This Week in Cybersecurity: 18th March to 22nd March, CISA Hacked!

Written by Gabby Lee

March 25, 2024

This Week in Cybersecurity: 18th March to 22nd March, CISA Hacked!

CISA Hacked, IMF Breached, AT&T Data Leaked, United Healthcare Pays $2B


CISA Hacked, Key Systems Forced Offline

Unknown hackers have breached the systems of the Cybersecurity and Infrastructure Security Agency (CISA), forcing the agency to take its key systems offline. The attack exploited vulnerabilities in Ivanti products used by CISA. The compromised systems include the Infrastructure Protection Gateway and the Chemical Security Assessment Tool, both containing sensitive information. The responsible parties have not been identified, but there are indications of a sophisticated and espionage-motivated cyber campaign. Read more

IMF Investigates Cybersecurity Breach that Compromised its Email Accounts

The International Monetary Fund (IMF) is currently conducting an investigation into a cybersecurity breach that led to the compromise of several internal email accounts. The breach was initially discovered on February 16th and the IMF, in collaboration with independent cybersecurity experts, has taken remediation measures. The investigation revealed that 11 IMF email accounts were compromised, but there is no indication of further compromise beyond these accounts. Read more

AT&T Data Leaked Impacting 70 Million but AT&T Denies Despite Strong Evidence

AT&T denies that leaked data impacting 70 million users came from their systems, claiming it is from a previous 2021 cybersecurity breach. However, evidence suggests the leaked data contains personal information, including names, addresses, phone numbers, and encrypted birth dates and social security numbers. AT&T advises customers to be cautious of targeted attacks and refrain from sharing personal information. Read more

Fujitsu Hacked with Malware, Company Warns of Data Breach

Fujitsu has detected malware on its computers, potentially leading to a cybersecurity data breach. The company has isolated affected computers and enhanced monitoring. An investigation is underway to assess the extent of unauthorized access and data extraction. Fujitsu has notified affected individuals, reported the incident to regulatory authorities, and found no evidence of data misuse. Read more

Enhanced OSINT with DarkGPT, An AI Tool to Detect Leaked Databases

DarkGPT leverages the power of natural language processing to assist with queries about databases that may have been compromised. Built using Anthropic’s Constitutional AI technique on GPT-4, DarkGPT can understand plain English questions and provide contextual responses to cybersecurity professionals so they can focus more on high level OSIN. Read more

United Healthcare Pays $2B After Change Healthcare Cyber Attack, Health Insurers Split Over the Relief

United Healthcare has paid $2 billion in expenses following the Change Healthcare cyber attack. Health insurers are divided over relief efforts. Insurers have handled 95% of affected claims, and efforts are being made to assist small medical practices. Patient care remains unaffected, and government health programs won’t face additional expenses. UnitedHealth is making progress in restoring systems followin the cybersecurity incident and has provided advance payments to affected providers. Smaller providers relying on Change Healthcare may face credit profile impacts. Insurers have processed claims through alternative networks. Read more

Chinese APT ‘Earth Krahang’ Breaches 70 Organizations Across 45 Countries

The Chinese APT group known as ‘Earth Krahang’ has breached 70 organizations across 45 countries, according to a report by Trend Micro. The group targets government agencies and uses vulnerability exploits and spearphishing emails to gain initial access. Once inside, they conduct internal reconnaissance and utilize sophisticated tools to establish persistent backdoors. Earth Krahang’s global reach and connections to other Chinese APTs highlight the substantial risks posed by this threat actor. Increased international response is necessary to counter this advanced threat. Read more

Hackers Breaching US Water Systems, White House and EPA Issues Warning

U.S. National Security Advisor Jake Sullivan and EPA Administrator Michael Regan have issued a joint letter to governors, warning about the increasing number of cyberattacks targeting water infrastructure in the United States. The letter emphasizes the need for stronger cybersecurity defenses and recovery plans for state water systems. The EPA and NSC are inviting governors to a virtual meeting to discuss collaboration and the establishment of a Water Sector Cybersecurity Task Force. Read more

Iranian Hackers Claimed Breach at Dimona Nuclear Facility in Israel

A group of Iranian hackers has claimed to have successfully breached the networks of Israel’s Dimona nuclear facility in the Negev desert. The Israeli government is currently investigating the legitimacy of the leaked documents associated with the cybersecurity incident. Due to the sensitive nature of the content, the specifics of the documents have been censored by the Israeli government. Cybersecurity experts have expressed doubt about the hackers’ claims and believe that the potential risk posed by the leaked documents is minimal. Read more

CISA Shares Advisory on Defending Critical Infrastructure Against Volt Typhoon

CISA, along with NSA, FBI, and other agencies, has issued an advisory to protect critical infrastructure against the Chinese hacking group Volt Typhoon. The advisory provides defense tips and emphasizes empowering cybersecurity teams. Volt Typhoon targets Operational Technology assets and may disrupt critical infrastructure during conflicts. CISA and the FBI urge manufacturers to enhance SOHO router security against their attacks. Read more

Mintlify Data Breached Through Compromised GitHub Tokens

Software vendor Mintlify suffered a data breach exposing 91 customer GitHub tokens after a vulnerability allowed unauthorized access to private API endpoints and admin tokens. They immediately revoked all GitHub access and patched the flaw. An investigation found one customer’s repository was accessed. Mintlify is enhancing security measures like API monitoring and launching a bug bounty program. They advise customers to update passwords, enable two-factor authentication, and monitor accounts for unusual activity. Read more

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!