AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/2/2024

FBI disrupts Chinese botnet used for targeting US critical infrastructure 

The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. The threat actors used the KV botnet malware to hijack hundreds of US-based, privately-owned small office/home office (SOHO) routers and to hide their hacking activity towards “US and other foreign victims”. “The Volt Typhoon malware enabled China to hide, among other things, pre-operational reconnaissance and network exploitation against critical infrastructure like our communications, energy, transportation, and water sectors—steps China was taking, in other words, to find and prepare to destroy or degrade the civilian critical infrastructure,” said FBI director Christopher A. Wray. 

 

All federal civilian agencies ordered to disconnect at-risk Ivanti products by Friday 

All federal civilian agencies in the U.S. have been ordered to disconnect Ivanti Connect Secure and Policy Secure products by Friday after more vulnerabilities were found in the tools this week. In an updated directive published on Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) gave agencies until Friday at midnight to remove the tools from their networks and until midnight on Monday to confirm that they had done so. 

 

OpenAI says there’s only a small chance ChatGPT will help create bioweapons 

OpenAI’s GPT-4 only gave people a slight advantage over the regular internet when it came to researching bioweapons, according to a study the company conducted itself. Bloomberg reported that the research was carried out by the new preparedness team at OpenAI, which was launched last fall in order to assess the risks and potential misuses of the company’s frontier AI models. OpenAI’s findings seem to counter concerns by scientists, lawmakers, and AI ethicists that powerful AI models like GPT-4 can be of significant help to terrorists, criminals, and other malicious actors. Multiple studies have cautioned that AI can give those creating bioweapons an extra edge, such as this one by the Effective Ventures Foundation at Oxford that looked at AI tools like ChatGPT as well as specially designed AI models for scientists such as ProteinMPNN (which can help generate new protein sequences). 

 

Cloudflare hacked using auth tokens stolen in Okta attack 

Cloudflare disclosed today that its internal Atlassian server was breached by a ‘nation state’ attacker who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. The threat actor first gained access to Cloudflare’s self-hosted Atlassian server on November 14 and then accessed the company’s Confluence and Jira systems following a reconnaissance stage. “They then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system (which uses Atlassian Bitbucket), and tried, unsuccessfully, to access a console server that had access to the data center that Cloudflare had not yet put into production in São Paulo, Brazil,” Cloudflare said. 

 

INTERPOL Arrests 31 in Global Operation, Identifies 1,900+ Ransomware-Linked IPs 

An INTERPOL-led collaborative operation targeting phishing, banking malware, and ransomware attacks has led to the identification of 1,300 suspicious IP addresses and URLs. The law enforcement effort, codenamed Synergia, took place between September and November 2023 in an attempt to blunt the “growth, escalation and professionalization of transnational cybercrime.” Involving 60 law enforcement agencies spanning 55 member countries, the exercise paved the way for the detection of more than 1,300 malicious servers, 70% of which have already been taken down in Europe. Hong Kong and Singapore authorities took down 153 and 86 servers, respectively. 

 

Former CIA Engineer Sentenced to 40 Years for Leaking Classified Documents 

A former software engineer with the U.S. Central Intelligence Agency (CIA) has been sentenced to 40 years in prison by the Southern District of New York (SDNY) for transmitting classified documents to WikiLeaks and for possessing child pornographic material. Joshua Adam Schulte, 35, was originally charged in June 2018. He was found guilty in July 2022. On September 13, 2023, he was convicted on charges of receiving, possessing, and transporting child pornography. In addition to the prison term, Schulte has been sentenced to a lifetime of supervised release. 

  

Related Posts