AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/23/2024

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of China’s top private cybersecurity firms provides a rare glimpse into the commercial side of China’s many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign espionage campaigns to the nation’s burgeoning and highly competitive cybersecurity industry. A large cache of more than 500 documents published to GitHub last week indicate the records come from i-SOON, a technology company headquartered in Shanghai that is perhaps best known for providing cybersecurity training courses throughout China. But the leaked documents, which include candid employee chat conversations and images, show a less public side of i-SOON, one that frequently initiates and sustains cyberespionage campaigns commissioned by various Chinese government agencies.


Brussels spyware bombshell: Surveillance software found on officials’ phones

The European Parliament on Wednesday asked members on its defense subcommittee to have their phones checked for spyware after it found traces of hacking on two devices. Members and staff in the chamber’s subcommittee on security and defense (SEDE) have had their phones hit with intrusive surveillance software tools, the institution said in an internal email. All lawmakers in the subcommittee have been advised to take their phones to the institution’s IT service to be checked for spyware, according to the email, seen by POLITICO.


UnitedHealth says Change Healthcare hacked by nation state, as pharmacy outages drag on

U.S. health insurance giant UnitedHealth Group said Thursday in a filing with government regulators that its subsidiary Change Healthcare was compromised likely by government-backed hackers. In a filing Thursday, UHG blamed the ongoing cybersecurity incident affecting Change Healthcare on suspected nation state hackers but said it had no timeframe for when its systems would be back online. UHG did not attribute the cyberattack to a specific nation or government, or cite what evidence it had to support its claim.


AT&T restores service after hours of outage

AT&T (T.N), opens new tab said late on Thursday an outage that disrupted calls and text messages for thousands of U.S. users and prompted federal investigations was not caused by a cyberattack. The carrier had restored wireless service for all affected customers, several hours after an outage that affected more than 70,000 users at its peak. “Based on our initial review, we believe that today’s outage was caused by the application and execution of an incorrect process used as we were expanding our network,” the wireless carrier said in a statement on its website.


A New Age of Hacktivism

In the past 2 years, we have observed a significant surge in hacktivism activity due to ongoing wars and geopolitical conflicts in various regions. Since the war against Ukraine began, we have witnessed a notable mobilization of non-state and state-backed actors alike, forming new groups or joining existing hacker collectives. We understand hacktivism as a form of computer hacking that is done to further the goals of political or social activism1. While activism describes a normal, non-disruptive use of the Internet in order to support a specific cause (online petitions, fundraising, coordinating activities), hacktivism includes operations that use hacking techniques with the intent to disrupt but not to cause serious harm (e.g., data theft, website defacements, redirects, Denial-of-Service attacks). 

Related Posts