Newsletters

Last week, Anthropic revealed a real-world, AI-orchestrated cyber espionage campaign. There's a real speed and scale benefit here for malicious actors that care more about hacking everything than flying under the radar. Western governments, however, will likely stick to the tried and tested method of "slowly, slowly, catchy monkey".

In the report, Anthropic detailed its discovery of the campaign that used AI "not just as an advisor, but to execute the cyberattacks themselves". 

Anthropic believes the threat actor was a Chinese state-sponsored group whose goals align with those of the Chinese Ministry of State Security. The group attempted to infiltrate "roughly thirty" typical victims: large tech companies, financial institutions, chemical manufacturing companies and government agencies. It succeeded in a small number of cases. 

Russian surveillance vendor got hacked: An unidentified threat actor has hacked and leaked sensitive data from Protei, a Russian company that makes telecom-grade surveillance gear, including equipment for Russia's SORM system. [TechCrunch]

Cyberattack disrupts Russian port operator: A cyberattack has crippled the operations of Port Alliance, a Russian company that manages cargo terminals at six Russian ports. The incident lasted days and disrupted Russian coal and fertilizer shipments. [The Record]

NHS impacted by Oracle zero-days: The UK National Health Service (NHS) has joined a long list of companies that were hacked using an Oracle EBS zero-day this summer. [SecurityWeek]

Europol and law enforcement agencies from more than 30 countries have seized servers, domains, and Telegram channels for three malware services—the Rhadamanthys infolstealer, the VenomRAT, and the Elysium botnet.

Authorities say the three malware strains infected hundreds of thousands of users and stole millions of credentials. The stolen credentials were later used to deploy ransomware or steal cryptocurrency.

The takedown was part of Operation Endgame, an Europol-led project that began in 2023 and targets criminal infrastructure that is used to enable ransomware attacks.

In an eye-popping investigation, Reuters has revealed that Meta had projected its 2024 advertisements for scams and banned goods would bring in about USD$16 billion or 10% of its total revenue. 

The report is based on a cache of documents reviewed by Reuters.

In one of those documents, Meta's safety staff estimated that the company's platforms were "involved" in a third of all successful scams in the US. That's a stunning figure. But we do wonder how much of that involvement is simply WhatApp being used to talk to victims. If advertisements weren't the bait that lured victims, it hardly seems fair to blame Meta for running an end-to-end encrypted messaging app. 

More than 12,000 internal documents were leaked online from Chinese security firm KnownSec.

The files were uploaded last week on GitHub by an unknown individual and later removed before the repo got any widespread circulation.

According to analyses from Mrxn and NetAskari, who got their hands on the leak, the most recent documents are from 2023. This suggests this was likely when the files were stolen/exfiltrated from the company's network, or at least someone intentionally truncated the leak to keep the most recent files for themselves.

A Russian man has pleaded guilty to hacking US companies and selling access to ransomware groups.

Aleksei Olegovich Volkov went online under the hacker name of chubaka.kor, and worked as an initial access broker (IAB) for the Yanluowang ransomware.

Volkov used various techniques to breach a corporate employee's account, escalate access to the employer's network, and then sold that access to other cyber criminals.

Law enforcement agencies from Europe, Asia, and North America have dismantled a massive credit card fraud network that stole money from users using unwanted online subscriptions.

Eighteen suspects were arrested for defrauding users of more than €300 million since 2016.

According to Europol and Eurojust, the group stole credit card data, created accounts on online websites with the stolen information, and subscribed users to premium services.

Disruptive US cyber operations against Venezuela during President Trump's first term achieved their operational goals, according to new reporting from CNN. But they failed to meet the president's broader goal of ousting Venezuelan leader Nicolás Maduro

Sources told CNN that during Trump's first term a CIA operation to disable the computer network of Maduro's intelligence service was perfectly successful. A separate Cyber Command operation interrupted the satellite communications of Wagner Group mercenaries who were sent to Venezuela to protect Maduro.   

This adds to previous reporting from Wired late last year that revealed the CIA had temporarily disrupted the Venezuelan military's payroll system in the same campaign. 

The US Department of Justice has charged employees at two cybersecurity firms with hacking US companies and deploying ransomware.

According to court documents, charges have been levied against Kevin Tyler Martin, a former ransomware negotiator at DigitalMint, and Ryan Clifford Goldberg, a former incident response manager at cybersecurity company Sygnia.

The two worked with a third suspect to hack into US companies, steal their data, encrypt computers, and then ask for huge ransoms in the realm of millions of US dollars.

Oslo's public transportation agency conducted a security audit of its electric buses and, to nobody's surprise, found that its Chinese models could be remotely disabled by their manufacturer.

According to a report from local newspaper Aftenposten, the agency, Ruter, tested and took two electric bus models inside a Faraday cage room.

Ruter found that electric buses from Chinese company Yutong could be remotely disabled via remote control capabilities found in the bus software, diagnostics module, and battery and power control systems.