Last year's cybersecurity news was dominated by two “typhoons”: Bolt Typhoon and Salt Typhoon. Bolt Typhoon and Salt Typhoon are the code names given to two major Chinese state-sponsored attacks on U.S. computer systems.
Bolt Typhoon is a threat group associated with the Chinese government that first identified Created by Microsoft in May 2023 big news In February 2024, it will infiltrate dozens of networks involved in critical U.S. infrastructure, including oil pipelines and power grids.
Bolt Typhoon began as a more modest effort to disrupt U.S. computer networks on the island of Guam, perhaps in light of the possibility of a regional war breaking out between the United States and the People's Republic of China (China). It seems so. When the hacker's tactics proved successful, the project expanded, moving across the continent's west coast and into Texas.
A tactic that has worked very well for China's hacking forces is called “living off the land,” an attack that allows hackers to infiltrate systems without immediate damage or potentially tip off network security teams. It meant making certain movements. Instead, hackers lurk in compromised networks, disguise their malware as useful system entities, and wait for orders to attack.
Ultimately, Bolt Typhoon was defeated by removing the malware from hundreds of network computers and routers. Another Chinese-backed hacker group called Salt Typhoon attacked in late 2024 and is “prepared to cause havoc and real-world damage to American citizens and communities should China decide the time is right for an attack.” as FBI Director Christopher Wray. put it down.
Salt Typhoon targeted communication systems and internet providers. In September, cybersecurity researchers revealed Salt Typhoon hackers are “living on the ground” inside the computer networks of major broadband providers, doing more than ever before to compromise the core routers that manage the flow of America's vast internet traffic. I was trying.
Last Friday, Deputy National Security Adviser for Cyber and Emerging Technologies Ann Neuberger said: revealed Salt Typhoon infiltrated nine major phone providers, including AT&T and Verizon, and stole a vast trove of Americans' cell phone records.
The hackers used the unauthorized access to track cell phones and “locate millions of individuals” including President-elect Donald Trump, Vice Presidential Candidate J.D. Vance, and senior presidents. He committed malicious acts such as “freely recording'' phone calls made by other people. Members of the outgoing Biden administration.
Perhaps most worryingly, Neuberger said some of Salt Typhoon's targets were still compromising, However, the cybersecurity team of a major telecommunications company disputed her assessment. Neuberger said we won't be able to defeat the salt typhoon until the Federal Communications Commission (FCC) formalizes tough new security requirements for phone carriers and all carriers implement those protocols. said.
In fact, a third typhoon occurred in 2024. flax typhoona huge botnet created by Chinese state-sponsored hackers that infected approximately 260,000 routers. This botnet, named “Raptor Train”, distributed denial of service (DDoS) attack – A blizzard of malicious network connections that can overwhelm a target system and make it inaccessible to legitimate users. The botnet has also helped other Chinese state hacking groups infiltrate computer networks around the world.
When the FBI takes the following actions: confuse After the Raptor Train botnet was attacked in September, Flax Typhoon actually hit back at FBI computer systems with a DDoS attack. The counterattack failed, so FBI programmers were able to take control of Raptor Train and order it to neutralize the botnet itself.
The Cybersecurity and Infrastructure Security Agency (CISA) is the U.S. government's primary electronic security agency. was popular The year-end review for 2024 found that China succeeded in “reducing nation-state threats” from bad actors such as China, Russia, North Korea, and Iran, but China's three typhoons were the result of sophisticated state-sponsored hackers. Before the malware that proved capable of wreaking so much havoc was identified and destroyed. The sophistication of these hackers to remain in systems for months or even years before being discovered is deeply disturbing.
cyber magazine on tuesday explained 2024 will be a “challenging” year for cybersecurity experts, with a resurgence of ransomware attacks (locking down computer systems until the victim pays a ransom for their data), a wave of DDoS attacks, and “even more complex… “social engineering attack” has occurred.
social engineering This is a troubling development because this is not “hacking” in the traditional sense. Rather than brute-force entry into computer systems using viruses or hacking tools, cybercriminals use social engineering techniques to trick victims into trusting them, from passwords to bank account numbers. Hand over valuable data.
“Phishing” is one of the most common criminal strategies, tricking victims into putting themselves at risk with emails that appear to come from a legitimate business contact or personal friend. . Social engineers have carried out underground operations, including incorporating realistic-looking websites to collect information from unsuspecting victims.
Phishing emails and fake websites can appear trustworthy by stealing small amounts of personal information from targeted organizations or by intercepting some legitimate email communications.
In November, an IT company called Ivanti, which specializes in supply chain management, released Research shows that social engineering has become almost as common as traditional malware-based hacking attacks.
Social engineering is difficult to defend against. Because even the most sophisticated cybersecurity technology can be bypassed if an unsuspecting network user hands over the keys to the kingdom to a criminal intruder. Ivanti found that the majority of office workers are unaware of modern cybercrime techniques, such as using advanced artificial intelligence (AI) to perfectly simulate a trusted personal phone voice.
In 2023, cybersecurity experts have warned that AI will become a sharp weapon in the hands of hackers. In 2024, AI will target of cyber criminals. One of the hottest new trends in cybercrime is “LLM JackingThis means hacking into the large-scale language models (LLMs) that power artificial intelligence systems.
LLM requires a lot of effort to compile and is very complex, so sabotage can go undetected for long periods of time. As AI systems gain control over corporate and government resources, infiltrating an LLM could allow mischievous hackers to steal or misuse valuable electronic goods, such as storage space on cloud servers.
Another growing concern is that “supply chain attackAlthough this refers to a hacking technique and is not a target of hacking, companies involved in critical physical supply chains have certainly been attacked in this way.
Like LLM jacking, supply chain attacks are a result of the incredibly complex and interconnected electronic environment we currently live in. Simply put, all networks and computer applications use a “supply chain” of code and digital resources, and nothing is written completely from scratch. already.
Supply chain hacking involves finding the weakest or most useful link in the chain and ruthlessly exploiting it. For example, rather than trying to break into a specific company, a hacker could compromise a cloud service provider or cybersecurity company that serves many companies and exploit the trust relationship that exists between client and vendor. There is.
Modern digital supply chains can span many levels, and there are many vulnerabilities that hackers can exploit. This is one reason why routers are targeted by many cybercriminals, including China's state-run Typhoon Group.
Compromising a single router can give hackers a backdoor to dozens of networks. If an entire router class or model is compromised, the following problems can occur: thousands of of the network. In 2024, state-sponsored hackers have proven highly adept at exploring the electronic battlefield and carefully selecting their targets.
