At a glance.
- Large US organization breached by China-based hackers.
- Nebraska man pleads guilty to cryptojacking operation.
- Russian bank reportedly disrupted by DDoS attack.
- SailPoint issues advisory for critical flaw.
Large US organization breached by China-based hackers.
Researchers at Symantec say a "large US organization with a significant presence in China" sustained a four-month-long intrusion between April and August 2024. The goal of the operation was likely espionage. Symantec notes, "The available evidence suggests that the organization was breached by a China-based actor. Aside from the fact that DLL sideloading is a widely favored tactic among Chinese groups, the same organization was targeted in 2023 by an attacker with tentative links to the China-based Daggerfly group."
The researchers add, "The attackers moved laterally across the organization’s network, compromising multiple computers. Some of the machines targeted were Exchange Servers, suggesting the attackers were gathering intelligence by harvesting emails. Exfiltration tools were also deployed, suggesting that targeted data was taken from the organizations."
From response to resilience: unlock next-level automation for security teams
Security teams are facing a constant uphill battle. Between alert fatigue, repetitive manual tasks, endless false positives, inflexible technology, and the looming risk of burnout, it all adds up, making it tough for teams to stay ahead of threats.
That’s where effective workflow orchestration and automation comes in.
Discover how automation can empower analysts and engineers to automate their most repetitive, time-consuming tasks - regardless of complexity - in this guide from Tines. Get the guide today!
Nebraska man pleads guilty to cryptojacking operation.
A Nebraska man has pleaded guilty to a multi-million dollar cryptojacking operation that "defrauded two well-known providers of cloud-computing services out of more than $3.5 million," BleepingComputer reports. The defendant, Charles O. Parks III (also known as "CP3O"), used the cloud services to generate nearly $1 million worth of cryptocurrency.
According to a US Justice Department press release, "Parks tricked the providers into approving heightened privileges and benefits, including elevated levels of cloud computing services and deferred billing accommodations, and deflected inquiries from the providers regarding questionable data usage and mounting unpaid subscription balances."
Russian bank reportedly disrupted by DDoS attack.
The Record reports that Russian users are reporting outages at Gazprombank, Russia's third-largest bank, following an alleged DDoS attack by Ukraine's military intelligence agency (HUR). An anonymous HUR source told Ukrinform earlier this week, "Hundreds of thousands of Russians will be unable to transfer money and carry out online payments due to Gazprombank applications not working." The attack also reportedly disrupted payment terminals for public transportation.
SailPoint issues advisory for critical flaw.
SailPoint has released a security advisory for a maximum severity improper access control vulnerability (CVE-2024-10905) that was patched earlier this week. SailPoint CISO Rex Booth said in a statement, “As part of our continued commitment to transparency and security, on Monday December 2, SailPoint issued a security advisory for its Identity IQ product which was assigned CVE-2024-10905. A fix has already been released, and we’ve provided customers with guidance on how to apply it. Publishing CVEs is a voluntary practice across the industry that demonstrates dedication to security and transparency. At SailPoint, we invest in secure development practices and strive to catch vulnerabilities prior to software release, but, as with all software, new vulnerabilities can emerge as attacker tactics and detection capabilities evolve. For this reason, we continually test our products in all stages of the development lifecycle to minimize risk to our customers."