A hacking group has targeted the networks of US media and retail companies to gather usernames and IP addresses, according to research from an antivirus company.
Slovakia-based cybersecurity company Eset has identified a 'backdoor' used by a group it calls SparklingGoblin to enter firm's supposedly secure servers, according to a post on the company's blog on Tuesday.
The group mostly targets the academic sectors in East and Southeast Asia, but it's also shown interest in the education sector in Canada, media companies in the US, and at least one unnamed computer retail company in the US.
It is not clear what companies were attacked or when the breaches happened. It's also not known where the group is from, though Eset notes that some of its procedures were described on a Chinese language blog, suggesting it may be based in eastern Asia.
The group uses similar tools to the Winnti Group, which has targeted universities in Hong Kong and supply chains in the video game and software industries
The group's backdoor, called Sidewalk, uses Google Docs to pass on IP configurations and usernames, along with other bits of sensitive information like file names, operating system versions, and computer names.
Eset classifies the group as an 'advanced persistent threat,' groups that use 'continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences,' according to Russian antivirus company Kaspersky.
Earlier this month, T-Mobile revealed that 50 million of its customers had their data , including their names and social security numbers, stolen by a 'bad actor'
A similar toolset used by SparklingGoblin was used in a series of attacks against universities in Hong Kong by the Winnti Group, which has been active since at least 2012, according to Eset.
That group is responsible for for high-profile supply-chain attacks against the video game and software industries.
Last week, US cell phone carrier T-Mobile announced that 50 million current, former and prospective customers had their names and social security numbers stolen by a 'bad actor.'
The personal information of 30 million people, including SSNs, was later found to be for sale on an underground forum for $270,000.
Microsoft Power Apps has been affected by a breach that saw the data of 38M people exposed
In May, researchers at cybersecurity firm UpGuard found that the personal data of 38 million people, including social security and phone numbers and COVID vaccination status, was exposed after a breach of Microsoft Power Apps.
Companies that use the service include American Airlines, New York City public schools, Ford, the Maryland Department of Health, and the New York City Municipal Transportation Authority.
The Biden administration has made protecting the country from cyberattacks a 'top priority.'
'All organizations must recognize that no company is safe from being targeted by ransomware, regardless of size or location,' said Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, in an open letter to the private sector on June 2.
'Ransomware attacks have disrupted organizations around the world, from hospitals across Ireland, Germany and France, to pipelines in the United States and banks in the UK. The threats are serious and they are increasing.'
No comments:
Post a Comment