Global Cyber Pulse: 17 December 2024

December 17, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Governments and organizations worldwide are grappling with the surge in cyber threats. The Indian government has blocked over 80 lakh fake SIM cards and 6.78 lakh cybercrime-linked numbers using advanced AI tools, aiming to curb fraud and secure telecom infrastructure. Meanwhile, a global phishing campaign has targeted 200,000 YouTube creators, using deceptive emails and Lumma Stealer malware to hijack accounts and propagate malicious activities.

State-sponsored cyberattacks are also on the rise. The Chinese Winnti Group has deployed a new PHP backdoor, ‘Glutton’, targeting U.S. and Chinese organizations. In the U.S., a cyberattack on the Texas Tech University Health Sciences Center compromised 1.4 million patients’ data, marking a significant healthcare breach. Similarly, Namibia’s Telecom suffered a ransomware attack by Hunters International, leading to leaked customer data. Lastly, ConnectOnCall, a healthcare platform, saw 910,000 records breached, underscoring the need for stronger cybersecurity defenses globally.

India Combats Cybercrime: Over 80 Lakh Fake SIM Cards and 6.78 Lakh Mobile Numbers Blocked

The Indian government has launched a sweeping crackdown on fake SIM cards as part of its fight against cybercrime. Leveraging advanced AI tools, the Department of Telecommunications (DoT) identified and deactivated over 80 lakh SIM cards issued on fake credentials to prevent their misuse for illegal activities.

In addition to blocking fake SIMs, the government also shut down 6.78 lakh mobile numbers found directly involved in cybercriminal operations. This decisive move highlights a broader effort to strengthen the nation’s telecom security infrastructure.

AI Tools at the Forefront of Detection: The DoT deployed AI-driven detection tools to identify 78.33 lakh fraudulent mobile numbers linked to forged documents. The official announcement was made on DoT’s X handle, showcasing the success of AI in tackling digital fraud.

Global Phishing Campaign Targets Over 200,000 YouTube Creators

Cybercriminals have launched a large-scale phishing campaign targeting over 200,000 YouTube creators worldwide. Posing as top-tier brands, scammers send deceptive emails with subject lines like “Collaboration Proposal” and “Marketing Opportunity” to lure victims.

The attackers leverage password-protected files hosted on platforms like OneDrive, disguising malicious executables as agreements. Once opened, these files deploy malware designed to steal login credentials, session cookies, and gain remote system access.

Cloudsek researchers linked the malware to Lumma Stealer, a known threat, enabling attackers to hijack YouTube accounts and propagate further malicious messages to followers.

Chinese Winnti Group Deploys ‘Glutton’ PHP Backdoor in New Cyberattacks

The Chinese state-sponsored hacking group Winnti (APT41) has been found using a new PHP backdoor named ‘Glutton’ in recent attacks targeting organizations in China, the U.S., and other cybercriminal groups.

Discovered by QAX’s XLab in April 2024, Glutton shows signs of early-stage development, with weaknesses in stealth and encryption. Evidence suggests the malware has been active since December 2023.

Winnti, active since 2012, is notorious for conducting cyberespionage and financial theft campaigns, particularly targeting the gaming, pharmaceutical, and telecommunications industries, as well as political organizations and government bodies.

Texas Tech University Data Breach Exposes Records of 1.4 Million Patients

A cyberattack on the Texas Tech University Health Sciences Center (TTUHSC) and its El Paso unit has compromised the data of 1.4 million patients.

The incident, identified in September 2024, led to disruptions in systems and applications. Investigations revealed unauthorized access and potential data exfiltration between September 17 and 29, 2024.

The TTUHSC filed the breach with the U.S. Department of Health and Human Services, marking it as a significant healthcare cybersecurity event impacting sensitive patient information.

Telecom Namibia Data Leaked After Refusal to Pay Ransom

Namibia’s state-run telecom provider, Telecom Namibia, confirmed a ransomware attack where customer data was leaked on the dark web after the company refused to negotiate with the attackers.

Attributed to the ransomware group Hunters International, the attack reportedly compromised 400,000 files, including personal and financial data of clients and high-ranking officials.

Telecom Namibia is currently collaborating with law enforcement and analyzing the leaked data to mitigate further risks.

ConnectOnCall Data Breach Exposes 910,000 Patients’ Health Records

Phreesia’s telehealth platform subsidiary, ConnectOnCall, experienced a significant data breach exposing the sensitive health data of 910,000 patients.

The breach, which occurred between February 16 and May 12, 2024, gave unauthorized third parties access to provider-patient communications.

Following the breach discovery, Phreesia engaged external cybersecurity experts and notified federal law enforcement to investigate and contain the incident.