CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.10.FEB.24

APT28, Ubiquiti, iSOON, Hugging Face, PyRIT

PreviousCCTR.11.March.24NextCCTR.9.FEB.24

Last updated 11 months ago

A Russian state-sponsored cyber actor, 🐻APT28, has been globally utilizing compromised Ubiquiti EdgeRouters for malicious cyber operations since at least 2022. Due to the widespread popularity of EdgeRouters, it is crucial for users to take precautions. If you own a Ubiquiti Inc. EdgeRouter, it's probably a good idea to perform a hardware factory reset, update to the latest firmware, change default credentials, and avoid exposing remote management services to the internet. Ref Data from iSOON, also known as Anxun Information, a contractor for the Chinese Ministry of Public Security (MPS) specializing in network penetration research, was leaked on GitHub. The iSOON leak stands out as a significant cyber threat development related to China in recent years. The tools provided by iSOON and the campaigns orchestrated by its operators highlights how both the MPS and the Chinese Ministry of State Security (MSS) delegate their intelligence gathering to commercial surveillance vendors. This leak reinforces the idea that APT groups 🐼 in China are interconnected, resembling the cybercrime underground in many ways. Did you know that fleet tracking systems credentials leaked in the dump may or may not still be valid? 🤯 Ref Over 100 instances of malicious AIand machine learning (ML) models were discovered on the Hugging Face platform. Some of these models have the capability to execute code on the victim's machine, establishing a persistent backdoor for potential attackers. Hugging Face, a tech firm specializing in AI, natural language processing (NLP), and ML, serves as a collaborative platform for sharing models, datasets, and applications. This incident serves as a reminder of the insufficient attention given to the security risks associated with AI and ML models, emphasizing the need for increased vigilance and proactive measures to protect the ecosystem from malicious actors. Ref Microsoft has launched PyRIT (Python Risk Identification Toolkit), an open automation framework designed to assess the security of generative AI systems. This toolkit can come in handy in detecting and addressing risks within gen-AI systems, marking a substantial advancement in Microsoft's approach to mapping, measuring, and mitigating AI risks. Ref

https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/240227.pdf
https://blog.bushidotoken.net/2024/02/lessons-from-isoon-leaks.html
https://www.bleepingcomputer.com/news/security/malicious-ai-models-on-hugging-face-backdoor-users-machines/
https://github.com/Azure/PyRIT