Cyber Weekly Digest - Week #51
Updated: Jan 7
During this week cyber criminals have proved that December is their busiest time. As most businesses begin to slow down as Christmas and the new year approaches, criminals are taking advantage. Read this week's digest to find out the most significant cyber security stories.
This week trojanised versions of SolarWinds' Orion IT monitoring and management software were used in a supply-chain attack against multiple US government and high-profile companies' networks. The attackers deployed a backdoor dubbed SUNBURST, which later this week Microsoft, FireEye and GoDaddy collaborated to create a "kill switch" for the backdoor. It is believed that 18,000 customers were affected by the malicious code of the Orion platform.
Criminals breached multiple content management systems to gain access to 22 different websites operated by Lithuania's public sector. The attackers then published fake articles containing misinformation on the sites including a story which alleged a Polish diplomat had been detained at the Lithuanian border due to carrying illegal drugs, weapons, and money. The fake story was posted on the website of the State Border Guard Service. The attackers posted similar false stories on other public sector websites.
This week attackers were able to steal data from Habana Labs; the Intel owned AI processor developers. They later leaked on the Pay2Key data leak site which included Windows domain account information and DNS zone information for the domain and a file listing from its Gerrit development code review system. In addition to the content posted on their data leak site, the Pay2Key operators have leaked business documents and source code images. The attackers posted that Habana Labs has "72hrs to stop leaking process...".
A new report revealed that sensitive data of around 2 million members if the Communist Party of China were leaked including official records such as party position, birthdate, national ID number and ethnicity. It revealed that members of China's ruling party hold prominent positions in some of the world's biggest companies, including in Pfizer and financial institutions such as HSBC. The report emphasized there is no evidence that spying for the Chinese government or other forms of cyber-espionage has taken place.
The Co-founder of People's Energy, the Edinburgh based energy company, announced that an entire database had been stolen by hackers and included information on previous customers. The data stolen included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs and financial details of 15 small-business customers. The Co-founder said they were investigating the breach and had called in independent experts but so far had no information about the identity of the hackers. All affected customers have been contacted.