U.S. sanctions election meddlers

CybersecurityHQ Weekly News

Welcome reader to your CybersecurityHQ report

Brought to you by:

Cypago enables strategic decision making through a full Cyber GRC product suite to help you avoid business reputation impact, financial or client trust losses

—

Weekly Headlines

Treasury Sanctions Iranian, Russian Meddlers

This Tuesday, the U.S. Treasury Department sanctioned Iranian and Russian entities for attempting to interfere with the 2024 U.S. presidential election through cyber and AI-driven tactics. Iran’s Islamic Revolutionary Guard Corps (IRGC) and Russia’s Main Intelligence Directorate (GRU) affiliates allegedly conducted disinformation campaigns to influence voters and incite social tensions.

Iranian efforts included cyber operations and hacking campaigns targeting sensitive election data, with Meta blocking accounts linked to IRGC hacking group Charming Kitten. Three IRGC-linked individuals were charged with stealing data from government officials. The sanctioned Iranian Cognitive Design Production Center (CDPC) used influence operations to “stoke socio-political tensions and influence the U.S. electorate during the 2024 U.S. election.”

Russia’s Center for Geopolitical Expertise (CGE), founded by Aleksandr Dugin and linked to the GRU, employed AI to produce deepfakes and disinformation. CGE operated 100 fake news sites and maintained its own AI servers to avoid detection—what will likely become the default for similar state-sponsored projects. GRU officer Valery Korovin coordinated these operations, including financial support and infrastructure.

Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence, Bradley T. Smith made the intentions of the sanctions clear, saying, “The Governments of Iran and Russia have targeted our election processes and institutions and sought to divide the American people through targeted disinformation campaigns. The United States will remain vigilant against adversaries who would undermine our democracy.”   

U.S. Faces Growing Threat from Salt Typhoon

Lot’s more headlines this week around cyberattacks supported by foreign governments. We’ve covered the trickle of revelations coming out of the Salt Typhoon investigation—and now the story gets much bigger. The Chinese-linked hacker group has compromised a ninth U.S. telecommunications firm, raising national security concerns. Federal regulators, including the FBI and Deputy National Security Adviser Anne Neuberger, emphasize the need for stronger cybersecurity measures. Salt Typhoon's operations target political and governmental entities, with many victims located in Washington, D.C., and Virginia. The hackers can geolocate millions of people, intercept phone conversations, and record them.

The effort to counter this threat is expanding. The Department of Justice (DOJ) and Health and Human Services (HHS) have proposed rules to secure sensitive personal and government-related, including healthcare records. The HHS highlights increasing risks to patient safety from healthcare-related cyberattacks, telling health insurers and providers to bolster protections under HIPAA regulations.

Neuberger cited the UK's advanced cybersecurity practices as a model for more effectively detecting and mitigating attacks. She estimated a $9 billion initial cost for implementing U.S. defenses, with $6 billion annually thereafter, stressing the high stakes of inaction.

The Federal Communications Commission plans to vote on additional regulations in January to address the vulnerabilities. Officials argue that voluntary measures are inadequate against threats from adversaries like China, urging systemic improvements across critical infrastructure sectors.

Ford X Account Hacked, Posts Go Viral

Ford Motor Co. announced its X account was hacked on Monday, resulting in the unauthorized posting of controversial messages, including statements calling Israel a "terrorist state" and advocating "Free Palestine." The posts, which quickly went viral, were removed shortly after being published.

Ford insisted that the posts do not reflect the company's views. The automaker said it is working with X to investigate the incident.

Rep. Ritchie Torres (D-N.Y.) shared a screenshot of the posts, suggesting the hack was connected to the Free Palestine movement. The posts included phrases like "ALL EYES ON GAZA" and "Israel is a terrorist state."

NFT Fraud Nets $22 Million in Largest Case Yet

Cryptocurrency had a couple of major cybersecurity headlines this week.

In the first, the FBI attributed the largest cryptocurrency hack of 2024 to North Korea’s TraderTraitor, a hacking group also known as Lazarus. The group stole $308 million worth of Bitcoin from Japan’s cryptocurrency platform DMM in May. The attack began in March when a North Korean cyber actor compromised a Japan-based cryptocurrency wallet software firm and used this access to infiltrate DMM. The hackers manipulated a legitimate transaction request, resulting in the theft of 4,502.9 BTC.

The stolen funds were traced to TraderTraitor-controlled wallets, with the FBI, Japan’s National Police Agency, and other international partners vowing to combat North Korea’s use of cybercrime to fund its regime. TraderTraitor has been linked to other major hacks, including the $100 million Atomic Wallet attack and the $600 million Ronin Bridge theft.

The DMM hack forced the company to secure massive loans totaling $367 million and eventually led to its closure. It’s worth noting the company was found to be fairly wide open for such an attack. Japan’s Financial Services Agency (FSA) identified critical flaws in DMM’s risk management and is pressuring the company for more transparency to prevent similar incidents. North Korean hacking groups have stolen $1.34 billion in cryptocurrency across 47 incidents in 2024, a significant increase from prior years, highlighting their growing threat to global digital finance.

In related news, it’s time to talk about NFTs again—believe it or not. Two California men, Gabriel Hay and Gavin Mayo, both 23, have been charged in the largest NFT fraud case to date, accused of defrauding investors of over $22 million in cryptocurrency. Between 2021 and 2024, they allegedly ran multiple “rug pull” schemes, promising ambitious NFT projects like “Vault of Gems” and “Faceless” that they abandoned after collecting funds.

A “rug pull” involves creators promoting a digital asset to attract investments, then disappearing with the funds, leaving investors with worthless assets. Hay and Mayo reportedly used deceptive “roadmaps” and hid their identities to execute their schemes. One project manager faced intimidation for exposing their involvement.

The DOJ, assisted by Homeland Security Investigations (HSI), brought charges of wire fraud, conspiracy, and stalking, with potential sentences of up to 20 years. 

U.S. Army Soldier Linked to Hacking

A U.S. Army soldier, Cameron John Wagenius, has been arrested for allegedly participating in a hacking scheme to sell stolen phone records, including purported call logs of President-elect Donald Trump and Vice President Kamala Harris. Wagenius, 20, reportedly operated under the alias "Kiberphant0m," connected to a series of data breaches, including the 2023 Snowflake breach that compromised AT&T customer data and remote access credentials for a U.S. defense contractor.

Kiberphant0m claimed to have hacked 15 telecom firms and offered the stolen information for sale online. Investigations revealed Wagenius worked in communications at an Army base in South Korea, with his mother confirming ties to the alleged Snowflake hacker. 

Upgrade your subscription for exclusive access to member-only insights and services.

Interesting Read

You know a new year is upon us when every media outlet releases troves of year-in-review content. 2024 is now behind us, and The Verge recently posted a round-up of the biggest AI headlines from the year.

While not directly cybersecurity, the technology had yet another meteoric year. A look through some of the headlines shows just how impressive its run has been so far and how much it might change the world in the year to come.

It’s led to unprecedented new tools on the consumer level. But it’s also faced strikes and industry backlash. Oh, and it might be hastening the climate crisis (or is it going to solve it?).

Looking over the diversity of headlines, one can’t help but laugh nervously. If the last 12 months are any indication, it seems we are arriving at the AI precipice where everything changes from here—if it hasn’t already.

Twitter Highlights

Stay Safe, Stay Secure.

The CybersecurityHQ Team

Reply

or to participate.