Threat Briefing: January 10, 2025

As the new year begins, the U.S. government is preparing to launch the new “Cyber Trust” program, designed to help consumers make better-informed decisions when purchasing electronics.

Meanwhile, cyber threat actors continuously enhance their information-stealing tools and develop new techniques to bypass defensive measures. In a significant development, the data breach disclosed by the U.S. Treasury Department in late December 2024 has now been attributed to a specific cyber threat actor.

• “Cyber Trust” Mark Labels to Appear on Consumer Smart Devices in 2025 – The labels are part of a U.S. government initiative aimed at enhancing cybersecurity protections for smart devices. Manufacturers participating in the program must undergo cybersecurity audits for their products and will receive a label certifying compliance with federal cybersecurity standards. These standards will also outline the duration of software updates that companies are expected to provide for their products. Approved by the Federal Communications Commission in 2024, the program aligns consumer devices with cybersecurity standards developed by the U.S. National Institute of Standards and Technology. The Record
• Updated Version of MacOS Infostealer Banshee Stealer Capable of Bypassing Antivirus Detection – Banshee Stealer, initially tracked in August 2024, was distributed through phishing websites and disguised as fake versions of legitimate software. However, its source code was leaked in November 2024, leading the original operators to shut down their operations. Despite this, an updated version of Banshee Stealer has emerged, employing a string encryption algorithm from App’s XProtect engine to evade antivirus detection. The Hacker News
• Cyber Attack Against U.S. Treasury Department Linked to Chinese Cyber Threat Actor Group Silk Typhoon – The attack took place in December 2024, when Silk Typhoon actors exploited a stolen API key from BeyondTrust to infiltrate workstations. Using this access, they breached systems within the Office of Financial Research and the Office of Foreign Assets Control. Dark Reading
• FunkSec Ransomware Launched in December 2024, Claims Over 80 Organizations as Victims – The cyber threat actors are involved in both encrypting victims’ data and extorting them for relatively smaller ransom amounts. Their victims are primarily based in the U.S., as well as in Italy, Spain, Brazil, and Israel. The FunkSec ransomware appears to have been partially developed using artificial intelligence, and the group has also created an AI-powered chatbot. Additionally, FunkSec has been linked to hacktivist activities and is aligned with the “Free Palestine” movement.  The Record
• Malicious Plugin Impersonates E-Commerce Apps, Stealing Payment Information From Customers – The plugin is tracked as PhishWP and has been offered for sale on Russian cybercrime forums. The malicious plugin will capture payment details such as credit card numbers, billing address, and other personal information. The information is then exported to a Telegram account and is used for fraudulent purchases or offered for sale. PhishWP is also capable of collecting system information, to include IP address and user agents, allowing them to impersonate the victim’s environment. Dark Reading