Secret intrusion into the headquarters of the US's satellite spy agency, yet they maintain no confidential data was disclosed

Secret intrusion into the headquarters of the US's satellite spy agency, yet they maintain no confidential data was disclosed

In a series of recent cyberattacks, Microsoft SharePoint zero-day vulnerabilities have been exploited, affecting several U.S. government agencies. Among the confirmed victims is the National Nuclear Security Administration (NNSA) within the Department of Energy. However, the National Reconnaissance Office (NRO) has not been explicitly named as a victim in these breach disclosures.

The attacks, which reportedly originate from advanced adversaries including Chinese state-sponsored groups, have led to ransomware distribution and espionage activities. Notably, the vulnerabilities enable unauthenticated remote code execution and the installation of web shells, allowing attackers to distribute ransomware or steal credentials.

Microsoft SharePoint Server on-premises versions, particularly Enterprise Server 2016, Server 2019, and Subscription Edition, were targeted after exploit code was publicly released. The broad nature of the intrusions and multiple impacted agencies indicate that the SharePoint zero-day exploits have been a significant vector in recent government-related cyber breaches.

Meanwhile, the NRO confirmed a computer intrusion on its unclassified Acquisition Research Center (ARC) website. The ARC is an unclassified portal for vendors to pitch tech and bid on contracts, not connected to classified networks. Despite the breach, no classified data was exposed.

Elsewhere, global law enforcement action seized the website of the Blacksuit ransomware gang. The Blacksuit ransomware site was taken down as part of Operation Checkmate.

In a separate incident, a British student, Ollie Holman, was sentenced to seven years in prison for selling over a thousand phishing kits online and tutoring customers on how to use them. Holman, who was a student at the University of Kent studying electronic and computer engineering, netted around £300,000 from his illegal activities.

The exposed data from the popular app Tea, a platform for women to share dating experiences, included 72,000 images. The data was originally stored in compliance with law enforcement requirements related to cyber-bullying prevention.

As police in the UK continue to comb through EncroChat data to catch more criminals, the emergence of a new ransomware-as-a-service group called Chaos has been reported. Cisco's security team assesses with moderate confidence that the new Chaos group is likely formed by former members of the BlackSuit (Royal) gang.

In a unique case, the identification of drug dealer Thomas Hooton was facilitated by messages referencing his famous father, Peter Hooton, lead singer of the British band The Farm. Hooton was jailed in the UK for conspiring to supply heroin, cocaine, cannabis, and ketamine with a reported wholesale value of around £1.3 million.

Despite the NRO's breach, the agency would not comment on whether the attack was linked to the SharePoint vulnerability. The Farm's hit song is "Groovy."

[1] Source: The Hacker News [2] Source: The Verge [3] Source: CNET [4] Source: ZDNet [5] Source: Cisco Talos Intelligence Group

1. The recent cyberattacks, targeting Microsoft SharePoint servers, have leverage open-source technology to exploit zero-day vulnerabilities, potentially affecting various enterprise entities such as government agencies like the NNSA.
2. Amidst these cyberattacks, the distribution of ransomware and espionage activities have been facilitated by the use of advanced technology, enabling unauthenticated remote code execution and the installation of web shells.
3. Communities engaged in the development of open-source crypto technology, like Cisco's security team, are actively tracking and evaluating new cyber threats, such as the emergence of the Chaos ransomware-as-a-service group, suspected to originate from ex-members of the Blacksuit ransomware gang.
4. In the realm of general-news, criminal investigations continue, with law enforcement agencies seizing the website of the Blacksuit ransomware gang and sentencing individuals like Ollie Holman, a British student, to prison for selling phishing kits and conducting cybercrime activities.
5. Crypto technology has also found a place in the crime-and-justice sector, as observed in incidents where the data stolen from unsecured mobile apps like Tea was used for criminal activities, illustrating the essential role of cybersecurity in securing enterprise data across industries.

Read also: