At a glance.
- Rampant Kitten: a surveillance campaign against Iranian dissidents.
- Doxing police in Belarus.
- College discloses data breach.
- India's NIC suffers data breach.
- Privacy notes on TikTok and WeChat.
Curious kitten peeps at Iranian dissidents.
Check Point Research pieced together a widespread, ongoing surveillance effort likely sponsored by Tehran that targets Iranian dissidents and minorities. “Rampant Kitten” uses Telegram phishing communications, four different Windows information stealers, and an Android backdoor to gain access to victims' documents, encrypted messages, two-factor authentication (2FA) codes, KeePass passwords, browser data, contacts, camera, and microphone. Telegram is warning users about the scam and pointing fingers at the Iranian government, BBC News confirms. Among pursued groups are the Azerbaijan National Resistance Organization and citizens of Balochistan. Check Point observes that this expansive campaign “has largely managed to remain under the radar for at least six years.” ZDNet says Tehran now joins Beijing as a regime caught thwarting 2FA protocols.
Greenville Technical College (GTC) disclosed that its August ransomware attackers exfiltrated unknown data, Fox Carolina reports. Staff and student government IDs, social security numbers, signatures, credit and debit card numbers, and email passwords could be at risk. GTC is offering free credit monitoring and encouraging students to educate themselves “by contacting the consumer reporting agencies, the Federal Trade Commission, and the South Carolina Department of Consumer Affairs.”
Unknown hackers confront unidentified police.
Australia’s ABC News says unidentified hackers are warning that they will release additional information on Belarusian police personnel if arrests by masked officers of those protesting Alexander Lukashenko’s election continue. "No one will remain anonymous even under a balaclava," the hackers said in a statement. Police have detained thousands thus far, and information on a thousand officers has been leaked.
Blackbaud strikes again. (And again and again and again.)
A Massachusetts hospital and an Idaho hospital system along with four Minnesota healthcare providers and a medical group responsible for numerous healthcare facilities in Montana, Colorado, and Kansas have all disclosed being affected by the Blackbaud breach that impacted patient and donor information, according to reports in Security Week, the Billings Gazette, WWLP, and Idaho News. Most of the organizations retain confidence in Blackbaud, which provides “software solutions powering the entire social good community”; one group reports reevaluating their relationship. While Minnesota’s Allina Health insists victims are not at risk of fraud or identity theft, several hospitals are warning patients to keep an eye on their bills.
Bad eggs hit New Delhi.
India’s Tribune relayed an attack on the country’s National Informatics Centre, which maintains data on high-level officials along with other information crucial to national security. Unknown actors targeted one-hundred computers and succeeded in installing malware, with a representative describing the event as “a kind of regular activity over cyber space.” Police claim the media is overplaying the incursion, according to The New Indian Express. A compromised employee email account, a suspicious link, and an email from a company located in the country’s tech capital, Bengaluru, may have played a role.
Advice on privacy for those who wish to continue using TikTok and WeChat.
The now-postponed US restrictions on TikTok and WeChat would preclude transactions, like obtaining them from app stores. As currently planned, the bans won't, even if they eventually come into force, prevent existing users from continuing to do things on the platforms. For those users who decide to continue to use them, Mathew Newfield, CISO of Unisys, shared some advice with us:
“When it comes to using TikTok securely, an end user needs to know that applications like TikTok use the data it has access to on their device as the currency since the app is free. People should never install applications like these on devices that are used for work or to conduct business, and need to understand that they are potentially giving the application the ability to collect data about them and to then utilize that data for its own means.
“If you really want to utilize these platforms, the following is recommended: first, if possible, use a device that is dedicated to TikTok and only install the necessary security software. Do not provide the device with any personal information about yourself. Do not utilize the device for anything other than TikTok. While this may sound extreme, you will only risk losing the information you are already posting through the TikTok platform. Second, if you cannot use a dedicated device, only post videos you are comfortable with anyone seeing. Third, review your local security settings and remove any applications that could contain extremely important data such as banking applications.
“WeChat is another application that should never be used for business. Currently, WeChat does not support end-to-end encryption and is subject to inflight data theft. Tencent, the parent company of WeChat, does not clearly explain its privacy policies nor does it report on privacy requests or violations like other social media platforms. If you want to utilize the WeChat platform, the following is recommended: utilizing a significantly lengthy and complex password, never conducting business over the platform, updating the privacy settings and reviewing to ensure that they do not change regularly, and ensure that you completely sign out of the platform when you are not utilizing it.”