Hackers Mount High Speed Microsoft 365 Attack: Cyber Security Today – January 17, 2025

Share post:

Hackers exploit a high-speed Go library to target Microsoft 365 accounts worldwide, North Korea’s Lazarus group lures developers with AI-enhanced job scams in “Operation 99, 15,000 FortiGate devices exposed as hackers leak sensitive VPN credentials and configurations

Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Threat actors are using the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts worldwide. Detected by incident response firm SpearTip, this campaign began on January 6 and primarily targets the Azure Active Directory Graph API.

FastHTTP, a high-performance HTTP library for the Go programming language, is being exploited to automate unauthorized login attempts. Attackers are also leveraging Multi-Factor Authentication (MFA) fatigue tactics, bombarding users with repeated MFA challenges to gain access.

An investigation revealed that 65% of the attack traffic originates from Brazil, with significant activity from Turkey, Argentina, and other countries. While most attacks fail or are blocked, a concerning 9.7% successfully authenticate, underscoring the risks of account takeovers.

SpearTip has issued guidance, including a PowerShell script to detect the FastHTTP user agent in logs. Administrators should immediately reset compromised accounts, review authorized MFA devices, and follow indicators of compromise outlined in the report. This campaign highlights the importance of enforced MFA policies and vigilant monitoring to protect sensitive data.

A link to the report:  https://www.speartip.com/fasthttp-used-in-new-bruteforce-campaign/

North Korea’s Lazarus APT Targets Developers in “Operation 99”

North Korea’s Lazarus advanced persistent threat group is once again using clever tricks to target developers. Their latest campaign, dubbed “Operation 99,” disguises attackers as recruiters on LinkedIn offering lucrative job opportunities. The goal? To trick freelance software developers into cloning malicious Git repositories loaded with malware.

This isn’t Lazarus’ first foray into job scams. Previous campaigns like “Operation Dream Job” in 2021 and “DEV#POPPER” have exploited job seekers, but researchers note that “Operation 99” takes things to a new level. AI-generated recruiter profiles, combined with compromised LinkedIn accounts, make these scams highly convincing. According to Ryan Sherstobitoff, SecurityScorecard’s senior VP of threat research, “By presenting complete and convincing profiles, attackers offer what seem to be genuine job opportunities.”

Once developers clone the malicious repositories, malware with names like Main99 and Payload 99/73 springs into action. It steals source code, cryptocurrency wallet keys, and other sensitive data. The malware also works across operating systems, targeting Windows, macOS, and Linux, with tools for keylogging, clipboard monitoring, and credential theft.

Experts warn developers to treat job offers involving repository cloning or software downloads with caution. As Sherstobitoff puts it, “If a job opportunity seems too good to be true, it likely is.” Employers are urged to reinforce social engineering awareness and emphasize cybersecurity best practices to guard against these sophisticated attacks.

Hackers Leak VPN Credentials and Config Files for 15,000 FortiGate Devices

A new hacking group known as the “Belsen Group” has leaked sensitive data from over 15,000 FortiGate devices. The stolen information, published on the dark web, includes VPN credentials, private keys, and firewall configurations, exposing organizations to serious risks.

This breach reportedly stems from attacks in 2022 that exploited a zero-day vulnerability in FortiOS firmware. The flaw, tracked as CVE-2022-40684, allowed attackers to access device configurations and create rogue “super_admin” accounts. Despite Fortinet releasing a patch in October 2022, many devices remain unpatched or misconfigured, making them vulnerable even now.

What makes this leak particularly dangerous is how organized the stolen data is. The files, sorted by country and device IP address, provide a blueprint for cybercriminals to penetrate networks. Cybersecurity expert Kevin Beaumont confirmed the authenticity of the data, warning that it poses a renewed threat. “The data appears to have been assembled in October 2022, but its release now makes it a ticking time bomb,” Beaumont stated.

This isn’t the first time Fortinet has been targeted. In 2021, nearly 500,000 VPN credentials were exposed in another attack. Organizations using FortiGate devices are urged to act immediately. Beaumont plans to release a list of impacted IPs to help administrators determine if they’re at risk. In the meantime, administrators should reset credentials, update firmware, and conduct a thorough review of configurations to ensure their networks are secure.

That’s our show for today. You can reach me with tips, comments, and even some constructive criticism.

I’m your host, Jim Love. Thanks for listening.

 

SUBSCRIBE NOW

Related articles

North Korean Hackers Trick Employees With New Social Engineering

North Korean Hackers Trick Employees With New Social Engineering, New Prompt Injection Attack Compromises Gemini's Long-Term Memorym Canada's...

Canada’s Tech Sector Faces Continuing Talent Crunch: Hashtag Trending

Report Says Canada's Tech Sector Faces Continuing Talent Crunch Amid Rapid AI Advancements, Study Reveals reCAPTCHA's Lousy At...

homson Reuters Wins Landmark AI Copyright Case: Hashtag Trending for Thursday, February 13, 2025

Thomson Reuters Wins Landmark AI Copyright Case, Tumblr joins the fediverse and converts to WordPress, The US and...

Scammers Exploit DeepSeek Hype: Cyber Security Today

Scammers Exploit DeepSeek Hype with Fake Websites and Crypto Schemes, A Researcher Jailbreaks OpenAI’s o3-mini Model, Bypassing Safety...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways