Top stories.
- China's Salt Typhoon and Volt Typhoon continue to target US infrastructure.
- AI-assisted attack campaign compromises hundreds of FortiGate devices.
- Chip-testing firm Advantest confirms ransomware attack.
- Romanian national pleads guilty to hacking Oregon's Department of Emergency Management.
China's Salt Typhoon and Volt Typhoon continue to target US infrastructure.
The FBI has warned that China's Salt Typhoon cyberespionage campaign continues to pose a threat to US telecom infrastructure, CyberScoop reports. Michael Machtinger, the FBI's deputy Assistant Director for Cyber Intelligence, said at the CyberTalks conference last week that it's "important to recognize that the threat posed by Salt Typhoon actors and the rest of the PRC intelligence apparatus and enabling infrastructure is still very, very much ongoing." Machtinger added that companies that engaged with the FBI and other Federal agencies like CISA were "without a doubt the most successful in mitigating the impact of the Salt Typhoon intrusions," noting that "despite all the advances in cybersecurity tools and strategies, it is still the most basic vulnerabilities that provide entry points."
Separately, ICS security firm Dragos told reporters last week that China's Volt Typhoon operation is still embedded in US infrastructure. Dragos CEO Rob Lee told the Record that Volt Typhoon, which conducts battlespace preparation within critical utility sectors, is "still very active, and they're still absolutely mapping out and getting into embedding in US infrastructure, as well as across our allies." Lee said he believes some of these compromises will never be discovered.
AI-assisted attack campaign compromises hundreds of FortiGate devices.
Amazon has published a report on an attack campaign that used several commercial generative AI tools to assist in compromising over six hundred FortiGate devices. The campaign did not exploit any FortiGate vulnerabilities; rather, the attackers targeted exposed management ports with weak credentials and single-factor authentication. Amazon says the campaign stands out due to "the threat actor’s use of multiple commercial GenAI services to implement and scale well-known attack techniques throughout every phase of their operations, despite their limited technical capabilities."
The threat actor used at least two commercial AI services to generate detailed attack plans and provide operational assistance, as well as code various tools, including "configuration parsers, credential extraction tools, VPN connection automation, mass scanning orchestration, and result aggregation dashboards." Amazon notes, "The volume and variety of custom tooling would typically indicate a well-resourced development team. Instead, a single actor or very small group generated this entire toolkit through AI-assisted development."
Chip-testing firm Advantest confirms ransomware attack.
Japanese chip-testing company Advantest has confirmed it sustained a ransomware attack last week that "impacted certain systems within its network," Help Net Security reports. The company hasn't reported significant operational disruptions, and says it's working to determine whether data were stolen.
The company said it detected suspicious activity within its IT networks on February 15th, and "immediately activated its incident response protocols, isolated affected systems, and engaged leading third-party cybersecurity experts to assist in the investigation and containment of the incident."
Romanian national pleads guilty to hacking Oregon's Department of Emergency Management.
A Romanian national pleaded guilty last week to hacking Oregon's Department of Emergency Management in 2021 and selling the access for $3,000, the Record reports. 45-year-old Catalin Dragomir was also accused of hacking and selling access to ten other US companies, causing losses of at least $250,000. He's set to be sentenced this May and faces up to seven years in prison.
