Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts.
The campaign used “compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code authentication flow,” Amazon’s Chief Information Security Officer CJ Moses said.
APT29, also tracked as BlueBravo, Cloaked Ursa, CozyLarch, Cozy Bear, Earth Koshchei, ICECAP, Midnight Blizzard, and The Dukes, is the name assigned to a state-sponsored hacking group with ties to Russia’s Foreign Intelligence Service (SVR).
In recent months, the prolific threat actor has been linked to attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files to target Ukrainian entities and exfiltrate sensitive data.
Since the start of the year, the adversarial collective has been observed adopting various phishing methods, including device code phishing and device join phishing, to obtain unauthorized access to Microsoft 365 accounts.
As recently as June 2025, Google said it observed a threat cluster with affiliations to APT29 weaponizing a Google account feature called application-specific passwords to gain access to victims’ emails. The highly targeted campaign was attributed to UNC6293.
The latest activity identified by Amazon’s threat intelligence team underscores the threat actor’s continued efforts to harvest credentials and gather intelligence of interest, while simultaneously sharpening their tradecraft.
“This opportunistic approach illustrates APT29’s continued evolution in scaling their operations to cast a wider net in their intelligence collection efforts,” Moses said.
The attacks involved APT29 compromising various legitimate websites and injecting JavaScript that redirected approximately 10% of visitors to actor-controlled domains, such as findcloudflare[.]com, that mimicked Cloudflare verification pages to give an illusion of legitimacy.
In reality, the end goal of the campaign was to entice victims into entering a legitimate device code generated by the threat actor into a sign-in page, effectively granting them access to their Microsoft accounts and data. This technique was detailed by both Microsoft and Volexity back in February 2025.
The activity is also noteworthy for incorporating various evasion techniques, such as Base64 encoding to conceal malicious code, setting cookies to prevent repeated redirects of the same visitor, and shifting to new infrastructure when blocked.
“Despite the actor’s attempts to migrate to new infrastructure, including a move off AWS to another cloud provider, our team continued tracking and disrupting their operations,” Moses said. “After our intervention, we observed the actor register additional domains such as cloudflare.redirectpartners[.]com, which again attempted to lure victims into Microsoft device code authentication workflows.”
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors.
“While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised devices and trusted connections to pivot into other networks,” according to a joint cybersecurity advisory published Wednesday. “These actors often modify routers to maintain persistent, long-term access to networks.”
The bulletin, courtesy of authorities from 13 countries, said the malicious activity has been linked to three Chinese entities, Sichuan Juxinhe Network Technology Co., Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd.
These companies, the agencies said, provide cyber-related products and services to China’s intelligence services, with the data stolen from the intrusions, specifically those against telecoms and Internet service providers (ISPs), providing Beijing with the ability to identify and track their targets’ communications and movements globally.
The countries that have co-sealed the security advisory include Australia, Canada, the Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, New Zealand, Poland, Spain, the U.K., and the U.S.
Brett Leatherman, head of the U.S. Federal Bureau of Investigation’s Cyber Division, said the Salt Typhoon group has been active since at least 2019, engaging in a persistent espionage campaign aimed at “breaching global telecommunications privacy and security norms.”
In a standalone alert issued today, Dutch intelligence and security services MIVD and AIVD said while organizations in the country “did not receive the same degree of attention from the Salt Typhoon hackers as those in the U.S.,” the threat actors gained access to routers of smaller ISPs and hosting providers. However, there is no evidence the hackers penetrated these networks further.
“Since at least 2021, this activity has targeted organisations in critical sectors including government, telecommunications, transportation, lodging, and military infrastructure globally, with a cluster of activity observed in the U.K.,” the National Cyber Security Centre said.
According to The Wall Street Journal and The Washington Post, the hacking crew has expanded its targeting focus to other sectors and regions, attacking no less than 600 organizations, including 200 in the U.S., and 80 countries.
However, the agencies pointed out these vulnerabilities are not “exhaustive” and that the threat actors may also go after other devices such as Fortinet firewalls, Juniper firewalls, Microsoft Exchange, Nokia routers and switches, Sierra Wireless devices, and Sonicwall firewalls, among others for initial access.
“The APT actors may target edge devices regardless of who owns a particular device,” the agencies noted. “Devices owned by entities that do not align with the actors’ core targets of interest still present opportunities for use in attack pathways into targets of interest.”
