At a glance.
- Novel Facebook phishing scam.
- 50,000 students' data exposed.
- Chinese cyberespionage group targets telecom companies.
Facebook phishing scam uses novel technique to go undetected.
The researchers at PIXM Anti-Phishing tell the tale of how a hacker was able to steal one million Facebook user credentials in just four months. The credential harvesting campaign, which has been active since the end of 2021, is notable for its scale, but also for its complex technical approach, indicative of how the art of phishing is evolving in order to maximize efficiency. The threat actor developed thousands of landing pages designed to mimic a legitimate Facebook login portal. When a victim was tricked into entering his or her credentials, the hacker would then log in to the account and send a fraudulent portal link to the user’s Facebook friends via Messenger. A scheme like this would normally be detected by Facebook’s internal threat intelligence team and the fake portal links blocked, but this campaign uses a special technique to mask the malicious URL by linking first to a legitimate app deployment service and redirecting the victim to the credential harvesting site.
Unprotected cloud storage bucket exposes data of 50,000 students.
vpnMentor has detected a data breach in a Microsoft Azure cloud account belonging to Myeasydocs, a platform that helps individuals submit documents for verification to banks, law enforcement agencies, and other institutions. The breach in question is linked to an Israeli URL owned by a company that allows Indian students to submit documents to schools in Israel and India. Myeasydocs’ failure to secure the Azure account led to the compromise of the data of more than 50,000 current and former university students. Both the company and Israeli CERT have been notified of the breach, which exposed student data including full names, contact info, majors, ID and school registration numbers, and graduation dates. It’s worth noting that India recently instituted its first incident reporting policy, requiring companies disclose data breaches within six hours of detection, but fortunately for Myeasydocs, the law doesn’t come into effect until later this year.
China-backed threat group targets telecom companies.
On Tuesday the US National Security Agency, the Cybersecurity and Infrastructure Security Agency, and the Federal Bureau of Investigation released a cybersecurity advisory warning that Chinese threat groups are exploiting known bugs to infiltrate to compromise major telecommunications companies and network service providers. As Bleeping Computer explains, The threat actors start by attacking smaller devices like unpatched small office/home office routers, and then use those devices as command-and-control servers and proxy systems in order to breach larger networks. Once they’re in, the attackers steal credentials to access underlying SQL databases and use SQL commands to harvest user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers. The advisory reads, "Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting.” The warning includes a list of common network device vulnerabilities most frequently exploited by Chinese-backed threat groups, as well as recommended mitigation measures for private industry organizations.