At a glance.

  • Thread hijacking operation linked to TA578.
  • Gun owner data leaked by California Justice Department. 

Thread hijacking operation linked to TA578.

Ars Technica details a phishing scam that uses thread hijacking to trick targets into opening a malicious email. Thread hijacking entails taking over an existing, legitimate email thread in order to send the target a seemingly connected email. Acting as if the new email is just a continuation of the previous conversation, the hacker instructs the victim to open an attached file. 

Proofpoint explains, “Threat actors use this technique to make the recipient believe they are interacting with a person they trust so they are less likely to be suspicious about downloading or opening attachments they might be sent as part of the conversation. Threat actors commonly steal these benign messages through prior malware infections or account compromises.” The malicious file then installs a malicious downloader, which the threat actors use to execute additional payloads on the compromised machine. 

A recent operation of this kind has been traced to TA578, a threat group that works as an initial access broker, using such campaigns to compromise as many end-user devices as possible, then selling access to the compromised machines to other cybercriminals looking to engage in other crimes like ransomware attacks or cryptojacking. The bottom line is that potential victims need to be cautious when opening even the most seemingly trustworthy emails. 

Gun owner data leaked by California Justice Department. 

The California Department of Justice exposed the personal data of possibly hundreds of thousands of gun owners by failing to properly secure its website this week, Security Week reports. Due to a lack of access controls, for about twenty-four hours an unencrypted spreadsheet containing names and personal information was accessible to the general public with just a few clicks. It appears five databases in total were exposed, though details on exactly what they contained and how many individuals were impacted are unclear. 

California Attorney General Rob Bonta’s office stated, “We are conducting a comprehensive and thorough investigation into all aspects of the incident and will take any and all appropriate measures in response to what we learn.” 

Though it’s unknown whether cybercriminals might have accessed the data, someone connected to an online site called The Gun Feed is already using the info to criticize gun control advocates the database allegedly revealed as having gun permits. Sam Paredes, executive director of Gun Owners of California, stated, “The volume of information is so incredibly sensitive. Deputy DAs, police officers, judges, they do everything they can to protect their residential addresses. The peril that the attorney general has put hundreds of thousands of people … in is incalculable.” 

Coincidentally, the breach comes just days after a US Supreme Court Decision to make it easier for Americans to carry hidden weapons, but there’s no evidence that the leak was intentional. Some cybersecurity experts are questioning the agency’s slow response to the incident, as the department has yet to disclose details about whether the databases were downloaded. Tim Marley, a vice president for risk management at the cybersecurity firm Cerberus Sentinel, stated, “Given the sensitive nature of the data exposed and potential impact to those directly involved, I would expect a response in much less than 24 hours from notification to action.”