Fujitsu Discovers Malware on IT Systems, Confirms Data Breach
Japanese technology powerhouse Fujitsu recently revealed a concerning cybersecurity breach within its infrastructure, shedding light on the infiltration of malware into several of its systems, accompanied by the theft of customer data. As the world’s sixth-largest IT services provider, Fujitsu boasts an extensive portfolio and a global presence, operating in over 100 countries and maintaining critical partnerships, including with the Japanese government. The company’s announcement, made public last week, disclosed the discovery of malware on its business computers, potentially leading to the illicit extraction of sensitive customer information.
In response, Fujitsu swiftly isolated affected systems and bolstered monitoring protocols. While there have been no reported instances of customer data misuse, Fujitsu remains vigilant, actively investigating the breach’s origins and the extent of data compromised. Furthermore, the company has notified relevant authorities and is in the process of informing affected customers individually. This incident marks another chapter in Fujitsu’s ongoing battle with cybersecurity threats, following a previous breach in May 2021, underscoring the critical need for robust protective measures in an increasingly digitized world.
Earth Krahang Cyber Campaign: Breaching Organizations Globally
The Earth Krahang, a Chinese Advanced Persistent Threat (APT) group, has executed a widespread cyber campaign, breaching 70 organizations across 23 countries. Spearheaded by sophisticated tactics, the campaign, active since early 2022, primarily targets government entities. With 48 government organizations compromised, including 10 Foreign Affairs ministries, and an additional 49 agencies targeted, the scale of the operation is significant.
Exploiting software vulnerabilities in internet-facing servers and employing spear-phishing techniques, Earth Krahang deploys custom backdoors for espionage. Utilizing breached government infrastructure, they establish VPN servers and employ brute-force methods to access valuable email accounts. This enables them to host malicious payloads, proxy attack traffic, and execute further intrusions.
Trend Micro’s report underscores the sophisticated nature of state-sponsored cyber threats, highlighting the urgent need for robust cybersecurity measures on a global scale.
Ukrainian Authorities Arrest Hackers Selling 100 Million Stolen Accounts
Ukrainian cyber police, collaborating with national investigators, have arrested three individuals accused of hijacking over 100 million emails and Instagram accounts worldwide. Using specialized software, the suspects conducted brute-force attacks to steal passwords. They then sold access to these compromised accounts on the darknet to fraud groups, who exploited them for financial gain. The operation, organized within Ukraine, involved task delegation by a leader. Police seized 70 computers, 14 mobile phones, and other evidence. The arrested individuals face charges carrying up to 15 years in prison. Authorities are also investigating possible collaboration with foreign entities, particularly concerning Russian interests. Users are advised to use strong passwords and activate multi-factor authentication to protect their accounts.
CISA Issues Defense Tips Against Chinese Volt Typhoon Hackers
CISA, in collaboration with global cybersecurity agencies, has issued a warning to critical infrastructure leaders about the threat posed by the Chinese hacking group, Volt Typhoon. With a focus on infiltrating Operational Technology assets, Volt Typhoon poses a significant risk to critical infrastructure systems. Authorities advise bolstering cybersecurity measures, emphasizing the importance of robust logging and securing supply chains. Additionally, efforts have been made to dismantle the KV-botnet utilized by the hackers to conceal their activities. Moreover, SOHO router manufacturers are urged to enhance device security against Volt Typhoon attacks. These proactive measures are aimed at mitigating the risks associated with Volt Typhoon and safeguarding critical infrastructure from potential disruptions.
New ‘Loop DoS’ Attack Threatens 300,000 Online Systems
A recently identified denial-of-service (DoS) attack, known as ‘Loop DoS’, poses a serious threat to approximately 300,000 online systems. Developed by researchers at the CISPA Helmholtz-Center for Information Security, this attack targets application layer protocols, exploiting a vulnerability in the User Datagram Protocol (UDP) implementation (tracked as CVE-2024-2169). Using IP spoofing, attackers initiate a self-perpetuating communication loop that inundates targeted systems with excessive traffic, leading to a DoS condition. The attack impacts both outdated and modern protocols crucial for internet-based functions such as time synchronization, domain name resolution, and file transfer. While there’s currently no evidence of active exploitation, affected vendors including Broadcom, Cisco, Honeywell, Microsoft, and MikroTik have acknowledged the vulnerability. To mitigate the risk of a Loop DoS attack, organizations are advised to install the latest patches, disable unnecessary UDP services, and implement anti-spoofing measures like BCP38 and uRPF. Additionally, deploying Quality-of-Service (QoS) measures can help limit network traffic and protect against potential abuse.
