Microsoft disrupts spearphishing infrastructure belonging to Russia's FSB.

Summary

By the CyberWire staff

At a glance.

Microsoft disrupts spearphishing infrastructure belonging to Russia's FSB.
Critical Ivanti flaw is being actively exploited.
The Netherlands blames state-sponsored actor for police network breach.

Microsoft disrupts spearphishing infrastructure belonging to Russia's FSB.

Microsoft, working with the US Justice Department, has seized more than one hundred domains used by the Russian threat actor Star Blizzard to launch spearphishing attacks against US government employees and nonprofit organizations, the Record reports. The Five Eyes intelligence agencies have attributed Star Blizzard to Russia's Federal Security Service (FSB).

Steven Masada, Assistant General Counsel for Microsoft's Digital Crimes Unit, stated, "While we expect Star Blizzard to always be establishing new infrastructure, today’s action impacts their operations at a critical point in time when foreign interference in U.S. democratic processes is of utmost concern. It will also enable us to quickly disrupt any new infrastructure we identify through an existing court proceeding."

Microsoft added, "Between January 2023 and August 2024, Microsoft observed Star Blizzard target over 30 civil society organizations – journalists, think tanks, and non-governmental organizations (NGOs) core to ensuring democracy can thrive – by deploying spear-phishing campaigns to exfiltrate sensitive information and interfere in their activities."

Now available: The SpyCloud 2024 Malware and Ransomware Defense Report

SpyCloud’s annual Malware & Ransomware Defense Report is packed with valuable insights from over 500+ security leaders and practitioners from across the US and UK. The findings include details about how infostealer malware is fueling ransomware, the most common entry points used by cybercriminals in ransomware attacks, industry-specific risks, and actionable takeaways on how to protect your organization from the criminal underground. Read the report now.

Critical Ivanti flaw is being actively exploited.

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that a critical SQL injection vulnerability affecting Ivanti Endpoint Manager (EPM) is being actively exploited in the wild, SecurityWeek reports. The flaw, tracked as CVE-2024-29824, was patched in May, and "allows an unauthenticated attacker within the same network to execute arbitrary code."

Ivanti stated in an updated advisory, "Ivanti has confirmed exploitation of CVE-2024-29824 in the wild. At the time of this update, we are aware of a limited number of customers who have been exploited."

Are You Confident in the Security of Your Remote and Hybrid Employees?

A remote or hybrid workforce expands your company's surface area of attack beyond corporate firewall boundaries. Employees’ personal computers introduce shadow IT, and home networks with default settings are easy targets, compounded by public Wi-Fi vulnerabilities. You need to develop a strategy to stay secure while remote employees work across untrusted networks. To learn how you can secure your company's workforce, get a free copy of the latest ThreatLocker® whitepaper on how to secure remote workforces.

The Netherlands blames state-sponsored actor for police network breach.

Dutch intelligence agencies “consider it highly likely that a state actor is responsible" for an cyberattack that breached a national police network and exposed personal information belonging to all Dutch police officers, BleepingComputer reports. The Netherlands Politie stated, "The police were informed by intelligence services that it is very likely a 'state actor'—in other words, another country or perpetrators acting on behalf of another country. Based on the intelligence services' information, the police immediately implemented strong security measures to counter this attack. To prevent making the perpetrators more aware and to not jeopardize further investigation, no more information can be shared at this time."

The agencies haven't shared which nation-state they believe is behind the attack.

[On Demand Podcast] Cloud Security in the Age of Generative AI

Listen to the recent discussion between N2K CyberWire’s Dave Bittner and Sysdig’s Loris Degioanni on how generative AI (GenAI) and Large Language Models (LLMs) are changing the cloud security landscape. We explored how to secure your AI deployments to safeguard sensitive information and went into the state-of-the-art for employing AI to boost the effectiveness of your cloud security teams in the face of evolving threats. Watch or listen to the discussion now.

Notes.

Today's issue includes events affecting the Netherlands, Russia, and the United States.

Attacks, Threats, and Vulnerabilities

14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries (Security Affairs) Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices.

Recently patched CUPS flaw can be used to amplify DDoS attacks (BleepingComputer) A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor.

Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (BleepingComputer) Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks.

Legislation, Policy, and Regulation

Neural data privacy an emerging issue as California signs protections into law (The Record) Neurobiologist Rafael Yuste had what he calls his “Oppenheimer moment” a decade ago after he learned that he could take over the minds of mice by turning on certain neurons in their brains with a laser.

Litigation, Investigation, and Law Enforcement

Former Mesa County clerk sentenced to 9 years for 2020 voting system breach (CyberScoop) The judge called Tina Peters “a charlatan” after she gave a rambling defense of her actions.

Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (BleepingComputer) Two Chinese nationals were sentenced to prison for scamming Apple out of more than $2.5 million after exchanging over 6,000 counterfeit iPhones for authentic ones.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

SecureWorld Denver (Denver, Colorado, USA, Oct 10, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

ISC2 Security Congress 2024 (Las Vegas and Virtual, Nevada, USA, Oct 14 - 16, 2024) Join thousands of cybersecurity experts from across the globe as we lead the charge against emerging threats and protect what matters most in today's digital landscape.

SecureWorld New York City (New York, New York, USA, Oct 15, 2024) Join your regional cybersecurity community for high-quality, affordable training and collaboration. Earn 6-12 CPE credits through 15+ educational sessions learning from local and nationally recognized industry leaders. Attend featured keynotes, panel discussions, breakout sessions, and solution vendor displays—all while networking with peers in InfoSec.

SINETNew York 2024 (New York, New York, USA, Oct 16, 2024) SINET events provide exclusive opportunities to engage directly with a select network of influential thought leaders, solution providers, researchers and investors from the global security community. SINET invites you to become an event sponsor and receive the unique advantage of showcasing your company’s offering directly to high level decision makers and influencers from the security profession.

SecureWorld Government & Education Virtual Conference (Virtual, Oct 16, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 10.04.24

At a glance.

Microsoft disrupts spearphishing infrastructure belonging to Russia's FSB.

Critical Ivanti flaw is being actively exploited.

The Netherlands blames state-sponsored actor for police network breach.

Notes.

Attacks, Threats, and Vulnerabilities

Legislation, Policy, and Regulation

Litigation, Investigation, and Law Enforcement

Events