Risky Bulletin Newsletter
January 03, 2025
Risky Bulletin: Chinese hackers breach US Treasury, target OFAC bureau
Presented by

News Editor
Treasury hack: US officials claim that Chinese state-sponsored hackers have breached the US Treasury Department and accessed internal unclassified documents. The hack allegedly took place after hackers initially breached identity service provider BeyondTrust in December last year. The attackers specifically targeted the Office of Foreign Assets Control (OFAC), the office that imposes foreign sanctions. China, as usual, claimed to be innocent and a victim of "groundless claims." [Additional coverage in NPR]
Cyberhaven Chrome extension compromised: A threat actor has phished an employee of security firm Cyberhaven and published a malicious update to the company's official Chrome extension. The update stole cookies from visited sites and uploaded the data to the attacker's server. According to Secure Annex, the malicious code and the attacker's server IP were also found in multiple other Chrome extensions, and the Cyberhaven compromise appears to be part of a larger campaign. At least 36 extensions are believed to have been compromised as part of this operation.
VW data leak: Sensitive information of 800,000 VW Group vehicle owners was found accessible online. The data came from a VW mobile app used by the owners of VW, Audi, Seat, and Skoda-branded EVs. The data contained information on owners and geolocation data that could be used to reconstruct trips, per a Spiegel report.