Spa Grand Prix Email Account Hacked for Phishing Scam
The official contact email for the Belgian Grand Prix event, Spa Grand Prix, fell victim to hackers who used it to orchestrate a phishing scam targeting fans. On March 17, 2024, fraudulent emails were sent, offering recipients a €50 voucher for purchasing Formula 1 Grand Prix tickets. The email contained a link redirecting to a fake website resembling the official Spa Grand Prix portal, where fans were prompted to provide personal and banking information. Spa Grand Prix promptly responded by alerting customers about the phishing attempt and implementing additional security measures with their IT subcontractor. A complaint was also filed with the Belgian cyber police. While the investigation is ongoing, Spa Grand Prix reassures customers that their official website remains secure. Those concerned about their data are advised to contact Spa Grand Prix’s secretariat for assistance.
Hackers Earn $1,132,500 at Pwn2Own Vancouver for 29 Zero-Days
Pwn2Own Vancouver 2024 concluded with security researchers earning $1,132,500 for demonstrating 29 zero-day vulnerabilities. The event targeted various software and products across different categories, including web browsers, enterprise applications, virtualization, and automotive systems. Notable exploits included gaining code execution and privilege escalation on fully patched systems, such as Windows 11, Ubuntu Desktop, and several web browsers. Manfred Paul emerged as the winner, earning $202,500 by exploiting vulnerabilities in Apple Safari, Google Chrome, and Microsoft Edge. Other successful attempts on the second day included privilege escalation exploits on Windows 11 and Ubuntu Linux, as well as VMware Workstation and Oracle VirtualBox vulnerabilities. Vendors have 90 days to release security fixes for the reported zero-day vulnerabilities before they are publicly disclosed by TrendMicro’s Zero Day Initiative. This year’s event continues the trend of significant payouts for uncovering critical vulnerabilities, reinforcing the importance of robust cybersecurity measures in software development.
Russian Hackers Target German Political Parties with WineLoader Malware
Researchers warn that a notorious hacking group associated with Russia’s Foreign Intelligence Service (SVR) has begun targeting political parties in Germany, diverging from their typical focus on diplomatic missions. Phishing attacks deploy WineLoader, a backdoor malware enabling remote access to compromised systems and networks.
APT29, also known as Midnight Blizzard or Cozy Bear, is linked to numerous cyberattacks, including the SolarWinds supply chain breach in December 2020. Recent activity involves targeting cloud services, breaching Microsoft systems, and compromising MS Office 365 environments.
Mandiant researchers report phishing campaigns against German political parties since late February 2024. Phishing emails impersonate the Christian Democratic Union (CDU), embedding links to external pages containing the ‘Rootsaw’ malware dropper. When executed, Rootsaw downloads and executes WineLoader, establishing encrypted communication with the command and control (C2) server.
WineLoader’s modular design enables various espionage activities, potentially facilitating APT29’s mission. The shift to targeting political parties suggests an aim to influence or monitor political processes, reflecting broader geopolitical objectives.
Conclusion
In today’s digital landscape, the threat of cyberattacks looms large, as evidenced by recent incidents affecting companies and organizations worldwide. From ransomware breaches to sophisticated espionage campaigns, the need for robust cybersecurity measures is more critical than ever.
As experts in ransomware recovery and cybersecurity, we offer specialized services such as Ransomware Recovery Services, Ransomware Negotiation Services, and Ransomware Settlement Services. If your organization requires assistance in recovering from a ransomware attack or bolstering its cybersecurity defenses, contact us today.