Sunday 5th January 2024
Aidan Dickenson
Sales pressure weighing you down? I help you beat rejection and stress so you can sell with confidence and live a balanced life.
Good morning. Happy Sunday. If you thought dodging phishing emails was hard enough, now we’re dealing with apps that steal your data while posing as premium messaging services—because nothing says "exclusive" like malware monitoring your every move. Meanwhile, France’s IT giant Atos is caught in a ransomware scandal (again) and trying its best to deny the drama, and the U.S. is cracking down on a Chinese cybersecurity firm linked to state-sponsored hackers.
Enjoy!
Atos denies breach…with a "but"
French IT heavyweight Atos is in the hot seat again after the ransomware group Space Bears added the company to its leak site last month, claiming it had infiltrated Atos' systems. But in a Jan. 3 statement, Atos pushed back, calling the claims “unfounded” and insisting that no internal systems were compromised or ransomed.
So far, so good—except for one caveat. The firm later admitted that a third-party system mentioning Atos was breached. Atos emphasised that the compromised infrastructure wasn’t managed by them, but questions about whether it contained sensitive customer data remain unanswered.
Atos faced a similar accusation in March 2023, when Cl0p hackers claimed a breach. Back then, the IT giant blamed the exposure on a third-party file transfer app from a company it acquired.
Meanwhile, as Atos battles PR headaches, the French government is negotiating a potential €625M deal to buy some of its advanced computing assets.
U.S. sanctions Chinese cyber firm tied to state-sponsored hacking
The U.S. Treasury just gave Beijing-based Integrity Technology Group a one-way ticket to the sanctions list for aiding Chinese state-backed hackers in attacks on U.S. targets. According to the Treasury, the company—also known as Yongxin Zhicheng—helped support cyber campaigns orchestrated by the hacking group Flax Typhoon (aka Ethereal Panda), a notorious crew behind an IoT botnet dubbed "Raptor Train."
Flax Typhoon, active since 2021, has made a name for itself by exploiting known vulnerabilities and using legit remote access software to maintain long-term access to systems. Its targets? Everyone from government agencies to telecom providers across North America, Europe, and Asia.
领英推荐
The U.S. labeled China’s cyber actors as persistent national security threats, with Acting Treasury Under Secretary Bradley T. Smith pledging to “disrupt these threats” by holding enablers accountable. Integrity Technology Group, founded in 2010, reportedly works closely with Chinese state security agencies.
FireScam: The fake Telegram Premium app you don’t want
Beware that shiny new app: FireScam, a sneaky piece of Android malware disguised as "Telegram Premium," is making the rounds, stealing credentials and financial data by monitoring app notifications. According to Cyfirma, FireScam is distributed via a phishing site mimicking the RuStore app store and hosted on GitHub.io. Once installed, it exfiltrates data to a Firebase database before deleting the evidence.
Here’s the deal: The malware requests a laundry list of permissions—like app management, storage access, and update control—to maintain persistence on devices running Android 8 through 15. Plus, it uses clever evasion techniques, including obfuscation, sandbox detection, and Firebase Cloud Messaging to receive commands and exfiltrate data without raising suspicion.
FireScam tracks everything from USSD responses to e-commerce activity, with the ability to intercept sensitive information and create backdoors. Experts warn that this level of spyware sophistication highlights the growing risks to Android users.