Cybersecurity

Archived

• [Security firm] Silent Push Threat Analysts followed a tip from Mexican journalist Ignacio Gómez Villaseñor about a threat actor targeting “Hot Sale 2025,” an annual sales event similar to “Black Friday” in the U.S.
• The team pivoted from that Mexico-centric campaign into thousands of websites that broadly targeted a more global audience with abundant waves of fake marketplace scams.
• We identified a private technical fingerprint associated with this infrastructure, which contains Chinese words and characters to strongly indicate that the developers of this network are from China.
• Our analysts observed this threat actor group building multiple phishing websites with pages spoofing well-known retailers, including Apple, Harbor Freight Tools, Michael Kors, REI, Wayfair, and Wrangler Jeans.
• The threat actor has also been caught abusing online payment services, including MasterCard, PayPal, and Visa, as well as payment security techniques such as Google Pay, across the campaign’s network of scam websites.

[...]

• GitHub Archive logs every public commit, even the ones developers try to delete. Force pushes often cover up mistakes like leaked credentials by rewriting Git history. GitHub keeps these dangling commits, from what we can tell, forever. In the archive, they show up as “zero-commit” PushEvents.
• I scanned every force push event since 2020 and uncovered secrets worth $25k in bug bounties.
• Together with Truffle Security, we're open sourcing a new tool to scan your own GitHub organization for these hidden commits (try it here).

cross-posted from: https://lemmy.sdf.org/post/37887750

Archived

Here is the report (pdf).

The French National Agency for Information Systems Security, or ANSSI, said Tuesday it observed French organizations affected by activity using a slew of security flaws to break into an end-of-life version of the Utah company's Cloud Services Appliance applications. The campaign affected government agencies, telecoms and firms in the media, finance and transport sectors. ANSII dubs the intrusion set "Houken".

[...]

The hacker used a wide number of open-source tools "mostly crafted by Chinese-speaking developers," were active during Chinese working hours and exhibited behaviors consistent with intelligence collection. The threat actor also sought self-enrichment, installing a cryptominer on one victim system. Chinese nation-state hacking is an unusual combination of intelligence agencies and private sector companies. Some hackers choose their own targets and sell exfiltrated data or access to government agencies - or may do for-profit hacking on the side. "Nevertheless, the use of cryptominers remains uncommon for this threat actor," ANSSI wrote.

[...]

[Edit title for clarity.]