AT&T Data Breach Alert! ๐Ÿ—ƒ๏ธ

Jul 15 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your weekly cybersecurity newsletter that will never die. Just like Donald Trump ๐Ÿ”ซ๐Ÿ’ฅ๐Ÿ‘‚๐Ÿฉธ๐Ÿ˜ฒ Good to be back, folks! ๐Ÿ˜˜

FYI, this is a Monday edition of Gone Phishing, but from now on your favourite cybersecurity newsletter will be going out every Friday to give you a roundup of the weekโ€™s top cybersecurity news stories along with helpful advice for staying safe online.

Because in this ever changing world in which we live in, you got to secure your WiFiโ€ฆ Say live and WiFi! ๐ŸŽถ๐Ÿ™ƒ๐Ÿ˜‚

Okay, on with last weekโ€™s hottest cybersecurity news stories:

  • โš ๏ธ โ€˜Nearly allโ€™ AT&T wireless customers affected by data breach ๐Ÿ—ƒ๏ธ

  • ๐Ÿฐ DarkGate malware exploited Samba file shares. Now itโ€™s MaaS ๐Ÿ›’

  • ๐Ÿ‘จ๐Ÿปโ€โœˆ๏ธ Australian Defense Private, & husband charged for Russian espionage ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Theyโ€™re AT&T it again ๐Ÿ˜ฌ

๐Ÿšจ AT&T Data Breach Alert! ๐Ÿ—ƒ๏ธ

Hackers accessed data from almost all AT&T wireless customers and MVNOs between April 14-25, 2024. The stolen info includes customer call and text records from May 2022 to January 2023. ๐Ÿ“…

๐Ÿ“ž What's at Risk?

The breach exposed telephone numbers, interaction counts, call durations, and cell site IDs. This data can reveal who talked to whom and when. ๐Ÿ“Š

๐Ÿ” How Did It Happen?

Hackers exploited a third-party cloud platform, linked to Snowflake, affecting other major companies too. AT&T discovered the breach on April 19 and is working with law enforcement. ๐Ÿ‘ฎโ€โ™‚๏ธ

๐Ÿ›ก๏ธ What's Being Done?

AT&T will notify affected customers and urges vigilance against phishing and fraud. Theyโ€™ve paid $370,000 in cryptocurrency to hackers for data deletion proof. Meanwhile, Snowflake is enforcing mandatory multi-factor authentication. ๐Ÿ›ก๏ธ

๐Ÿ•ต๏ธโ€โ™‚๏ธ Whoโ€™s Responsible?

24-year-old John Binns, already indicted for a 2021 T-Mobile hack, is connected to this incident. The hacker group ShinyHunters claimed responsibility. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Stay alert, and only trust messages from known senders! ๐Ÿ“ฒ

Top Tips ๐Ÿ›ก๏ธ

  • Be cautious of phishing and smishing attempts.

  • Request details of your compromised call and text records.

  • Enable multi-factor authentication on all accounts. ๐Ÿ”

Stay vigilant, folks!

More weapons of MaaS disruption โš ๏ธโ˜ข๏ธโ˜ฃ๏ธ

๐Ÿšจ DarkGate Malware Campaign Unveiled! ๐Ÿฐ

Cybersecurity experts have uncovered a short-lived but significant DarkGate malware campaign targeting North America, Europe, and Asia in March and April 2024. The malware spread through public-facing Samba file shares. ๐ŸŒ

๐Ÿ“Š How It Worked

Hackers used servers hosting Visual Basic Script (VBS) and JavaScript files. The attack started with Microsoft Excel files prompting users to click an embedded button, leading to the execution of malicious scripts. ๐Ÿ–ฑ๏ธ

๐Ÿ›ก๏ธ Key Features of DarkGate

  • Remote Control: Hackers can take over compromised systems.

  • Code Execution: Executes arbitrary code on infected hosts.

  • Crypto Mining: Mines cryptocurrency using victims' resources.

  • Reverse Shells: Opens backdoors for remote access.

