European govt air-gapped systems breached using custom malware
An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. According to an ESET report, this happened at least two times, one against the embassy of a South Asian country in Belarus in September 2019 and again in July 2021, and another against a European government organization between May 2022 and March 2024. In May 2023, Kaspersky warned about GoldenJackal’s activities, noting that the threat actors focus on government and diplomatic entities for purposes of espionage.
Ransomware gang Trinity joins pile of scumbags targeting healthcare
At least one US healthcare provider has been infected by Trinity, an emerging cybercrime gang with eponymous ransomware that uses double extortion and other “sophisticated” tactics that make it a “significant threat,” according to the feds. The US Department of Health and Human Services sounded the alarm in an October 4 security advisory about the new crims on the block, first spotted in May. It also noted [PDF] that the Health Sector Cybersecurity Coordination Center (HC3) is “aware of at least one healthcare entity in the United States that has fallen victim to Trinity ransomware recently.”
Recently spotted Trinity ransomware spurs federal warning to healthcare industry
At least one U.S. healthcare entity has fallen victim to a new ransomware strain called Trinity, according to a report from federal officials. The U.S. Department of Health and Human Services published an advisory on Friday warning hospitals of the threat posed by the ransomware group, noting that its tactics and techniques make it “a significant threat” to the U.S. healthcare and public health sector. The department’s Health Sector Cybersecurity Coordination Center “is aware of at least one healthcare entity in the United States that has fallen victim to Trinity ransomware recently,” officials said. The advisory said the ransomware was first spotted around May 2024.
Discord blocked in Russia and Turkey for spreading illegal content
Discord has been suddenly blocked in Russia and Turkey since yesterday due to illegal activity residing on the platform, leaving legitimate users in those countries unable to visit the website or connect to the service. While Discord started as a communication and community-building space for gamers, it has since expanded to include a broad spectrum of interest groups and professionals from various industries, allowing them to create “servers” where members can find dedicated channels for different conversation topics. However, the platform has also become a hotbed of illegal activity, with hacking groups and threat actors using the platform to plan cyberattacks, conduct cybercrime, or receive stolen data.
Happy birthday, Putin – you’ve been pwned
Ukrainian hackers shut down Russian state news agency VGTRK’s online broadcasting and streaming services on Monday – president Vladimir Putin’s 72nd birthday – as Kremlin officials vowed to bring those responsible for the “unprecedented” cyber attack to justice. Putin’s press secretary Dmitry Peskov confirmed the breach to Russian media and called it “an unprecedented hacker attack on [VGTRK’s] digital infrastructure.” VGTRK, which owns and operates five national TV channels, five radio stations, and 80 regional TV and radio networks, initially reported the digital intrusion Monday night, claimed that despite the digital intrusion, “no significant damage was done to the media holding’s work.”
Salt Typhoon Hack Shows There’s No Security Backdoor That’s Only For The “Good Guys”
At EFF we’ve long noted that you cannot build a backdoor that only lets in good guys and not bad guys. Over the weekend, we saw another example of this: The Wall Street Journal reported on a major breach of U.S. telecom systems attributed to a sophisticated Chinese-government backed hacking group dubbed Salt Typhoon. According to reports, the hack took advantage of systems built by ISPs like Verizon, AT&T, and Lumen Technologies (formerly CenturyLink) to give law enforcement and intelligence agencies access to the ISPs’ user data. This gave China unprecedented access to data related to U.S. government requests to these major telecommunications companies. It’s still unclear how much communication and internet traffic, and related to whom, Salt Typhoon accessed.
