From the CSIS: Hackers breached Global Affairs Canada’s secure VPN in December 2023, allowing hackers to access sensitive personal information of users and employees. It affected staff emails, calendars, and contacts. It’s unclear if classified information was compromised or lost. The hacker's identity is currently unknown.
From the CSIS: Russian hackers attacked 65 Australian government departments and agencies and stole 2.5 million documents in Australia’s largest government cyberattack. Hackers infiltrated an Australian law firm that worked with the government to gain access to government files.
From MSSP Alert: Cyberattacks on critical infrastructure peaked when DP World Australia’s operations were crippled in November, forcing the port operator to close four major terminals. The attack, impacting ports in Sydney, Melbourne, Brisbane and Fremantle, brought movement of some 30,000 shipping containers to a standstill, as stockpiling eventually surpassed available storage space. The attack came on the heels of a cyber assault on China’s Industrial and Commercial Bank of China.
From the CSIS: Vietnamese hackers attempted to install spyware on the phones of journalists, United Nations officials and the chairs of the House Foreign Affairs Committee and Senate Homeland Security and Governmental Affairs. The spyware was designed to siphon calls and texts from infected phones, and the unsuccessful deployment comes while Vietnamese and American diplomats were negotiating an agreement to counter China’s growing influence in the region.
From MSSP Alert: Johnson Controls, a technology provider specializing in smart and sustainable buildings and spaces, received a $51 million ransomware demand from the Dark Angles hacking crew to provide a decryptor and to delete stolen data. The digital hijackers claim to have pilfered some 27 terabytes of data and encrypted the company’s ESXi servers in the attack. Of particular concern was that the hack might have included sensitive Department of Homeland Security (DHS) data revealing security information on third-party contracts along with physical floor plans of certain agency facilities.
From MSSP Alert: Discount retailer Dollar Tree was hit by a supply chain cyberattack that compromised the personal information of approximately 2 million people after a digital break-in of third-party service provider Zeroed-In Technologies. Dollar Tree, which operates roughly 16,000 eponymous and Family Dollar outlets in North America, was struck in a manner reminiscent of the massive 2020 Russian-backed attack on SolarWinds.
From MSSP Alert: Cloudflare helped identify and address a global zero day security vulnerability that gives cybercriminals the ability to launch attacks larger than anything the internet had seen before. In response, Cloudflare developed technology that automatically blocks any attacks that exploit the vulnerability. Cloudflare found the vulnerability, "HTTP/2 Rapid Reset," in August 2023, which was developed by an unknown threat actor and exploits the standard HTTP/2 protocol — essential to the operation of the internet and most websites. As Cloudflare experienced a Rapid Reset attack itself, the company embraced an "assume-breach" mindset, working with industry partners to find the best way to mitigate the attack. At the peak of the Rapid Reset DDoS campaign, Cloudflare recorded and handled over 201 million requests per second (Mrps) and the mitigation of thousands of additional attacks that followed.
From the CSIS: Chinese hackers targeted telecommunication services providers in Africa in an espionage campaign since at least November 2022. Researchers believe the group has targeted pro-domestic human rights and pro-democracy advocates, including nation-states, since at least 2014. Using the access from the telecom providers, the group gathers information including keystrokes, browser data, records audio, and captures data from individual targets on the network.
arstechnica is reporting on a trend that has been visible for several weeks. Malware creators have found increasingly effective ways to use Google Advertising services to make links available to users who are searching for software. Until further notice Asgardians are advised to avoid clicking on Google Sponsored links for software downloads. Use only non-sponsored links and verify the link destination before clicking on it. Residents are encouraged to read the full article below for examples of affected software packages and additonal practices.
Infosecurity Magazine reported International telecoms giant T-Mobile admitted that 37 million customers had their personal and account information accessed by a malicious actor via an API attack that began on November 25, 2022. The incident was not discovered until January 5, 2023. In a separate incident, T-Mobile USA notified customers of another breach of personal and account data that occurred in February and March 2023. The breaches mean many millions of customers are vulnerable to follow-on fraud attempts.packages and additonal practices.
