Buckets of trouble.
Researchers uncover a large-scale hacking operation tied to the infamous ShinyHunters. A Dell Power Manager vulnerability lets attackers execute malicious code. TikTok requests a federal court injunction to delay a U.S. ban. Radiant Capital attributed a $50 million cryptocurrency heist to North Korea. Japanese firms report ransomware attacks affecting their U.S. subsidiaries. WhatsApp’s “ViewOnce” feature faces continued scrutiny. SpyLoan malware targets Android users through deceptive loan apps. A major Romanian electricity distributor is investigating an ongoing ransomware attack. A critical flaw in OpenWrt Sysupgrade has been fixed. Contenders for top cyber roles in the next Trump administration visit Mar-a-Lago. On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Google’s new quantum chip promises scaling without failing.
Today is Tuesday December 10th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
Researchers uncover a large-scale hacking operation tied to the infamous ShinyHunters.
Cybersecurity researchers Noam Rotem and Ran Locar have uncovered a large-scale hacking operation tied to the infamous ShinyHunters and Nemesis groups. Exploiting vulnerabilities and misconfigurations, hackers accessed sensitive data, including AWS keys, source code, and cryptocurrency wallets. Using tools like ffuf, httpx, and Shodan, they automated exploits, targeting millions of websites and endpoints globally. The operation, traced to French-speaking individuals, involved selling stolen data on Telegram for hundreds of Euros.
Notably, an open AWS S3 bucket used by the attackers revealed harvested data and even linked back to Sezyo Kaizen, a convicted member of ShinyHunters. This error exposed their tools, techniques, and some identities. Researchers, collaborating with AWS, mitigated the impact and notified affected parties.
ShinyHunters, known for breaches at major firms like AT&T and Ticketmaster, and Nemesis, tied to a black-market forum, demonstrate the sophistication of these syndicates.
A Dell Power Manager vulnerability lets attackers execute malicious code.
A critical vulnerability (CVE-2024-49600) in Dell Power Manager, used to manage power settings on Dell systems, allows attackers with local access and low privileges to execute malicious code and escalate privileges. Affecting versions prior to 3.17, the flaw stems from improper access control, enabling unauthorized access to sensitive system functions and potential full system compromise.
Rated with a CVSS score of 7.8 (high severity), the vulnerability requires local access but is low in complexity and does not need user interaction. Dell has released version 3.17 to address the issue, urging users to update immediately. No workarounds exist, emphasizing the need for timely patching and robust endpoint security to mitigate risks.
TikTok requests a federal court injunction to delay a U.S. ban.
TikTok has requested a federal court injunction to delay a U.S. ban set for January 19, as it appeals to the Supreme Court. The D.C. Circuit Court upheld a law requiring TikTok to sever ties with Chinese parent ByteDance. TikTok argues the ban poses no immediate national security risk and seeks a decision by December 16. The injunction would allow the incoming administration to reassess the case, potentially avoiding harm and Supreme Court involvement.
Radiant Capital attributed a $50 million cryptocurrency heist to North Korea.
DeFi platform Radiant Capital has attributed the $50 million cryptocurrency heist from its platform on October 16, 2024, to North Korean state-affiliated hackers known as Citrine Sleet (UNC4736/AppleJeus). The sophisticated attack bypassed advanced security measures, including hardware wallets and multi-signature verification, exploiting malware delivered via a spoofed Telegram message. Hackers used the malicious payload “InletDrift” to compromise developer devices, enabling unauthorized transactions on the Arbitrum and Binance Smart Chain networks.
Mandiant assisted in the investigation, linking the attack to North Korea’s broader strategy of targeting cryptocurrency platforms to fund state operations. Radiant, a DeFi platform enabling cross-blockchain asset management, emphasized the attackers’ ability to evade standard verification processes. It is now working with U.S. law enforcement and recovery firms to reclaim the stolen funds while calling for improved device-level security to mitigate future threats.
Japanese firms report ransomware attacks affecting their U.S. subsidiaries.
Japanese firms Kurita Water Industries and Ito En recently reported ransomware attacks affecting their U.S. subsidiaries. Kurita, a global leader in water treatment chemicals, revealed that its Minnesota-based Kurita America was targeted on November 29. Attackers encrypted servers and potentially leaked data belonging to customers, employees, and partners. However, core systems have been restored, and operations remain unaffected.
Similarly, Ito En North America, part of Japan’s largest green tea producer, faced a ransomware attack on December 2, impacting servers in Texas. Backup data is being used to restore operations, and investigations are ongoing.
These incidents highlight a surge in ransomware targeting Japanese companies in 2024, with major firms like Fujitsu, Game Freak, and Nidec also affected.
WhatsApp’s “ViewOnce” feature faces continued scrutiny.
Meta’s WhatsApp faced criticism after a vulnerability in its “View Once” feature allowed attackers to bypass privacy protections using modified WhatsApp Web clients. The feature, designed to limit media to a single view, was undermined by browser extensions that ignored its restrictions, enabling recipients to save or share content.
Meta initially deployed a partial fix in September 2024, but attackers adapted quickly. A robust server-side fix in November resolved the issue by blocking “View Once” media access on web clients. While effective, the fix raised concerns about metadata exposure and left vulnerabilities in modified mobile clients. Experts suggest device integrity checks or DRM for enhanced protection.