The compromised devices are then leveraged to pivot into other networks, in some cases even modifying the device’s configuration and adding a generic routing encapsulation (GRE) tunnel for persistent access and data exfiltration.
Persistent access to target networks is accomplished by altering Access Control Lists (ACLs) to add IP addresses under their control, opening standard and non-standard ports, and running commands in an on-box Linux container on supported Cisco networking devices to stage tools, process data locally, and move laterally within the environment.
Also put to use by the attackers are authentication protocols like Terminal Access Controller Access Control System Plus (TACACS+) to enable lateral movement across network devices, while simultaneously conducting extensive discovery actions and capturing network traffic containing credentials via compromised routers to burrow deeper into the networks.
“The APT actors collected PCAPs using native tooling on the compromised system, with the primary objective likely being to capture TACACS+ traffic over TCP port 49,” the agencies said. “TACACS+ traffic is used for authentication, often for administration of network equipment and including highly privileged network administrators’ accounts and credentials, likely enabling the actors to compromise additional accounts and perform lateral movement.”
On top of that, Salt Typhoon has been observed enabling the sshd_operns service on Cisco IOS XR devices to create a local user and grant it sudo privileges to obtain root on the host OS after logging in via TCP/57722.
Google-owned Mandiant, which was one of the many industry partners that contributed to the advisory, stated the threat actor’s familiarity with telecommunications systems offers them a unique advantage, giving them an upper hand when it comes to defense evasion.
“An ecosystem of contractors, academics, and other facilitators is at the heart of Chinese cyber espionage,” John Hultquist, Chief Analyst at Google Threat Intelligence Group, told The Hacker News. Contractors are used to build tools and valuable exploits as well as carry out the dirty work of intrusion operations. They have been instrumental in the rapid evolution of these operations and growing them to an unprecedented scale.”
“In addition to targeting telecommunications, reported targeting of hospitality and transportation by this actor could be used to closely surveil individuals. Information from these sectors can be used to develop a full picture of who someone is talking to, where they are, and where they are going.”
(The story was updated after publication to make it clear that the threat actors are targeting and may target a broad range of edge network appliances.)
Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency across tasks, they also present new data leak prevention for generative AI challenges. Sensitive information may be shared through chat prompts, files uploaded for AI-driven summarization, or browser plugins that bypass familiar security controls. Standard DLP products often fail to register these events.
Solutions such as Fidelis Network® Detection and Response (NDR) introduce network-based data loss prevention that brings AI activity under control. This allows teams to monitor, enforce policies, and audit GenAI use as part of a broader data loss prevention strategy.
Why Data Loss Prevention Must Evolve for GenAI
Data loss prevention for generative AI requires shifting focus from endpoints and siloed channels to visibility across the entire traffic path. Unlike earlier tools that rely on scanning emails or storage shares, NDR technologies like Fidelis identify threats as they traverse the network, analyzing traffic patterns even if the content is encrypted.
The critical concern is not just who created the data, but when and how it leaves the organization’s control, whether through direct uploads, conversational queries, or integrated AI features in business systems.
Monitoring Generative AI Usage Effectively
Organizations can use GenAI DLP solutions based on network detection across three complementary approaches:
URL-Based Indicators and Real-Time Alerts
Administrators can define indicators for specific GenAI platforms, for example, ChatGPT. These rules can be applied to multiple services and tailored to relevant departments or user groups. Monitoring can run across web, email, and other sensors.
Process:
When a user accesses a GenAI endpoint, Fidelis NDR generates an alert
If a DLP policy is triggered, the platform records a full packet capture for subsequent analysis
Web and mail sensors can automate actions, such as redirecting user traffic or isolating suspicious messages
Supports comprehensive forensic analysis as needed
Integrates with incident response playbooks and SIEM or SOC tools
Considerations:
Maintaining up-to-date rules is necessary as AI endpoints and plugins change
High GenAI usage may require alert tuning to avoid overload
Metadata-Only Monitoring for Audit and Low-Noise Environments
Not every organization needs immediate alerts for all GenAI activity. Network-based data loss prevention policies often record activity as metadata, creating a searchable audit trail with minimal disruption.
