At a glance.
- AT&T discloses breach affecting nearly every customer.
- Advance Auto Parts breach affected 2.3 million job applicants.
- CRYSTALRAY abuses open-source security tools to compromise 1,500 victims.
AT&T discloses breach affecting nearly every customer.
AT&T has disclosed that a threat actor stole phone call and text message records from nearly every AT&T customer (approximately 109 million people) between May and October of 2022. The company stated, "These records identify other phone numbers that an AT&T wireless number interacted with during this time, including AT&T landline (home phone) customers. For a subset of the records, one or more cell site ID numbers associated with the interactions are also included. At this time, we do not believe the data is publicly available. We continue to work with law enforcement in their efforts to arrest those involved. Based on information available to us, we understand that at least one person has been apprehended."
TechCrunch reports that the breach occurred after a threat actor gained access to AT&T's Snowflake cloud storage account. Snowflake hired Mandiant several weeks ago to investigate a widespread hacking campaign targeting Snowflake accounts with stolen credentials, and Mandiant attributed the campaign to the cybercriminal group UNC5537.
If you're on the front line, we've got your back.
Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.
What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.
Advance Auto Parts breach affected 2.3 million job applicants.
Advance Auto Parts is notifying 2.3 million people that their personal data was stolen after a threat actor breached the company's Snowflake account, BleepingComputer reports. The breach notification states, "Our investigation determined that an unauthorized third party accessed or copied certain information maintained by Advance Auto Parts from April 14, 2024, to May 24, 2024...The personal information about you involved in this incident may include your name and the following: Social Security number, driver’s license or other government issued identification number, and date of birth. This information was collected as part of the Advance Auto Parts job application process."
CRYSTALRAY abuses open-source security tools to compromise 1,500 victims.
Sysdig has published a report on "CRYSTALRAY," a threat actor that's compromised more than 1,500 victims using a combination of open-source tools, including zmap, asn, httpx, nuclei, platypus, and SSH-Snake. The threat actor's "motivations are to collect and sell credentials, deploy cryptominers, and maintain persistence in victim environments." The researchers note, "Rather than massive internet-wide ipv4 scans or very specific IP targets, CRYSTALRAY creates a range of IPs for specific countries to launch scans with more precision than a botnet, but less precision than an APT or ransomware attack. The United States and China combined for over 54% of the known targets."