At a glance.
- Billions of records belonging to Chinese citizens exposed in unsecured database.
- Ukrainian intelligence claims to have hacked Russian aircraft manufacturer.
- FBI issues advisory on the Play ransomware gang.
Billions of records belonging to Chinese citizens exposed in unsecured database.
Cybernews and security researcher Bob Diachenko discovered an exposed database containing extensive personal and financial information belonging to potentially hundreds of millions of Chinese citizens. The database contained 631 gigabytes with more than four billion records. The database was taken offline shortly after the researchers found it.
It's unclear who the database belongs to, but the researchers believe its purpose was to build "comprehensive behavioral, economic, and social profiles of nearly any Chinese citizen." They note, "The sheer volume and diversity of data types in this leak suggests that this was likely a centralized aggregation point, potentially maintained for surveillance, profiling, or data enrichment purposes."
Ukrainian intelligence claims to have hacked Russian aircraft manufacturer.
Ukraine's Main Intelligence Directorate (HUR) claims to have hacked Russia’s state-owned aerospace and defense company Tupolev, which manufactures Russia's strategic bombers, BleepingComputer reports. The hackers allegedly stole 4.4 gigabytes of classified information, including "personal data of Tupolev personnel, internal communications (including messages exchanged by the company's management), procurement documents, resumes of engineers and designers, and minutes of closed meetings."
The Kyiv Post cites an anonymous HUR source as saying, "The value of the data obtained is hard to overstate. There is now virtually nothing secret left in Tupolev's operations as far as Ukrainian intelligence is concerned. We now have comprehensive information on individuals directly involved in maintaining Russia's strategic aviation."
Tupolev hasn't commented on the claims, but the Record notes that the company's website was defaced to show an image associated with HUR's cyber operations.
FBI issues advisory on the Play ransomware gang.
The US FBI, CISA, and the Australian Signals Directorate have published a joint advisory on the Play ransomware gang, finding that the group has attacked approximately 900 entities since its emergence in June 2022. The agencies note, "The Play ransomware group gains initial access to victim networks through the abuse of valid accounts, likely purchased on the dark web, and exploitation of public-facing applications, specifically through known FortiOS (CVE-2018-13379 and CVE-2020-12812) and Microsoft Exchange (ProxyNotShell [CVE-2022-41040 and CVE-2022-41082]) vulnerabilities. Play ransomware actors have been observed using external-facing services such as Remote Desktop Protocol (RDP) and Virtual Private Networks (VPN) for initial access."
The advisory adds, "Multiple ransomware groups, including initial access brokers with ties to Play ransomware operators, exploited three vulnerabilities—CVE-2024-57727—in remote monitoring and management (RMM) tool SimpleHelp to conduct remote code execution at many U.S.-based entities following the vulnerabilities’ disclosure on 16 January 2025."