This is your China Hack Report: Daily US Tech Defense podcast.
Hey there, I'm Ting, and I'm here to give you the lowdown on the latest China-linked cyber activities affecting US interests. Let's dive right in.
Over the past few days, we've seen some significant developments. First off, the Treasury Department was hit by a major Chinese cyber intrusion. Lawmakers are now requesting a briefing from Treasury Secretary Janet Yellen on the specifics of the hack, including its timing, method, and the Chinese actors involved[1]. The breach was facilitated by a vulnerability in a commercial remote services tool provided by BeyondTrust, which is not listed in the FedRAMP marketplace. This tool allowed Beijing-aligned hackers to bypass BeyondTrust's security, access Treasury workstations, and retrieve unclassified documents.
But that's not all. The Office of Foreign Assets Control (OFAC), which administers economic sanctions, was specifically targeted. This is no surprise, given that OFAC has been sanctioning Chinese companies involved in cyberattacks and supplying weapons to Russia for its war in Ukraine[3]. The hackers also accessed the Committee on Foreign Investment in the US (CFIUS), which oversees foreign investment in the US, including from China.
Meanwhile, the US has sanctioned China-based Integrity Technology Group, known to researchers as Flax Typhoon, for facilitating espionage hacks. This group contracted with China's Ministry of State Security to carry out malicious activities against US critical infrastructure providers in 2022 and 2023[5].
In other news, AT&T and Verizon have reported purging the Salt Typhoon intrusion from their networks. This Chinese state-backed hacker group had compromised at least nine US telecommunications networks and providers, giving them the ability to geolocate millions of devices and record any communications[4].
CISA has added two known exploited vulnerabilities to its catalog, including a critical command injection vulnerability in BeyondTrust's tool, assigned CVE-2024-12356, and a medium-severity vulnerability, CVE-2024-12686[4]. These vulnerabilities were used in the Treasury Department hack.
So, what can you do to protect yourself? CISA recommends immediate defensive actions, including patching these vulnerabilities and monitoring for any suspicious activity. It's also crucial to stay informed about the latest threats and take proactive measures to secure your systems.
That's all for now. Stay safe out there, and I'll catch you on the flip side.
For more http://www.quietplease.ai
Get the best deals https://amzn.to/3ODvOta