Multiple aliases have been leveraged by the hacker in conducting intrusions against the United Nations, the International Civil Aviation Organization, the Guardia Civil, and other public and private entities, which had their data stolen and sold in BreachForums, according to the Spanish police.
Such a vulnerability — which stems from a USB Video Class driver out-of-bounds write issue that could be exploited for privilege escalation — may have been used by forensic data extraction tools, according to the GrapheneOS development team.
The Dallas suburb noted in an online notice that the incident resulted in the compromise of names, addresses, Social Security numbers, credit card details, driver's license numbers, medical insurance data, and financial account details.
Information exposed by the incident included names, birthdates, email addresses, and employment history, said ICAO in an updated statement that emphasized the delivery of breach notices to impacted individuals.
Attacks commenced with the delivery of phishing emails with a Dropbox link that downloads a ZIP archive containing an internet shortcut file with a TryCloudflare URL that fetches an LNK file for further compromise, a report from Forcepoint X-Labs showed.
After luring targets into providing their curriculum vitae or GitHub link for fake cryptocurrency, finance, or travel job offers, attackers proceed to share a malicious repository with the project's "minimum viable product," which executes nefarious code eventually resulting in the deployment of stealer malware that targets Windows, macOS, and Linux systems.
Intrusions part of the campaign, which has been primarily targeted at the education sector, commenced with the distribution of notification-spoofing phishing emails deceiving recipients into clicking a link that redirects to a seemingly legitimate ADFS portal seeking to compromise targets' second-factor authentication, according to an analysis from Abnormal Security.
Intrusions leveraging the Axios HTTP client have successfully breached 43% of high-profile user accounts in the transportation, finance, IT, healthcare, and construction sectors from June to November, according to a Proofpoint analysis.
Aside from obtaining access to the Treasury Department's payment system for managing federal system, DOGE was also alleged by Office of Personnel Management employees of having installed an improperly vetted private server that could potentially compromise millions of federal workers' sensitive records.
Included in the affected CPE Series router models were VMG1312-B10A, VMG1312-B10B, VMG1312-B10E, VMG3312-B10A, VMG3313-B10A, VMG3926-B10B, VMG4325-B10A, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, SBG3300, and SBG3500, according to Zyxel.
