Threat Briefing: December 6, 2024

The recent compromise of U.S. telecommunications companies by Salt Typhoon underscores the difficulties organizations face in fully understanding the extent of a breach. Multiple federal agencies are actively investigating Salt Typhoon’s activities, and the U.S. Cyber Safety Review Board has also joined the effort.

Pinpointing how cyber threat actors infiltrate systems and tracking their movements demands a skilled team and advanced tools, such as a Security Information and Event Management (SIEM) system. SIEM solutions play a critical role in enabling organizations to monitor network activity and gain insights into potential threats.

• U.S. Cyber Safety Review Board to Investigate Salt Tyhpoon’s Breach of Telecommunication Providers – The announcement follows reports that Salt Typhoon, a threat actor linked to the Chinese government, still has access to U.S. telecommunication provider systems. While the U.S. government has been investigating Salt Typhoon’s activities for approximately six months, a multi-agency group was established in October to address the breach. The breach is estimated to have affected eight telecommunications companies. The Record
• North Korean Cyber Threat Actors Utilizing Russian Email Services to Conduct Credential Theft – Russian email services were leveraged in a phishing campaign where attackers impersonated financial institutions and an internet portal. North Korean threat actors also employed phishing tactics, sending emails claiming malicious activity had been detected in the cloud storage accounts of victims. The Hacker News
• INTERPOL Operation Results in Arrest of Over 5,000 Suspects Involved in Financial Crimes – Between July and November 2024, a global operation spanning 40 countries targeted cybercriminals engaged in business email compromises, investment fraud, voice phishing, and e-commerce fraud. Law enforcement in Asia disrupted a voice-phishing operation responsible for over $1 billion in losses. The INTERPOL-led operation also led to the seizure of more than $400 million in virtual assets and the arrest of individuals involved in these schemes. Dark Reading
• U.S. Government Proposes New Rules to Prevent Sale of U.S. Data by U.S. Data Brokers to Foreign Entities – In regulatory developments, the U.S. Consumer Financial Protection Bureau proposed a rule under the Fair Credit Reporting Act, building on a prior Executive Order focused on safeguarding U.S. data. The rule aims to restrict the acquisition of financial data belonging to U.S. citizens by foreign threat actors, thereby mitigating risks related to cyberattacks and espionage. NextGov.com
• Cyber Threat Actors Utilizing Corrupted Files to Circumvent Security Features – Cybercriminals continue to exploit corrupted Microsoft Office attachments and zip archives in phishing emails. These files, often bypassing antivirus or email security tools, prompt victims’ systems to recover and open them. Once accessed, the files may contain QR codes leading to credential harvesting sites or malware-hosting pages. The Hacker News