FBI Probes China Surveillance Breach

The China-linked hacking group "Salt Typhoon" is the primary suspect in the breach of telecom giants like Verizon and AT&T. For months, they allegedly had access to the infrastructure used for court-authorized wiretapping, potentially compromising not just voice calls and texts but also broader internet traffic data from criminal investigations. The FBI began investigating after detecting abnormal log activity on a digital collection system on February 17. The Rockwell Automation vulnerability, CVE-2021-22681, is a critical flaw first reported by security firm Claroty to Rockwell back in 2019. It allows an unauthenticated attacker to remotely mimic an engineering workstation, granting them the power to alter industrial controller logic, which could disrupt manufacturing or cause physical damage. Rockwell has stated the vulnerability cannot be patched and advises network segmentation as the primary defense. North Korean operatives are leveraging AI tools like ChatGPT and face-swapping applications to create highly convincing fake identities for remote IT job applications. Microsoft has identified groups like "Jasper Sleet" using AI to generate culturally appropriate names, craft resumes based on job postings, and even use voice-changing software in interviews. Once hired, the operatives use AI to help with coding and professional communications to maintain their cover and funnel wages back to the regime. The Iranian APT group MuddyWater, also known as Seedworm and linked to Iran's Ministry of Intelligence and Security (MOIS), has been deploying new, previously unseen backdoors. One backdoor, "Dindoor," uses the Deno JavaScript runtime for execution, while another Python-based tool is called "Fakeset." These were discovered in the networks of a U.S. bank, an airport, and a software company that supplies the aerospace and defense industries.