InfoSecBulletin Cybersecurity for mankind
In 2024, digital security experienced major breaches as cybercriminals and state-backed groups exploited vulnerabilities for large-scale attacks. These incidents were efficient for attackers but damaging to affected organizations and individuals, threatening their privacy and security. With rising global tensions, 2025 is anticipated to present more cybersecurity challenges. Infosecbulletin highlights the year’s significant breaches and warns for increased vigilance.
China’s Salt Typhoon Telecom Breaches:
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
In 2024, the China-linked espionage group Salt Typhoon infiltrated major US telecom companies, including Verizon and AT&T, along with other global targets, over several months. Affected companies are still struggling to eliminate the hackers despite ongoing efforts.
In summer 2024, attackers used stolen passwords to access Snowflake accounts without two-factor authentication, causing major data breaches at companies like Ticketmaster, Santander Bank, Neiman Marcus, and AT&T. This included the theft of nearly all customer records from AT&T’s calls and texts over seven months in 2022. Security firm Mandiant reported around 165 victims were affected. In response, Snowflake made two-factor authentication mandatory for account administrators in July. In November, suspect Alexander “Connor” Moucka was arrested in Canada for leading the attack, and John Erin Binns was indicted for his role in the breaches.
Change Healthcare Ransomware Attack:
In February 2024, Change Healthcare, a major medical billing and insurance company, suffered a ransomware attack that disrupted healthcare facilities across the US and compromised over 100 million individuals’ data. The attack, believed to be carried out by the Russian-speaking ALPHV/BlackCat ransomware gang, led to the theft of personal information, including phone numbers, addresses, financial data, and medical records. Change Healthcare paid a $22 million ransom in March, but the attack resulted in widespread harm, with ongoing notifications to victims and mounting lawsuits. The state of Nebraska sued the company, citing its failure to implement basic security protections.
Russia’s Midnight Blizzard Hit Microsoft:
Microsoft said in January that it had been breached by Russia’s “Midnight Blizzard” hackers in an incident that compromised company executives’ email accounts. The group is tied to the Kremlin’s SVR foreign intelligence agency and is specifically linked to SVR’s APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, the attackers targeted and compromised historic Microsoft system test accounts that then allowed them to access what the company said were “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them—in other words, Midnight Blizzard doing reconnaissance on Microsoft’s research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.
In December 2023, National Public Data, a background check company, experienced a data breach, with stolen information beginning to appear for sale on cybercriminal forums by April 2024. Throughout the summer, various forms of this data circulated, leading to public confirmation from the company in August. The compromised information included names, Social Security numbers, phone numbers, addresses, and dates of birth. Due to the delay in the breach’s acknowledgment until August, speculation ran rampant for months, with some theories suggesting that tens or even hundreds of millions of Social Security numbers were involved. Fortunately, the actual number of affected individuals turned out to be much lower, with the company reporting in a Maine filing that approximately 1.3 million people were impacted. In October, the parent company of National Public Data, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing ongoing state and federal investigations along with multiple lawsuits stemming from the breach.
A lot of people steal a lot of cryptocurrency every year, including North Korean cybercriminals who have a mandate to help fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis released this month, though, underscores just how aggressive Pyongyang-backed hackers have become. The researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million across 20 attacks. This year, they stole roughly $1.34 billion across 47 incidents. The 2024 figures represent 20 percent of total incidents Chainalysis tracked for the year and a whopping 61 percent of the total funds stolen by all actors.
The sheer domination is impressive, but the researchers emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.
@Wired
