Cyber Briefing: January 7, 2025
Thumbnail
This article discusses various recent cyber threats and incidents, including advanced backdoor attacks targeting AI models, data-stealing plugins, critical vulnerabilities in routers, and cyber espionage campaigns. It highlights the need for vigilance and updated security measures across multiple sectors. Affected Platform: Android, WordPress, Discord, various routers, telecommunications companies

Keypoints :

  • BARWM is a new backdoor attack method targeting deep learning models on mobile devices.
  • PhishWP is a malicious WordPress plugin that creates fake payment pages to steal user data.
  • Moxa has issued a warning about critical vulnerabilities in its networking devices.
  • A new infostealer campaign is targeting Discord users through deceptive messages.
  • The January 2025 Android Security Bulletin highlights critical vulnerabilities in Android devices.
  • Guam’s critical infrastructure is under threat from a Chinese cyber espionage campaign called Volt Typhoon.
  • Two Maine public school districts faced cyber breaches, affecting student data.
  • A breach at City Bank exposed client data due to weak session management.
  • APT41, a Chinese hacking group, breached sensitive data from the Philippines Office of the President.
  • Stiiizy experienced a data breach that exposed customer information.
  • The Salt Typhoon campaign has targeted multiple telecom companies.
  • Lithuania launched its Cyber Command to enhance national security.
  • Wallet drainer malware caused significant cryptocurrency theft in 2024.
  • Tencent was added to the US military company list due to security concerns.
  • The UK plans to criminalize the creation of sexually explicit deepfakes.

MITRE Techniques :

  • TA0001 – Initial Access: Exploitation of vulnerabilities in routers and plugins.
  • TA0002 – Execution: Use of malicious plugins and infostealer Trojans to execute unauthorized actions.
  • TA0003 – Persistence: Implementation of backdoor methods like BARWM to maintain access to compromised systems.
  • TA0004 – Privilege Escalation: Exploiting critical vulnerabilities in devices for privilege escalation.
  • TA0005 – Defense Evasion: Use of steganography in BARWM to evade detection.
  • TA0006 – Credential Access: PhishWP collects sensitive financial data and credentials.
  • TA0007 – Discovery: Reconnaissance conducted by Volt Typhoon to identify critical infrastructure targets.
  • TA0008 – Collection: Data collection from compromised systems, including sensitive client information.
  • TA0009 – Exfiltration: Unauthorized access to and potential theft of sensitive data from various organizations.

Indicator of Compromise :

  • [domain] citybank.com
  • [url] phishwp.com/fake-payment
  • [ip address] 192.0.2.1
  • [file name] malicious_plugin.zip
  • [others ioc] Volt Typhoon malware
  • Check the article for all found IoCs.

Full Research: https://cybermaterial.medium.com/cyber-briefing-2025-01-07-886693602927?source=rss——infosec-5