Alerts are suppressed, and all relevant session metadata is retained
Sessions log source and destination IP, protocol, ports, device, and timestamps
Security teams can review all GenAI interactions historically by host, group, or time frame
Benefits:
Reduces false positives and operational fatigue for SOC teams
Enables long-term trend analysis and audit or compliance reporting
Limits:
Important events may go unnoticed if not regularly reviewed
Session-level forensics and full packet capture are only available if a specific alert escalates
In practice, many organizations use this approach as a baseline, adding active monitoring only for higher-risk departments or activities.
Detecting and Preventing Risky File Uploads
Uploading files to GenAI platforms introduces a higher risk, especially when handling PII, PHI, or proprietary data. Fidelis NDR can monitor such uploads as they happen. Effective AI security and data protection means closely inspecting these movements.
Process:
The system recognizes when files are being uploaded to GenAI endpoints
DLP policies automatically inspect file contents for sensitive information
When a rule matches, the full context of the session is captured, even without user login, and device attribution provides accountability
Advantages:
Detects and interrupts unauthorized data egress events
Enables post-incident review with full transactional context
Considerations:
Monitoring works only for uploads visible on managed network paths
Attribution is at the asset or device level unless user authentication is present
Weighing Your Options: What Works Best
Real-Time URL Alerts
Pros: Enables rapid intervention and forensic investigation, supports incident triage and automated response
Cons: May increase noise and workload in high-use environments, needs routine rule maintenance as endpoints evolve
Metadata-Only Mode
Pros: Low operational overhead, strong for audits and post-event review, keeps security attention focused on true anomalies
Cons: Not suited for immediate threats, investigation required post-factum
File Upload Monitoring
Pros: Targets actual data exfiltration events, provides detailed records for compliance and forensics
Cons: Asset-level mapping only when login is absent, blind to off-network or unmonitored channels
Building Comprehensive AI Data Protection
A comprehensive GenAI DLP solutions program involves:
Maintaining live lists of GenAI endpoints and updating monitoring rules regularly
Assigning monitoring mode, alerting, metadata, or both, by risk and business need
Collaborating with compliance and privacy leaders when defining content rules
Integrating network detection outputs with SOC automation and asset management systems
Educating users on policy compliance and visibility of GenAI usage
Organizations should periodically review policy logs and update their system to address new GenAI services, plugins, and emerging AI-driven business uses.
Best Practices for Implementation
Successful deployment requires:
Clear platform inventory management and regular policy updates
Risk-based monitoring approaches tailored to organizational needs
Integration with existing SOC workflows and compliance frameworks
User education programs that promote responsible AI usage
Continuous monitoring and adaptation to evolving AI technologies
Key Takeaways
Modern network-based data loss prevention solutions, as illustrated by Fidelis NDR, help enterprises balance the adoption of generative AI with strong AI security and data protection. By combining alert-based, metadata, and file-upload controls, organizations build a flexible monitoring environment where productivity and compliance coexist. Security teams retain the context and reach needed to handle new AI risks, while users continue to benefit from the value of GenAI technology.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet.
FreePBX is an open-source private branch exchange (PBX) platform widely used by businesses, call centers, and service providers to manage voice communications. It’s built on top of Asterisk, an open-source communication server.
The vulnerability, assigned the CVE identifier CVE-2025-57819, carries a CVSS score of 10.0, indicating maximum severity.
“Insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator, leading to arbitrary database manipulation and remote code execution,” the project maintainers said in an advisory.
The issue impacts the following versions –
FreePBX 15 prior to 15.0.66
FreePBX 16 prior to 16.0.89, and
FreePBX 17 prior to 17.0.3
Sangoma said an unauthorized user began accessing multiple FreePBX version 16 and 17 systems connected to the internet starting on or before August 21, 2025, specifically those that have inadequate IP filtering or access control lists (ACLs), by taking advantage of a sanitization issue in the processing of user-supplied input to the commercial “endpoint” module.
The initial access obtained using this method was then combined with other steps to potentially gain root-level access on the target hosts, it added.
In light of active exploitation, users are advised to upgrade to the latest supported versions of FreePBX and restrict public access to the administrator control panel. Users are also advised to scan their environments for the following indicators of compromise (IoCs) –
File “/etc/freepbx.conf” recently modified or missing
Presence of the file “/var/www/html/.clean.sh” (this file should not exist on normal systems)
Suspicious POST requests to “modular.php” in Apache web server logs dating back to at least August 21, 2025
Phone calls placed to extension 9998 in Asterisk call logs and CDRs are unusual (unless previously configured)
Suspicious “ampuser” user in the ampusers database table or other unknown users
“We are seeing active exploitation of FreePBX in the wild with activity traced back as far as August 21 and backdoors being dropped post-compromise,” watchTowr CEO Benjamin Harris said in a statement shared with The Hacker News.
“While it’s early, FreePBX (and other PBX platforms) have long been a favorite hunting ground for ransomware gangs, initial access brokers and fraud groups abusing premium billing. If you use FreePBX with an endpoint module, assume compromise. Disconnect systems immediately. Delays will only increase the blast radius.”
Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software.
The issue, which is yet to be assigned a CVE identifier, has been addressed in Passwordstate 9.9 (Build 9972), released August 28, 2025.
The Australian company said it fixed a “potential Authentication Bypass when using a carefully crafted URL against the core Passwordstate Products’ Emergency Access page.”
Also included in the latest version are improved protections to safeguard against potential clickjacking attacks aimed at its browser extension, should users end up visiting compromised sites.
The safeguards are likely in response to findings from security researcher Marek Tóth, who, earlier this month, detailed a technique called Document Object Model (DOM)-based extension clickjacking that several password manager browser add-ons have been found vulnerable to.
“A single click anywhere on an attacker-controlled website could allow attackers to steal users’ data (credit card details, personal data, login credentials, including TOTP),” Tóth said. “The new technique is general and can be applied to other types of extensions.”
According to Click Studios, the credential manager is used by 29,000 customers and 370,000 security and IT professionals, spanning global enterprises, government agencies, financial institutions, and Fortune 500 companies.
The disclosure comes over four years after the company suffered a supply chain breach that enabled attackers to hijack the software’s update mechanism in order to drop malware capable of harvesting sensitive information from compromised systems.
Then in December 2022, Click Studios also resolved multiple security flaws in Passwordstate, including an authentication bypass for Passwordstate’s API (CVE-2022-3875, CVSS score: 9.1) that could have been exploited by an unauthenticated remote adversary to obtain a user’s plaintext passwords.
Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to cybercriminals across the world.
To that end, two marketplace domains (verif[.]tools and veriftools[.]net) and one blog have been taken down, redirecting site visitors to a splash page stating the action was undertaken by the U.S. Federal Bureau of Investigation (FBI) pursuant to a warrant issued by a United States District Court. The servers were seized in Amsterdam.
However, a Telegram message posted by operators on August 28, 2025, shows that they have already launched the service on the domain “veriftools[.]com.” The domain was created on December 10, 2018, per DomainTools. It’s currently not known who the administrators of the platform are.
“The operators of VerifTools produced and sold counterfeit driver’s licenses, passports, and other identification documents that could be used to bypass identity verification systems and gain unauthorized access to online accounts,” the U.S. Department of Justice (DoJ) said Thursday.
The DoJ said the FBI began investigating the service in 2022 after it discovered a criminal operation to leverage stolen identities to access cryptocurrency accounts. The probe revealed that the illegal platform was being used to generate counterfeit identification documents for all 50 states of the U.S., as well as other foreign countries, for as little as $9.
An equivalent of approximately $6.4 million of illicit proceeds has been linked to the VerifTools marketplace, the FBI said.
On the VerifTools website, the operators argue plausible deniability by stating that: “Legal usage of the service is your responsibility. By using the service, you must be aware of the local, state, and federal laws in your jurisdiction and take sole responsibility for your actions.”
Following the takedown, a Reddit user by the name Powda_reaper claimed that the site owners messaged them saying “the website is currently down due to major issues” and that they were bringing the site back up by August 29, while reassuring them that “Your funds are safe.”
“The internet is not a refuge for criminals. If you build or sell tools that let offenders impersonate victims, you are part of the crime,” said Acting U.S. Attorney Ryan Ellison. “We will use every lawful tool to disrupt your business, take the profit out of it, and bring you to justice. No one operation is bigger than us together.”
The Dutch National Police, in a coordinated statement, described VerifTools as one of the largest providers of false identity documents. In addition to two physical servers, more than 21 virtual servers have been confiscated.
The officials also noted that the website’s entire infrastructure on the servers has been secured and copied for subsequent analysis. In the Netherlands, forgery, false proof of identity, and deploying counterfeit payment instruments each carry a maximum prison sentence of six years.
