Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov
The US Justice Department on Monday unsealed an indictment charging seven men with hacking or attempting to hack dozens of US companies in a 14-year campaign furthering an economic espionage and foreign intelligence gathering by the Chinese government. All seven defendants, federal prosecutors alleged, were associated with Wuhan Xiaoruizhi Science & Technology Co., Ltd. a front company created by the Hubei State Security Department, an outpost of the Ministry of State Security located in Wuhan province. The MSS, in turn, has funded an advanced persistent threat group tracked under names including APT31, Zirconium Violet Typhoon, Judgment Panda, and Altaire.
Vans warns customers of data breach
Skater brand Vans emailed customers last week to tell them about a recent “data incident.” On December 13, 2023, Vans said it detected unauthorized activities on its IT systems, attributed to “external threat actors.” An investigation revealed that the incident involved some personal information of Vans’ customers. The data incident turned out to be a ransomware attack. In a filing with the Securities and Exchanges Commission (SEC), parent company V.F. Corporation stated the hackers disrupted business operations and stole the personal information of approximately 35.5 million individual consumers.
US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities
The US cybersecurity agency CISA and the FBI on Monday published a ‘secure-by-design’ alert urging organizations to review their software products to eliminate SQL injection vulnerabilities. Also referred to as SQLi, SQL injection flaws represent a persistent class of security defects in commercial software, despite extensive documentation and the existence of effective mitigations. Products vulnerable to SQLi, CISA and the FBI say, put many customers at risk, as evidenced by last year’s cyberattack on Progress Software’s managed file transfer (MFT) solution MOVEit Transfer.
Thousands of phones and routers swept into proxy service, unbeknownst to users
Crooks are working overtime to anonymize their illicit online activities using thousands of devices of unsuspecting users, as evidenced by two unrelated reports published Tuesday. The first, from security firm Lumen Labs, reports that roughly 40,000 home and office routers have been drafted into a criminal enterprise that anonymizes illicit Internet activities, with another 1,000 new devices being added each day. The malware responsible is a variant of TheMoon, a malicious code family dating back to at least 2014. In its earliest days, TheMoon almost exclusively infected Linksys E1000 series routers. Over the years it branched out to targeting the Asus WRTs, Vivotek Network Cameras, and multiple D-Link models.
Facebook snooped on users’ Snapchat traffic in secret project, documents reveal
In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents. Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo. On Tuesday, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.
UK Law Enforcers Arrest 400 in Major Fraud Crackdown
UK police have arrested hundreds of suspects and seized £19m ($15m) as part of an ongoing crackdown on rampant fraud in the country. Now in its third iteration, Operation Henhouse was coordinated again by the National Economic Crime Centre and City of London Police. Activity in February and March led to 438 arrests, 211 voluntary interviews, £13.9m seized in cash and assets, and account freezing orders of £5.1m, according to the National Crime Agency (NCA).