Chinese Hackers Hijack Routers, US Stops Botfarm, Google Adds Passkeys – Cybersecurity News [July 08, 2024]
Here we are back again with cybersecurity’s latest covering the news that shook the world this week. We’ll take a look at Chinese hackers taking over SOHO routers for attacks, how the US DoJ shut down Russian bot accounts on X, the new passkeys for Google account protection, the Fujitsu data breach, and the compromise of personal and healthcare information of the City of Philadelphia. Stay tuned!
Chinese Hackers Take Over Home Routers for Attacks
International cybersecurity agencies and law enforcement issued a joint advisory this week, warning about the hijacking of SOHO routers by Chinese state-sponsored APT40 hacking groups.
APT 40 also goes by the name of Kryptonite Panda, Leviathan, Bronze Mohawk, and Gingham Typhoon. The threat actors have been active since 2011 and have recently hijacked the routers for cyberespionage attacks. They rapidly exploit new vulnerabilities when disclosed to the public and conduct reconnaissance.
The threat actors target end-of-life SOHO routers by leveraging N-day vulnerabilities and hijacking them to use them as network proxies. They also use ORB (Operational Relay Box) networks via hijacked IoT devices and EoL routers. Once they’re in the network, APT40 exfiltrates data to a C2 (Command and Control) server, removing event logs to cover up their tracks.
The advisory mentions many recommendations for mitigating and defending against this threat. It’s best to patch applications timely, segment the network, and turn off unused ports and services.
US Shuts Down AI Bot Farm Spreading Russian Propaganda on X
The US Justice Department conducted an international joint law enforcement operation, taking down X (formerly Twitter) accounts controlled by a bot farm.
The FBI and the CS (Canadian Centre for Cyber Security) released a technical advisory detailing the Meliorator software used by a bot farm. The bot farm was operated by a Russian FSB officer and a deputy editor-in-chief of Russia Today, who used the accounts to spread disinformation and push Russian propaganda.
They used Meliorator, an AI-enabled software, to create social media accounts posing as real individuals worldwide. Meliorator was only used to make X profiles, but analysts suggest that its expansion to other social media channels is highly likely.
All the accounts were registered using private email servers seized during the operation. X also took down 968 such profiles identified as part of the RT bot farm.
Google Adds Passkeys to Protect High-Risk Users
Google announced that high-risk users can access passkeys when enrolling in the Advanced Protection Program for account security.
The program is free for activists, business leaders, journalists, and other high-risk people to protect their accounts. It blocks unauthorized access to accounts and better protects against phishing attacks, data theft, and malicious applications.
The passkeys are tied to devices you use— a specific computer, tablet, or smartphone. They work locally and offer better protection than legacy passwords and data breaches. With the passkeys, you can allow access to websites and online services and work as a substitute for applications that require biometrics to open.
Making a passkey for your device is simple and can also be used for PINs, screen lock patterns, and hardware security keys. All you need to do is visit the enrollment page for the Advanced Protection Program and follow the on-screen instructions.
Google has also added a recovery option for AAP users. Users can add a contact number or email address for account recovery in case of locked accounts and loss of passkeys.
Fujitsu Reveals Customer Data Breach from March Attack
Fujitsu revealed that customer information was compromised during the data breach it suffered this year.
The Japanese tech giant suffered an attack in March where the threat actors infected its systems with malware. In response, Fujitsu isolated all the impacted devices and launched an investigation to determine the scope of the breach.
This week, the organization issued a statement highlighting that threat actors did steal data from a single point of compromise, which had 49 devices. The devices were isolated after attachment discovery, and the malware was contained in the network. They also highlighted that commands to copy files were executed by the malware, which led them to conclude that there is a possibility that data was exfiltrated.
The organization shared that it had not received any reports about the misuse of stolen data. It has also implemented security monitoring rules for all business devices used within the organization including robust malware protection. These devices are also protected by malware detection solutions to prevent future attacks.
Philadelphia Reports Data Breach Affecting 35,000 People in May 2023
The City of Philadelphia announced that threat actors gained access to multiple email accounts between May 2023 and July 2023 and stole more than 35,000 people’s personal and protected health information.
The City disclosed the data breach back in October and also shed light on the information that was exposed. It included personal information like names, addresses, birth dates, social security numbers, contact information, medical information such as diagnosis and treatment, and some financial information.
A total of 35,881 individuals were affected by the breach, and all the individuals whose personal information was exposed were notified. The City has also mailed data breach notifications to people whose health information was exposed. They have conducted an in-depth review of the information accessed by the threat actors. They also locate individuals affected by the missing address information so they can notify them. The City officials have informed federal law enforcement and will also provide training to its employees against such attacks.
If you were affected by the breach, you will also get free credit monitoring services for 12 months. They have not disclosed exactly how the attack took place or why the disclosure was delayed for so long.