“Many companies and agencies use so-called Know Your Customer verification (KYC), which often requires only an image of an ID. By using VerifTools, that KYC control could be bypassed,” the Politie said. “Criminals gratefully use platforms such as VerifTools, because they can commit their fraud with the created documents, such as bank helpdesk fraud and phishing.”
Google has revealed that the recent wave of attacks targeting Salesforce instances via Salesloft Drift is much broader in scope than previously thought, stating it impacts all integrations.
“We now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised,” Google Threat Intelligence Group (GTIG) and Mandiant said in an updated advisory.
The tech giant said the attackers also used stolen OAuth tokens to access email from a small number of Google Workspace email accounts on August 9, 2025, after compromising the OAuth tokens for the “Drift Email” integration. It’s worth noting that this is not a compromise of Google Workspace or Alphabet itself.
“The only accounts that were potentially accessed were those that had been specifically configured to integrate with Salesloft; the actor would not have been able to access any other accounts on a customer’s Workspace domain,” Google added.
Following the discovery, Google said it notified impacted users, revoked the specific OAuth tokens granted to the Drift Email application, and disabled the integration functionality between Google Workspace and Salesloft Drift amid ongoing investigation into the incident.
The company is also urging organizations using Salesloft Drift to review all third-party integrations connected to their Drift instance, revoke and rotate credentials for those applications, and investigate all connected systems for signs of unauthorized access.
The broadening of the attack radius comes shortly after Google exposed what it described as a widespread and opportunistic data theft campaign that allowed the threat actors, an emerging activity cluster dubbed UNC6395, to leverage compromised OAuth tokens associated with Salesloft Drift to target Salesforce instances from August 8 to 18, 2025.
“Based on the investigation to date, there is no evidence of malicious activity detected in the Salesloft integrations related to the Drift incident,” it noted. “Additionally, at this time, there are no indications that the Salesloft integrations are compromised or at risk.”
Aug 29, 2025Ravie LakshmananMalware / Windows Security
Cybersecurity researchers have discovered a cybercrime campaign that’s using malvertising tricks to direct victims to fraudulent sites to deliver a new information stealer called TamperedChef.
“The objective is to lure victims into downloading and installing a trojanized PDF editor, which includes an information-stealing malware dubbed TamperedChef,” Truesec researchers Mattias Wåhlén, Nicklas Keijser, and Oscar Lejerbäck Wolf said in a report published Wednesday. “The malware is designed to harvest sensitive data, including credentials and web cookies.”
At the heart of the campaign is the use of several bogus sites to promote an installer for a free PDF editor called AppSuite PDF Editor that, once installed and launched, displays to the user a prompt to agree to the software’s terms of service and privacy policy.
In the background, however, the setup program makes covert requests to an external server to drop the PDF editor program, while also setting up persistence on the host by making Windows Registry changes to ensure that the downloaded executable is automatically started after a reboot. The registry key contains a –cm arguments parameter to pass instructions to the binary.
German cybersecurity company G DATA, which also analyzed the activity, said the various websites offering these PDF editors download the same setup installer, which then downloads the PDF editor program from the server once the user accepts the license agreement.
“It then executes the main application with no arguments, which is equivalent to starting the –install routine,” security researchers Karsten Hahn and Louis Sorita said. “It also creates an autorun entry that supplies the command line argument –cm=–fullupdate for the next run of the malicious application.”
It’s assessed that the campaign kicked off on June 26, 2025, when many of the counterfeit sites were either registered or began advertising the PDF editing software through at least five different Google advertising campaigns.
“At first the PDF appears to have behaved mostly harmless, but the code included instructions to regularly check back for potential updates in a .js file that includes the –cm arguments,” the researchers explained. “From August 21, 2025, machines that called back received instructions that activated the malicious capabilities, an information stealer, referred to as ‘Tamperedchef.’”
Once initialised, the stealer gathers a list of installed security products and attempts to terminate web browsers so as to access sensitive data, such as credentials and cookies.
