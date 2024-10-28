Threat Intelligence

Federal probe into Chinese hack of US telcos launched after election-related targeting reports

Share
Chinese hacker. Laptop with binary computer code and china flag

(Adobe Stock)

Ongoing investigation into Chinese state-sponsored threat actors' compromise of several U.S. telecommunications firms was disclosed by the Cybersecurity and Infrastructure Security Agency and the FBI as the Salt Typhoon threat operation was reported by the New York Times to have targeted Verizon to compromise the mobile devices of former President Donald Trump and his running mate JD Vance, according to The Record, a news site by cybersecurity firm Recorded Future.

Similar targeting was also reported by CBS News and Reuters to have been done by Salt Typhoon against the campaign of Vice President Kamala Harris, as well as Sen. Chuck Schumer, D-N.Y., and other top Democrats. "Agencies across the U.S. Government are collaborating to aggressively mitigate this threat and are coordinating with our industry partners to strengthen cyber defenses across the commercial communications sector," said the agencies, which urged immediate disclosure of potential compromise to local FBI field offices or CISA. Such a development comes after CISA, the FBI, and the Office of the Director of National Intelligence attributed the fake ballot-ripping video in Pennsylvania to Russian state-backed disinformation operations.

Related

Meta’s Threads used for peddling stolen credit card info

At least 15 public Threads accounts with over 12,000 followers have been leveraged to post exfiltrated personal and financial details, including full names, birthdates, Social Security numbers, home and IP addresses, email addresses and passwords, full and partial credit card digits, CVV security codes, and expiry dates, and PINs and Bank Identification Numbers.

Webflow tool increasingly exploited to compromise crypto wallets

Threat actors leveraged Webflow to establish dedicated phishing pages and stealthier custom subdomains mimicking legitimate cryptocurrency wallet sites in an effort to lure targets into inputting their credentials, which are later exfiltrated and used to enable seedphrase compromise, crypto wallet takeovers, and crypto asset theft, a report from Netskope Threat Labs revealed.

Malicious npm packages spread BeaverTail malware

Most downloaded among the malicious packages was "blockscan-api," which is a backdoored copy of etherscan-api, followed by "passport-js," which is a backdoored passport copy, and the backdoored bcryptjs copy dubbed "bcrypts-js," an analysis from the Datadog Security Research team showed.

Related Events

Related Terms

Deauthentication AttackDeepfakeDenial of ServiceDictionary AttackDisruptionDistributed ScansDumpster DivingHybrid AttackInformation WarfarePassword Cracking

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.