Major Hack Targets U.S. Telecom Providers and Government Systems
A sophisticated Chinese hacking group, known as Salt Typhoon, has breached major U.S. telecom providers including AT&T, Verizon, and Lumen Technologies. These cyberattacks, reportedly aimed at collecting sensitive intelligence, may have granted access to systems used by the U.S. government for lawful wiretapping. While it remains unclear how long the hackers had access, the breach highlights ongoing cyber espionage efforts targeting network infrastructure. Salt Typhoon is notorious for exploiting zero-day vulnerabilities, such as the ProxyLogon flaw in Microsoft Exchange, to infiltrate systems. The group’s activities, traced back to at least 2019, typically focus on government entities and telecom companies in Southeast Asia, but their reach has expanded globally. Recent discoveries indicate that similar breaches may have occurred in other countries. U.S. authorities are actively investigating, while security experts assess the full impact of the intrusion.
Internet Archive Faces Data Breach and Repeated DDoS Attacks
The Internet Archive has suffered a significant data breach, exposing the authentication details of 31 million users, including email addresses and bcrypt-hashed passwords. The breach became public when hackers displayed a JavaScript alert on archive.org, revealing the stolen data. While investigations continue, the breach has been linked to a database stolen on September 28th, 2024. Shortly after the breach, the Internet Archive was hit by a series of Distributed Denial of Service (DDoS) attacks, claimed by the BlackMeta hacktivist group. These DDoS attacks disrupted access to archive.org and openlibrary.org, forcing them offline multiple times. The Internet Archive has responded by disabling compromised JavaScript libraries and upgrading its security. Despite these efforts, the DDoS attacks persist, intensifying the challenges for the Archive as it deals with both the data breach and ongoing cyberattacks. While unrelated, the breach and DDoS attacks continue to impact the platform’s operations.
Casio Hit by Underground Ransomware Gang, Data Leaked Online
The Underground ransomware gang has claimed responsibility for a recent cyberattack on Japanese tech giant Casio, leaking sensitive data stolen during the breach. The attack, which occurred on October 5, disrupted Casio’s systems and impacted some of its services. The stolen data, now leaked on Underground’s dark web extortion portal, includes confidential documents, employee payroll details, patents, and financial information. Casio has yet to verify the ransomware group’s claims, but the potential exposure of this data could have severe implications for the company.
Underground, a relatively new ransomware group linked to the Russian cybercrime collective RomCom, has been active since July 2023. They are known for exploiting Microsoft Office vulnerabilities and stopping services like MS SQL Server to maximize the impact of their attacks. The gang’s unusual tactics include leaking stolen data via Mega and promoting it on their Telegram channel, further increasing the pressure on victims.
Fidelity Investments Data Breach Affects Over 77,000 Customers
Fidelity Investments recently disclosed a data breach affecting the personal information of more than 77,000 customers. The breach occurred between August 17 and 19, when attackers accessed customer data through two newly created accounts. While Fidelity quickly terminated access upon detecting the breach and launched an investigation with security experts, the exact nature of the stolen information remains unclear beyond names and personal identifiers. Notably, Fidelity emphasized that no account access was compromised.
As one of the world’s largest financial services companies, Fidelity manages $14.1 trillion in assets, making this breach a significant concern. Despite no evidence of misuse, Fidelity offers affected customers two years of free credit monitoring and identity restoration services. The company advises customers to remain vigilant by monitoring financial accounts and credit reports for suspicious activity, emphasizing the importance of prompt action in the case of potential fraud or identity theft.
Akira and Fog Ransomware Exploit Critical Veeam Vulnerability
Ransomware groups, including Akira ransomware and Fog ransomware, are now exploiting a critical remote code execution (RCE) flaw in Veeam Backup & Replication (VBR) servers. The vulnerability, tracked as CVE-2024-40711, allows unauthenticated attackers to compromise systems via deserialization of untrusted data. Despite Veeam releasing patches in September 2024, attackers quickly began targeting unpatched systems, gaining access to backup data and deploying ransomware.
Sophos X-Ops reports multiple incidents where attackers used compromised VPN gateways and credentials to infiltrate systems, adding local admin accounts and executing ransomware. In some cases, Fog ransomware was deployed on Hyper-V servers, while Akira targeted the same period and infrastructure.
This isn’t the first time Veeam vulnerabilities have been exploited. Last year, CVE-2023-27532 was used in ransomware attacks linked to Conti ransomware, REvil, Maze, BlackBasta ransomware, and other ransomware variants, affecting U.S. infrastructure and global enterprises. With over 550,000 users worldwide, Veeam’s popularity makes it a prime target for ransomware groups.
Conclusion
The increasing frequency and sophistication of cyberattacks, as seen in the cases of telecom providers, the Internet Archive, Casio, and Fidelity Investments, underscore the critical need for organizations to prioritize cybersecurity measures. From exploiting zero-day vulnerabilities to launching ransomware campaigns, attackers continue to evolve their tactics, leaving businesses vulnerable to devastating data breaches and operational disruptions.
If your organization has been targeted by ransomware, our specialized Ransomware Recovery Services, Ransomware Negotiation Services, and Ransomware Settlement Services can provide the expert assistance you need to recover and secure your systems. Contact us today to safeguard your business and ensure a swift recovery from ransomware attacks.