Cyber Briefing: 2024.06.24

Cyber Briefing: 2024.06.24

?? What's happening in cybersecurity today?

Rafel RAT, Android Malware, SneakyChef, Asia, EMEA, SugarGh0st, 苹果 Vision Pro, Vulnerability, Cybersafe Solutions Labs, RedJuliett, Taiwan, Cyber Espionage, Phishing Campaign, Pakistan, PHANTOM#SPIKE, Mark Cuban, Gmail, JAXA, BtcTurk , Jollibee Group , Indonesia's National Data Center, U.S. Department of the Treasury , Kaspersky Executives, Texas Judge, Hospitals, Web Tracking Technology, Apple AI Launch, Europe, Global Ransomware Surge, Facial Recognition Clearview AI , Privacy Lawsuit.



Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .



?? Cyber Alerts


1. Rafel RAT Posing as Popular Android Apps

Rafel RAT, an open-source Android remote administration tool, is being used by multiple cyber espionage groups, disguised as popular apps like Instagram and WhatsApp. This tool allows malicious actors to perform a range of activities from data theft to device manipulation. The widespread use of Rafel RAT in various high-profile attacks highlights the urgent need for robust security measures on Android devices.


2. SneakyChef Hacks Governments with SugarGh0st

The Chinese-speaking threat actor SneakyChef has been targeting government entities in Asia and EMEA using SugarGh0st malware since August 2023. The group uses spear-phishing campaigns with scanned documents from government agencies to deliver the malware. This espionage campaign has expanded to include new targets in Angola, India, Latvia, Saudi Arabia, and Turkmenistan.


3. Apple AR Flaw Projects Virtual Chaos

A critical flaw in Apple’s Vision Pro AR headset allows attackers to flood users’ environments with virtual spiders without interaction, prompting significant security concerns and user anxiety. CyberSafe Labs discovered the vulnerability, exposing lapses in input validation and security protocols. Apple is urgently developing a patch while emphasizing enhanced AR security measures to prevent future exploits.


4. RedJuliett Targets Taiwan in Cyber Espionage

RedJuliett, a state-sponsored threat actor, has conducted a cyber espionage campaign targeting government and academic sectors in Taiwan from November 2023 to April 2024. Known also as Flax Typhoon and Ethereal Panda, the group employs tactics like SQL injection and exploits against internet-facing appliances to gain initial access. Utilizing tools like SoftEther and China Chopper web shells, they maintain persistence and conduct reconnaissance, focusing on Taiwan's economic policies and diplomatic relations with other nations.


5. PHANTOM#SPIKE Targets Pakistan

Researchers reveal a new phishing tactic in Pakistan, deploying a custom backdoor via ZIP files. Named PHANTOM#SPIKE, the campaign uses military-themed lures to trick users into activating malware disguised as meeting minutes. Despite its simplicity, the backdoor enables remote access and data theft, posing a significant security threat to targeted machines.



?? Cyber Incidents


6. Mark Cuban's Gmail Hacked After Hoax Call

Billionaire Mark Cuban reports his Gmail compromised post a hoax call, citing spoofed Google recovery tactics. Cuban warns any emails from his account since 3:30pm PST are fraudulent, sparking concern and speculation within the crypto community after recent wallet losses. His advocacy for crypto regulation contrasts sharply with ongoing security challenges in the industry.


7. Cyberattacks Target Japan's Space Agency

Japan's space agency, JAXA, has been under persistent cyberattacks since last year, according to Chief Cabinet Secretary Yoshimasa Hayashi. These attacks, originating from outside Japan, have targeted the agency's networks, prompting an investigation and temporary shutdown of affected systems. Despite assurances that sensitive rocket and satellite data remains secure, the breaches underscore growing cybersecurity challenges faced by critical infrastructure in Japan.


8. Btcturk Hot Wallets Breached

Btcturk disclosed a cyber attack on June 22, 2024, impacting hot wallets and leading to unauthorized withdrawals from 10 cryptocurrencies. With Binance's assistance, over $5.3 million in stolen funds has been frozen, reassuring users of asset safety amid ongoing investigations and restored ERC20 transactions. Turkey's crypto market surge since 2020 has seen cryptocurrencies rise in popularity despite security challenges.


9. Jollibee Investigates Cyber Breach

The Jollibee Group has initiated an investigation into a cybersecurity incident potentially impacting millions of customer records, assuring that its e-commerce platforms remain operational and unaffected. Enhanced security measures and response protocols are underway as the company collaborates closely with authorities and experts to ascertain the breach's extent. Urging vigilance, Jollibee emphasized ongoing efforts to bolster defenses and safeguard customer data across its subsidiaries, including Greenwich, Red Ribbon, Burger King Philippines, and Highlands Coffee.


10. Indonesia Data Center Cyberattack

Indonesia's national data center suffered a severe cyberattack, causing major disruptions at airports due to compromised immigration checks, as confirmed by Communications Minister Budi Arie Setiadi to Reuters on Monday. The attack, attributed to the Lockbit 3.0 ransomware variant, led to long queues and manual processing at immigration desks, although automated passport machines are now operational, the ministry reported. Efforts are focused on restoring affected services, with digital forensics ongoing to investigate the extent of the breach and potential ransom negotiations undisclosed thus far.



?? Cyber News

11. US Sanctions Kaspersky Executives Over Ban

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has imposed sanctions on twelve senior executives of Kaspersky Lab following a ban by the Commerce Department, marking a significant move to safeguard national cybersecurity. Under Secretary Brian E. Nelson emphasized the U.S. commitment to protecting against cyber threats, targeting individuals enabling malicious activities. Despite the sanctions, Kaspersky Lab's operations and its founder remain unaffected, amid ongoing geopolitical tensions over cybersecurity and foreign competition.


12. Hospitals Win Web Tracking Ruling

A federal judge in Texas upheld hospitals' rights to use online tracking technology, ruling against Biden administration efforts to restrict it. The decision supports hospital arguments that the Health and Human Services policy overstepped its authority by trying to regulate data collection online, intended to safeguard web user privacy under HIPAA laws. Despite recent guidance from federal agencies warning of risks posed by trackers like Meta/Facebook Pixel and Google Analytics, the judge's ruling reinforces hospitals' autonomy in managing patient data collected through their websites.


13. Apple Delays AI Rollout Amid EU Regulations

Apple announced on Friday that it will postpone the introduction of AI-powered features on smartphones in Europe this year due to regulatory constraints imposed by the Digital Markets Act (DMA). This includes Apple Intelligence, which integrates OpenAI's ChatGPT into Siri and writing tools, as well as halting iPhone mirroring and SharePlay screen-sharing functions. The company expressed concerns that complying with DMA's interoperability requirements could compromise product integrity and jeopardize user privacy and data security, prompting this strategic delay.


14. Global Ransomware Surge in Early 2024

In the first four months of 2024, ransomware attacks surged globally, totaling 1420 claims with Italy recording 55 incidents, according to Ransomfeed data. This data underscores widespread cybersecurity vulnerabilities affecting personal and sensitive information worldwide, especially in sectors like consulting, logistics, and healthcare. The increase highlights the urgent need for enhanced global cybersecurity measures to counter these evolving threats effectively.


15. Clearview AI Privacy Lawsuit Settlement

Facial recognition startup Clearview AI settles for $50M in Illinois lawsuit over biometric data privacy, with innovative payout structure. The deal, pending final approval, gives plaintiffs potential company stake in lieu of cash payout, addressing Clearview's financial constraints amidst ongoing legal scrutiny.



Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .




Thank you for sharing our threat research!

要查看或添加评论,请登录

社区洞察

其他会员也浏览了