  • Payload Delivery: Drops additional malware payloads. ๐Ÿ“‰

๐Ÿšจ Recent Surge

DarkGate attacks have increased following the QakBot takedown in August 2023, demonstrating the ongoing adaptability and threat of this malware. ๐Ÿ”ฅ

๐Ÿ”ฌ Technical Details

  • Detection Evasion: Scans for anti-malware software and virtualization tools.

  • Obfuscated Data: Uses Base64-encoded text over HTTP for command and control (C2) traffic.

๐Ÿ”ง How It Worked

  • Excel Files: Users were tricked into clicking embedded buttons in Excel files.

  • Malicious Scripts: These actions triggered VBS or JavaScript files hosted on Samba shares.

  • PowerShell Execution: The scripts downloaded and ran further malicious code. ๐Ÿ“œ

DarkGateโ€™s evolution into a malware-as-a-service (MaaS) highlights the need for continuous vigilance and advanced cybersecurity defences. ๐Ÿš€

Stay vigilant and ensure robust cybersecurity measures are in place. Update your anti-malware tools and avoid opening suspicious files.

Stay safe, and keep your defences strong! ๐Ÿ’ช

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Stay ahead of the curve with Presspool.ai! ๐Ÿš€ Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." ๐Ÿค“๐Ÿ’ก Thatโ€™s us, alright! ๐Ÿคต How about you? Visionary AI executive, much? ๐Ÿ‘€

And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business ๐Ÿค–๐Ÿ‘ฉโ€๐Ÿ’ป๐ŸŒ

Rest assured, the process is very straightforward.

You simply:

๐Ÿ†• Sign Up & Create Campaign

๐Ÿ“Š Define your audience, budget, and message to captivate your audience.

๐Ÿš€ Launch your campaign, as Presspoolโ€™s AI matches it with ideal newsletter audiences for optimal reach and conversions. ๐ŸŽฏ

๐Ÿ•ต๏ธ Finally, you leverage real-time analytics to track performance and refine future strategies. ๐Ÿ“ˆ Elevate your marketing game and stay informed with Presspool.ai! ๐ŸŒŸ Simples! ๐Ÿฆฆ

Presspool.aiย ๐Ÿ“ฐ๐ŸŠ๐Ÿค– may just have what you need to succeed. And if the product isnโ€™t for you, the newsletter alone is a gamechanger. And we know newsletters ๐Ÿ˜‰

Sorry, this is a Private affair ๐Ÿ’€

๐Ÿšจ Australian Espionage Arrests! ๐Ÿฆ˜

Two Russian-born Australian citizens, Kira Korolev (40) and her husband Igor Korolev (62), have been arrested for spying on behalf of Russia. Kira is an Australian Defence Force (ADF) Army Private, and Igor is a self-employed labourer. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ•ต๏ธโ€โ™€๏ธ

๐Ÿ“… What Happened?

On July 11, 2024, the Australian Federal Police (AFP) arrested the couple at their home in Brisbane. They face charges of preparing for an espionage offence, which could lead to 15 years in prison. ๐Ÿš”

๐Ÿ” The Operation

Codenamed BURGAZADA, this complex law enforcement operation revealed that Kira used her ADF account to access sensitive information and directed Igor to send this data to her private email while she was in Russia. The accessed documents relate to Australian national security. ๐Ÿ”’

๐Ÿ“ข Official Statements

AFP Commissioner Reece Kershaw emphasised the severity of espionage, noting its potential impact on Australia's sovereignty and safety. This is the first espionage charge since new laws were introduced in 2018. ๐Ÿ—ฃ๏ธ

๐ŸŒ Espionage in Australia

  • April 2023: A NSW man was charged for providing defence-related information to foreign intelligence.

  • February 2024: A Melbourne man was sentenced for attempting to influence a Federal Parliamentarian on behalf of a foreign government.

Mike Burgess from ASIO warned of the real and ongoing threat of espionage from multiple countries aiming to steal Australia's secrets. ๐Ÿ›ก๏ธ

Stay informed and vigilant! ๐Ÿง

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ›ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐Ÿ“…

  • ๐Ÿ’ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐Ÿ†“

  • ๐Ÿ“ˆย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐Ÿ‘พ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles