InfoSec Dot - Issue #35. ✈️ Aerospace Phishing | 🍎 macOS Hacks | 📞Telecom Breach

In partnership with

Hi there,

Welcome to this Thursday's quick update edition of InfoSec Dot!

This week highlighted escalating cyber threats across critical sectors and global regions. North Korean hackers deployed malicious Flutter apps to bypass macOS security, while Iranian-linked actors targeted aerospace employees with fraudulent "dream job" offers on LinkedIn.

Meanwhile, U.S. telecommunications networks faced severe breaches by Chinese-affiliated hackers, compromising sensitive communications and emphasizing the growing sophistication of state-sponsored cyberattacks.

Let’s dive in!

Hands Down Some Of The Best 0% Interest Credit Cards

Pay no interest until nearly 2026 with some of the best hand-picked credit cards this year. They are perfect for anyone looking to pay down their debt, and not add to it!

Click here to see what all of the hype is about.

Learn How To Apply Now

🗓️ What’s New

Snowflake Hackers Charged with Stealing 50 Billion AT&T Records

Authorities have identified and charged individuals responsible for breaching Snowflake's cloud services, leading to the theft of 50 billion AT&T records. The stolen data includes extensive call and text logs, though AT&T asserts that sensitive personal information was not compromised. This incident underscores the critical need for robust security measures in cloud-based platforms to protect against such large-scale data breaches. Read more (3 mins)

GoIssue Phishing Tool Targets GitHub Developer Credentials

Researchers have uncovered a new phishing tool, "GoIssue," designed to harvest email addresses from public GitHub profiles and execute mass phishing campaigns. The tool, available on cybercrime forums, enables attackers to send anonymous bulk emails using proxies. It threatens developer accounts, potentially exposing private repositories, and has links to the GitLoker extortion campaign. This highlights the critical need for GitHub users to enhance security measures. Read more (2 mins)

Amazon Confirms Employee Data Breach via MOVEit Vulnerability

Amazon has revealed that employee contact information, including emails, phone numbers, and building locations, was exposed in a breach linked to the MOVEit file transfer system vulnerability. The breach originated from a property management vendor and is part of a broader wave of attacks affecting companies like MetLife and HSBC. Amazon confirmed no sensitive data, such as social security numbers or financial information, was compromised. Read more (2 mins)

North Korean Hackers Develop Flutter Apps to Evade macOS Security

North Korean hackers are leveraging the Flutter framework to create trojanized apps, such as Notepad and Minesweeper games, to bypass macOS security measures. These apps are signed with legitimate Apple developer IDs, enabling them to avoid detection and execute unrestricted. The campaign, linked to financial motives, targets cryptocurrency users and is seen as an experimental effort to circumvent macOS defenses. Read more (4 mins)

FBI and CISA Warn of Chinese Cyber Activity Targeting U.S. Telecommunications

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint statement alerting to unauthorized access of U.S. commercial telecommunications infrastructure by actors affiliated with the People's Republic of China (PRC). Upon identifying specific malicious activities, the agencies promptly notified affected companies and provided technical assistance. The investigation is ongoing, and organizations are encouraged to contact their local FBI field office or CISA if they suspect they may be victims. Read more (1 min)

Leaked Info of 122 Million Linked to B2B Data Aggregator Breach

In February 2024, a threat actor named 'KryptonZambie' began selling 132.8 million records on BreachForums, claiming they were stolen from an exposed system belonging to Pure Incubation. The data, which includes full names, physical addresses, email addresses, telephone numbers, job titles, and social media links, was collected from public sources and third parties. DemandScience, formerly Pure Incubation, initially denied evidence of a breach but later confirmed the data's authenticity. This incident highlights the risks associated with data aggregation practices and the importance of robust security measures to protect sensitive information. Read more (3 mins)

Aerospace Employees Targeted with Malicious "Dream Job" Offers

Since September 2023, Iranian threat actor TA455 has been impersonating recruiters on LinkedIn to compromise aerospace industry employees. By leveraging the platform's inherent trust, TA455 directs targets to download malicious files from fake recruiting websites. These files, disguised as legitimate applications, deploy the SlugResin backdoor, granting attackers access to compromised devices. This campaign mirrors tactics used by North Korean groups, indicating possible collaboration or intentional misattribution to confuse investigators. Read more (3 mins)

🔗 Quick Links

• Risks of unencrypted internet traffic

• Comprehensive Guide to Building a Strong Browser Security Program

• Trump’s Second Term Is Expected to Bring Big Change to Top U.S. Cyber Agency

• Bitsight buys dark web security specialist Cybersixgill for $115M

• NIST Explains Why It Failed to Clear CVE Backlog

• Cyber Security: The Fastest Growing IT Work In The UK

If you like this issue, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

If you have specific feedback or anything interesting you’d like to share, please let me know by replying to this email.

Regards,

Dot