Weekly Cyber Threat Intelligence Summary

Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition analyses cyberattacks related to the Israel-Palestine conflict, global DNS probing by a Chinese threat actor, and a significant data leak involving the New York Times. 

1. Cyberattacks and major events relating to the Israel-Palestine conflict – June 2024

This report includes information about cyberattacks, physical attacks, and major political developments. Full report available for CYMON users here.

Latest Update –

  • Gaza’s Health Ministry reports that 38 Gazans were killed following Israeli military activity. At least 37,202 people have been killed in Gaza since 7 October 2023.
  • Spanish PM Pedro Sanchez claims the humanitarian situation in Gaza “is seriously undermining international law” and urges warring parties to “seize the opportunity for peace.”
  • Hamas and other Palestinian factions indicate a willingness to “deal positively to agree.” Qatari, Egyptian, and American mediators will examine Hamas’ proposed amendments to the deal.
  • Garnesia_Team claims access to Israeli election data, including voter PII.
  • The UN Security Council voted for a US-backed resolution calling for an “immediate, full and complete ceasefire” between Israel and Hamas. Russia abstained, with Ambassador Vassily Nebenzia questioning “What specifically has Israel agreed to?”
  • Four Palestinians were killed, and eight injured, following Israeli raids in Western Ramallah, West Bank.
  • Four Israeli soldiers were killed by a blast inside a building in Rafah, Gaza.
  • Benny Gantz resigned from Israel’s emergency war government, citing “hesitancy and procrastination due to political considerations” and called for general elections in autumn.

2. SecShow conducting global scale DNS probing

Chinese threat actor SecShow has been conducting domain name system (DNS) probing on a global scale since at least June 2023. Full report available for CYMON users here.

Key Takeaways:

  • Chinese threat actor SecShow has been conducting DNS probing globally since at least June 2023.
  • DNS probes measure responses at open resolvers, often due to misconfiguration.
  • Information gathered can be used maliciously.
  • Threat actors exploit open resolvers for distributed denial-of-service (DDoS) attacks.
  • DNS amplification attacks use open resolvers to flood a target with DNS responses.
  • The traffic appears legitimate, making it difficult to mitigate.

Analysts Comment

  • This is the second China-linked group identified performing large-scale DNS probing.
  • Another group, MuddlingMeerkat, has been doing global DNS probing for the past four years, mostly unnoticed by mixing queries with legitimate DNS traffic.

3. Data from the New York Times leaked on 4chan

Internal source code and data from the New York Times have been leaked on the 4chan message board. Full report available for CYMON users here.

Key Takeaways:

  • Internal source code and data from the New York Times leaked on the 4chan message board. The organisation confirmed the data was stolen from its GitHub repositories in January 2024 due to exposed credentials. The breach did not affect internal corporate systems.
  • The user leaked 270GB of data, totalling around 3,600,000 files.
  • The New York Times has over 5,000 source code repositories, with fewer than 30 encrypted.
  • Stolen data included IT documents, infrastructure tools, and source code. The leak allegedly contained source code for the popular Wordle game.

Latest Update –

  • The New York Times has notified contributors that sensitive personal information was stolen and leaked in the previously described breach. Stolen data includes names, contact details, nationalities, biographies, website URLs, social media usernames, and assignment information like diving and drone certifications or specialised equipment access.

Discover the strategic and tactical insights, plus expert analyst comments

Stay ahead of cyber threats with our comprehensive threat intelligence reports. Request a demo today to access these invaluable insights and enhance your cybersecurity posture.

Scroll to Top