CCTR
CCTR
  • Brewing Cyber Coffee
  • CCTR.23.MAY.24
  • CCTR.22.MAY.24
  • CCTR.21.MAY.24
  • CCTR.20.MAY.24
  • CCTR.19.May.24
  • CCTR.18.April.24
  • CCTR.17.April.24
  • CCTR.16.April.24
  • CCTR.15.April.24
  • CCTR.14.April.24
  • CCTR.13.March.24
  • CCTR.12.March.24
  • CCTR.11.March.24
  • CCTR.10.FEB.24
  • CCTR.9.FEB.24
  • CCTR.8.FEB.24
  • CCTR.7.FEB.24
  • CCTR.6.FEB.24
  • CCTR.5.JAN.24
  • CCTR.4.JAN.24
  • CCTR.3.JAN.24
  • CCTR.2.JAN.24
  • CCTR.1.JAN.24
Powered by GitBook
On this page

CCTR.20.MAY.24

DPRK IT workers, UPS and WordPress vulnerabilities

PreviousCCTR.21.MAY.24NextCCTR.19.May.24

Last updated 11 months ago

The Department of Foreign Affairs and Trade has warned that DPRK IT workers are seeking employment abroad while pretending to be non-DPRK nationals. These workers generate revenue for DPRK's weapons programmes, violating international sanctions. Hiring them risks intellectual property theft, financial loss, reputational damage, and legal consequences under Australian and international sanctions. The advisory helps Australian businesses avoid inadvertently hiring these workers.

Here are some red flags.

  • Multiple logins into one account from various IP addresses in a relatively short period of time, especially if the IP addresses are associated with different countries.

  • Frequent transfers of money through payment platforms, especially to People's Republic of China (PRC)-based bank accounts, or requests for payment in cryptocurrency.

  • Inconsistencies in name spelling, nationality, claimed work location, contact information, educational history, work history, and other details across a developer's freelance platform profiles, social media profiles, external portfolio websites, payment platform profiles, and assessed location and hours.

PowerPanel Business, developed by CyberPower, is an advanced power management software designed to monitor and manage CyberPower UPS systems and network-connected power devices, which are extensively used in critical infrastructure sectors worldwide. If you're using PowerPanel Business, ensure you upgrade to the latest version and confirm that these admin panels are not accessible from the internet.

Ref The Cybersecurity and Infrastructure Security Agency (CISA) has issued security alerts highlighting several critical vulnerabilities in the PowerPanel Business UPS management software, including hard-coded credentials and SQL injection flaws. Successful exploitation of these vulnerabilities could enable an attacker to bypass authentication and gain administrator privileges on affected systems.

Ref Threat actors are exploiting a high-severity vulnerability (CVE-2023-40000 CVSS 8.3) in the LiteSpeed Cache plugin for WordPress to take over websites. This is a popular WordPress plugin with over 5 million active installations. The vulnerability allows for stored XSS, enabling attackers to create rogue admin accounts named wpsupp-user and wp-configuser on vulnerable websites. With these admin accounts, attackers can gain full control over the site. This vulnerability has been fixed in version 5.7.0.1 of the plugin.

Ref

https://www.dfat.gov.au/international-relations/security/sanctions/guidance/advisory-democratic-peoples-republic-korea-dprk-information-technology-it-workers
https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01
https://securityaffairs.com/162876/hacking/litespeed-cache-wordpress-pluging-bug.html
Vulnerabilities listed in this advisory