Viasat identified as a victim of Salt Typhoon hacks.

Summary

By the CyberWire staff

At a glance.

Viasat identified as a victim of Salt Typhoon hacks.
Pro-Israel hackers take credit for attack on Iranian bank.
Veeam patches critical flaw affecting backup servers.

Viasat identified as a victim of Salt Typhoon hacks.

Bloomberg reports that Viasat is the latest US telecom to be identified as a victim of the Chinese cyberespionage campaign Salt Typhoon. The telecom said in a statement, "Viasat and its independent third-party cybersecurity partner investigated a report of unauthorized access through a compromised device. Upon completing a thorough investigation, no evidence was found to suggest any impact to customers."

The company added that it could not share information on the government's investigation into the incident, stating, "Viasat believes that the incident has been remediated and has not detected any recent activity related to this event."

The surveillance campaign, which surfaced last year, also hit Verizon, AT&T, and Lumen, gathering tens of millions of phone records.

Stop Identity-Based Cybercrime with SpyCloud’s Holistic Identity Threat Protection

Stolen identity data is the hot commodity for cybercriminals. With the full scope of your users’ digital footprints at risk for exposure, traditional account-centric security is no longer enough to protect your business from cyberattacks. SpyCloud helps security teams correlate and automatically remediate individuals' hidden identity exposures from breaches, malware, and phishing across their many online personas. Eliminate identity-based cyber threats and proactively defend against account takeover, fraud, and ransomware with SpyCloud.

Pro-Israel hackers take credit for attack on Iranian bank.

The pro-Israel hacking group Predatory Sparrow has claimed responsibility for a cyberattack against Iran's Bank Sepah, causing issues with account access, withdrawals, and card payments, the Record reports. The incident also reportedly disrupted payments at gas stations that rely on the bank. The Record notes that while Predatory Sparrow presents itself as a hacktivist collective, the group may be tied to Israeli intelligence.

Former NSA cybersecurity director Rob Joyce said in an X post, "Predatory Sparrow’s past cyber attacks on Iranian steel plants and gas stations have demonstrated tangible effects in Iran. Disrupting the availability of this bank’s funds, or triggering a broader collapse of trust in Iranian banks, could have major impacts there." Axios predicts that cyberattacks will continue alongside the ongoing kinetic conflict between Israel and Iran.

Veeam patches critical flaw affecting backup servers.

Veeam issued a patch yesterday for a critical vulnerability affecting the Backup Server that could allow an authenticated user to perform remote code execution. The vulnerability (CVE-2025-23121) was assigned a CVSS score of 9.9.

BleepingComputer notes, "While CVE-2025-23121 only impacts VBR installations joined to a domain, any domain user can exploit it, making it easy to abuse in those configurations. Unfortunately, many companies have joined their backup servers to a Windows domain, ignoring Veeam's best practices, which advise admins to use a separate Active Directory Forest and protect the administrative accounts with two-factor authentication."

Notes.

Today's issue includes events affecting China, Iran, Israel, and the United States.

The CyberWire will be on hiatus tomorrow for the US Federal holiday of Juneteenth. We'll be back as usual on Friday.

Attacks, Threats, and Vulnerabilities

Scania confirms insurance claim data breach in extortion attempt (BleepingComputer) Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its systems and steal insurance claim documents.

Security Patches, Mitigations, and Software Updates

Viasat hacked by China-backed Salt Typhoon in 2024 US telecom attacks (WinBuzzer) Viasat, the US-based global communications company, on Tuesday, has been identified as one of the US telecom companies breached by the Chinese-backed espionage group Salt Typhoon in the lead up to the US presidential elections held last November.

Litigation, Investigation, and Law Enforcement

Minnesota lawmaker’s alleged killer had list of data broker websites in car, FBI says (The Record) Details about the investigation of a man suspected in the murder of a Minnesota state legislator have drawn attention to the information that data brokers keep and sell about people.

Paddle settles for $5 million over facilitating tech support scams (BleepingComputer) Paddle.com and its U.S. subsidiary will pay $5 million to settle Federal Trade Commission (FTC) allegations that the company facilitated deceptive tech-support schemes that harmed many U.S. consumers, including older adults.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

fwd:cloudsec North America 2025 (Denver, Colorado, USA, Jun 30 - Jul 1, 2025) fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.

Events

AWS re:Inforce 2025 (Philadelphia, Pennsylvania, USA, Jun 16 - 18, 2025) AWS re:Inforce is our annual, immersive, cloud-security learning event delivering hands-on training and collaboration with AWS experts. It’s your opportunity to learn about the latest AWS security innovations, get direct access to the AWS teams and partners who build the security tools you rely on, and connect with cloud security peers from around the world. You’ll leave with actionable next steps to raise your security posture.

International Space Station Research and Development Conference (Seattle, Washington, USA, Jul 28 - 31, 2025) At ISSRDC, learn how to harness the International Space Station (ISS) and the unique conditions of space to help solve your most pressing research and development (R&D) challenges.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 06.18.25

At a glance.

Viasat identified as a victim of Salt Typhoon hacks.

Pro-Israel hackers take credit for attack on Iranian bank.

Veeam patches critical flaw affecting backup servers.

Notes.

Attacks, Threats, and Vulnerabilities

Security Patches, Mitigations, and Software Updates

Litigation, Investigation, and Law Enforcement

Newly Noted Events

Events