Security Breach – 22 Nov 2024

Exploit: Zero Day Exploit

Risk to Business: Severe: Another round of victims of 2023’s epic MOVEit hack has come to light, and some of them are very big fish. A hacker going by the name “Nam3L3ss” claimed in a post on a dark web leak site that they had exploited the MOVEit zero-day vulnerability, also known as CVE-2023–34362. The threat actor claims to have snatched data from 25 major organisations. Topping the list is Amazon, with the hacker boasting of obtaining 2,861,111 records largely containing employee data. Amazon was quick to reassure the public that Amazon and AWS are secure, claiming that the breach occurred at a third-party property-management vendor. The hacker also released datasets containing hundreds of thousands of records from major companies that purportedly contain data labeled as belonging to MetLife Cardinal Health, HSBC, Fidelity, US Bank, Delta and HP.

United States – T-Mobile – Telecommunications

Exploit: Hacking (Nation-State)

Risk to Business: Extreme: A Chinese state-aligned threat actor dubbed Salt Typhoon, also known as UNC2286 has breached T-Mobile’s network as part of a widespread cyber-espionage campaign targeting U.S. and international telecommunications companies. The operation, which lasted over eight months, accessed sensitive systems, potentially compromising national security by intercepting call logs, unencrypted texts, and audio from high-value targets, including senior U.S. government officials and politicians. According to The Wall Street Journal, the group employed advanced tactics, including infiltrating Cisco Systems routers and leveraging AI and machine learning for their espionage. The U.S. Federal Bureau of Investigation (FBI) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that they expect their understanding of the extent of the compromises to grow as the investigation continues. This is a developing story.