Friday 15th November 2024
Aidan Dickenson
Business Development Manager // Tailored solutions to enhance security, improve efficiency, and drive growth.
Good morning! Thank you for joining me for the latest installment of Cyber Daily. In today’s edition, we’ve got details on a Chinese hacking group slipping into U.S. telecom networks undetected for months, a massive breach affecting 122 million business contacts, and a high-stakes Snowflake hack that targeted giants like AT&T and Ticketmaster. Enjoy!
Chinese Hackers Breach U.S. Telecom Networks, CISA and FBI Confirm
In a new development in cybersecurity, CISA and the FBI confirmed that Chinese hackers compromised private communications of some U.S. government officials after breaching multiple broadband providers. The attackers, linked to a hacking group called Salt Typhoon, reportedly accessed private call data and information tied to law enforcement requests through court orders. According to the agencies, the attackers had ongoing access for months, enabling them to gather large volumes of data from ISPs serving both businesses and millions of Americans.
Salt Typhoon, active since 2019, has a history of targeting government agencies and telecom providers in Southeast Asia and North America. Last month, Canadian authorities disclosed that similar Chinese-backed hacking operations targeted key Canadian government entities, including political parties and critical infrastructure sectors.
This isn’t an isolated incident. Salt Typhoon’s activity coincides with Volt Typhoon’s recent breaches of ISPs in the U.S. and India. The incidents underscore an escalating cybersecurity risk as state-backed actors increasingly target communication channels critical to both government and civilian infrastructure.
Data of 122 Million People Leaked from DemandScience Platform
DemandScience, a B2B demand generation company, confirmed that the business contact information for 122 million people was leaked after a threat actor gained access to one of its decommissioned systems. The exposed dataset included full names, emails, phone numbers, job titles, and social media links—information DemandScience aggregated for marketers and advertisers.
The breach story started in February 2024, when a hacker named “KryptonZambie” began selling 132.8 million records from DemandScience’s data on BreachForums. Initially, DemandScience denied evidence of a breach, stating that all systems were secure. However, by August 2024, the dataset was being shared on the forum for almost free. Troy Hunt, creator of Have I Been Pwned, later verified the leak's authenticity and added the emails to his platform so affected users would receive notifications.
This incident is a reminder of the risks tied to B2B data aggregation, especially as companies collect and store vast amounts of business contact data that, when exposed, can open the door to targeted phishing and scams.
DOJ Charges Two Hackers in Massive Snowflake Data Breach
The DOJ has indicted two hackers, Connor Riley Moucka and John Erin Binns, for allegedly breaching over 165 organisations using Snowflake’s cloud storage services. The duo exploited stolen credentials—bypassing accounts without multi-factor authentication—to access sensitive data, including 50 billion call and text records from a major U.S. telecom company, likely AT&T. In July, AT&T disclosed that 109 million customers' call logs had been accessed via its Snowflake account.
Moucka and Binns allegedly engaged in ransomware schemes, demanding payments in cryptocurrency in exchange for not publishing stolen data. They tried to mask these transactions by converting funds into Monero and even doubled down on extortion attempts with some companies that had already paid up. For those that refused to pay, the hackers advertised their data on hacking forums.
The suspects, who reportedly pocketed at least $2.5 million in ransoms, now face charges including wire fraud, data theft, and unauthorised computer access, each carrying up to 25 years in prison. Moucka was arrested in Canada in October, while Binns, notorious for his 2021 breach of T-Mobile, was apprehended in Turkey earlier this year.
This incident shows the growing need for multi-factor authentication and advanced cybersecurity protocols across cloud platforms. As state-backed and independent hackers target major organisations, robust safeguards are crucial to prevent breaches that could jeopardise millions of customers’ data.
Senior Security Program Manager | Leading Cybersecurity Initiatives | Driving Strategic Security Solutions| Cybersecurity Excellence | Cloud Security
1 周The insights on the breaches highlight the importance of robust security measures, and it’s evident that staying informed is key to protecting our digital assets. Aidan Dickenson
Break Into Tech with 0 experience | Founder @ Rich in Tech | Snr AE | 1M+ Monthly Views | Father x1 | GIG ????
1 周This is great! ??
Empowering Small Businesses to Surge Ahead of Competition. 9X LinkedIn Top Voice: Brand Development | Creative Strategy | Content Marketing | Digital Marketing | Performance Marketing | SEO | SMM | Web Development
1 周Aidan Dickenson The world of cyber threats never sleeps—staying informed is the first line of defense!