APT31 targets, UK newspaper hit, Apple MFA bombshell

March 27, 2024
1 min read


TLDR:

Key Points:

  • APT31 targets high-ranking U.S. officials by sending malicious emails to their family members.
  • The Big Issue, a UK newspaper supporting the homeless, was hit by a ransomware attack.
  • Apple users are being targeted in phishing attacks involving Apple’s password reset feature.

In a recent cyber security news roundup, it was revealed that APT31, a Chinese state-backed hacking group, targeted high-ranking U.S. officials by sending malicious emails to their family members. This tactic helped the hackers gather device and network information to breach their actual targets. Additionally, a UK newspaper, The Big Issue, supporting the homeless, fell victim to a ransomware attack by the Qilin gang, leading to the theft of confidential data.

On another front, Apple users are being targeted in phishing attacks exploiting a bug in Apple’s password reset feature. Phishers are engaging in “push bombing” tactics to inundate victims with Multi-Factor Authentication (MFA) alerts and then tricking them into revealing one-time codes for account takeovers.

Furthermore, a new hacking campaign named “ShadowRay” exploits an unpatched vulnerability in the Ray open-source AI framework to target various sectors like education and biopharma. This underscores the importance of securing network environments and monitoring for anomalies to prevent such breaches.

In other news, researchers have discovered a botnet comprised of over 40,000 end-of-life routers and IoT devices, emphasizing the need for admins to upgrade to supported versions and implement security measures. Additionally, free VPN apps on Google Play were found to turn Android devices into proxies, putting users at risk of having their internet bandwidth hijacked and facing legal implications.

Overall, these incidents highlight the ongoing cybersecurity threats faced by individuals, organizations, and governments worldwide, emphasizing the critical need for robust security measures and vigilance in the face of evolving cyber threats.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and