Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability. […] Read More
BleepingComputer
Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files
Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information.
The sneaky technique, observed by Sucuri on a Magento e-commerce site’s checkout page, allowed the malware to survive multiple cleanup attempts, the company said.
The skimmer is designed to capture all the data into the credit card form on the Read More
No cyber blues on Super Tuesday.
CISA says Super Tuesday ran smoothly. The White House sanctions spyware vendors. The DoD launches its Cyber Operational Readiness Assessment program. NIST unveils an updated NICE Framework. Apple patches a pair of zero-days. The GhostSec and Stormous ransomware gangs join forces. Cado Security tracks a new Golang-based malware campaign. Google updates its search algorithms to fight spammy content. Canada’s financial intelligence agency suffers a cyber incident. On our Industry Voices segment, our guest Amitai Cohen, Attack Vector Intel Lead at Wiz joins us to discuss cloud threats. Moonlighting on the dark side. Read More
The CyberWire
Chinese Hacker Charged for Hacking 81,000+ Firewalls Worldwide
The cybersecurity firm Sichuan Silence and one of its employees, Guan Tianfeng, have been sanctioned by the Department of the Treasury’s Office of Foreign Assets Control (OFAC) for their involvement in the April 2020 hack of tens of thousands of firewalls across the globe.
Sichuan Silence is a Chengdu-based cybersecurity government contractor whose primary clients are PRC intelligence services.
For these customers, Sichuan Silence offers brute-force password cracking, email monitoring, computer network exploitation, and public sentiment suppression products and services.
Guan, a Chinese national, was working as a security researcher at Sichuan Silence.
Guan participated in cybersecurity events on behalf of Sichuan Silence and shared newly found zero-day exploits on vulnerability and exploit forums, often going by the alias GbigMao.
According to the reports, Sichuan Silence and Guan Tianfeng had compromised about 81,000 firewalls belonging to thousands of companies throughout the globe with malware in April 2020.
The United States accounted for almost 23,000 of the breached firewalls. Particularly, thirty-six of these firewalls were safeguarding the systems of critical infrastructure companies in the United States.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
A zero-day SQL injection vulnerability identified as CVE-2020-12271 was found in Sophos XG firewall product by Guan Tianfeng.
The exploit’s goal was to steal information, including passwords and usernames, from the affected firewalls. Guan made an effort to install the Ragnarok ransomware VARIANT on the victims’ systems.
If a victim tries to fix the compromise, this ransomware encrypts the computers on their network and turns off antivirus software.
The potential consequences of the Ragnarok ransomware attack may have included severe harm or even death if any of these victims had neglected to patch their systems to mitigate the exploit or if cybersecurity measures had not detected and promptly fixed the breach.
The breach affected a U.S. energy business that was actively engaged in drilling activities. Oil rigs might have malfunctioned, and a considerable number of lives could have been lost if this hack had gone undetected and the ransomware attack had not been stopped.
According to OFAC, Sichuan Silence and Guan are responsible for having engaged in cyber-enabled activities that cause a significant threat to the United States’ foreign policy, national security, economic health, or financial stability, and that have the intent or effect of seriously impairing the ability of a computer or network of computers that support one or more entities in a critical infrastructure sector.
“As a result of today’s action, all property and interests in property of the designated persons described above that are in the United States or in the possession or the control of U.S. persons are blocked and must be reported to OFAC”, reads the Press Release.
“In addition, any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked”.
Financial institutions and other individuals may also be susceptible to penalties or enforcement action if they participate in specific transactions or activities with the sanctioned businesses and individuals.
Guan was also charged by the Department of Justice (DOJ) for the same offense. A Rewards for Justice incentive offer of up to $10 million for information regarding Guan or Sichuan Silence was also announced by the U.S. Department of State.
“Today’s action underscores our commitment to exposing these malicious cyber activities—many of which pose significant risk to our communities and our citizens—and to holding the actors behind them accountable for their schemes,” said Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith.
“Treasury, as part of the U.S. government’s coordinated approach to addressing cyber threats, will continue to leverage our tools to disrupt attempts by malicious cyber actors to undermine our critical infrastructure.”
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
The post Chinese Hacker Charged for Hacking 81,000+ Firewalls Worldwide appeared first on Cyber Security News.