At a glance.
- Salt Typhoon breached at least eight US telecoms.
- Russia's Secret Blizzard exploits Pakistani APT's infrastructure.
- Earth Minotaur targets Tibetan and Uyghur communities with mobile phishing attacks.
Salt Typhoon breached at least eight US telecoms.
US Deputy National Security Adviser for Cyber and Emerging Technologies Anne Neuberger revealed in a press call yesterday that China's Salt Typhoon hacking campaign breached at least eight US telecoms, the Wall Street Journal reports. The threat actor also breached telecommunications companies in dozens of other countries.
The Record quotes Neuberger as saying, "Our understanding is that a couple dozens of countries were impacted. We believe this is intended as a Chinese espionage program focused, again, on key government officials, key corporate IP, so that will determine which telecoms were often targeted, and how many were compromised as well."
Neuberger added, "[T]he communications of US government officials relies on these private sector systems, which is why the Chinese were able to access the communications of some senior US government and political officials. At this time, we don't believe any classified communications have been compromised."
From response to resilience: unlock next-level automation for security teams
Security teams are facing a constant uphill battle. Between alert fatigue, repetitive manual tasks, endless false positives, inflexible technology, and the looming risk of burnout, it all adds up, making it tough for teams to stay ahead of threats.
That’s where effective workflow orchestration and automation comes in.
Discover how automation can empower analysts and engineers to automate their most repetitive, time-consuming tasks - regardless of complexity - in this guide from Tines. Get the guide today!
Russia's Secret Blizzard exploits Pakistani APT's infrastructure.
Lumen’s Black Lotus Labs and Microsoft Threat Intelligence have published reports on a lengthy campaign by Secret Blizzard (also known as "Turla"), a threat actor tied to Russia's Federal Security Service (FSB). Secret Blizzard infiltrated thirty-three command-and-control nodes used by the Pakistani espionage actor Storm-0156 (also tracked as "SideCopy" or "Transparent Tribe") and repurposed them to deploy malware within Afghan government networks. Secret Blizzard also used the access to compromise military and defense-related institutions in India. Additionally, the threat actor compromised the workstations of the Pakistani-based operators, acquiring "insights into Storm-0156’s tooling, credentials for both C2s and targeted networks, as well as exfiltrated data collected from prior operations."
Earth Minotaur targets Tibetan and Uyghur communities with mobile phishing attacks.
Trend Micro is tracking a threat actor dubbed "Earth Minotaur" that's using the MOONSHINE exploit kit to target Tibetan and Uyghur communities. MOONSHINE is designed to exploit vulnerabilities in instant messaging apps on Android devices in order to plant a backdoor. Victims are targeted via phishing messages with malicious links, often themed around Chinese news or government announcements.
Trend Micro notes, "MOONSHINE uses multiple Chromium exploits to attack instant messaging apps on Android. As many instant messaging apps use Chromium as their engine of the built-in browser, it becomes vulnerable when an application doesn’t update their Chromium and doesn’t enable the sandboxing protection feature. This gives attackers a great opportunity to exploit these vulnerabilities and install their backdoors. We found that the MOONSHINE exploit kit can attack multiple versions of Chromium and the Tencent Browser Server (TBS), which is another Chromium-based browser engine."