Newsletters

KT, formerly Korea Telecom, has been accused of deliberately infecting 600,000 of its own customers with malware to reduce peer-to-peer file sharing traffic. This is a bizarre hack and a great case study of how government regulation has distorted the South Korean internet.  

South Korean media outlet JTBC reported last month that KT had infected customers who were using Korean cloud data storage services known as 'webhards' (web hard drives). The malware disabled the webhard software, resulted in files disappearing and sometimes caused computers to crash.  

JTBC news says the  team involved "consisted of a 'malware development' section, a 'distribution and operation' section, and a 'wiretapping' section that looked at data sent and received by KT users in real time". Thirteen KT employees and contractors have been referred by the police for prosecution. 

There's an unauthenticated remote code execution vulnerability in OpenSSH. We're all gonna d... Nah, I'm kidding! It's actually not as bad as that combination of words makes it seem.

The vulnerability was discovered and disclosed on Monday by security firm Qualys. It is tracked as CVE-2024-6387 and is also known under the name of regreSSHion.

It impacts all OpenSSH versions released since October 2020.

The Risky Business News team has been on a break for the past two weeks, and as such, we're a little bit behind.

Below are the major headlines from the past week as we play catch-up with the infosec news cycle. We'll see you back on Wednesday with our usual super-detailed coverage of the infosec field!

TeamViewer hacked: TeamViewer says Russian hackers have breached its internal network in a security breach last week. The company says the hackers obtained an employee's credentials and accessed its corporate network on Wednesday, June 26. TeamViewer says there is no evidence that the hackers accessed customer data or its main product environment. The company has attributed the hack to APT29 (Midnight Blizzard), a cyber-espionage unit inside Russia's SVR intelligence agency.

The US Government has decided to evict Russian cyber security company Kaspersky from the US market, announcing a ban on sales to US customers and applying financial sanctions to Kaspersky's senior leadership.

Last Thursday, the Commerce Department announced Kaspersky will be prohibited from selling to US customers from late July and that its operations in the country must stop by 29 September. 

This means no more codebase and anti-virus signature updates, so  current customers have just a short period to find alternatives.  

The Russian government is holding private talks on establishing a dedicated cybersecurity agency, similar to the role CISA plays in the US.

Talks are in early stages but a RIA Novosti report suggests the initiative has support from Russia's private sector.

The Russian government has recently passed or started working on several cybersecurity-related initiatives.

A new report explores how effectively the Chinese state leverages civilian talent for state-sponsored cyber operations. 

From Vegas to Chengdu, by Eugenio Benincasa from the Center for Security Studies at ETH Zurich, focuses on the links between Chinese hacking contests and bug bounties and the country's cyber espionage programs. Interestingly, it finds that PRC vulnerability discovery efforts in recent years depend highly on just 'a handful' of Chinese researchers

The report pulls together information made public over the past several years to comprehensively summarise evidence the PRC funnels vulnerability research into state-sponsored espionage efforts.

Apple is holding its yearly Worldwide Developers Conference (WWDC) this week in Cupertino, and the company has announced several security-related features on the first day of the event.

This year's biggest announcement is Private Cloud Compute, a new feature that will take user data and process it inside an encrypted cloud server. This feature will be used for new Apple AI services that require more processing power than is available on the user's device.

Apple says the data will be stored on servers that use custom-built hardware and run a custom operating system. Data is sent to PCC servers only with the user's approval, and Apple says that even its staff with administrative rights can't access or view it. Everything, of course, is wrapped in cryptographic protocols.

GetResponse data breach: The email marketing platform GetResponse disclosed a security breach after a threat actor gained access to one of its employees' accounts. The company says the attacker used the account to pivot to less than 10 of its customers. So far, the GetResponse breach has been linked to at least one other breach—at cryptocurrency platform CoinGecko. The company says the hacker stole the email addresses of almost two million CoinGecko subscribers.

LendingTree breach: Loan comparison site LendingTree has confirmed that its QuoteWizard subsidiary had data stolen from its Snowflake account. [Additional coverage in TechCrunch]

Bangladesh data leak: The Bangladesh intelligence agency has caught two police officers from its anti-terror unit selling citizen data to criminals on Telegram. According to TechCrunch, the officers sold both PII and classified data via a Telegram channel. The Bangladesh government says the two officers had access to government systems suspended as they are being investigated. The NTMC intelligence agency caught the two after reviewing logs of its own systems.

Moldavian authorities have arrested four individuals suspected of sharing information about Interpol Red Notices with wanted fugitives, including cybercrime suspects.

The scheme was uncovered earlier this year by the UK NCA during a separate cybercrime investigation. Authorities say a criminal group paid bribes of several millions of US dollars to Moldavian public servants to provide early warning of Interpol Red Notice arrest warrants.

The early warning allowed wanted individuals to seek asylum or refugee status in Moldova or other countries, a process that triggers the deletion of Red Notices from the Interpol database.

Russian espionage, disruption, disinformation and real-world interference in Europe is ramping up in the lead up to European Union elections and the Paris Olympics.

Juhan Lepassaar, the head of the EU's cyber security agency ENISA, last week told The Associated Press disruptive attacks against European infrastructure had doubled in recent months. 

"This is part of the Russian war of aggression, which they fight physically in Ukraine, but digitally also across Europe," Lepassaar said.