Further analysis of the malware-laced application by G DATA has revealed that it acts as a backdoor, supporting a number of features –
–install, to create scheduled tasks named PDFEditorScheduledTask and PDFEditorUScheduledTask that run the application with –cm=–partialupdate and –cm=–backupupdate arguments, respectively, to trigger the –check and –-ping routines
–cleanup, which is called by the uninstaller to remove the backdoor files, unregister the machine from the server, and delete the two scheduled tasks
–ping, to initiate communications with a command-and-control (C2) for actions to execute on the system, which, among others, allow additional malware downloads, data exfiltration, and Registry changes
–check, to contact the C2 server for configuration, read browser keys, alter browser settings, and execute arbitrary commands to query, exfiltrate, and manipulate data associated with Chromium, OneLaunch, and Wave browsers, including credentials, browser history, cookies, or setting custom search engines
–reboot, same as –check along with capabilities to kill specific processes
“The length from the start of the [ad] campaign until the malicious update was also 56 days, which is close to the 60-day length of a typical Google advertising campaign, suggesting the threat actor let the ad campaign run its course, maximizing downloads, before activating the malicious features,” Truesec said.
The disclosures coincide with an analysis from Expel that detailed a large ad campaign advertising PDF editors, with the ads directing users to websites offering downloads of tools like AppSuite, PDF OneStart, and PDF Editor. In some cases, these PDF programs have been found to download other trojanized apps without users’ consent or turn the hosts into residential proxies.
“AppSuite PDF Editor is malicious,” G DATA said. “It is a classic trojan horse with a backdoor that is currently massively downloaded.”
Cybersecurity researchers have discovered a loophole in the Visual Studio Code Marketplace that allows threat actors to reuse names of previously removed extensions.
Software supply chain security outfit ReversingLabs said it made the discovery after it identified a malicious extension named “ahbanC.shiba” that functioned similarly to two other extensions – ahban.shiba and ahban.cychelloworld – that were flagged earlier this March.
All three libraries are designed to act as a downloader to retrieve a PowerShell payload from an external server that encrypts files in a folder called “testShiba” on the victim’s Windows desktop and demands a Shiba Inu token by depositing the assets to an unspecified wallet. These efforts suggest ongoing development attempts by the threat actor.
The company said it decided to dig deeper because of the fact that the name of the new extension (“ahbanC.shiba”) was virtually the same as one of the two others previously identified (“ahban.shiba”).
It’s worth noting that each extension has to have a unique ID that’s a combination of the publisher name and the name of the extension (i.e., <publisher>.<name>). In the case investigated by ReversingLabs, both extensions are differentiated only by the name of the publisher, while the actual name of the extension remains the same.
However, according to Visual Studio Code documentation, the <name> field specified in the extension manifest “should be all lowercase with no spaces” and “must be unique to the Marketplace.”
“So how did extensions ahban.shiba and ahbanC.shiba end up having the same name despite the official documentation’s publishing rules?,” asked security researcher Lucija Valentić, who ultimately found that it is possible to do so once the extension is removed from the repository. But this behavior doesn’t apply to scenarios where an author unpublishes an extension.
It’s worth noting that the ability to reuse the name of deleted libraries also applies to the Python Package Index (PyPI) repository, as demonstrated by ReversingLabs in early 2023.
At the time, it was found that deleting a package would make its project name “available to any other PyPI user” as long as the distribution file names (a combination of the project name, version number, and distribution type) are different from those used in the now-removed distribution.
However, PyPI carves out an exception where PyPI package names can be made unavailable if they were first used by malicious packages. It appears that Visual Studio Code does not have a similar restriction to prevent the reuse of names of malicious extensions.
The development, as observed in leaked Black Basta chat logs, shows how threat actors are looking at poisoning open-source registries with ransomware libraries that demand ransoms from unsuspecting victims who may install them. This makes it all the more crucial for organizations and developers to adopt secure development practices and proactively monitor these ecosystems for software supply chain threats.
“The discovery of this loophole exposes a new threat: that the name of any removed extension can be reused, and by anyone,” Valentić said. “That means that if some legitimate and very popular extension is removed, its name is up for grabs.”
The findings also follow the identification of eight malicious npm packages that have been found to deliver a Google Chrome browser information stealer targeting Windows systems that’s capable of transmitting passwords, credit cards, cryptocurrency wallet data, and user cookies to a railway[.]app URL or a Discord webhook as a fallback mechanism.
The packages, published by users named ruer and npjun, are listed below –
toolkdvv (versions 1.1.0, 1.0.0)
react-sxt (version 2.4.1)
react-typex (version 0.1.0)
react-typexs (version 0.1.0)
react-sdk-solana (version 2.4.1)
react-native-control (version 2.4.1)
revshare-sdk-api (version 2.4.1)
revshare-sdk-apii (version 2.4.1)
What’s notable about these packages is the use of 70 layers of obfuscated code to unpack a Python payload that’s engineered to facilitate data theft and exfiltration.
“Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate,” JFrog security researcher Guy Korolevski said.
“The impact of sophisticated multi-layer campaigns designed to evade traditional security and steal sensitive data highlights the importance of having visibility across the entire software supply chain with rigorous automated scanning and a single source of truth for all software components.”
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors.
“While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised devices and trusted connections to pivot into other networks,” according to a joint cybersecurity advisory published Wednesday. “These actors often modify routers to maintain persistent, long-term access to networks.”
The bulletin, courtesy of authorities from 13 countries, said the malicious activity has been linked to three Chinese entities, Sichuan Juxinhe Network Technology Co., Ltd., Beijing Huanyu Tianqiong Information Technology Co., Ltd., and Sichuan Zhixin Ruijie Network Technology Co., Ltd.
These companies, the agencies said, provide cyber-related products and services to China’s intelligence services, with the data stolen from the intrusions, specifically those against telecoms and Internet service providers (ISPs), providing Beijing with the ability to identify and track their targets’ communications and movements globally.
Brett Leatherman, head of the U.S. Federal Bureau of Investigation’s Cyber Division, said the Salt Typhoon has been active since at least 2019, engaging in a persistent espionage campaign aimed at “breaching global telecommunications privacy and security norms.”
In a standalone alert issued today, Dutch intelligence and security services MIVD and AIVD said while organizations in the country “did not receive the same degree of attention from the Salt Typhoon hackers as those in the U.S.,” the threat actors gained access to routers of smaller ISPs and hosting providers. However, there is no evidence the hackers penetrated these networks further.
The countries that have co-sealed the security advisory include Australia, Canada, the Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, New Zealand, Poland, Spain, the U.K., and the U.S.
“Since at least 2021, this activity has targeted organisations in critical sectors including government, telecommunications, transportation, lodging, and military infrastructure globally, with a cluster of activity observed in the U.K.,” the National Cyber Security Centre said.
According to The Wall Street Journal and The Washington Post, the hacking crew has expanded its targeting focus to other sectors and regions, attacking no less than 600 organizations, including 200 in the U.S., and 80 countries.
“The APT actors may target edge devices regardless of who owns a particular device,” the agencies noted. “Devices owned by entities that do not align with the actors’ core targets of interest still present opportunities for use in attack pathways into targets of interest.”
The compromised devices are then leveraged to pivot into other networks, in some cases even modifying the device’s configuration and adding a generic routing encapsulation (GRE) tunnel for persistent access and data exfiltration.
Persistent access to target networks is accomplished by altering Access Control Lists (ACLs) to add IP addresses under their control, opening standard and non-standard ports, and running commands in an on-box Linux container on supported Cisco networking devices to stage tools, process data locally, and move laterally within the environment.
Also put to use by the attackers are authentication protocols like Terminal Access Controller Access Control System Plus (TACACS+) to enable lateral movement across network devices, while simultaneously conducting extensive discovery actions and capturing network traffic containing credentials via compromised routers to burrow deeper into the networks.
“The APT actors collected PCAPs using native tooling on the compromised system, with the primary objective likely being to capture TACACS+ traffic over TCP port 49,” the agencies said. “TACACS+ traffic is used for authentication, often for administration of network equipment and including highly privileged network administrators’ accounts and credentials, likely enabling the actors to compromise additional accounts and perform lateral movement.”
On top of that, Salt Typhoon has been observed enabling the sshd_operns service on Cisco IOS XR devices to create a local user and grant it sudo privileges to obtain root on the host OS after logging in via TCP/57722.
Google-owned Mandiant, which was one of the many industry partners that contributed to the advisory, stated the threat actor’s familiarity with telecommunications systems offers them a unique advantage, giving them an upper hand when it comes to defense evasion.
“An ecosystem of contractors, academics, and other facilitators is at the heart of Chinese cyber espionage,” John Hultquist, Chief Analyst at Google Threat Intelligence Group, told The Hacker News. Contractors are used to build tools and valuable exploits as well as carry out the dirty work of intrusion operations. They have been instrumental in the rapid evolution of these operations and growing them to an unprecedented scale.”
“In addition to targeting telecommunications, reported targeting of hospitality and transportation by this actor could be used to closely surveil individuals. Information from these sectors can be used to develop a full picture of who someone is talking to, where they are, and where they are going.”