SpyLoan malware targets Android users through deceptive loan apps.
SpyLoan malware is a growing threat targeting Android users through deceptive loan apps. Masquerading as legitimate financial tools, these apps exploit social engineering to gain access permissions and steal sensitive data, including financial information, contacts, and location details. Downloaded over 8 million times, SpyLoan apps bypass Google Play Store’s filters and target users globally, with cases reported in India, Southeast Asia, Africa, and Latin America. Victims face financial exploitation, blackmail, and harassment. Authorities are combating the threat, but SpyLoan’s global prevalence demands stronger security measures and user vigilance.
A major Romanian electricity distributor is investigating an ongoing ransomware attack.
Electrica Group, a major Romanian electricity distributor, is investigating an ongoing ransomware attack that has not impacted its critical SCADA systems. The company, serving over 3.8 million customers, emphasized that temporary disruptions are precautionary measures to protect infrastructure and data. Romania’s Energy Ministry confirmed the attack, stating that network equipment remains unaffected. This incident follows a declassified report revealing over 85,000 cyberattacks targeting Romania’s election infrastructure, highlighting the country’s increasing cybersecurity challenges. Electrica is collaborating with authorities to resolve the issue.
A critical flaw in OpenWrt Sysupgrade has been fixed.
A critical flaw (CVE-2024-54143) in OpenWrt’s Attended Sysupgrade feature could have enabled attackers to distribute malicious firmware via custom builds. OpenWrt, a popular Linux-based OS for routers and IoT devices, had vulnerabilities involving command injection and hash truncation. Researcher RyotaK demonstrated how these flaws allowed modification of firmware artifacts.
OpenWrt developers promptly addressed the issue, fixing it within hours. Although no exploitation has been detected, users are urged to update their firmware to eliminate potential risks.
Contenders for top cyber roles in the next Trump administration visit Mar-a-Lago.
Brian Harrell, a seasoned veteran of the Department of Homeland Security (DHS) under the Trump administration, is reportedly a leading contender for high-ranking cybersecurity roles in the next administration, The Record reports. Sources familiar with the situation reveal that Harrell has been invited to Mar-a-Lago in the coming weeks to interview for roles such as director of the Cybersecurity and Infrastructure Security Agency (CISA) and DHS undersecretary for strategy, policy, and plans.
Harrell, who previously served as DHS assistant secretary for infrastructure protection, is well-regarded for his expertise in safeguarding critical infrastructure. Recorded Future News first reported his candidacy for these prominent positions.
He is not the only one under consideration. Matt Hayden, former DHS assistant secretary for cyber, infrastructure, risk, and resilience, and Sean Plankey, a former National Security Council cyber team member and acting assistant secretary at the Department of Energy’s cybersecurity office, are also being discussed for potential leadership at CISA. Two sources confirmed Plankey’s name in the mix for the top CISA role.
The forthcoming Mar-a-Lago interviews are part of broader plans to fill key positions within DHS, not only in cybersecurity but also in areas such as immigration enforcement and leadership roles at the Transportation Security Administration (TSA). This diverse hiring strategy reflects the transition team’s focus on securing leadership across various critical sectors.
Coming up next, we’ve got our Industry Voices segment. Joining me is Cobalt’s Senior Vice President of Product Jason Lamar to share insights on offensive security: staying ahead of cyber threats. After that, stay tuned for the story of Willow, Google’s game-changing quantum chip that’s rewriting the rules of computing and sparking a high-tech rivalry you won’t want to miss! We’ll be right back
Welcome back. You can find out more information about Jason and Cobalt in our show notes.
Google’s new quantum chip promises scaling without failing.
Google’s latest breakthrough in quantum computing, a chip named Willow, tackles the notorious challenge of error correction in scaling up quantum computers. Traditionally, adding more qubits—the building blocks of quantum systems—results in more errors, derailing the dream of functional quantum computing. But Willow flips the script, reducing errors as more qubits are added. Hartmut Neven, head of Google Quantum AI, proudly announced they achieved “below threshold” error rates, a historic feat since Peter Shor introduced quantum error correction in 1995.
Neven likened the milestone to building the first convincing prototype for a scalable logical qubit—a step closer to truly large, useful quantum computers. But quantum enthusiasts, hold your champagne: the tech is still in the experimental phase. Remember when Google claimed “quantum supremacy” in 2019? IBM quickly played referee, disputing Google’s assertion that its quantum processor outpaced supercomputers.
Meanwhile, IBM continues its quantum crusade, launching a $100 million initiative with U.S. and Japanese universities to create quantum-centric supercomputers. Quantum industry veteran Bob Sutor reminds us that while companies like Google and IBM are pouring resources into solving quantum’s puzzles, progress requires more than just deep pockets. Collaboration—across regions, countries, and alliances—is key.
So, while Willow’s achievement is a major leap, the road to practical quantum computing is still filled with hurdles, debates, and, undoubtedly, a few more bold claims from competitors. Until then, quantum’s promise remains a tantalizing mix of science, strategy, and a dash of corporate rivalry.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.