Tapped and trapped.
Chinese hackers breach U.S. telecom wiretap systems. A third-party debt collection provider exposes sensitive information of Comcast customers. Homeland Security’s cybercrime division chronicles their success. Google removes Kaspersky antivirus from the Play store. Ukrainian hackers take down Russian TV and Radio channels. A crypto-thief pleads guilty to wire fraud and money laundering. A pig-butchering victim gets his money back. On our Industry Voices segment, Jeff Reed, Chief Product Officer at Vectra AI, joins us to talk about how modern attackers don't hack in, they log in. AI knows - the truth is out there.
Today is Monday October 7th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
Chinese hackers breach U.S. telecom wiretap systems.
Chinese hackers reportedly breached the networks of major U.S. telecom companies, including Verizon, AT&T, and Lumen Technologies, according to The Wall Street Journal. The hackers accessed systems used for court-authorized wiretaps, potentially maintaining access for months. They also tapped into other internet traffic. U.S. investigators believe a Chinese group, dubbed “Salt Typhoon,” was behind the attack, aiming to gather intelligence. This incident follows earlier disruptions of a different Chinese hacking group, “Flax Typhoon.” China’s foreign ministry denied involvement, calling the allegations a “false narrative” and accusing the U.S. of framing China. The ministry further claimed that the U.S. is obstructing global cybersecurity cooperation. While Lumen declined to comment, Verizon and AT&T did not immediately respond. Beijing previously refuted claims of using hackers for espionage, asserting that the “Volt Typhoon” campaign was staged by an international ransomware group.
A third-party debt collection provider exposes sensitive information of Comcast customers.
Comcast has disclosed that over 230,000 customers had their personal data stolen during a ransomware attack on Financial Business and Consumer Solutions (FBCS), a third-party debt collection provider. The breach occurred in February and was initially downplayed by FBCS, which later revealed in July that customer data had been compromised. Hackers accessed names, addresses, Social Security numbers, birth dates, and Comcast account details of subscribers from around 2021. The ransomware attack targeted FBCS’s systems, encrypting data and stealing information. FBCS confirmed over 4 million individuals were affected, including clients of other organizations, such as CF Medical and Truist Bank. Sensitive data, including medical and financial information, was compromised in the attack. The incident has not yet been claimed by any ransomware group.
Homeland Security’s cybercrime division chronicles their success.
Bloomberg reports the U.S. Department of Homeland Security’s cybercrime division, Homeland Security Investigations (HSI), has disrupted over 500 ransomware attacks and seized billions in cryptocurrency since 2021. HSI’s proactive approach involves monitoring internet traffic for malicious activity, unpatched software vulnerabilities, and ransomware tactics. By analyzing this data, they can often detect and prevent attacks before they occur. Between October 2023 and September 2024, HSI stopped 150 ransomware plots, preventing 537 intrusions since the operation’s start. HSI’s efforts, which differ from the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) operations, have led to $4.3 billion in cryptocurrency seizures, including $180 million last year. The agency works closely with its 235 field offices to alert potential targets, including U.S. agencies and healthcare organizations, about imminent threats. However, building criminal cases remains a challenge, especially when attacks are thwarted before occurring.
Google removes Kaspersky antivirus from the Play store.
The official Kaspersky antivirus app for Android has been removed from the Google Play store following recent U.S. government sanctions. Google disabled Kaspersky’s developer accounts and removed its apps due to restrictions imposed by the U.S. Department of Commerce’s Bureau of Industry and Security. Kaspersky is investigating the removal and exploring alternative solutions to allow users to download and update their software. In the meantime, users can still access Kaspersky apps via alternative stores like Galaxy Store and Huawei AppGallery or directly from Kaspersky’s website. The move comes after a U.S. ban on Kaspersky products over national security concerns, with allegations that the Russian government could exploit the software. The U.S. banned Kaspersky sales starting July 2024, and subsequent updates for the software ceased by late September.
Ukrainian hackers take down Russian TV and Radio channels.
Ukrainian hackers took down online broadcasts of at least 20 Russian state TV and radio channels, including Rossiya 24, coinciding with President Putin’s 72nd birthday. The hack affected major broadcasters like Rossiya-1, Rossiya-24, and radio stations such as Vesti FM and Mayak. Russia’s VGTRK media holding called the attack “unprecedented.” Kremlin spokesman Dmitry Peskov said efforts were underway to address the breach. A pro-Ukrainian hacker group, “Sudo rm-RF,” claimed responsibility for the attack.
A crypto-thief pleads guilty to wire fraud and money laundering.
Evan Frederick Light, a 21-year-old from Lebanon, Indiana, has pleaded guilty to conspiracy charges of wire fraud and money laundering related to a cyber-intrusion that stole over $37 million in cryptocurrency. In February 2022, Light targeted an investment company in Sioux Falls, South Dakota, exploiting server vulnerabilities to access the personal data of nearly 600 clients. Using a legitimate client’s identity, he stole cryptocurrency from multiple victims and laundered the funds through mixing services and gambling websites to hide his tracks. U.S. Attorney Alison Ramsdell and FBI Special Agent Alvin Winston emphasized the seriousness of cyber threats and the commitment to holding cybercriminals accountable. Light remains in custody awaiting sentencing, with a presentence investigation underway.
A pig-butchering victim gets his money back.
Aleksey Madan, 69, received a $140,000 check from Massachusetts officials after losing his life savings in a crypto scam. He was among several victims targeted by SpireBit, a fraudulent operation that lured Russian-speaking seniors with fake investment ads on social media, using Elon Musk’s image to promote false promises of high returns. SpireBit used stock photos for its executives and fake business addresses. After NPR’s investigation exposed the scam, Massachusetts authorities sued SpireBit and froze its assets on Binance, a cryptocurrency trading platform. The state seized $269,000 from SpireBit’s crypto wallets, distributing most of it to four victims. This case is part of a growing online scam trend known as “pig butchering,” where scammers build trust before stealing large sums. The FBI reported over $5.6 billion in crypto scams last year. Another victim, Naum Lantsman, lost $340,000 but has yet to receive restitution.
Coming up on our Industry Voices segment, I’m joined by Vectra AI’s Chief Product Officer Jeff Reed talking about how modern attackers don't hack in, they log in. We’ll be right back.
Welcome back. You can find links to learn more about Vectra AI in our show notes.
AI knows - the truth is out there.
And finally, AI, often blamed for spreading conspiracy theories, might be the perfect tool to fight them. A recent study by MIT and Cornell found that ChatGPT-4 Turbo can actually help people rethink their beliefs in conspiracy theories. Researchers had over 2,000 Americans explain their favorite conspiracy theory and then engage in a conversation with the chatbot. Shockingly, 20% of participants changed their minds after chatting with AI.
Why did it work? Simple—AI doesn’t get emotional. It calmly presents facts without making anyone feel dumb. People weren’t defensive because there was no human ego involved, just data. This approach gave participants the “emotional space” to process the information. Plus, the chatbot nailed its facts, with a 99.2% accuracy rate.
The potential here is huge. What if AI could be the key to debunking misinformation on social media? Wouldn’t it be poetic if the same technology that spreads fake news could help take it down?
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.