directly impacted or not, to reset their passwords to mitigate potential phishing risks and enhance security in light of the ongoing investigation.

10. Data Breach at Ohio Community College

Lakeland Community College in Ohio is notifying nearly 290,000 individuals of a data theft breach that occurred between March 7 and March 31. While the breach is relatively small in scale, it highlights the increasing attractiveness of educational institutions as targets for cybercriminals. The incident underscores the vulnerability of the education sector, which often lacks robust cybersecurity resources, making it susceptible to ransomware attacks and data theft.

📢 Cyber News

11. India Combats Crypto Fraud with CIAT

The Indian Ministry of Home Affairs is set to combat rising cryptocurrency-related crimes with the development of the Cryptocurrency Intelligence and Analysis Tool. This initiative, led by the MHA’s Indian Cyber Crime Coordination Centre, aims to monitor dark net crypto wallet addresses, compiling transaction records and promptly alerting authorities to irregular activities.

12. Authors Sue OpenAI Over Copyright

Bestselling authors, including George R.R. Martin, John Grisham, and Jodi Picoult, have filed a lawsuit against OpenAI, the creator of ChatGPT, alleging copyright infringement. The lawsuit claims that OpenAI used their books without permission to train ChatGPT, accusing the tech firm of “systematic theft on a mass scale.” The Authors Guild and 17 prominent writers are seeking legal action to prohibit OpenAI from using copyrighted works in large language models without express authorization and demanding damages of up to $150,000 per infringed work.

13. UK Joins EU-US Data Privacy Framework

The British government has signed onto an agreement that facilitates commercial data flows between the UK and the U.S., avoiding the need for separate negotiations under GDPR terms. This “data bridge” underpins substantial annual data-enabled trade and relieves businesses from the complexities of standard contractual clauses and risk assessments when transferring data to the U.S.

14. OpenAI’s ChatGPT Integrates DALL-E

OpenAI has taken a significant step in advancing its generative AI capabilities by integrating the latest version of DALL-E, the image generator, with ChatGPT. This move allows users to create and adjust generated images directly within the ChatGPT app, streamlining the generative process. DALL-E 3, the next iteration of OpenAI’s text-to-image AI, will be accessible to ChatGPT Plus and enterprise customers in October, providing enhanced image generation capabilities that align precisely with provided text prompts.

15. Experts Train Ukraine on Crypto Tracing

Officials from the United States, United Kingdom, and the Netherlands recently concluded a training session with Ukrainian law enforcement officers, focusing on tracking cryptocurrency and blockchain transactions. The virtual training, delivered by the IRS Criminal Investigation, Dutch Fiscal Information and Investigation Service (FIOD), and His Majesty’s Revenue and Customs (HRMC), covered topics such as money laundering, fraudulent cryptocurrency transactions, and blockchain forensic investigations.

Subscribe and Comment.

Copyright © 2023 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.

--

--

CyberMaterial

World's #1 Cybersecurity Repository of data. Subscribe to Cyber Briefing.