DJBSEC's CyberNews 2-25-25

Story 1: OpenAI Bans ChatGPT Accounts Used by North Korean Hackers

OpenAI has blocked several accounts linked to North Korean hacking groups that were exploiting ChatGPT for malicious activities. These actors utilized the platform to research potential targets, develop hacking tools, and gather information on cryptocurrency topics. The banned accounts were associated with threat groups such as VELVET CHOLLIMA and STARDUST CHOLLIMA. OpenAI’s actions aim to prevent the misuse of its AI technologies by state-sponsored threat actors.

Story 2: Large Botnet Targets Microsoft 365 Accounts with Password Spraying Attacks

A significant botnet has been identified targeting Microsoft 365 accounts through password spraying attacks. These attacks involve attempting a few common passwords across numerous accounts to gain unauthorized access. The botnet leverages a distributed network to evade detection and has been active since May 2024. Organizations are advised to implement strong password policies and multi-factor authentication to mitigate such threats.

Investigations have revealed that the AI chatbot DeepSeek has been transmitting user data to ByteDance, the Chinese parent company of TikTok. This data-sharing practice has raised significant security and privacy concerns, leading to regulatory scrutiny in countries like South Korea. Experts warn that such practices highlight the risks associated with emerging AI technologies and the importance of robust data protection measures.

Story 4: Threat Actors Stealing Browser Fingerprints to Bypass Security Measures

Cybercriminals are employing advanced techniques to steal users’ browser fingerprints, enabling them to bypass security measures and impersonate legitimate users. By harvesting unique browser and device characteristics, attackers can evade multi-factor authentication and other fraud detection systems. This method has been linked to a campaign known as ScreamedJungle, which targets outdated e-commerce platforms. Users and organizations are urged to update their systems and employ anti-fingerprinting tools to protect against such threats.

Story 5: SEC Establishes Cyber and Emerging Technologies Unit

The U.S. Securities and Exchange Commission (SEC) has announced the creation of the Cyber and Emerging Technologies Unit (CETU) to combat cyber-related misconduct and protect retail investors from malicious actors in the emerging technologies sector. Led by Laura D’Allaird, the unit comprises approximately 30 fraud specialists and attorneys. The CETU will focus on areas such as fraud involving artificial intelligence, misuse of social media, and noncompliance with cybersecurity regulations.

Story 6: Chinese Hackers Attacking Industrial Organizations with FatalRAT

A cyber-espionage campaign attributed to Chinese-speaking threat actors is targeting industrial organizations across the Asia-Pacific region using a sophisticated malware known as FatalRAT. The attackers employ multi-stage infection chains and exploit legitimate cloud services to deliver payloads, primarily focusing on sectors like manufacturing, energy, and logistics. The malware enables remote access, data exfiltration, and can execute destructive commands, posing significant risks to operational technology environments.

Story 7: Google Phasing Out SMS-Based Multi-Factor Authentication in Favor of QR Codes

Google has announced plans to discontinue the use of SMS text messages for multi-factor authentication (MFA), transitioning instead to QR code-based verification. This move addresses security concerns associated with SMS-based MFA, such as SIM swapping and interception vulnerabilities. Users will soon be required to scan a QR code with their device’s camera app to complete the authentication process, enhancing overall account security.