Wednesday , June 25 2025
2024

Look back; The Worst Hacks of 2024

In 2024, digital security experienced major breaches as cybercriminals and state-backed groups exploited vulnerabilities for large-scale attacks. These incidents were efficient for attackers but damaging to affected organizations and individuals, threatening their privacy and security. With rising global tensions, 2025 is anticipated to present more cybersecurity challenges. Infosecbulletin highlights the year’s significant breaches and warns for increased vigilance.

China’s Salt Typhoon Telecom Breaches:

WhatsApp banned on all US House of Representatives devices

The U.S. House of Representatives has banned congressional staff from using WhatsApp on government devices due to security concerns, as...
Read More
WhatsApp banned on all US House of Representatives devices

Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

Kaspersky found a new mobile malware dubbed SparkKitty in Google Play and Apple App Store apps, targeting Android and iOS....
Read More
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store

OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

OWASP has released its AI Testing Guide, a framework to help organizations find and fix vulnerabilities specific to AI systems....
Read More
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems

Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

In a major milestone for the country’s digital infrastructure, Axentec PLC has officially launched Axentec Cloud, Bangladesh’s first Tier-4 cloud...
Read More
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform

Hackers Bypass Gmail MFA With App-Specific Password Reuse

A hacking group reportedly linked to Russian government has been discovered using a new phishing method that bypasses two-factor authentication...
Read More
Hackers Bypass Gmail MFA With App-Specific Password Reuse

Russia detects first SuperCard malware attacks via NFC

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
Russia detects first SuperCard malware attacks via NFC

Income Property Investments exposes 170,000+ Individuals record

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
Income Property Investments exposes 170,000+ Individuals record

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
ALERT (CVE: 2023-28771)  Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
CISA Flags Active Exploits in Apple iOS and TP-Link Routers

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

In 2024, the China-linked espionage group Salt Typhoon infiltrated major US telecom companies, including Verizon and AT&T, along with other global targets, over several months. Affected companies are still struggling to eliminate the hackers despite ongoing efforts.

Snowflake Customer Breaches:

In summer 2024, attackers used stolen passwords to access Snowflake accounts without two-factor authentication, causing major data breaches at companies like Ticketmaster, Santander Bank, Neiman Marcus, and AT&T. This included the theft of nearly all customer records from AT&T’s calls and texts over seven months in 2022. Security firm Mandiant reported around 165 victims were affected. In response, Snowflake made two-factor authentication mandatory for account administrators in July. In November, suspect Alexander “Connor” Moucka was arrested in Canada for leading the attack, and John Erin Binns was indicted for his role in the breaches.

Change Healthcare Ransomware Attack:

In February 2024, Change Healthcare, a major medical billing and insurance company, suffered a ransomware attack that disrupted healthcare facilities across the US and compromised over 100 million individuals’ data. The attack, believed to be carried out by the Russian-speaking ALPHV/BlackCat ransomware gang, led to the theft of personal information, including phone numbers, addresses, financial data, and medical records. Change Healthcare paid a $22 million ransom in March, but the attack resulted in widespread harm, with ongoing notifications to victims and mounting lawsuits. The state of Nebraska sued the company, citing its failure to implement basic security protections.

Russia’s Midnight Blizzard Hit Microsoft:

Microsoft said in January that it had been breached by Russia’s “Midnight Blizzard” hackers in an incident that compromised company executives’ email accounts. The group is tied to the Kremlin’s SVR foreign intelligence agency and is specifically linked to SVR’s APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, the attackers targeted and compromised historic Microsoft system test accounts that then allowed them to access what the company said were “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them—in other words, Midnight Blizzard doing reconnaissance on Microsoft’s research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

National Public Data:

In December 2023, National Public Data, a background check company, experienced a data breach, with stolen information beginning to appear for sale on cybercriminal forums by April 2024. Throughout the summer, various forms of this data circulated, leading to public confirmation from the company in August. The compromised information included names, Social Security numbers, phone numbers, addresses, and dates of birth. Due to the delay in the breach’s acknowledgment until August, speculation ran rampant for months, with some theories suggesting that tens or even hundreds of millions of Social Security numbers were involved. Fortunately, the actual number of affected individuals turned out to be much lower, with the company reporting in a Maine filing that approximately 1.3 million people were impacted. In October, the parent company of National Public Data, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing ongoing state and federal investigations along with multiple lawsuits stemming from the breach.

A lot of people steal a lot of cryptocurrency every year, including North Korean cybercriminals who have a mandate to help fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis released this month, though, underscores just how aggressive Pyongyang-backed hackers have become. The researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million across 20 attacks. This year, they stole roughly $1.34 billion across 47 incidents. The 2024 figures represent 20 percent of total incidents Chainalysis tracked for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer domination is impressive, but the researchers emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.

@Wired

Check Also

Patch Tuesday

Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched

Microsoft’s June Patch Tuesday update has arrived, addressing 66 vulnerabilities across its product line. One …

Leave a Reply

Your email address will not be published. Required fields are marked *